January 11, 2010
Demonstrating Technologies to Protect Critical Networks and Information:
APL's National Information Assurance Engagement Center
Emerging threats to national defense increasingly include attacks on our information systems. This "cyberwar" includes an enemy's attempts to steal, alter, or deny information from networks vital to our military and allies.
A new line of defense in this battle can now be found in APL's National Information Assurance Engagement Center (NIAEC), where for the first time technology developers and providers, government decision makers, and operational users can explore how emerging information assurance (IA) technologies perform under realistic conditions and learn how these tools can best support their objectives.
NIAEC, a joint effort between APL and the National Security Agency, facilitates the evaluation of hardware, software, and process improvements designed to protect information, reduce the risk of compromising important information, and isolate and disable attackers and their pathways into networks and systems.
The more complex and extensive our information-based systems become, the more vulnerable they may become to attack. U.S. government agencies and defense contractors are prime targets. Defense Department networks suffered an estimated 80,000 attacks last year alone. Attackers range from skilled lone amateurs, to well-funded terrorist groups or organized crime, to sophisticated experts acting on behalf of other nations.
Flexible access to and use of information, and the ability to share it in creative ways with our partners, are critical to our nation's security. This is particularly true as the threat becomes more diffuse, sophisticated, and unpredictable. At the same time, the information protection needs of operational users are not well understood because it is difficult to quantify confidentiality, authentication, or other information security elements in an operational environment. With such a complex and uncertain environment, IA technology developers lack a full understanding of the mission requirements needed to develop the most impactful solutions. NIAEC is designed to facilitate collaboration between technologists, operational users, and policy makers to bridge this gap in understanding.
Engaging the Observer
APL creates NIAEC scenarios that demonstrate emerging IA technologies through realistic operational missions that require the "players" to collaborate and share information. NIAEC participants are immersed in scenarios infused with actual mission situations, where theoretical enemies hack into U.S. and allied systems, stressing the IA technologies applied to impede or deny the attack.
On a large wall of high-definition video screens, NIAEC participants observe two scenarios side by side—one with a baseline level of IA protection, the other using advanced IA techniques. Participants can observe, in simulated time, how long the enemy needs to assume various identities, compromise workstations and servers, and snake through U.S. networks in search of valuable mission information. NIAEC demonstrations can be "built" to explore a wide range of threats and solutions, tested and verified by IA subject-matter experts.
NIAEC demonstrations and strategies focus on managing risk. In the operational world, where collaboration, cooperation with other countries, and wide access to critical information is key, IA technologies need to enhance mission goals, not interfere with timelines or objectives. Avoiding risk alone is simply not an option. In its first year, NIAEC hosted IA scenario demonstrations for more than 700 visitors, mostly representing the Department of Defense or the Intelligence Community.