Several federal agencies are in the early stages of mapping out a realm that has no geography, in hopes of preempting breaches and successfully hacking adversaries.
Officials with Esri, which contracts with most federal agencies, said the Homeland Security Department and Marine Corps Cyber Command are close to deploying the company’s cyber-vulnerability mapping software. The tool, jointly-created by security firm Red Seal, was made public on Monday and is not online yet.
“We already work a lot with critical infrastructure to map out those physical networks of utility networks or road networks,” Wendy Creighton, Esri’s cybersecurity lead, said on Tuesday. “What we’re proposing is that a cyber-network is no different. Your routers and switches actually sit in a physical location. The wires that transport that data have a physical location . . . How is that data actually flowing and being transported between those physical locations of those devices?”
Like a GPS device that cautions drivers about accidents and suggests alternate routes, the technology can warn federal personnel about cyber incidents and suggest substitute routes for data to move.
“If there’s an outage within your network or a disruption, we can now give a commander a way to visualize that, be alerted and also see the alternate route that that information could then flow, to ensure his continuity of operations,” Creighton said.
Other mapmakers are trying to correlate cyberattacks with real-world turmoil on diagrams.
“All too often an analyst in one specific intelligence discipline will miss key indicators because their data and the tools to analyze it are not designed to account for multi-intelligence activities adjacent to them,” said Thermopylae Sciences + Technology President A.J. Clark, a former military counterterrorism analyst.
T-Sciences technology meshes real-world geopolitical data, satellite imagery and videos — things one can see on a map — with analogous cyber activity. The mashup provides analysts with a 360 degree view of what is happening on computer systems and in the physical world.
Let’s say there is a “distributed denial of service,” or DDoS, attack hitting an Iraqi website server with phony traffic to knock it offline. That server has a virtual location, called an IP address. A U.S. intelligence officer monitoring civil unrest could gain insight into the perpetrators by looking at a mashup, which could show — for example — the IP address suffering the hit, the IP addresses unleashing the traffic, and Skybox-captured Google Earth imagery of cyber cafes or other facilities associated with the attack.
If a DDoS attack originated out of Tikrit or Mosul in the past 72 hours, it would be very relevant to know where the attack came from and what factions were involved in controlling that portion of the city, Clark said.
The company has simulated cyber incidents and actual network activity for U.S. military and intelligence personnel through its iSpatial collaborative mapping software.
Moving from a 360 degree view to a 3D view, one Defense Department program currently is experimenting with virtual-reality headgear, called Oculus Rift, to put service members inside cyberspace.
Plan X, an undertaking by the Pentagon’s futuristic research arm — the Defense Advanced Research Projects Agency – works to create environments that will help troops prepare for cyber operations.
“You can essentially swim through the information and understand it,” Plan X program manager Frank Pound recently told American Forces Press Service. “There may be some checkpoints in a plan where the adversary does something we didn’t plan for. The idea with the Oculus is to give the operator the ability to counter that and use his native human intuition to counter those attacks.”
DARPA cannot automate the whole scenario because there are so many unpredictable variables, but “we want human beings to be able to step in and answer the really hard questions that computers aren’t so good at answering right now,” he said.