Another View | After net-centricity: Assurance

 

Connecting state and local government leaders

Guest commentary: The constantly changing nature of the Internet and its attendant threats require the Defense Department to develop a flexible, evolving approach to net-centricity.

In January 1998, Vice Adm. Arthur Cebrowski and John Garstka first wrote about and named net-centric warfare, making the case that new IT paradigms would and should radically change military operations just as they were changing American business. A few years later, John Stenbit, then-Defense Department chief information officer, elaborated further: 'Power to the edge means making information available on a network that people can depend on and trust, and populating the network with new, dynamic sources of information to defeat the enemy while denying the enemy advantages and exploiting its weaknesses.'The early years of net-centricity focused on connectivity. The Global Information Grid (GIG) was chiefly an assortment of big communications programs ' the Global Information Grid Bandwidth Expansion (GIG-BE), the Transformational Satellite System (TSAT), the Joint Tactical Radio System (JTRS). Though it is surely a prerequisite for net-centricity, Stenbit's words remind us that connectivity is just the first step of a larger strategy.Over the past 10 years, real world developments in cyberspace have taught us much about the other two pieces of the strategy and their implications for information assurance.A first observation is that today's network participants and network data interact in ways we could never have predicted; a second is that the network has turned out not to be a safe haven, where we can expect to operate unharassed. Exploring these observations takes us from connection-focused net-centricity through content-centricity to mission-centricity and suggests some interesting lessons for information assurance.Net-centricity did not ignore content, but it treated data as essentially static and impersonal. TPPU (Tasking, Posting, Processing and Using, or post before process) claimed advantages over the previously existing paradigm TPED (Tasking, Processing, Exploiting and Dissemination) by cutting down the time between the acquisition of data and its availability to potential consumers. It gained this speed by posting data immediately to repositories while forking off further transformation to occur in parallel.TPPU, further, attempts to take away originator control of dissemination, presumably so data can be found by all those who need it. To obtain this more universal availability of data, however, TPPU breaks traditional relationships - between collectors and the specialists who transform the data into information or intelligence and between consumers and originators.Despite frequent exhortations to 'populate the 'Net,' in the Defense Department we find it very hard to get data owners to post. One reason for this reluctance may be the anonymity of a publish-and-subscribe system. We don't know those who is pulling our data. We don't see why they should have our information. Though TPPU has captured the data, it hasn't replaced the interactions of the participants in the old system with something as compelling.A second idea to have been embraced by net-centrists is service-oriented architecture (SOA). A SOA extends the server-client relationship often found in local networks across the enterprise. Commonly needed services may be performed in a central location, rather than on a user's machine or the local server.Though originally embraced for their IT economies, SOAs are also a form of posting, providing a means to proliferate a rich set of services across the enterprise, even to users whose own enclaves might be incapable of supporting or inventing such capabilities on their own. Like TPPU, the success of SOA is limited by the willingness of service-developers to offer those services. For the user or host of the service, however, it also shares with TPPU integrity concerns: In a nutshell, is this new posted element -- whether data or service -- safe to use?Given sufficient investment, today's information assurance approaches seem capable of successfully tackling the issues involved in securing TPPU and SOA. These frameworks remain essentially transactional, much like the point-to-point communications of the pre-networked world.Cryptographically bound metadata will address issues of provenance and integrity, and we'll eventually work out secure middleware and a way to certify and accredit services. TPPU and SOA were a good start, but they are not what the Internet looks like today. Although it starts with people posting, posting doesn't begin to describe the complex associations that emerge among contributors, consumers, data and services. The Internet content revolution presents a fundamental challenge to our IA paradigms.The dynamism of the Web depends on two scary properties from an assurance perspective: the ultimate wisdom of the collective and the constructability of ephemeral services. On the 'Net, earned reputation replaces pedigree and analysis. That the Internet works at all is testament to the Law of Averages. While there is no guarantee that any individual fact is correct or any service is bug-free at any given time, on average, things work pretty well, and functionality is increasing.Studies have shown Wikipedia to be about as accurate as bound encyclopedias. Mash-ups and mark-ups get me to my destination as well as or better than my road atlas. However, if our assurance strategy requires we issue gold disks of carefully-vetted data or software, Web 2.0 is an assurance nightmare. The challenge of the dynamic, content-centric environment for IA is tolerance: error-tolerance, fault-tolerance, and the ability to trust unfinished and imperfect systems'just well enough to use them.It was probably not long after the first roads were built that thieves began to lie in wait of those who traveled them. The past 10 years have brought a great variety of 'highwaymen' to the information highway, much to the dismay of e-merchants.Ironically, for our community this surge in cybercrime has had a benefit in that it has enabled us to speak openly of exploits which are now no longer theoretical or secret. Masquerade and privilege-elevation attacks coupled with the lack of strong authentication on the Internet allow all that rich content, conveniently posted for maximum discoverability, to be exfiltrated with relative ease.The Storm Worm botnet has shown us that the network itself is a resource that can be stolen. It seems its creators decided they could make a lot of money by getting millions of computers around the world to send spam, and they've mounted both an elaborate command and control structure and defensive penalties for those who interfere with them.Right now it is in the botmaster's interest for those computers to stay up, but other cybercriminals make money by threatening to take computers down. Companies now must confront the dilemma of whether to pay cyber-extortionists to avoid Web site defacement, public disclosure of vulnerabilities and fatal denial-of-service attacks.Today we know we can expect to be vulnerable to the nation state versions of the same categories of attacks dogging the commercial world, but early net-centricity dogma was fairly silent on this subject. Secretary Stenbit spoke of 'populating the network with new, dynamic sources of information to defeat the enemy while denying the enemy advantages and exploiting its weaknesses.' Whether intended or not, this language makes the network sound like a library when it is, in fact, a battlefield!If we use the network to disseminate content, the adversary will try to see that information. If we use it for command and control, the adversary will try to subvert command integrity. If the enemy can't co-opt it, he'll take it down so we can't use it either. Safe-haven thinking was extremely unhelpful to information assurance, because it not only set out the wrong problem for solution but created specious expectations. 'Secure the library' sounds easy, but 'secure the battlefield' is impossible. The battlefield is where we engage the enemy, and it's about surviving in order to prevail.Our second observation teaches us another lesson in tolerance, this one very close to home: tolerance of IA's inability to provide a perfect defensive shield. It is unreasonable to expect to keep the enemy off the battlefield. But though we may not be able to keep up with rapidly-evolving exploits well enough to guarantee the adversary will not find his way into the network, that doesn't mean we give up either.Our responsibility is to the mission, not the network. We can create mechanisms that enable the mission to operate through attack. We can develop architectures that buy us time to evolve our defenses and make it easy to deploy new countermeasures. We can and should think of IA more like a weapon. No weapon is omnipotent, and no weapon dominates forever, but new and better weapons raise the cost and risk to the adversary of attacking us.So what will mission-centric IA look like? Adopting a philosophy of advantage over perfection lies at the center of the shift. We have a commercial-off-the-shelf strategy in the DOD because commercial technology brings useful functionality to market so quickly, but we have an IA evaluation paradigm which is severely stressed by change.The philosophy of advantage gives us permission to factor time into our calculations of assurance and appropriateness. An advancing force can build a pontoon bridge across a river because it doesn't expect it to be there forever.We will always hold back the mission until we make time our friend. The idea of advantage can also counterbalance our tendency to let the perfect be the enemy of the good. As Web 2.0 demonstrates, the ability to deploy and redeploy quickly is much more important in the long run than the ability to deploy flawlessly the first time.Advantage helps us in content space by speeding our access to capability. How does it help with our no-safe-haven problem? If we concentrate on the mission advantage and not on the network, we find, in contrast to today's approach, that we gravitate first to solutions that don't require that we know much about specific attacks.Our first priority is to ensure we can do the mission while under attack, which we accomplish by reducing the damage successful attacks can do and creating and exercising mission plan B's.Next, we re-architect to eliminate easy entry points and attack vectors.Then, we deploy control structures capable of responding to the attacks we detect.Finally, we address detection, but architecturally ' recognizing that the adversary will constantly change his game and that our detection strategies must be just as agile.Injecting this new thinking into our current institutions will take time and creativity, but if we're successful, we'll greatly increase our freedom to maneuver. This work should keep us pretty busy over network-centric warfare's next decade.

This commentary is an unabridged version of a guest column that originally appeared in GCN's Sept. 29 print issue.

Susan Alexander

Contributed









Content-centricity



















No safe haven

















Mission-centric IA


















Alexander (Susan.Alexander@osd.mil) is Chief Technology Officer, Office of Secretary of Defense, Information and Identity Assurance.
X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.