• Corporate desktop image
  
• Outlook 2003
• Symantec AV
• PGP-8.1
  

1. Install PGP-9.6
2. reboot twice per instructions
3. Find that my networking completely doesn't work.

1. regsvr32 /u PGPfsshl.dll
2. Run a Registry merge on c:\WINDOWS\system32\PGPlspRollback.reg
3. Reboot

TECHNOLOGY AREAS: Air Platform, Information Systems, Space Platforms, Human Systems

The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), which controls the export and import of defense-related material and services. Offerors must disclose any proposed use of foreign nationals, their country of origin, and what tasks each would accomplish in the statement of work in accordance with section 3.5.b.(7) of the solicitation.

OBJECTIVE: Develop visualization techniques for planning and execution of Cyberspace operations.

DESCRIPTION: Fulfilling the Air Force mission “… to fly and fight in Air, Space, and Cyberspace” requires effective C2 tools for the observation, planning and execution of cyberspace operations. Conventional battlespace visualization tools were developed for the physical world (i.e., geospatially oriented), where the battlespace, weapons and effects are concrete, often observable entities. Cyberspace and its critical electronic infrastructures are an artificial world that must be created, modified and sustained by the warfighter. This artificial world of cyberspace has concrete links back to the physical world that shape the information landscape, affect the decision-making process, and control the communication channels crucial to C2.

Standard, geospatially oriented C2 tools are not suitable for providing cyber combatants with comparable situation awareness to understand events, evaluate options, and make decisions in the electromagnetic domain. The combatants in the cyber domain needs to be able to quickly see and understand not just the physical relationships of the traditional battlespace, but also the logical relationships and information dependencies in the abstract landscape of cyberspace. Cyber C2 visualizations need to provide information for strategy, tactics and execution of effects that may, or may not, have physical correlates. Examples of these cyber events include network attack detection, attack identification, damage assessment, denial of service (DOS) warnings, and information warfare or cyber-attack operations.

For example, a commander may be planning to intentionally disrupt a portion of his network to investigate a cyber-attack. He will need to understand what ripple effects will occur across the functionally diverse and geographically distributed network. These ripple effects will have both a cyber component (e.g., locations that will lose connectivity or suffer degraded performance characteristics) and a real-world component (e.g., information about enemy forces may be unavailable or delayed, reducing blue force effectiveness) that must be visualized, explored and tasked from within his C2 tools.

Decision makers will greatly benefit from innovative visualization tools that can improve their understanding of all aspects of the Cyber domain. These aspects include 1) the current state of the information environment, the physical and virtual battlespace and enemy and friendly capabilities and vulnerabilities; 2) the scope and scale of courses of action that affect information or information networks; 3) the primary effects and ripple effects of an operation in both the physical and cyber battlespaces, and 4) the risks for collateral damage associated with cyber warfare activities.

PHASE I: Identify cyberspace characteristics relevant to C2 visualization. Identify correlation methods and visualization techniques to understand battlespace, operations, and effects. Define metrics to evaluate efficacy. Document results in a written report, including mockups of proposed visualizations.

PHASE II: Construct a working prototype to demonstrate integrated visualization of cyber data showing 1) the status of information environment, 2) its effect on the conventional battlespace, and 3) the status of information operations. Evaluate effectiveness using metrics defined in Phase I.

PHASE III / DUAL USE: Military application: Additional military applications include command and control environments, like the Air Operations Centers (AOCs). Commercial application: Monitoring and defending infrastructures (e.g., financial and energy) against cyber-attacks. Visualization cyberspace is beneficial for security of commercial communication and information networks.

REFERENCES:

1. ‘Air Force leaders to discuss new ‘Cyber Command’

2. Laura S. Tinnel, O. Sami Saydjari, and Joshua W. Haines, An Integrated Cyber Panel System, IEEE Computer Society,

3. Anita D’Amico and Stephen Salas, Visualization as an Aid for Assessing the Mission Impact of Information Security Breaches, IEEE 2003.

4. Tim Bass, “Cyberspace Situational Awareness Demands Mimic Traditional Command Requirements,” AFCEA Signal Magazine, February 2000.

KEYWORDS: visualization, cyber, human factors, planning, situation awareness, command and control, HCI

Reference. SITIS Topic Details, Visualization for Command and Control of Cyberspace Operations

See also:  http://www.dodsbir.net/solicitation/sbir083/af083.doc

“Complex Event Processing (CEP) is a technology which has been used for many years in the Aerospace and Defence Industry for Situational Awareness and Data Fusion modules in Command, Control, Communications, Computing and Intelligence Systems (aka C4I).

Currently CEP is being rediscovered as a foundation for new class of extremely effective Business Intelligence, Security and System/Network/SCADA Monitoring solutions in industries like Financial Services, Telecommunications, Oil and Gas, Manufacturing, Logistics etc. The increasing connectivity and processing power of the modern IT and Telecom technologies lead to increasing speed and volume of the dataflow available to the organisations. By using CEP solutions companies can gain competitive advantage by achieving real-time situational awareness and tapping the information value that is hidden within the streams of real-time event data that are coming from a variety of sources such as enterprise applications, financial transactions, sensor networks and supply chains.”

Unfortunately, the author does not cite references in the paper.

Introduction

Virtualization is a word used by consumers and also by IT. But, do we all mean the same thing?

A very cool video from Cisco provided answers to “what is virtualization” from an  engineering perspective, data center perspective, IT perspective and the user perspective (virtual world).

Virtualization is about breaking the bonds between applications and server hardware, nodes and networks, applications and operating systems.

Why is this interesting? Virtualization holds the promise to transform the way we work, live, learn and play.

Why virtualize?

The real estate boom over the last 30 years has driven people to the suburbs. People didn’t mind commuting for an hour with lower gas prices. Today, we have a weak economy and gas prices are high. Something has to change.

Many are opting to stay at home. Businesses are trying out telecommuting, some (like Cisco) are even offering telepresence. This helps by reducing carbon footprint. Corporations are breaking free from physical requirements. The global workforce is also having an impact on the network. These changes are having a huge impact on the network.

We are on the cusp of transitioning from virtualization to VIRTUALIZATION.

“One to many….many to one.”

This is Cisco’s idea of virtualization.

Consider the different roles we play in life - one to many. Spouse, executive, friend, parent, gym rat. This would be “one to many”. This is exactly what virtualization does. It allows you to partition resources off that you can use on the fly.

Where do I start?

Virtualization starts with server and storage. But, it’s the network that touches everything - it spans the physical, the virtual, and the cloud. This provides the connectivity to all these resources. The network brings transparency to the picture. It allows you to better monitor performance and better implement security - great benefits!

Why do I need this?

At Cisco, we saw that we were only using 20% of our storage utilization. We wanted to virtualize our datacenters. When we did that, we were able to get 68% storage utilization. For each year that we were able to defer buildup, we saved $40 million.

From a business standpoint, virtualization helps you differentiate and work faster. Provisioning in minutes, improved productivity and competitive differentiation, using less power (environmental impact), and up the ante of business continuity. If VMWare fails? It’s OK. You can reprovision it on the fly.

Is it for everyone?

IT organizations tend to be siloed. You have the IT side and the Operations side. Each has responsibility. For virtualization to work, these walls have to come down. The concept of virtualization depends on shared resources.

Metcalfe’s Law of the Network Effect

Everytime you add a node to the network, you increase the value. This is what happens with virtualization. Every device you virtualize increases the power of each device. More control of environment and more efficiency.

This leads to…

Cloud computing.

Wow, show of hands from the audience when Marie asked “how many are using cloud computing?” and “how many are using your own clouds?” - not a lot of hands were raised. Interesting considering the coverage cloud computing has and the focus of it.

Cloud computing has three possibilities at Cisco:

• Flexible infrastructure (hosting)
• Abstract services (APIs)
• Application services (SaaS)

Automation is going to be key, and will need to integrate virtualization-aware elements.

Can you imagine if you wanted interoperability in the cloud? People haven’t even begun thinking about it.

Conclusion

As you virtualize, your role will change. You will think more about strategy. But keep in mind these “minefields” of virtualization:

• Insufficient planning
• Lack of standards
• Weak security

Security cannot be an afterthought. It has to be planned. We’ve seen new forms of malware, hypervisor attacks, and root kit infections.

As higher expectations from end users evolve, we’re becoming not server oriented, but SERVICE oriented.

Tips:

• Think holistically
• Consider IT culture - equipment and people

Parlez-vous open source? While wide-spread open source usage is still debated in many companies, the French have been advocating for all open source all the time in government and education. French President Nicolas Sarkozy set up an economic commission that recommended tax benefits to stimulate more open source development. Lesson learned from France: start ‘em early. “All students in France use open source.”

Just in time for Labor Day, John Edwards (no, not that one) comes out with an informative guide on “Who provides what in the cloud”. No doubt, this will be a rapidly expanding list, but what’s really interesting is the comment on the article. People have very strong opinions on the cloud…

Research firm Aberdeen Group reports that network costs will increase slightly more than 5 percent over 2007. Contributing factors: “need for speed”, shift from standard to mobile PCs (more end points of connectivity), and the ever-expanding network. And of course the hidden costs of multiple tools with multiple management consoles – if you’re not smart enough to choose say a comprehensive network management solution that is vendor agnostic…One tool to monitor them all…

And just because I miss the Olympics already, here’s an irreverent take on what it’s like to lose to Michael Phelps. http://www.thetechstop.net/?p=1503

Enjoy your long Labor Day Weekend!

I once was working on a project to install a robust wireless network for a company.  I asked the guy I was working with why they were doing it. This company had a general attitude of paranoia where security was concerned, so the drive to fast-track an expensive wireless network seemed out of place.  It turns out, this company’s president had been playing golf with the president of another company.  The president of the other company started bragging about his company’s new wireless network and how he could take his laptop anywhere in the building and get on the network.  Embarrassed, the president came back to work and immediately told his IT staff to install a WLAN so that he would never again suffer such indignation.  Halfway through the project, cooler heads pointed out to the president that since his company focused on critical infrastructure, the security risks of wireless were too great for them to bear.   

This new push for mobility has created a hierarchy within companies.  The important people get the coolest phones and PDAs.  I once discovered a disturbing trend during a policy review related to mobile devices:  when a new phone or PDA came out, a rash of dropped, damaged, and broken phones were turned into the person in charge of handing out mobile devices.  Many "accidentally" fell into the toilet.  Real money was being lost here, as employees jockeyed for status brought by the flashiest new phones.  Yes, this does really happen. I guess I shouldn’t have been shocked by this.  The mobile phone folks figured it out long ago…