Presentations from 9 July 2015 Innovation Network event. For more information see: https://www.gov.uk/government/news/cde-innovation-network-event-9-july-2015-london
Thank you Jim for the introduction. I’m Alex Barnett the Understand and Interact with Cyberspace CDE competition technical lead. In support of this competition launch today I have Ben Parish, Cyber Situational Awareness Capability Advisor, Steve Barrington, Cyber Situational Awareness Principal Technical Authority, Andy Cole, Cyber Situational Awareness Project Manager and Clive Brooker, who has been my partner in crime in pulling together the technical detail of this competition and the requirements document.
In a moment I will hand over to Lt Col Clive Cook to provide the military context of the competition and then I’ll be back to talk you through the technical detail. I would appreciate it if you could hold any questions until the very end of the presentation.
Good morning, I am Lt Col Clive Cook and I provide military advice to the Dstl cyber science and technology programme.
Before we get into the more detailed technical requirements, I have been asked to provide the strategic and military context for this Centre for Defence Enterprise competition.
In 2010, the last government conducted a national security review, which resulted in the publication of a new National Security Strategy. This placed cyber as one of four Tier 1 security threats to the United Kingdom and on a par with international terrorism, an inter-state military crisis and a major natural disaster or accident. Specifically, the cyber threat was defined as:
Hostile attacks upon UK cyberspace and large scale cyber crime.
2010 also saw the publication of the Strategic Defence and Security Review. This announced the investment of £650M over four years as part of the National Cyber Security Programme. This programme included provision of additional funding for the Ministry of Defence in order to meet a number of defined change objectives which were later detailed in the UK Cyber Security Strategy.
Since 2010, the reasons for including cyber as a Tier 1 threat have become clearer and we have all become increasingly aware of the cyber threat to the UK and its national interests. This quote from the last Director of Government Communications Headquarters sums up the cyber threat succinctly:
Cyberspace is contested every day, every hour, every minute, every second. I can vouch for that from the displays in our own operations centre of minute-by-minute cyber attempts to penetrate systems around the world.
This quote also indicates the importance of our area of interest today; understanding and interacting with Cyberspace.
Within the Ministry of Defence, responsibility for all aspects of cyber operations falls to Joint Forces Command or JFC.
The development of current military cyber capability is managed within the Defence Cyber Programme by the C4ISR Joint User.
Longer term planning of future capabilities is conducted by another part of JFC and its remit includes the sponsorship of the cyber science and technology research. All our research objectives can be linked to the JFC Cyber Capability Management Plan.
One of our current research objectives is:
The provision of accessible tools and technical expertise to identify the different cognitive elements of situational awareness including visualisation and perception, decision-making and communication.
Before going further, I’d like to give you the definitions used by the Ministry of Defence for Situational Awareness and Understanding.
Situational Awareness is defined as:
The ability to identify trends and linkages over time, and to relate these to what is happening and not happening
Similarly, Understanding is defined as:
The perception and interpretation of a particular situation in order to provide the context, insight and foresight required for effective decision-making.
Note that the linkage between the two definitions is provided by defining insight as the combination of situational awareness and analysis.
Situational Awareness (JDP 2-00 Understanding and Intelligence Support to Joint Operations)
Understanding definition (JDP 04 Understanding)
Understanding
Situational awareness + analysis = Comprehension (Insight)
Comprehension + judgement = Understanding (Foresight)
Situational Awareness +
Looking at situational awareness another way, it is far easier to attain if some time delay is tolerated.
Providing situational awareness in near real-time is considerably harder and enhancing the capability further by including predictive features more complex still.
The ability to show what might happen is particularly valuable in a military context as it provides a degree of foresight and therefore aids understanding, resulting in improved decision-making.
Finally, I’d like to emphasise that the UK’s military doctrine now recognises cyber as a distinct environment on a par with land, sea, air and space.
The cyber environment cannot be separated from the other environments if cyber operations are to be conducted effectively in a joint framework as part of plans executed at military strategic, operational and tactical levels of command. Furthermore, this requirement means that situational awareness and understanding must link all these environments and provide a coherent view of past, present and possible futures.
I will now hand over to my colleagues who will provide you with more detailed information about the requirements for this competition.
Thank you Clive, I think that very effectively sums up the military context and motivation for this work.
I strongly feel that we have the opportunity to forge new ground here at the forefront of emerging capability in cyberspace. That in itself means that I am reluctant to overly bound the challenge area too tightly, for fear of restricting the potential scope of your proposals.
I am therefore drawing strongly on published military doctrine, all of which is described and linked in the published competition document, although this doctrine is still evolving, it provides an agreed frame of reference for our research.
I’ll now present the technical context of the competition and the nature of the challenges we want to address.
The Ministry of Defence Cyber Science and Technology Programme aims to enhance the UK’s operational freedom of action and satisfy national security objectives in a more effective and affordable way by exploiting the cyber environment through the development, test and validation of cyber capabilities.
We want really innovative research proposals that draw on all elements of cyberspace to improve human interaction and understanding.
“Understanding” in cyberspace is the ability to project into the future (to achieve foresight); what is happening, why is it happening and what will happen next, and most importantly to understand the impact in the real world.
How do we capitalise on advances in big data, analytics and sense making to enhance cyber understanding?
What novel approaches for data interaction could replace the traditional human-computer interface?
Military decisions occur at a rapid pace, often under stressful conditions. The traditional human-computer interface, the monitor, keyboard and mouse, remains a bottle-nexk in analysis throughput.
Analysts need to have access to tools and systems that are tailored to the function that they are performing, the decision that they are supporting and the conditions that they are in.
I believe that we are being presented with too many software options that are tailored to existing software and hardware platforms, rather than developing new software and hardware solutions that may radically alter the options for interacting in this new environment.
We need to identify revolutionary approaches, rather than the evolutionary upgrades and gradual developments that are in danger of leaving military commanders overloaded with data and information that reduces their decision making effectiveness rather than strengthening it.
Providing the ability to understand the effect of a cyber event on the mission is crucial to making well-informed decisions.
We want to ensure that cyberspace is an enabler for military operations and this requires us to offer ways of working that integrate it into standard practice.
This means that our analysts must have access to the information that they need, quickly and effectively, in order to inform a commander of the most pertinent information to integrate with the information they get from other traditional domains.
Are all my systems operating at full capacity?
Can I rely on all my assets?
Do I need to initiate remedial action in anticipation of potential loss or degradation of capability?
To provide the best support for these decisions, the research programme is looking to identify the best techniques, software and technology to enables the MOD to defend its digital assets and ensure freedom of action.
Current military information processing and sense-making in the cyber domain is a human-intensive process with a high cognitive burden. This process doesn’t scale easily with increased data volume.
Being able to rapidly convey the cyberspace situation and associated analysis to the military commander, analyst and decision maker becomes a real challenge. To ensure that solutions are most effective in this respect, capability to improve interaction and understanding in cyberspace for the military commander requires the following aspects:
Conveying the impact of activity in cyberspace relevant to the mission being undertaken is crucial, otherwise it is impossible for a commander to make fully informed decisions and to appreciate the consequence of their decisions and actions.
In an unfamiliar or less-intuitive domain such as cyberspace, the status of all cyber-dependent systems will play a vital part in mission assurance.
A commander or analyst should be in a position to appreciate their information requirements and therefore be clear what is required to underpin their decisions.
Ultimately, improved interaction and understanding should result in the ability for more effective decision making which results in greater mission success.
To put this challenge into context, we are dealing with a large and varied array of digital systems in cyberspace, with many business functions.
The systems range from office-like computer infrastructure to large, complex platforms, often heavily dependent on legacy systems, radio frequency and constrained bandwidth communications with high latency.
I can’t stress enough that our requirements go way beyond CND, although are systems rely on a communications network backbone that covers
70+ countries
1200 UK Sites
225,000 Users
And is largely dependent on commercial infrastructure.
There are gaps in our ability to link cyber events, data and information, physical military systems and military missions together and present these succinctly and effectively to military decision makers.
I’d now like to take you through the technical challenge areas in more detail.
So, I’m interested in the following areas:
I want you to keep in mind the following questions:
How is my mission impacted by events in cyberspace?
How is my mission being supported by cyberspace?
How can visualisation techniques and tools be applied to the many parts of this process to enable the information to be communicated in a clear and effective manner?
Can I understand the key risks in cyberspace as they apply to my mission in order to take proactive steps?
Technical proposals should address the following challenging requirements of the competition
The potential volume of data and information available from the large number of cyber activities occurring becomes very large.
Being able to rapidly convey the cyberspace situation and associated analysis to the military commander, analyst and decision maker will therefore become a real challenge.
An important aspect of this competition is about seeking approaches to improve the analysis and presentation of large volumes of data and information to support decision making.
A desired route to achieve this is through new visualisation methods that allow engagement and manipulation of the data and information streams with advanced human-machine interfaces.
In isolation, cyber activities may not be easily recognised as threats but in combination, or in specific context, the relevance of the activity may be better understood and result in effective action being taken.
As a stretch objective, maintaining the ability to delve into and manipulate the complete dataset and raw unstructured data would be beneficial to achieving greater mission assurance and agility.
Analysts need to have access to tools and systems that are tailored to the function that they are performing; the decision that they are making; and the conditions that they are in.
We want to see proposals that have user-centred design at their core and provide efficient means of conveying meaning and context with an appropriate level of automation that reduces operator burden but still retains the provenance of the underlying information sources.
Processing the raw data produced by the array of MOD’s digital systems into meaningful, actionable information is a largely automated task, but with a high degree of human intervention and assurance. Also, the filtering and subsequent understanding of the impact of that information on military operations is still a manually intensive task.
For a manually intensive task, the information presented to the user is generally very poorly processed and lacks mission focus and prioritisation.
Being able to see how cyber activity and events of relevance are unfolding, in context, and how they are likely to impact mission goals, is a high priority area for this research programme.
We want methods to increase military operators’ understanding of cyberspace in order to increase the operational tempo, achieve good risk awareness and mitigation options in order to provide an optimised response to situations as they unfold.
Better understanding of the cyber situation, supported by visualisation of a situation as it develops over time, should enable likely projections of the future situation and assessment of future impacts on military assets and missions
Communication is an important element of the decision-making process.
Common methods of communication to achieve understanding include visual, verbal and written presentation, or military orders.
The context may be tactical, operational or strategic and the user may be a non-technical generalist.
At the strategic and operational level vision determines campaign design including how resources are allocated and the operational priorities.
At the tactical level vision provides the ability for local commanders to make decisions without the need to constantly refer to seniors for approval; this in turn improves the speed of operation.
We want a successful proposal to articulate clearly how the new techniques and methodologies proposed offer improvement over current techniques and what military cyber problem will be addressed.
We are looking for outcomes that include a demonstration and a realistic exploitation route, rather than just a report.
Phase 1 suppliers will be required to participate in two key events:
At the first event, in November this year, the suppliers will be required to share highlights from their planned outputs with Dstl and all the other phase 1 suppliers.
The format will be an initial presentation from each supplier (duration 1 day) followed by time for networking and exploring potential future collaboration. The event will take place at or near a Dstl site.
Shortly before the end of phase 1 (February 16), suppliers will be invited to demonstrate their project outputs to only Dstl and MOD stakeholders, prior to formal delivery to Dstl taking place. The emphasis at this one day event will be on demonstration and not presentation. Suppliers will need to provide all the tools and data necessary to conduct the demonstration. The event will take place at or near a Dstl site.
This is not the first Cyber-based CDE competition, or indeed the first that supports military decision making. Our specific interest is in the way that the information, analysis or intelligence in cyberspace is conveyed to the military decision maker and how it can support and improve military decision making.
We don’t want visualisation for the sake of it – what value does it add?
We also don’t want to have solutions that are restricted to a subset of cyberspace, such as intrusion detection or data mining.
To avoid us creating delays in your research from Dstl dependencies, and to ensure that you have the full freedom to offer novel solutions that we may have no concept of at this stage, we won’t be providing data sets or the hardware necessary for your research and demonstrations.
It may sound trite, but I want you to be as inventive as possible – on our part, that means that as long as you have presented a clear link to the military relevance of your proposal, we will likely accept a very large range of potential data sources. The specific cyber events or activities themselves are not the primary concern of the challenge area.
Bear in mind though that mixed-source data (such as SCADA instructions with system status logs and communications traffic) is going to be at the top of our priority list.
I also won’t be describing a constrained, explicit set of decisions or military operators for you to aim at.
This may surprise some of you given the focus this competition places on support the decision maker, but the simple fact is that in this exciting, new and developing area the specific decision makers and military commanders haven’t all been defined and appointed yet – and so by being proscriptive we may inadvertently miss the ideas with the biggest “wow-factor”.
As long as you can show the military relevance of your proposal of course.
We are also interested in proposals that look to collaborate and partner with other like-minded organisations. Whilst a proposal can be from a single small- to -medium sized enterprise or academic institution, we would like to encourage collaboration among parties that may have similar ideas and also collaboration with, but not limited to, existing MOD suppliers to increase the likelihood of exploitation. In the past, academic institutions that have partnered with industry suppliers have been particularly successful at having their proposals funded and exploited by the MOD. I would like to emphasis that collaboration must occur under a single lead supplier for the purposes of contracting with Dstl.
Our aspiration is to mature the best solutions as an integrated component of wider cyber situational awareness and understanding capability, to avoid generating data and information overload of our own making.
A total budget of £500,000 will be made available for phase 2 which will be allocated across the best of the phase 1 projects. Funding allocation will be determined through a Dstl decision conference following the phase 1 demonstrations
Cyber situational awareness and understanding is a recognised MOD requirement managed through the C4ISR capability and we expect that innovative concepts funded through this competition will be exploited through this route and aligned to capability generation for delivery of cyber SA.
In summary, we want cutting edge human-machine interfaces for cyberspace to provide increased understanding of the relevance of cyber events to the military through clear presentation of their linkage to military effect
You have until the 3rd of September to submit proposals for this competition, and I’m told that the server gets very busy as 5 o’clock approaches!
We aim to have all successful proposals on contract in October for completion by the end of our financial year, in March. Demonstrations should therefore occur in February.
I’m almost done, hopefully with plenty of time to answer any burning questions but do bear in mind that our part in today’s proceedings doesn’t end here – the project team will be on hand over lunchtime for informal discussions and I’ve been asked to provide a shameless plug for our 1:1 sessions this afternoon – talk to any CDE representative to book a place if you have specific questions about the competition.
Later this afternoon, our stalwart of CDE, Bruce Hardie will be giving a masterclass on creating an effective proposal.