As the modernized United States Army prepares for network-centric warfare operations by linking advanced weapons systems, platforms, sensors and Command & Control systems using LandWarNet framework, cybersecurity has stepped to the forefront to defend the Army’s vast cyber domain. The Army leverages strategic and tactical assets that are connected to their cyber domain, including software defined radios, sensing devices, and computing devices embedded in vehicles. These various assets can make securing the network difficult; the Army’s growing reliance on information systems and networks ultimately creates open opportunities for adversaries to perform cyberattacks, both internally and externally, with the goal of disrupting, denying, and degrading tactical operations.
Cyberattacks involve advanced and sophisticated techniques designed to infiltrate tactical networks and mission systems. Types of attacks include advanced malware, zero day attacks, and advanced persistent threats. Cyber threats at the tactical level are constantly evolving as they become more sophisticated, targeted and sustained. According to the Training and Doctrine Command (TRADOC) G2 office, 70%-80% of cyber threats originate from inside resources. Cyber security preventive measures are likely to fail due to these insider threats. While preventative measures still hold great value in combating cyberattacks, the Brigade Combat Team (BCT) must equip themselves with powerful big data analytic capabilities to detect and isolate active and passive cyber threats. In order to defend the Army’s complex heterogeneous networks and multifaceted environment, a fundamental knowledge of network situational awareness is necessary to plan, monitor and manage in the cyber domain. The BCT should ensure that the Army invests in cyber security capabilities that promote technologies using a response-based analysis approach.