concepts for knowledge management in the cyber control system (presented to
DESCRIPTION
Concepts for Knowledge Management in the Cyber Control System (presented to Major General William Lord, AFCyber Command (provisional) 18 Feb 2008. Contents. Purpose Background Vision/Objectives/Concepts Approach Key Conclusions. Purpose (of the Briefing). To Communicate - PowerPoint PPT PresentationTRANSCRIPT
This Briefing is:UNCLASSIFIED
Aha! Analytics2278 Baldwin Drive
Phone: (937) 477-2983, FAX: (866) 450-3812
1
Concepts for
Knowledge Management in the
Cyber Control System
(presented to Major General William Lord, AFCyber Command
(provisional)18 Feb 2008
UNCLASSIFIED
UNCLASSIFIED 2
Contents
Purpose
Background
Vision/Objectives/Concepts
Approach
Key Conclusions
UNCLASSIFIED
UNCLASSIFIED 3
Purpose (of the Briefing)
To Communicate
Some
Core Concepts
for
Knowledge Management
in the
Cyber Control System
UNCLASSIFIED
UNCLASSIFIED 4
Background Advances in IT and Internet Technology
Growth of and Dependency on the Internet
Military Applications of Internet Technologies
Hacker Threat
Cyber Security
Information Dominance
Cyberspace, Cyber Ops, and Associated Doctrine Freedom of Operations in Cyberspace
Denial of Freedom to Operate in Cyberspace
UNCLASSIFIED
UNCLASSIFIED 5
Background (cont)
We Have Been Communicating Concerns About KM in the IC, Dod, and DHS in General and a Proposal on KM for Cyber Ops to AFCyber/CC in Particular
General Lord Has Resonated with Our Proposal
He Has Asked Us to Develop/Communicate to You Our Concerns, Concepts, and Proposed Way Ahead
UNCLASSIFIED
UNCLASSIFIED 6
What Is Cyberspace? A Civilian Definition:
cyberspace: The impression of space and community formed by computers, computer networks, and their users; the virtual "world" that Internet users inhabit when they are online.
The Military Definition:
cyberspace: a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures cyberspace; a physical domain within the electro-magnetic environment,
UNCLASSIFIED
UNCLASSIFIED 7
What Are Cyber Operations?
Cyber Operations Are Operations Carried Out in the Cyberspace Domain (per the military definition)
Three Categories of War-fighting Ops
Ensuring Operational Freedom of Action
Delivering Cross Domain Effects (Air, Space, Ground, Sea, and Cyber)
Supporting Civil Operations
UNCLASSIFIED
UNCLASSIFIED
Cyber Ops Givens
Cyberspace and Cyber Operations Are Very Complex!
Cyber Operations Will Be Highly Automated and No Doubt Involve All Manner of Event Driven Processes, Rule Selection/ Execution and Machine to Machine Operations and Data Flows
Cyber Operations Will Require Rapid Capture, Access, Acquisition, Transmission, and Sharing of Relevant, Complete, Precise, Structured, and Current Cyber Knowledge
Cyber Operations Will Require Very Robust, Systematic, and MLS Capable Management of Cyber Knowledge
10
UNCLASSIFIED
UNCLASSIFIED
What Does This Mean?Some Implications for Cyber Ops KM
Cyberspace Knowledge Required to Drive the Cyber Control System Must Have Requisite Scope and Depth of Content
Cyberspace Knowledge Must Provide for Requisite Complexity, Structure, and Detail, and Include Rich Content Meta-data
Cyberspace Knowledge Must Be “Info Product” or “Client Domain” Neutral and Highly Re-purposable
Cyberspace Knowledge Must Have Associated Classification and Other Meta-data at the Attribute Value Level
The Cyberspace Knowledge Mgt Capability Must Be Readily Extensible to New and Modified Data/Info Models
Cyberspace Knowledge Management Should Be and Probably Must Be Ontology Based/Driven by a Robust Federated Ontology for Cyberspace in the Context of Cyber Operations
11
UNCLASSIFIED
UNCLASSIFIED
Some Envisioning Envision US Cyber Ops Events, Processes, Flows, and Knowledge
Being Driven by a Federated Cyber Ops Ontology Which Serves As the Externalized Specification of What Constitutes Cyber Ops
Envision That Virtually Any Cyber “Entity” Than Can Be
Conceptually Modeled Can Be Represented in the Cyber Ontology and Hence Be Instantiated in the Cyber Knowledge Base
Envision That All Data, Info, Knowledge Is Logically Structured IAW the Ontology So That Automated Machine to Machine and Agent Based Info Sharing Is Facilitated
Envision That MLS Operations Are Made Possible Via Attribute Value Level Classification Meta-data
Envision That the Knowledge Repository Is Product Neutral and Highly Re-purposable So That JIT Cyber Products Can Be Spun Out Readily
12
UNCLASSIFIED
UNCLASSIFIED
Cyber Ops Learning and Control System
Features of Top Level CONOPS Double Loop Control System
Inner Execution Loop Has to Do With Executing the Control System in Its Current Configuration
Outer Configuration Loop Has to Do With Updating, Revising the Control System Configuration
Specified and Driven by Extensive/Intensive Knowledge of Cyberspace and CyberOps and Codified Externalized Semantics (Ontologies): Cyberspace and CyberOps
Capabilities
Structure
Behavior/Rules
Parametrics
Control System Behavior and Configuration Is Modified by Modifying the Cyber Knowledge and Semantics (Ontologies)
Semantics Are Modified IAW What Is Sensed and Analyzed
An Irony: The Cyber Control System Is Actually a Part of the Cyberspace That It Seeks to Monitor and Control!!!
13
UNCLASSIFIED
UNCLASSIFIED
Top Level Cyber Ops Architecture
14
CounterCyber Ops
Cross Domain
Ops
Support to Civil and Defense
Cyber Operations
Cyber Ops Knowledge Base
Federated Ontology of Cyber Space OpsCyber Semantics
Requisite Complexity, Structure, DetailRich Content Meta-data
MLS ReadyReadily Re-purposed Data, Info, Knowledge
Drives Agent Activity Drives Machine-to-Machine Processes
Drives Generation of JIT Dynamic Products
UNCLASSIFIED
UNCLASSIFIED
Cyber Learning & Control System
15
Process&
Analyze
Cyberspace
Deliver CyberEffects
Cyber Ops Knowledge Base
Federated Ontology of Cyber Space OpsCyber Semantics
Requisite Complexity, Structure, DetailRich Content Meta-data
MLS ReadyReadily Re-purposed Data, Info, Knowledge
Drives Agent Activity Drives Machine-to-Machine Processes
Drives Generation of JIT Dynamic Products
DecideSense, Detect
&Collect
Analyze Cyberspace and CyberOps Events Develop, Update Cyber Ops Semantics(Ontologies, Processes, Rules, Facts)
Capture Cyber Knowledge
DiscoverGenerateDeliver
Dynamic
Cyber Ops Products
Cyber OpsInfo Consumer
Cyber Learning and Control System
UNCLASSIFIED
UNCLASSIFIED
SAVANT Features
KPS: Ontology Driven Capture/Mgt of Complex Structured Knowledge IAW Domain
Specific Information Models (Ontologies) Rich Content Meta-data At Hand (Inherent in Capture of the Info Model) Attribute Value Meta-data Including:
Security Classification Confidence Level Releasability
MLS Ready VPS:
Dev/Capture/Mgt of Static/Dynamic “Presentation Independent” Product Components and Meta-data
Dev/Capture/Mgt of Product Presentations (Applied to Product Components at Presentation Run Time)
MLS Ready VIPRE:
Mission Subject Domain Portlets KPS and VPS Meta-data Driven Product/Data Discovery, Access, Delivery MLS Ready
16
UNCLASSIFIED
UNCLASSIFIED
KPS/VPS/VIPRE Segments
17
KPS/VPS/VIPREKPS/VPS/VIPRE
VirtualProduction
System(VPS)
VirtualProduction
System(VPS)
KnowledgePre-positing
System (KPS)
KnowledgePre-positing
System (KPS)
Virtual Intel Product
Rendering Environs(VIPRE)
Virtual Intel Product
Rendering Environs(VIPRE)
Knowledge ObjectsProduct Components
& Layouts Portlets/Products
UNCLASSIFIED
UNCLASSIFIED 18
Process&
Analyze
Cyberspace
Deliver CyberEffects
Cyber Ops Knowledge Base
Federated Ontology of Cyber Space OpsCyber Semantics
Requisite Complexity, Structure, DetailRich Content Meta-data
MLS ReadyReadily Re-purposed Data, Info, Knowledge
Drives Agent Activity Drives Machine-to-Machine Processes
Drives Generation of JIT Dynamic Products
DecideSense, Detect
&Collect
DiscoverGenerateDeliver
Dynamic
Cyber Ops Products(VIPRE)
Cyber OpsInfo Consumer
Cyber Learning and Control System
Process&
AnalyzeData
DevelopConceptual
Models&
Semantics(KPS)
CaptureCyber
Knowledge(KPS)
DevelopKnowledge
DrivenProduct
Components(VPS)
SAVANT Segments
KPSVPS
VIPRE
UNCLASSIFIED
UNCLASSIFIED
General Approach Emphasize Cyber Knowledge-Driven System Constructs and
Cyber Knowledge Management in Development/Refinement of CONOPS, Operational/Info Architecture, and Top Level Requirements Employ Rigorous System Modeling Methodology (e.g. SysML)
Develop Specific Requirements for Cyber Knowledge Management
Develop Initial Working Ontology for Cyberspace and Cyber Ops
Develop/Deploy/Employ Cyber Ops Info Architecture
Apply Concepts and Capabilities Associated with Government Owned SAVANT Developed by NASIC and NGMS (Dayton, Ohio)
Deployed at NASIC; SAVANT Deploying at ONI
Provide the Core Features Required for Cyber Ops KM
SAVANT Is Imminently Extensible Via Ontology Driven CONOPS
SAVANT May Be Only System of Its Kind Operating in the DOD and/or IC!
19
UNCLASSIFIED
UNCLASSIFIED
General Approach (cont) Plan, Execute a Series of Prototype Spirals Which Apply SAVANT
or SAVANT-like Concepts and Capabilities to Parts of the Cyber Ops Mission
Operational Architecture, Working Ontology, and Cyber Knowledge base Are Enhanced and Refined
Plan, Execute Increments of Operational Cyber Knowledge Management Capability in Concert with Related Cyber Ops Developments/Deployments
Interact with Intel Elements to Enhance and Refine the Working Ontology of Cyberspace/Ops and Its Instantiations Via Associated Threat Assessments
20
UNCLASSIFIED
UNCLASSIFIED
Key Conclusions Cyber Control System Must Be Propelled by Requisite and Properly
Managed Knowledge and Semantics of Cyberspace and Cyber Ops
The Requisite Cyber Knowledge Must Be Very Conducive to Machine to Machine Operations and There For Must Be Highly Structured and Tagged
The Requisite Cyber Knowledge Must Be Appropriately Accessible to Players at Different Security Levels and There For Have Attribute Value Level Labeling
The Cyber Knowledge Base Must Drive Cyber Control System Configuration and Operations and There For Include Requisite Conceptual Models and Semantics
The Cyber Control System Must Provide for Rapid Generation of Cyber Knowledge Base Driven Dynamic Products
The NG Developed SAVANT Concepts and Capabilities Serve As an Excellent Point of Departure for the Development of the Requisite Cyber Control System Knowledge Management Capability
21