concepts for knowledge management in the cyber control system (presented to

This Briefing is:UNCLASSIFIED

Aha! Analytics2278 Baldwin Drive

Phone: (937) 477-2983, FAX: (866) 450-3812

1

Concepts for

Knowledge Management in the

Cyber Control System

(presented to Major General William Lord, AFCyber Command

(provisional)18 Feb 2008

UNCLASSIFIED

UNCLASSIFIED 2

Contents

Purpose

Background

Vision/Objectives/Concepts

Approach

Key Conclusions

UNCLASSIFIED

UNCLASSIFIED 3

Purpose (of the Briefing)

To Communicate

Some

Core Concepts

for

Knowledge Management

in the

Cyber Control System

UNCLASSIFIED

UNCLASSIFIED 4

Background Advances in IT and Internet Technology

Growth of and Dependency on the Internet

Military Applications of Internet Technologies

Hacker Threat

Cyber Security

Information Dominance

Cyberspace, Cyber Ops, and Associated Doctrine Freedom of Operations in Cyberspace

Denial of Freedom to Operate in Cyberspace

UNCLASSIFIED

UNCLASSIFIED 5

Background (cont)

We Have Been Communicating Concerns About KM in the IC, Dod, and DHS in General and a Proposal on KM for Cyber Ops to AFCyber/CC in Particular

General Lord Has Resonated with Our Proposal

He Has Asked Us to Develop/Communicate to You Our Concerns, Concepts, and Proposed Way Ahead

UNCLASSIFIED

UNCLASSIFIED 6

What Is Cyberspace? A Civilian Definition:

cyberspace: The impression of space and community formed by computers, computer networks, and their users; the virtual "world" that Internet users inhabit when they are online.

The Military Definition:

cyberspace: a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures cyberspace; a physical domain within the electro-magnetic environment,

UNCLASSIFIED

UNCLASSIFIED 7

What Are Cyber Operations?

Cyber Operations Are Operations Carried Out in the Cyberspace Domain (per the military definition)

Three Categories of War-fighting Ops

Ensuring Operational Freedom of Action

Delivering Cross Domain Effects (Air, Space, Ground, Sea, and Cyber)

Supporting Civil Operations

UNCLASSIFIED

UNCLASSIFIED 8

Cyber Ops KM Concept Map

UNCLASSIFIED

UNCLASSIFIED 9

Cyber Control System Concept Map

UNCLASSIFIED

UNCLASSIFIED

Cyber Ops Givens

Cyberspace and Cyber Operations Are Very Complex!

Cyber Operations Will Be Highly Automated and No Doubt Involve All Manner of Event Driven Processes, Rule Selection/ Execution and Machine to Machine Operations and Data Flows

Cyber Operations Will Require Rapid Capture, Access, Acquisition, Transmission, and Sharing of Relevant, Complete, Precise, Structured, and Current Cyber Knowledge

Cyber Operations Will Require Very Robust, Systematic, and MLS Capable Management of Cyber Knowledge

10

UNCLASSIFIED

UNCLASSIFIED

What Does This Mean?Some Implications for Cyber Ops KM

Cyberspace Knowledge Required to Drive the Cyber Control System Must Have Requisite Scope and Depth of Content

Cyberspace Knowledge Must Provide for Requisite Complexity, Structure, and Detail, and Include Rich Content Meta-data

Cyberspace Knowledge Must Be “Info Product” or “Client Domain” Neutral and Highly Re-purposable

Cyberspace Knowledge Must Have Associated Classification and Other Meta-data at the Attribute Value Level

The Cyberspace Knowledge Mgt Capability Must Be Readily Extensible to New and Modified Data/Info Models

Cyberspace Knowledge Management Should Be and Probably Must Be Ontology Based/Driven by a Robust Federated Ontology for Cyberspace in the Context of Cyber Operations

11

UNCLASSIFIED

UNCLASSIFIED

Some Envisioning Envision US Cyber Ops Events, Processes, Flows, and Knowledge

Being Driven by a Federated Cyber Ops Ontology Which Serves As the Externalized Specification of What Constitutes Cyber Ops

Envision That Virtually Any Cyber “Entity” Than Can Be

Conceptually Modeled Can Be Represented in the Cyber Ontology and Hence Be Instantiated in the Cyber Knowledge Base

Envision That All Data, Info, Knowledge Is Logically Structured IAW the Ontology So That Automated Machine to Machine and Agent Based Info Sharing Is Facilitated

Envision That MLS Operations Are Made Possible Via Attribute Value Level Classification Meta-data

Envision That the Knowledge Repository Is Product Neutral and Highly Re-purposable So That JIT Cyber Products Can Be Spun Out Readily

12

UNCLASSIFIED

UNCLASSIFIED

Cyber Ops Learning and Control System

Features of Top Level CONOPS Double Loop Control System

Inner Execution Loop Has to Do With Executing the Control System in Its Current Configuration

Outer Configuration Loop Has to Do With Updating, Revising the Control System Configuration

Specified and Driven by Extensive/Intensive Knowledge of Cyberspace and CyberOps and Codified Externalized Semantics (Ontologies): Cyberspace and CyberOps

Capabilities

Structure

Behavior/Rules

Parametrics

Control System Behavior and Configuration Is Modified by Modifying the Cyber Knowledge and Semantics (Ontologies)

Semantics Are Modified IAW What Is Sensed and Analyzed

An Irony: The Cyber Control System Is Actually a Part of the Cyberspace That It Seeks to Monitor and Control!!!

13

UNCLASSIFIED

UNCLASSIFIED

Top Level Cyber Ops Architecture

14

CounterCyber Ops

Cross Domain

Ops

Support to Civil and Defense

Cyber Operations

Cyber Ops Knowledge Base

Federated Ontology of Cyber Space OpsCyber Semantics

Requisite Complexity, Structure, DetailRich Content Meta-data

MLS ReadyReadily Re-purposed Data, Info, Knowledge

Drives Agent Activity Drives Machine-to-Machine Processes

Drives Generation of JIT Dynamic Products

UNCLASSIFIED

UNCLASSIFIED

Cyber Learning & Control System

15

Process&

Analyze

Cyberspace

Deliver CyberEffects







DecideSense, Detect

&Collect

Analyze Cyberspace and CyberOps Events Develop, Update Cyber Ops Semantics(Ontologies, Processes, Rules, Facts)

Capture Cyber Knowledge

DiscoverGenerateDeliver

Dynamic

Cyber Ops Products

Cyber OpsInfo Consumer

Cyber Learning and Control System

UNCLASSIFIED

UNCLASSIFIED

SAVANT Features

KPS: Ontology Driven Capture/Mgt of Complex Structured Knowledge IAW Domain

Specific Information Models (Ontologies) Rich Content Meta-data At Hand (Inherent in Capture of the Info Model) Attribute Value Meta-data Including:

Security Classification Confidence Level Releasability

MLS Ready VPS:

Dev/Capture/Mgt of Static/Dynamic “Presentation Independent” Product Components and Meta-data

Dev/Capture/Mgt of Product Presentations (Applied to Product Components at Presentation Run Time)

MLS Ready VIPRE:

Mission Subject Domain Portlets KPS and VPS Meta-data Driven Product/Data Discovery, Access, Delivery MLS Ready

16

UNCLASSIFIED

UNCLASSIFIED

KPS/VPS/VIPRE Segments

17

KPS/VPS/VIPREKPS/VPS/VIPRE

VirtualProduction

System(VPS)

VirtualProduction

System(VPS)

KnowledgePre-positing

System (KPS)

KnowledgePre-positing

System (KPS)

Virtual Intel Product

Rendering Environs(VIPRE)

Virtual Intel Product

Rendering Environs(VIPRE)

Knowledge ObjectsProduct Components

& Layouts Portlets/Products

UNCLASSIFIED

UNCLASSIFIED 18

Process&

Analyze

Cyberspace

Deliver CyberEffects







DecideSense, Detect

&Collect

DiscoverGenerateDeliver

Dynamic

Cyber Ops Products(VIPRE)

Cyber OpsInfo Consumer

Cyber Learning and Control System

Process&

AnalyzeData

DevelopConceptual

Models&

Semantics(KPS)

CaptureCyber

Knowledge(KPS)

DevelopKnowledge

DrivenProduct

Components(VPS)

SAVANT Segments

KPSVPS

VIPRE

UNCLASSIFIED

UNCLASSIFIED

General Approach Emphasize Cyber Knowledge-Driven System Constructs and

Cyber Knowledge Management in Development/Refinement of CONOPS, Operational/Info Architecture, and Top Level Requirements Employ Rigorous System Modeling Methodology (e.g. SysML)

Develop Specific Requirements for Cyber Knowledge Management

Develop Initial Working Ontology for Cyberspace and Cyber Ops

Develop/Deploy/Employ Cyber Ops Info Architecture

Apply Concepts and Capabilities Associated with Government Owned SAVANT Developed by NASIC and NGMS (Dayton, Ohio)

Deployed at NASIC; SAVANT Deploying at ONI

Provide the Core Features Required for Cyber Ops KM

SAVANT Is Imminently Extensible Via Ontology Driven CONOPS

SAVANT May Be Only System of Its Kind Operating in the DOD and/or IC!

19

UNCLASSIFIED

UNCLASSIFIED

General Approach (cont) Plan, Execute a Series of Prototype Spirals Which Apply SAVANT

or SAVANT-like Concepts and Capabilities to Parts of the Cyber Ops Mission

Operational Architecture, Working Ontology, and Cyber Knowledge base Are Enhanced and Refined

Plan, Execute Increments of Operational Cyber Knowledge Management Capability in Concert with Related Cyber Ops Developments/Deployments

Interact with Intel Elements to Enhance and Refine the Working Ontology of Cyberspace/Ops and Its Instantiations Via Associated Threat Assessments

20

UNCLASSIFIED

UNCLASSIFIED

Key Conclusions Cyber Control System Must Be Propelled by Requisite and Properly

Managed Knowledge and Semantics of Cyberspace and Cyber Ops

The Requisite Cyber Knowledge Must Be Very Conducive to Machine to Machine Operations and There For Must Be Highly Structured and Tagged

The Requisite Cyber Knowledge Must Be Appropriately Accessible to Players at Different Security Levels and There For Have Attribute Value Level Labeling

The Cyber Knowledge Base Must Drive Cyber Control System Configuration and Operations and There For Include Requisite Conceptual Models and Semantics

The Cyber Control System Must Provide for Rapid Generation of Cyber Knowledge Base Driven Dynamic Products

The NG Developed SAVANT Concepts and Capabilities Serve As an Excellent Point of Departure for the Development of the Requisite Cyber Control System Knowledge Management Capability

21

concepts for knowledge management in the cyber control system (presented to

Documents