Hacking Book | Free Online Hacking Learning

Home

development trend of shooting range ⑧ ncrc

Posted by patinella at 2020-02-28
all

National cyberspace range complex (NCRC)

1、 NCRC background

U.S. Army program simulation, training, and instrumentation Executive Office (PEO Stri is seeking market research to assist in the development of a multi-year acquisition strategy for the national cyberspace range complex (NCRC) event planning and combat support contract to support the TRMC mission to provide a more realistic cybersecurity environment to support cybersecurity testing and evaluation (T) for major DOD procurement programs & E) for the Department of defense network mission force (CMF). This market research work is separate from the work on function development and contract supporting continuous network training environment (PCTE). At present, the national cyberspace range complex (NCRC) in the United States is similar to PCTE and has entered the stage of contract technical proposal solicitation.

The national cyberspace range complex (NCRC) will provide the ability to compare real-world cybersecurity testing and evaluation (T & E) to major DoD acquisition programs, and provide comparable real-world training and certification activities to the DOD network mission force (CMF), with a major focus on supporting large, complex teams and collective training. The current national cyberspace range (NCR) is located in Lockheed Martin's training and mission systems center [mission systems and training business group] in Orlando, Florida. It is mainly managed by TRMC. At present, NCR consists of four key elements: hardware facilities, packaging architecture and operation process, integrated network services Tool suite and network test team [NCR is covered in the above article]. The national cyberspace range (NCR) is recognized by the Defense Intelligence Agency (DIA) for its network isolation security level. It can provide an efficient and secure network security testing and training infrastructure, and its operation level can reach the top secret / sensitive isolation information (TS / SCI) level. With the latest network isolation capabilities, the national cyberspace range (NCR) can perform up to eight separate combinations of network security test and evaluation (T & E) and training events for the Department of Defense (DoD) network mission force (CMF) simultaneously at different classification levels.

In 2016, in order to meet the growing demand for training and certification for network security testing and evaluation (T & E) and the Department of Defense (DoD) network task force (CMF), the U.S. test resource management center (TRMC) went through an NCRC program to improve the national cyberspace range (NCR) of the United States by creating an interconnection complex of facilities similar to the national cyberspace range (NCR) )The capacity of this program is called NCRC. These new cyberspace ranges are located in the following pre selected locations: Charleston, South Carolina, Patuxent River, Maryland, and egelin air force base, Florida. At present, the national cyberspace range (NCR) facilities in these three locations are still under development:

Figure 82 NCRC new site with services under development

Currently, three NCRC instance sites based on TRMC have not been completed. Therefore, in the market research and master planning of NCRC, the above three NCR facilities under construction are planned as new sites of NCRC. In other words, the national cyberspace range complex (NCRC) of the United States now has four nodes similar to the facilities of the national cyberspace range (NCR). In a word, TRMC has implemented an NCRC plan and built three NCR instance image sites in order to expand the NCR capability. Why should TRMC continue to build more NCR sites and form NCRC infrastructure interconnection cluster? From my understanding, according to the NCR ten-year summary of Lockheed Martin company, NCR has carried out about 400 safety testing and training events since 2014, and the time cycle of each event is about 1-2 weeks. Based on the resource expansion of three mirror instance sites expanded by NCR, the four interconnected sites composed of NCR will provide the DOD with the ability to conduct more than 500 network T & E and training activities every year. Extensions and capabilities are used to support increasingly frequent testing and training activities.

So what's the difference between TRMC's NCRC program and the U.S. Army's program simulation, training, and instrumentation Executive Office (PEO stri) NCRC EPOS program? We can understand that the NCRC plan of TRMC is used for the design and construction of NCR actual facilities, while the NCRC EPOS plan of U.S. Army program simulation, training and instrumentation Executive Office (PEO stri) is used for the network event planning and operation support of government controlled NCRC facilities at selected locations. At present, the NCRC program of TRMC has been implemented and is under intensive development, while the NCRC EPOS program of the US Army program simulation, training and instrumentation Executive Office (PEO stri) is still in the stage of market research.

According to the contract information of NCRC, the mission of NCRC is to improve the adaptability and lethality of American cyber soldiers in the battlefield of cyber competition by providing a representative and operable cyberspace environment for cyber security test and evaluation (T & E), training and mission exercise. The national cyberspace range complex (NCRC) team will support the Department of Defense (DoD) procurement program in planning and implementing various cybersecurity activities throughout its life cycle, including science and technology experiments, architecture assessments, security control assessments, vulnerability and penetration assessments, and adversary assessments. In addition, the national cyberspace range complex (NCRC) supports training, certification, and mission rehearsal requirements for the cyber mission force (CMF). Therefore, to sum up, NCR needs to adapt to the changes of US military tasks in the new era, and constantly develop new resources, tools and capacity to meet the needs of US military in the new era.

In addition, the national cyberspace shooting range complex (NCRC) of the United States not only carries out interconnection and interoperability between shooting ranges in terms of resource capacity, but also focuses on the operation mode planning and life cycle management of the NCRC. From the perspective of ten years of NCR practice in the U.S. military, skilled security experts and engineers are required for the planning, design, engineering implementation, implementation management and basis of network events in the environment simulating its specific computing, network and information system infrastructure for research, development and testing, as well as training exercises in the U.S. range test infrastructure Infrastructure maintenance, etc. Therefore, the NCRC EPOS program of the U.S. Army program simulation, training, and instrumentation Executive Office (PEO stri) aims to study the personnel and teams needed to solve the network event planning, design, engineering implementation, execution management, and infrastructure maintenance of large number of testing and evaluation and training activities in the shooting range. In order to solve the personnel problem, PEO stri launched a contract for NCRC operation support: event planning, operation and support contract for NCRC. The contract work for event planning, operation and support of NCRC is for network event planning and operation support at government controlled NCRC facilities in selected locations. It is not used for the design and construction of physical facilities, nor for the design and construction of core NCRC infrastructure capabilities.

NCRC EPOS is currently in the pre tender market research stage. (the expected draft of the RFP was issued in the first quarter of fy19 and the final RFP was issued in the third quarter of fy19.). In order to support the NCRC project, TRMC established a special NCRC supervision and management team to be responsible for all aspects of NCRC integrated enterprise solutions to support the network security testing and training requirements of the U.S. Department of Defense (DoD), including multiple cyberspace shooting ranges, distributed infrastructure and multidisciplinary team personnel to help successfully plan and implement its activities. The implementation of multiple cyberspace shooting ranges is to establish the agent executive office of each cyberspace shooting range to be responsible for promoting the integration and docking with each cyberspace shooting range. The distributed infrastructure is supported by the existing joint mission environment test capability (jmetc) plan of TRMC. At present, the joint mission environment test capability (jmetc) of distributed network infrastructure, which is the responsibility of TRMC in the United States, connects more than 140 laboratories and test facilities in the United States to support interoperability and network security test and training events of the United States Department of Defense (DoD).

2、 NCRC plan and site conditions

Therefore, NCRC plan should be divided into two stages and two implementation subjects to understand and treat. From the perspective of NCRC plan implemented by TRMC, the contract construction of national cyberspace range complex (NCRC) in the United States will include a complete and interoperable cyberspace range facility group, aiming at planning and implementing large-scale and complex distributed network security testing and evaluation (T & E) and network mission force (CMF) training events. From the background, the NCRC plan implemented by TRMC is mainly to support the U.S. military's planned network T & E infrastructure (CT & EI) plan. Based on the implementation of large-scale and complex distributed network security testing and evaluation (T & E), it is called network T & E infrastructure (CT & EI), as shown in the figure below. The current U.S. military planned network T & E infrastructure (CT & EI):

Figure 83 U.S. network T & E infrastructure (CT & EI) ov-1a

The U.S. military network T & E infrastructure (CT & EI) is integrated by the existing ICT tested network test functional facilities with the real world such as the control system and weapon system of the physical world and the representation form of C2 system (such as HWIL facilities, SIL and SWIL). These facilities are interconnected and interoperated through the network, from These systems can be tested in real environments, including networks and interoperability. As the control and integration core of the U.S. network T & E infrastructure (CT & EI), the cyberspace shooting range needs to accommodate a variety of test resources and facilities and equipment in the United States, so it needs more resource capacity and specific tools. Considering the comprehensive utilization of the old, the U.S. military first integrated the existing DOD cyberspace shooting range based on interconnection and interoperability to form a U.S. cyberspace T & E infrastructure (CT & EI) based on the Existing Cyberspace shooting range, as shown in the following figure:

Figure 84 network T & E infrastructure (CT & EI) based on Existing Cyberspace range set as the core

The U.S. network T & E infrastructure (CT & EI) is based on a large-scale and complex distributed network security test and evaluation (T & E) implemented in the 2015 biennial comprehensive plan. Develop a two-year comprehensive plan for network testing based on the 2015 NDAA requirements execution test (EA), which includes:

Maintain a comprehensive list of test functions (DoD and non DoD)

Organize and manage specified test functions

Define a schema that will:

Confirm investment in all DOD network (test) ranges

Generate requirements and standards to implement the architecture.

 

Figure 85 text of comprehensive plan document

After the implementation of the comprehensive plan in 2015-2017, an opportunity to start the network test range demand generation process is provided by identifying the initial set of gaps and priorities of the cyberspace range. Through RAND research and the verification of ctrrwg by service and organization, a series of integration work of cyberspace range is completed. Its progress is shown in the schedule:

Figure 86 US network test range integration schedule based on test and evaluation work

The 2019 Bi annual comprehensive plan also increases the demand for network T & E infrastructure (CT & EI) capabilities. According to these requirements, TRMC, as the test resource management center, needs to solve these test requirements. Therefore, the problems that NCRC needs to solve are quite clear. NCRC focuses on providing large-scale, complex and distributed network test resources, and NCRC EPOS focuses on comprehensive event planning, operation and technical support for the network test resources provided by NCRC in the form of services. That is to say, there is little gap between NCR and current management and operation system. The former NCR was built and operated by Lockheed Martin company and managed by TRMC. The EPOS contractor of NCRC will not have the planning and construction authority of NCR node, but has the operation service authority. Compared with PCTE, NCRC focuses on providing large-scale, complex and distributed network testing resources, while PCTE focuses on providing "script free" network training resources for large-scale, complex and distributed implementation. As a training resource, NCRC is also part of PCTE training resource plan.

The construction stage of NCRC new site includes:

Facility preparation

NCRC core infrastructure installation

NCRC team building and training

Initial operational capability

Full operational capability

At present, the NCRC expansion site under construction is under intensive construction. In terms of the construction stage of the new NCRC site, all the three core expansion NCRC sites have installed the core infrastructure of NCRC, and now it has entered the NCRC team construction and training stage. Therefore, the NCRC EPOS plan issued by the U.S. Army will recruit operation service contractors for the NCRC expansion phase.

Figure 87 NCRC extension site

From an architectural point of view, the Orlando NCR site will use the same technical architecture and tools as other NCRC sites. All sites will have similar technical design, hardware and software installation and certification of these sites will be completed through a separate contract. The U.S. government does not seek new solutions as part of the NCRC EOPs contract; however, as time goes by and NCRC EOPs contractors become proficient in the functions provided, NCRC will hold forums to share innovative ideas and new technologies, including the acceptance of changes in the technical architecture of NCRC sites. In addition, since the NCR site in Orlando has been established for 10 years, the virtual cloud computing and big data are not mature 10 years ago, because the construction plan of NCRC also includes the modernization and upgrading of the NCR site in Orlando, including the use of cloud computing and big data technology for task preparation and task deduction. In addition, the new NCRC will also be interconnected with other shooting ranges, and the US cyberspace shooting range interoperability standards are still being defined and developed. NCRC can use the existing distributed infrastructure to interoperate with other cyberspace ranges (such as cyber secure range CSR) as needed to support customer needs.

The national cyberspace range complex (NCRC) of the United States is composed of cyberspace range and secure distributed network infrastructure, which can provide services for the user community of cyberspace range. NCRC currently includes five functional cyberspace ranges, including the national cyberspace range in Florida and four regional service delivery points (RSDP) in Hawaii, Alabama, Maryland and Massachusetts. To enhance DoD's network ranging and training capabilities, NCRC is expanding other network ranging deployments with major service organizations to support increased network testing of DoD systems and training of cyber warriors. Jmetc multi independent security level (mils) network (jmn) currently links 58 sites in the Department of defense, industry, and academia, providing secure access between cyberspace ranges, laboratories, and facilities. Both the cyberspace range and the network infrastructure are certified to support multiple levels of security classification, which are specifically configured to meet specific network event requirements. The investment of NCRC has been adjusted to support national defense strategy to improve network defense, network flexibility and continuous integration of network capabilities into all aspects of military operations.

NCRC conducts cyberspace testing and training activities for all DOD customers, including research, development, acquisition, testing, training, and operational network mission forces (CMFs). NCRC performs various types of events, including S & T demonstrations, DT & E, OT & E, security control assessments, cyberspace operations training, development of cyberspace strategies, technology and procedures (TTP), forensics / malware analysis, and cyberspace combat mission rehearsals. NCRC enables the network space strategy, technology and program (TTP) to conduct network security testing and evaluation in an operational cyberspace environment, so as to identify, confirm and mitigate vulnerabilities. NCRC also supports CMF training, mission rehearsal, and certification to support U.S. cyber command by enabling combat forces to effectively assess cyber capabilities in a real joint mission environment.

NCRC also promotes the integration of distributed organizations with different tasks and personnel related to network operation (such as network operators, penetration testers, network assessors, network observers, network analysts, etc.). NCRC supports the network activities of various DOD systems, including weapon platforms, C4I systems, business systems, network devices and other systems vulnerable to network attacks. NCRC widely uses automation to minimize human errors, reduce the time required to set up network events, and ensure repeatable results. In addition, NCRC uses post event disinfection technology for all assets after being exposed to malicious code to restore them to a known clean state, so that they can be reused in future events.

From the perspective of task testing and training, the new NCRC facility complex will include the testing activities of the five eye alliance led by the United States, and there will be no charge for the testing activities and training of the partners of the five eye alliance. NCRC supports hundreds of network events, providing network security T & E support for large defense procurement plan (mdap), large automated information system (MAIS) procurement plan and small procurement plan. NCRC supports network testing of systems and subsystems related to manned and unmanned aircraft, surface ships, command and control systems, data management platforms, weapon platforms, satellites, radar and missile defense systems. NCRC supports the service network mission force (CMF) through training, certification, mission rehearsal, and TTP development focus activities. NCRC will also support many DOD organized network activities, including the U.S. network command; the J-7 joint staff; the director of operational testing and evaluation (dot & E); the director of development testing and evaluation (DT & E); and the army PEO command control communications tactics (PEO C3t); Naval Air Systems Command (navair); space and Naval Combat Systems Command (SPAWAR); naval Systems Command; PEO ship; air force space and missile command; Army intelligence and information operations; Naval Intelligence; Marine Corps Tactical systems support activities; Army Communications and electronics research, development and Engineering Command (CERDEC).

After the completion of the construction of four existing NCRC stations, the U.S. military will build more NCRC stations as the case may be.

In 2019, NCRC will continue its activities on the following tasks:

-NCRC will continue to operate to support the growing procurement program cybersecurity T & E requirements.

-NCRC will continue to provide "network desktop" support for the acquisition program to help assess and resolve network security issues early in development.

-NCRC will continue to support U.S. cyber command, joint staff, and other training and certification activities through the development of representative blue, red, and gray environments.

-NCRC will continue to support dot & E network assessment.

-NCRC will continue to support U.S. cyber command network activities.

-NCRC will continue to expand its testing of industrial control systems and avionics test beds.

-NCRC will support the T & E and training requirements of the network by establishing more network shooting ranges to improve its capabilities.

-NCRC will conduct engineering activities to plan a technical update of the upcoming end of life and end of service computing assets.

-NCRC will work closely with the execution agents of the network test range and the network training range to continue to assess the requirements of the cyberspace range to establish priority cyberspace range functions and capabilities to meet the needs of the identified RDT & E community and CMF.

-NCRC will continue to conduct capability analysis to determine the requirements and standard network competitive environment required to integrate these network test facilities with existing acquisition system hardware in the loop, software in the loop and system integration laboratory to test the system in practice.

-NCRC will continue to expand jmn connectivity as needed to provide access to network range resources.

3、 NCRC EPOS plan and operation contracting

According to the NCRC EPOS plan implemented by the U.S. Army, it is planned to issue the RFP in the first quarter of fy19. In addition, the U.S. Army aims to issue the final RFP in the third quarter of fy19f. However, the time has been obviously delayed. The final version of RFP may not be released until next year.

The NCRC EPOS program provides that the NCRC EPOS contractor will be responsible for the operation and maintenance of the NCRC site, including hardware (HW), software (SW), computing and storage systems provided by the government for planning, designing, and performing test and evaluation (T & E) and training activities. That is to say, the role of NCRC EPOS contractor is the same as Lockheed Martin of existing NCR. The difference is that NCRC facilities will not be stored in NCRC EPOS contractor's operation center, but will be set up as a U.S. government control facility center. The NCRC EPOS contractor is required to set up an operation center at the site site of NCRC for operation. The operations center will be responsible for the shutdown / start-up of the NCRC site in accordance with the relevant Iaw site standard operating procedures (SOPs) and the operational continuity plan (coop) and disaster recovery (DR) plans.

At the personnel level, the NCRC EPOS plan will clarify the high-level NCRC organizational structure and draft roles and responsibilities, and more specific event support requirements will be part of the final RFP. The specific personnel structure and quantity are determined by the contractor, because the individual's innovation ability and maturity will be different. Initial staffing levels are expected to increase over time based on customer needs and contractor performance. Operators provided by NCRC EPOS contractors need to be trained, certified and authorized, which is mainly the responsibility of U.S. network command. Netcom will conduct targeted training and certification for operators provided by NCRC EPOS contractors. The purpose of doing this is that the sites provided by NCRC are the same as NCR, with the highest level of confidentiality test environment. These test environments and activities are classified, so the authentication and authorization of personnel is very important.

NCRC staff will have an interdisciplinary staff team with professional knowledge in software, system, network, virtualization, automation, system management and network security topics. In order to support the successful planning and execution of managed events, NCRC employees can help users define and improve their event objectives, assist in identifying potential vulnerabilities and priorities, design a virtualized network environment, develop customized traffic generation and detection solutions, integrate third-party hardware and software, execute network events on behalf of users, provide cooperative vulnerability and penetration assessment, and perform detailed Network analysis and provide a detailed report on the results. In addition, NCRC employees support network test range execution agents and network training range execution agents to identify and address relevant requirements, define and publish standards, and improve efficiency through targeted investment.

Finally, through the establishment of personnel team, we can provide services for the support level defined by customers:

Figure 88 customer defined support levels

In addition, in the capacity of NCRC EPOS contractors, the standardization of testable non IP and non x86 entities' access to cyberspace shooting range should be paid attention to, tested, designed and verified, and put forward practical plans. More and more such situations will occur in the future. At present, NCR has incorporated non IP assets (such as MIL-STD-1553 compliant devices) into the national cyberspace range (NCR) for testing. Other physical resources and other systems and functions can also be remotely included in the event environment by using jmn or other recognized distributed infrastructure (such as joint information operations range (jior)).

Configuration management is an established goal in an environment, consisting of multiple security levels. The current NCR site in Orlando, Florida is based on Lockheed Martin's own built configuration management plan, which describes how to configure and manage the range infrastructure to support the need to host events running at multiple security levels simultaneously. It is expected that the NCRC EPOS contractor will submit an NCR site configuration management plan to support the configuration management objectives of the range.

NCRC EPOS contractors will need to be able to reuse, create, design, build, modify, and maintain virtual and physical instances of systems and components based on current customer needs and potential future reuse. This includes the need to be able to build, modify, or maintain hardware systems such as the Internet of things, new UAV technology types, or network devices.

Among them, TRMC cooperates with the U.S. Army program simulation, training, and instrumentation Executive Office (PEO stri), which is responsible for NCRC EPOS planning and implementation. Before transition to service, TRMC will make planning and load balancing decisions for NCRC enterprises. After the transition, it is expected that the scheduling will be mainly completed by the site, and TRMC will continue to play the role of coordination, scheduling and load balancing in the whole NCRC. The specific roles and responsibilities after the transition are still to be determined.

In addition, it should be noted that the NCRC EPOS contractor at the U.S. local site will coordinate the event with the TRMC with the support of its local government leadership. That is to say, the local government has certain NCRC site management rights. EPOS, as a government mechanism, will use the industry's highly skilled personnel team to carry out the following activities:

Event planning

Event Engineering

Event execution

Event analysis and reporting

Range maintenance and support activities

Innovation Committee

TRMC is working with services to enhance existing capabilities to meet the growing DOD network T & E, training, and mission rehearsal requirements. The final state of DoD's network capacity building will be the U.S. cyberspace range complex (NCRC), which can interoperate seamlessly with HWIL, SIL, ISTF and oar facilities. Finally, the network test resources which can be configured quickly, distributed, flexible and expandable are realized. The capabilities of the U.S. cyberspace range complex (NCRC) will also evolve in response to evolving DOD requirements.