Cyber Maneuvering and Morphing – are Defense Networks On Course to ‘Self Awareness’?

Skynet poster
Skynet – Is the science fiction nightmare of self-aware network comes true?

Raytheon Company announced this week it is developing ‘cyber maneuvering’ techniques to thwart potential attackers in high-threat environments. Cyber maneuver is the technique of dynamically modifying aspects and configurations of networks, hosts and applications in a manner that is undetectable and unpredictable by an adversary but still manageable for network administrators.

The company is deveoping this new technique under a $3.1 million contract awarded by the U.S. Army’s Communications, Electronics, Research, Development and Engineering Center (CERDEC), supporting the Morphing Network Assets to Restrict Adversarial Reconnaissance (MORPHINATOR) initiative managed by CERDEC Space and Terrestrial Communications Directorate. MORPHINATOR is designed to be used in conjunction with other existing security devices to provide an active defense approach to information assurance. In other words, acting as ‘cyber countermeasure’ against enemy cyber reconnaissance actions.

Cyber maneuver is the technique of dynamically modifying aspects and configurations of networks, hosts and applications in a manner that is undetectable and unpredictable by an adversary but still manageable for network administrators. “The intent of cyber maneuver is to place computer network defense technology into a proactive state, thereby shifting the advantage away from the attacker,” said Jack Donnelly, director of Trusted Network Systems for Raytheon’s Network Centric Systems business. “By constantly changing the characteristics of the networks it resides on, MOPRHINATOR provides a more robust and trusted networking solution.

MORPHINATOR would provide an adaptive defense response that would thwart an intrusion attempt by randomly changing network settings while simultaneously allowing the network to operate normally for an authenticated user.

The system is not positioned as an alternative to traditional network defense systems, but offer an additional, ‘forward’ layer of security, employed in concert with existing security methodologies to enhance an system defenses in the event of an attack.

Xinming “Simon” Ou, associate professor of computing and information sciences at Kansas State University.

Another initiative is undergoing at the Kansas State University, where cybersecurity researchers are working under a US$1 million US Air Force contract to study an adaptive “moving-target defense” system to protect critical networks from attacks. Instead of malicious hackers or automated attackers needing to find only one security hole to exploit, a self-morphing computer network system that frequently removes whatever security privileges attackers may gain, would shift the security balance back to network administrators. Xinming “Simon” Ou and  Scott DeLoach, professor of computing and information sciences, are  currently researching moving-target defense.

According to the researchers, the new approach could “substantially increase the security of online data for universities, government departments, corporations and businesses — all of which have been the targets of large-scale cyberattacks.” The new concept may also help develop a fundamental change in how computer networks are hosted, Ou said.

Ou and DeLoach are looking into the viability of designs in which systems, after detecting an intrusion attempt, could autonomously respond by altering key configurations, essentially becoming self-defending networks. The study will also evaluate the feasibility and affordability of deploying such adaptive defense systems, particularly from a resource allocation perspective.

Theoretical studies on morphing and active networks have been underway for a decade, but only recently the US government is investing seed money to evaluate their application in the real world.

These studies are part of a broader ‘Moving Target‘ strategy launched by the Cybersecurity and Information Assurance (CSIA), under the Federal Cybersecurity R&D Strategic Plan outlined by the Federal Cybersecurity R&D Initiative (NITRD). The ‘Moving Target’ concept of operation enables the ‘cyber defenders’ to create, analyze, evaluate, and deploy mechanisms and strategies that continually shift and change over time, thus increasing complexity and cost for attackers, without affecting the protected network or its users. This strategy limits the exposure of vulnerabilities and opportunities for attack, and increasing system resiliency.

While cyber researchers are excited with the potential of morphing and adaptive networks, Computerworld Darleen Storm touches the subject with caution, reminding readers of the science fiction self-morphing, self-aware computer network – Skynet, created with the best of cybersecurity intentions to “remove the possibility of human error and slow reaction time to guarantee a fast, efficient response to enemy attack.” It did not blink, sleep or eat. One day, when the administrators realized this self-aware system could change its own configurations, could detect and defend all systems, the admins tried to deactivate it. Then all humans, not only online attackers, became the threat to be eliminated and destroyed. Hello, Skynet.