P.1

MITREMITRE

Army Battle Command SystemOverview

13 March 2002Marie Collins

mcollins@mitre.org

732-389-5691

Pete Dugan

pdugan@mitre.org

732-389-6701

P.2

MITREMITRE

Background: Digitization

“Digitization will enable the Army of the 21st Century to win the information war and provide deciders, shooters, and supporters

the information each needs to make the vital decisions necessary to overwhelm and

overcome their adversary and win the overall campaign.”

Major General Joe Rigby

Commander’s Intent and AssessmentSituation Awareness

Directives

Intelligence. and Engagement Data Combat Service Support

II

II

XX

XX

IIIII

X

X

IIII

II

X II

X

II

P.3

MITREMITRE

Tactical Internet Communications

Lower Echelon Communications• Much lower bandwidth limits traffic to

JVMF (bit oriented) messages

• Primarily broadcast/multicast communicationsbetween vehicles

• Much greater mobility required

Upper Echelon Communications

• Much greater bandwidth required forABCS, VTC, collaborative planning, ...

• Primarily point-point communications between TOCs

DIV TOC

BN TOC

BN TOC

BDE TOC

BDE TOCBN TOC

BDE TOC

EPLRS

SIP

NTDR

MSE ATM

Based on the standards and architecture used in the InternetBased on the standards and architecture used in the Internet

Router-based architecture

P.4

MITREMITRE

The Army Battle Command System

P.5

MITREMITRE

BAS BAS

BASBAS

BASPeer-2-Peer Model:Everyone is a server

Peer-2-Peer Model:Everyone is a server

BAS

BASBAS

BAS

Centralized Model: TOC server provides

common services

Centralized Model: TOC server provides

common services

ABCS 6.2 ABCS 7.0

Common Svcs

Common Svcs

Common Svcs

Common Svcs

Common Svcs

TOC Server

BAS

BAS

BAS

BAS

BAS

Component Model: TOC server hosts

the BAS Components

Component Model: TOC server hosts

the BAS Components

ABCS 8.0

TOC Server BA

BA

BA

BA

Integrated Model:

Server hosts integrated

BAS Systems

Integrated Model:

Server hosts integrated

BAS Systems

ABCS 9.0 (FCS)

Server

BA

Light ClientLight Client

Light Client

Light Client Light Client

Light Client

Light Client

Light Client

Inter-TOC

Network

Inter-TOC

Network

Inter-TOC

Network

Inter-TOC

Network

ABCS: Past, Present, and Future

P.6

MITREMITRE

MCS Overview

MISSION: MCS is the Army Battle Command System's (ABCS) Functional Subsystem that directly supports the combined arms force commander and staff by providing automated support for planning, coordinating, controlling and using maneuver functional area assets and tasks. The System coordinates and synchronizes the supporting arms in the conduct of operational planning, field operations and training.

JOINT CHIEFS &DEFENSE

DEPARTMENT

GCCS

ARMYARMY

THEATER OF OPERATIONS

XXXXXXXX

JTFJTF

XXXX

CJTFCJTF

files dBdB dB dB

dB dBdB

files

dBfiles

dBfiles

files

files

filesfiles

files

dBfiles

GCCS-A

ASAS CSSCS

AMDWS AFATDS

GCCS-A

MCS

FBCB2

ATCCS

OTHER SERVICES/SYSTEMS

OTHER SERVICES/SYSTEMS

• Create and manage the Common Tactical Picture • Enhance and shorten the decision-making cycle across

the operational continuum• Respond to the Commander’s Critical Information

Requirements (CCIRs)• Supervise execution of operations• Integrate information from other ABCS, joint and

combined systems • Enhance planning operations and the OPORD process• Operate in the tactical and garrison environments

P.7

MITREMITRE

MCS Hardware

• CHS-2 HCU or VCU• 333 or 440 MHz CPU• Removable SCSI 18GB

(HCU), 14 GB (VCU) or larger hard disk

• 256 MB RAM• Solaris 7.0• SUN PCI Card• MCS-Light compatible

software

• 333 MHz CPU or better laptop computer

• 750 MB free hard-drive space

• 128 MB RAM

• Windows NT 4 or Windows 2000

• Office 97 or 2000

• Internet Explorer 5.0 or higher

• Acrobat Reader 3.0 or higher

MCS-LightMCS-Heavy

P.8

MITREMITRE

MCS Functional Summary

• Acts as a gateway between Battle Command systems and Echelon Above Corps Systems– Mapping and routing between different architectures

• Common tactical picture (CTP)– Receive information from reporting platforms and manage the

common tactical picture– Manage Overlays from other functional overlays

• Enhance planning operations and the OPORD process– Provide an ability to see the plan in action– Overlays indicate planned positions

• Alerts to Commander’s Critical Information Requirements (CCIRs)– Commander’s track specific items– Alert operator when some condition occurs

• Provides the task organization– Organizes units to perform a mission

P.9

MITREMITRE

MCS Enhancements

• Common Object Request Broker Architecture (CORBA)– More use of CORBA internal to MCS

• Extensible Information Systems (XIS)– Data Source Interface (XML, SQL, etc to common format)

– Info-aware Java Bean

• Java Common Tactical Picture (J2EE)• Web services

– Symbology manager

– XML

• Informix Enterprise Replicator (IER)– Used to replicate the common database across the network

P.10

MITREMITRE

MCS Security Functionality

• Security is not designed into MCS – Security is provided through use of IA tools (TCP

Wrappers, SPI, SWATCH) for MCS Heavy (UNIX) only– IA Tools as a security overlay – No mechanism for remote configuration or monitoring

of IA tools• Alerts remain on the local host

• Use of OS security guidance– UNIX configuration guidance is followed– Currently applying Windows 2000 security guidance

P.11

MITREMITRE

MCS Security Operations Suite

• TCP Wrapper: Prevents external intrusion via FTP, invalid CORBA clients, ‘cracking’ the network, etc.• Change Detection Tool: Verifies integrity of executable files and scripts by monitoring exact file size and date • Swatch: Monitors Log files for suspicious or invalid events• McAfee: Virus Scanner

P.12

MITREMITRE

MCS IA Issues/Challenges

• Currently no mechanism to enforce a security policy across MCS systems ( UNIX/NT)

• Data proponency/access control not addressed• Authentication of messages is critical

– Numerous challenges with use of PKI in tactical environment

• Alert analysis and response needs to be automated, and addressed to the host level to determine mission impact

P.13

MITREMITRE

FBCB2 Overview

The principal Digital Command and Control System for the Army at Brigade and Below.

Consists of ruggedized COTS Appliqué hardware consisting of a 500 MHZ Pentium computer with 128 MB RAM and a 4 Gbyte Hard disk and a USB port. No external media (CD or floppy disk) is included.

FBCB2 software provides Situational Awareness, C2 messaging and Battle Command tools. Integrated into most platforms at Brigade and below, as well as appropriate Division and Corps slices necessary to support Brigade operations.

Interconnects platforms through a communications infrastructure called the Tactical Internet, based on commercial IP and made up of existing EPLRS and SINCGARS radios and the INC router.

P.14

MITREMITRE

FBCB2 Enhancements

• Pure IP Networking– Challenge: Agents specific to radio nets

– Benefit: Network/Comms independence

• XML based message processing– Challenge: Bit oriented messages (JVMF)

– Benefit: Flexibility, format, open standards

• Database merge capability– Challenge: Databases take months to build

– Benefit: Capability to merge databases

• More platform independence– Solaris X86 currently

– Migrating to Linux possibly Windows

– Lynxs Real Time OS

P.15

MITREMITRE

CONUS

PDA

PDA

PDA

PDA

Sanctuary

IridiumMILSATCOM

WirelessLANWirelessLAN

Dismounts

P.16

MITREMITRE

FBCB2 Security Functions

• Most network protocols disabled– ftp– http

• Software security protection to prevent uncleared users from receiving secret data.

• Password protection• Investigating use of Biometrics• Remote disable

– Lockout– Zeroize

• Security extensions protocol to allow for use of digital signatures for security messages only ( remote disable)

• Security logs• Closed System

– No external media– No console windows

P.17

MITREMITRE

FBCB2 IA issues

– Network is secret, uncleared users are required to use the systems on the network

– Most systems are left unattended even though they should never be or run the risk of being overrun. Users have to be periodically re-authenticated.

• Tradeoff between authentication process/security and user frustration interaction without confining movement

– Use of Solaris X86 has limited the availability of add-on IA Tools

• Port to LINUX may offer more options

– Need authentication of all command and control messages

– Dismounted (PDA) Purge tools

• Flash memory

• Determine that it has been compromised

P.18

MITREMITRE

Questions??