mitre p.1 army battle command system overview 13 march 2002 marie collins [email protected]...
TRANSCRIPT
P.1
MITREMITRE
Army Battle Command SystemOverview
13 March 2002Marie Collins
732-389-5691
Pete Dugan
732-389-6701
P.2
MITREMITRE
Background: Digitization
“Digitization will enable the Army of the 21st Century to win the information war and provide deciders, shooters, and supporters
the information each needs to make the vital decisions necessary to overwhelm and
overcome their adversary and win the overall campaign.”
Major General Joe Rigby
Commander’s Intent and AssessmentSituation Awareness
Directives
Intelligence. and Engagement Data Combat Service Support
II
II
XX
XX
IIIII
X
X
IIII
II
X II
X
II
P.3
MITREMITRE
Tactical Internet Communications
Lower Echelon Communications• Much lower bandwidth limits traffic to
JVMF (bit oriented) messages
• Primarily broadcast/multicast communicationsbetween vehicles
• Much greater mobility required
Upper Echelon Communications
• Much greater bandwidth required forABCS, VTC, collaborative planning, ...
• Primarily point-point communications between TOCs
DIV TOC
BN TOC
BN TOC
BDE TOC
BDE TOCBN TOC
BDE TOC
EPLRS
SIP
NTDR
MSE ATM
Based on the standards and architecture used in the InternetBased on the standards and architecture used in the Internet
Router-based architecture
P.4
MITREMITRE
The Army Battle Command System
P.5
MITREMITRE
BAS BAS
BASBAS
BASPeer-2-Peer Model:Everyone is a server
Peer-2-Peer Model:Everyone is a server
BAS
BASBAS
BAS
Centralized Model: TOC server provides
common services
Centralized Model: TOC server provides
common services
ABCS 6.2 ABCS 7.0
Common Svcs
Common Svcs
Common Svcs
Common Svcs
Common Svcs
TOC Server
BAS
BAS
BAS
BAS
BAS
Component Model: TOC server hosts
the BAS Components
Component Model: TOC server hosts
the BAS Components
ABCS 8.0
TOC Server BA
BA
BA
BA
Integrated Model:
Server hosts integrated
BAS Systems
Integrated Model:
Server hosts integrated
BAS Systems
ABCS 9.0 (FCS)
Server
BA
Light ClientLight Client
Light Client
Light Client Light Client
Light Client
Light Client
Light Client
Inter-TOC
Network
Inter-TOC
Network
Inter-TOC
Network
Inter-TOC
Network
ABCS: Past, Present, and Future
P.6
MITREMITRE
MCS Overview
MISSION: MCS is the Army Battle Command System's (ABCS) Functional Subsystem that directly supports the combined arms force commander and staff by providing automated support for planning, coordinating, controlling and using maneuver functional area assets and tasks. The System coordinates and synchronizes the supporting arms in the conduct of operational planning, field operations and training.
JOINT CHIEFS &DEFENSE
DEPARTMENT
GCCS
ARMYARMY
THEATER OF OPERATIONS
XXXXXXXX
JTFJTF
XXXX
CJTFCJTF
files dBdB dB dB
dB dBdB
files
dBfiles
dBfiles
files
files
filesfiles
files
dBfiles
GCCS-A
ASAS CSSCS
AMDWS AFATDS
GCCS-A
MCS
FBCB2
ATCCS
OTHER SERVICES/SYSTEMS
OTHER SERVICES/SYSTEMS
• Create and manage the Common Tactical Picture • Enhance and shorten the decision-making cycle across
the operational continuum• Respond to the Commander’s Critical Information
Requirements (CCIRs)• Supervise execution of operations• Integrate information from other ABCS, joint and
combined systems • Enhance planning operations and the OPORD process• Operate in the tactical and garrison environments
P.7
MITREMITRE
MCS Hardware
• CHS-2 HCU or VCU• 333 or 440 MHz CPU• Removable SCSI 18GB
(HCU), 14 GB (VCU) or larger hard disk
• 256 MB RAM• Solaris 7.0• SUN PCI Card• MCS-Light compatible
software
• 333 MHz CPU or better laptop computer
• 750 MB free hard-drive space
• 128 MB RAM
• Windows NT 4 or Windows 2000
• Office 97 or 2000
• Internet Explorer 5.0 or higher
• Acrobat Reader 3.0 or higher
MCS-LightMCS-Heavy
P.8
MITREMITRE
MCS Functional Summary
• Acts as a gateway between Battle Command systems and Echelon Above Corps Systems– Mapping and routing between different architectures
• Common tactical picture (CTP)– Receive information from reporting platforms and manage the
common tactical picture– Manage Overlays from other functional overlays
• Enhance planning operations and the OPORD process– Provide an ability to see the plan in action– Overlays indicate planned positions
• Alerts to Commander’s Critical Information Requirements (CCIRs)– Commander’s track specific items– Alert operator when some condition occurs
• Provides the task organization– Organizes units to perform a mission
P.9
MITREMITRE
MCS Enhancements
• Common Object Request Broker Architecture (CORBA)– More use of CORBA internal to MCS
• Extensible Information Systems (XIS)– Data Source Interface (XML, SQL, etc to common format)
– Info-aware Java Bean
• Java Common Tactical Picture (J2EE)• Web services
– Symbology manager
– XML
• Informix Enterprise Replicator (IER)– Used to replicate the common database across the network
P.10
MITREMITRE
MCS Security Functionality
• Security is not designed into MCS – Security is provided through use of IA tools (TCP
Wrappers, SPI, SWATCH) for MCS Heavy (UNIX) only– IA Tools as a security overlay – No mechanism for remote configuration or monitoring
of IA tools• Alerts remain on the local host
• Use of OS security guidance– UNIX configuration guidance is followed– Currently applying Windows 2000 security guidance
P.11
MITREMITRE
MCS Security Operations Suite
• TCP Wrapper: Prevents external intrusion via FTP, invalid CORBA clients, ‘cracking’ the network, etc.• Change Detection Tool: Verifies integrity of executable files and scripts by monitoring exact file size and date • Swatch: Monitors Log files for suspicious or invalid events• McAfee: Virus Scanner
P.12
MITREMITRE
MCS IA Issues/Challenges
• Currently no mechanism to enforce a security policy across MCS systems ( UNIX/NT)
• Data proponency/access control not addressed• Authentication of messages is critical
– Numerous challenges with use of PKI in tactical environment
• Alert analysis and response needs to be automated, and addressed to the host level to determine mission impact
P.13
MITREMITRE
FBCB2 Overview
The principal Digital Command and Control System for the Army at Brigade and Below.
Consists of ruggedized COTS Appliqué hardware consisting of a 500 MHZ Pentium computer with 128 MB RAM and a 4 Gbyte Hard disk and a USB port. No external media (CD or floppy disk) is included.
FBCB2 software provides Situational Awareness, C2 messaging and Battle Command tools. Integrated into most platforms at Brigade and below, as well as appropriate Division and Corps slices necessary to support Brigade operations.
Interconnects platforms through a communications infrastructure called the Tactical Internet, based on commercial IP and made up of existing EPLRS and SINCGARS radios and the INC router.
P.14
MITREMITRE
FBCB2 Enhancements
• Pure IP Networking– Challenge: Agents specific to radio nets
– Benefit: Network/Comms independence
• XML based message processing– Challenge: Bit oriented messages (JVMF)
– Benefit: Flexibility, format, open standards
• Database merge capability– Challenge: Databases take months to build
– Benefit: Capability to merge databases
• More platform independence– Solaris X86 currently
– Migrating to Linux possibly Windows
– Lynxs Real Time OS
P.15
MITREMITRE
CONUS
PDA
PDA
PDA
PDA
Sanctuary
IridiumMILSATCOM
WirelessLANWirelessLAN
Dismounts
P.16
MITREMITRE
FBCB2 Security Functions
• Most network protocols disabled– ftp– http
• Software security protection to prevent uncleared users from receiving secret data.
• Password protection• Investigating use of Biometrics• Remote disable
– Lockout– Zeroize
• Security extensions protocol to allow for use of digital signatures for security messages only ( remote disable)
• Security logs• Closed System
– No external media– No console windows
P.17
MITREMITRE
FBCB2 IA issues
– Network is secret, uncleared users are required to use the systems on the network
– Most systems are left unattended even though they should never be or run the risk of being overrun. Users have to be periodically re-authenticated.
• Tradeoff between authentication process/security and user frustration interaction without confining movement
– Use of Solaris X86 has limited the availability of add-on IA Tools
• Port to LINUX may offer more options
– Need authentication of all command and control messages
– Dismounted (PDA) Purge tools
• Flash memory
• Determine that it has been compromised
P.18
MITREMITRE
Questions??