Resilient command and control infrastructures for cyber operations

Abstract

The concept of command and control (C2) is generally associated with the exercise of authority, direction and coordination of assets and capabilities. Traditionally, the concept has encompassed important operational functions such as the establishment of intent, allocation of roles and responsibilities, definition of rules and constraints, and the monitoring and estimation of system state, situation, and progress. More recently, the notion of C2 has been extended beyond military applications to include cyber operation environments and assets. Unfortunately this evolution has enjoyed faster progress and adoption on the offensive, rather than defensive side of cyber operations. One example is the adoption of advanced peer-to-peer C2 infrastructures for the control of malicious botnets and coordinated attacks, which have successfully yielded very effective and resilient control infrastructures in many instances. Defensive C2 is normally associated with a system's ability to monitor, interpret, reason, and respond to cyber events, often through advanced human-machine interfaces, or automated actions. For defensive operations, the concept is gradually evolving and gaining momentum. Recent research activities in this area are now showing great potential to enable truly resilient cyber defense infrastructures. In this talk I will introduce some of the motivations, requirements, and challenges associated with the design of distributed command and control infrastructures for cyber operations. The talk will primarily focus on the resilience aspects of distributed C2, and will cover a brief overview of the prior research in the field, as well as discussions on some of the current and future challenges in this important research domain.