Transcript TOC Server Architecture

MITRE
Army Battle Command System
Overview
13 March 2002
Marie Collins
[email protected]
732-389-5691
Pete Dugan
[email protected]
732-389-6701
P.1
Background: Digitization
MITRE
“Digitization will enable the Army of the
21st Century to win the information war and
provide deciders, shooters, and supporters
the information each needs to make the
vital decisions necessary to overwhelm and
overcome their adversary and win the
overall campaign.”
Major General Joe Rigby
Commander’s Intent
and Assessment
Situation Awareness
Directives
Intelligence. and
Engagement Data
Combat Service Support
XX
XX
III
II
II
II
X
X
II
X
II
II
II
II
X
P.2
Tactical Internet Communications
MITRE
BDE TOC
DIV TOC
Upper Echelon
Communications
• Much greater bandwidth required for
ABCS, VTC, collaborative planning, ...
• Primarily point-point communications
between TOCs
MSE ATM
BDE TOC
Router-based architecture
BN TOC
BDE TOC
NTDR
BN TOC
BN TOC
Lower Echelon Communications
EPLRS
SIP
• Much lower bandwidth limits traffic to
JVMF (bit oriented) messages
• Primarily broadcast/multicast communications
between vehicles
• Much greater mobility required
Based on the standards and architecture used in the Internet
P.3
The Army Battle Command System
MITRE
P.4
ABCS: Past, Present, and Future
MITRE
ABCS 6.2
Inter-TOC
ABCS 7.0
BAS
BAS
Common
Svcs
Common
Svcs
Network
BAS
Common
Svcs
Peer-2-Peer Model:
Everyone
is a server
Inter-TOC
Network
BAS
Light Client
Network
BAS
TOC
Server
BAS
BAS
Common
Svcs
BAS
Common
Svcs
ABCS 8.0
Inter-TOC
Inter-TOC
ABCS 9.0 (FCS)
Network
Server
TOC
Server
BAS
BAS
Light Client
Component Model:
TOC server hosts
the BAS
Components
Centralized Model:
TOC server provides
common services
Integrated
Model:
Server hosts
integrated
BAS Systems
BAS
BA
BAS
BA
BA
BAS
BAS
BA
BA
Light Client
Light Client
Light Client
Light Client
Light Client
Light Client
P.5
MCS Overview
MITRE
JOINT CHIEFS &
DEFENSE
DEPARTMENT
GCCS
files
dB
dB dB
dB
files
files
files
THEATER OF OPERATIONS
XXXX
XXXX
JTF
ARMY
XXXX
CJTF
MCS
ATCCS
ASAS
AMDWS
CSSCS
FBCB2
files
files
OTHER SERVICES/
SYSTEMS
GCCS-A
AFATDS
MISSION: MCS is the Army Battle Command
GCCS-A System's (ABCS) Functional Subsystem that
directly supports the combined arms force
commander and staff by providing automated
dB
dB
dB dB
support for planning, coordinating,
dB
dB
controlling and using maneuver functional
area assets and tasks. The System
coordinates and synchronizes the supporting
arms in the conduct of operational planning,
field operations and training.
files
files
files
files
• Create and manage the Common Tactical Picture
• Enhance and shorten the decision-making cycle
across the operational continuum
• Respond to the Commander’s Critical Information
Requirements (CCIRs)
• Supervise execution of operations
• Integrate information from other ABCS, joint and
combined systems
• Enhance planning operations and the OPORD
process
• Operate in the tactical and garrison environments
P.6
MCS Hardware
MITRE
MCS-Light
MCS-Heavy
• CHS-2 HCU or VCU
• 333 or 440 MHz CPU
• Removable SCSI 18GB
(HCU), 14 GB (VCU) or
larger hard disk
• 256 MB RAM
• Solaris 7.0
• SUN PCI Card
• MCS-Light compatible
software
•
•
•
•
•
•
•
333 MHz CPU or better laptop
computer
750 MB free hard-drive space
128 MB RAM
Windows NT 4 or Windows
2000
Office 97 or 2000
Internet Explorer 5.0 or higher
Acrobat Reader 3.0 or higher
P.7
MCS Functional Summary
MITRE
• Acts as a gateway between Battle Command systems and
Echelon Above Corps Systems
– Mapping and routing between different architectures
• Common tactical picture (CTP)
– Receive information from reporting platforms and manage the
common tactical picture
– Manage Overlays from other functional overlays
• Enhance planning operations and the OPORD process
– Provide an ability to see the plan in action
– Overlays indicate planned positions
• Alerts to Commander’s Critical Information Requirements
(CCIRs)
– Commander’s track specific items
– Alert operator when some condition occurs
• Provides the task organization
– Organizes units to perform a mission
P.8
MCS Enhancements
MITRE
• Common Object Request Broker Architecture (CORBA)
– More use of CORBA internal to MCS
• Extensible Information Systems (XIS)
– Data Source Interface (XML, SQL, etc to common format)
– Info-aware Java Bean
• Java Common Tactical Picture (J2EE)
• Web services
– Symbology manager
– XML
• Informix Enterprise Replicator (IER)
– Used to replicate the common database across the network
P.9
MCS Security Functionality
MITRE
• Security is not designed into MCS
– Security is provided through use of IA tools (TCP
Wrappers, SPI, SWATCH) for MCS Heavy (UNIX) only
– IA Tools as a security overlay
– No mechanism for remote configuration or monitoring
of IA tools
• Alerts remain on the local host
• Use of OS security guidance
– UNIX configuration guidance is followed
– Currently applying Windows 2000 security guidance
P.10
MCS Security Operations Suite
MITRE
• TCP Wrapper: Prevents external intrusion via FTP, invalid CORBA
clients, ‘cracking’ the network, etc.
• Change Detection Tool: Verifies integrity of executable files and
scripts by monitoring exact file size and date
• Swatch: Monitors Log files for suspicious or invalid events
• McAfee: Virus Scanner
P.11
MCS IA Issues/Challenges
MITRE
• Currently no mechanism to enforce a security
policy across MCS systems ( UNIX/NT)
• Data proponency/access control not addressed
• Authentication of messages is critical
– Numerous challenges with use of PKI in tactical
environment
• Alert analysis and response needs to be
automated, and addressed to the host level to
determine mission impact
P.12
FBCB2 Overview
MITRE
The principal Digital Command and Control
System for the Army at Brigade and Below.
Consists of ruggedized COTS Appliqué
hardware consisting of a 500 MHZ Pentium
computer with 128 MB RAM and a 4 Gbyte
Hard disk and a USB port. No external
media (CD or floppy disk) is included.
FBCB2 software provides Situational
Awareness, C2 messaging and Battle
Command tools. Integrated into most
platforms at Brigade and below, as well as
appropriate Division and Corps slices
necessary to support Brigade operations.
Interconnects platforms through a
communications infrastructure called the
Tactical Internet, based on commercial IP
and made up of existing EPLRS and
SINCGARS radios and the INC router.
P.13
FBCB2 Enhancements
MITRE
• Pure IP Networking
– Challenge: Agents specific to radio nets
– Benefit: Network/Comms independence
• XML based message processing
– Challenge: Bit oriented messages (JVMF)
– Benefit: Flexibility, format, open standards
• Database merge capability
– Challenge: Databases take months to build
– Benefit: Capability to merge databases
• More platform independence
– Solaris X86 currently
– Migrating to Linux possibly Windows
– Lynxs Real Time OS
P.14
Dismounts
Iridium
MILSATCOM
MITRE
Sanctuary
CONUS
PDA
PDA
Wireless
LAN
PDA
PDA
P.15
FBCB2 Security Functions
MITRE
• Most network protocols disabled
– ftp
– http
• Software security protection to prevent uncleared users
from receiving secret data.
• Password protection
• Investigating use of Biometrics
• Remote disable
– Lockout
– Zeroize
• Security extensions protocol to allow for use of digital
signatures for security messages only ( remote disable)
• Security logs
• Closed System
– No external media
– No console windows
P.16
FBCB2 IA issues
MITRE
– Network is secret, uncleared users are required to use the
systems on the network
– Most systems are left unattended even though they should
never be or run the risk of being overrun. Users have to be
periodically re-authenticated.
• Tradeoff between authentication process/security and user
frustration interaction without confining movement
– Use of Solaris X86 has limited the availability of add-on IA
Tools
• Port to LINUX may offer more options
– Need authentication of all command and control messages
– Dismounted (PDA) Purge tools
• Flash memory
• Determine that it has been compromised
P.17
MITRE
Questions??
P.18