Breadcrumb

  1. Home
  2. Research
  3. Programs
  4. EdgeCT: Edge-Directed Cyber Technologies For Reliable Mission Communication

EdgeCT: Edge-Directed Cyber Technologies for Reliable Mission Communication

 

Program Summary

The United States military is heavily dependent on networked communication to fulfill its missions. The wide-area network (WAN) infrastructure that supports this communication is vulnerable to a wide range of failures and cyber attacks that can severely impair connectivity and mission effectiveness at critical junctures. Examples include inadvertent or malicious misconfiguration of network devices, hardware and software failures, extended delays in Internet Protocol (IP) route convergence, denial of service (DoS) flooding attacks, and a variety of control-plane and data-plane attacks resulting from malicious code embedded within network devices.

The objective of the EdgeCT program is to bolster the resilience of communication over IP networks solely by instantiating new capabilities in computing devices within user enclaves at the WAN edge. It is envisioned that EdgeCT systems will mitigate WAN failures and attacks on the fly, in a mission-aware fashion, by incorporating the following three technical components:

  • Real-time network analytics that extract useful information about WAN characteristics and events from enclave-based observation of packet flows into and out of the WAN.
  • Holistic decision systems that use knowledge gained from real-time network analytics, as well as configurable information concerning mission plans (including tasks, priorities and deadlines, if applicable) to determine actions that mitigate network events, in a fashion that best serves the mission as a whole.
  • Dynamically configurable protocol stacks that implement these decisions by modifying the manner in which information is handled at the network, transport and application layers of the five-layer protocol stack model of Internet operation.

EdgeCT systems and all of their functionality will be positioned solely within (cleartext) enclaves fronted by one or more in-line military encryption devices. These systems will have no ability to communicate directly with the WAN control or management planes or with the WAN administrator, and will have no knowledge of WAN architecture except for what EdgeCT systems can infer from edge-based observation of packet flows into and out of the WAN. EdgeCT system designs cannot require any changes to the WAN or to the encryption boundaries. Deployed EdgeCT systems may ultimately have to recognize and support robust communication for a variety of user applications including real-time streaming video, real-time audio, file transfer and situational awareness, among others.

Resources

Contact