Proactive Computer Network Defense and Information Assurance

Achieving cyberspace information superiority is mission-critical to the Department of the Navy. The current concept— “keep the adversary out”—has failed against sophisticated adversaries. The increasing complexity and quantity of malware, and the emergence of new technology and user risks, present a constant challenge. Unfortunately, the network defense tools and capabilities that currently address these threats are reactive and inflexible, focus on configuration management, and do not allow for a real-time response capability. These tools do not provide intelligent decision aids essential to combating the threat.

To close these gaps, this Office of Naval Research (ONR) CND/IA program will provide the warfighter with a comprehensive, holistic approach to computer network defense. It moves away from traditional concepts of patch management and computer resource management and mitigates real-time threats while ensuring continuity of essential operations and access to assured data during attacks.

The architecture being sought is predicated on providing capability at the lowest level up through the data processing level—including functions such as correlation and fusion that are required to provide decision support and near real-time network-based asset control with an “on-the-fly” engagement capability. The approach focuses on providing automated proactive capabilities that are based on near real-time decision support, as opposed to traditional operator-based “cyber slow” reactions and/or forensics based actions, to address cyber activities as they occur/unfold in the network.

The three critical system building blocks of this new architecture include next generation sensors and gateways, next generation security protocols and security management protocols and common operational security decision system.