Professional Documents
Culture Documents
C4ISR Cyber Security Final
C4ISR Cyber Security Final
net/publication/345142496
CITATIONS READS
3 848
5 authors, including:
Junaid Zubairi
State University of New York at Fredonia
67 PUBLICATIONS 380 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Junaid Zubairi on 29 October 2021.
ABSTRACT
C4ISR stands for Command, Control, Communications, Computers, Intelligence, Surveillance &
Reconnaissance. C4ISR systems are primarily used by organizations in the defense sector. However, they
are also increasingly being used by civil sector organizations such as railways, airports, oil and gas
exploration departments. The C4ISR system is a system of systems and it can also be termed as network
of networks and works on similar principles as the Internet. Hence it is vulnerable to similar attacks
called cyber attacks and warrants appropriate security measures to save it from these attacks or to recover
if the attacked succeeds. All of the measures put in place to achieve this are called cyber security of
C4ISR systems. This chapter gives an overview of C4ISR systems focusing on the perspective of cyber
security warranting information assurance.
Figure 7: A Concept of Integration of Applications, Services and Data Assets Using the GIG
Communication Infrastructure (NAP, 2006)
2.3 ISR
The purpose of ISR as part of C4ISR is initially to find, then to fix and, finally, to keep a track both friend
and foe forces. The damage assessment of a particular area or target belonging to friendly or enemy forces
is another aspect. During peace time Signal Intelligence (SIGINT) is carried out and enemy's sensors data
is analyzed. The same is then used in case of war. There are technologically advanced and powerful
space-based image intelligence (IMINT), signals intelligence (SIGINT) and measurement and signatures
intelligence (MASINT) collection systems. The data is to be effectively utilized in case of war. It is
essential that forces have access to data from these capabilities and that they are able to task the
capabilities. The situational picture is to great extent improved with the help of using sensors data from
UAVs (such as Global Hawk and Predator), new Multi-mission Maritime Aircrafts including MPAs
(Maritime Patrol Crafts) and AWACS such as E-2C aircraft and fixed land radars/sensors etc. The data is
transferred through links hence the security of data and its proper usability is a primary concern; as an
intruder may modify the data or deny the data resulting in denial of service (DoS).
2.4 C4ISR Architectures
Due to inherent complexity of C4ISR systems their design is based on formal standards specifying the
architectures. Architecture is the structure of components, their relationships, and the principles and
guidelines governing their design and evolution over time (US-DoD, 1995). Architecture is defined as the
fundamental organization of a system embodied in its components, their relationships to each other, and
to the environment, and the principles guiding its design and evolution (ISO/IEC, 2007). There are two
types of architectures. The Program Level or Solutions Architecture is the first and most traditional type.
This architecture has been required, defined, and supported by major US-DoD processes for solution,
evaluation, interoperability, and resource allocation. The second type of architecture is Enterprise
Architecture that provides a complete road-map that how and where the programs or the projects fit in the
organizations. Department of Defense Architecture Framework (DODAF) (US-DoD, 1997), (US-DoD,
2007) (US-DoD, 2009), Ministry of Defense Architecture Framework (MODAF)(MOD, 2005a), (MOD,
2005b) and NATO Architecture (NAF) (NATO, 2007) are landmarks in the development of C4I systems
or any other defense related information system.
The results of a study conducted using Analytic Hierarchy Process (AHP) proved that MODAF is leading
to DODAF in case of interoperability, governance, practice and adopt-ability wise. While DODAF is
leading to MODAF in case of scalability, tool support, taxonomy, process completeness, maturity and
partitioning wise. In case of NAF to MODAF and DODAF, the NAF has a secondary position. After
comparative analysis of results it has been found that MODAF is ranked as first, DODAF as second and
NAF as third in AHP assessment methodology (Alghamdi, 2009). However, MODAF and NAF have
been derived from DODAF being pioneer in enterprise architecture development. The evolution of
C4ISRAF to DoDAF is shown in Figure 8.
Figure 8: Evolution of DODAF
DoDAF does not prescribe any particular models, but instead concentrates on data as the necessary
ingredient for architecture development. DoDAF is the structure for organizing architecture concepts,
principles, assumptions, and terminology about operations and solutions into meaningful patterns to
satisfy specific DoD purposes. The US-DoD has taken lead and has taken necessary steps to cater the
advancement in the field of IT for modern warfare. NCW makes essential information available to
authenticated, authorized users when and where they need it to carryout Net-Centric Operations (NCO).
CONCLUSION
We have reviewed a broad spectrum of issues and technological trends in Cyber Security of C4ISR
systems. Our review is no doubt brief and can only serve to scratch the mere surface of this vast area. As
penetration of information technology and its various components into military systems continues at an
unrelenting pace, Cyber Security of these systems will continue to provide challenging research problems.
Our review shall serve to provide the interested researcher some grasp of the possibilities in this area.
The discussion in this chapter has also highlighted how today’s global economy has prompted militaries
and other resource managers to seek low-cost, open architecture, high-speed command and control (C2)
solutions that offer the full capability spectrum from high-level command visibility to tactical control.
Complete vertical integration across strategic, operational, and tactical functionality is a key ingredient in
this arena. Due to intrinsic cost-effectiveness and lack of a vendor-lock, open source modules are
increasingly used in the software layer of C4ISR systems. As open source software modules receive the
broadest review possible, due to their community based development model, security weaknesses are
promptly identified and fixed during development cycle. The future shall see more integration of open
source projects leading to complete open source community based C4ISR systems.
REFERENCES
ABC (2010). WikiLeaks Reveals Grim Afghan War Realities article by ABC News on Jul 26, 2010.
AFP (2010). Stuxnet worm rampaging through Iran. Article by AFP on Sep 27, 2010.
Alghamdi, A. S. (2009). Evaluating Defense Architecture Frameworks for C4I System Using Analytic
Hierarchy Process Journal of Computer Science 5 (12): 1078-1084, 2009 ISSN 1549-3636 © 2009
Science Publications.
Anthony, H. D. (2002). C4ISR Architectures, Social Network Analysis and the FINC Methodology: An
Experiment in Military Organizational Structure. Information Technology Division Electronics and
Surveillance Research Laboratory-DSTO-GD-0313.
BAE (2009). DataSync Guard 4.0 Data transfers across multiple domains with flexibility and
uncompromised security Systems. BAE Systems 8201 Greensboro Drive Suite 1200, McLean, VA
22102.
Brehmer, B. (2010). Command and control as design. Proceedings of the 15th International Command
and Control Research and Technology Symposium, Santa Monica, California.
CBS (2010) Wikileaks Publishes Afghan War Secret Article by CBS News on Jul 26, 2010.
CNSS (2007). Committee on National Security Systems CNSS Policy No. 19 February 2007.
CNSS (2010) National Information Assurance Glossary, Committee on National Security Systems
Instruction CNSSI-4009 dated 26 April 2010.
CWID (2009a) Assessment Brief-Top Performing Technologies. Coalition Warrior Interoperability
Demonstration (CWID) JMO, Hampton, VA. CWIDPA@langley.af.mil.
CWID (2009b) Assessment Brief -Interoperability Trails. Coalition Warrior Interoperability
Demonstration (CWID) JMO, Hampton, VA. CWIDPA@langley.af.mil.
Ericsson (2006). C4ISR For Network-Oriented Defense March 2006. Ericsson White Paper.
http://www.ericsson.com/technology/whitepapers.
IFF (2010). Identification of Friend & Foe, Questions and Answers from http://www.dean-
boys.com/extras/iff/iffqa.html.
ISO/IEC (2007). Systems and software engineering —Recommended practice for architectural
description of software-intensive systems ISO/IEC 42010 (IEEE STD 1471-2000).
Janes (2010). Sentry (United States), Command information systems - Air
http://www.janes.com.
Langer (2010) Stuxnet Logbook. Article by Langer Production & Development on 12 Oct 2010.
Lockheed. (2010). Lockheed Martin UK-Integrated Systems & Solutions-http://www.lm-isgs.co.uk.
Merriam-Webster (2010). Retrieved September 13, 2010, from http://www.merriam-
webster.com/dictionary/cybersecurity.
Michelson, M. (2009). French Military Donated Code to Mozilla Thunderbird By Reuters PCMag.com,
dated 12.10.2009.
Microsoft (2008), Microsoft Case Study: NATO Accelerates Windows Vista Deployment Using the
Windows Vista Security Guide available at
http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=4000002826.
MoD (2004). Network Enabled Capability Handbook. Joint Services Publication 777, UK, Ministry of
Defence. November 2004 http://www.mod.uk.
MOD (2005b). Architectural Framework Technical Handbook Version 1.0 31 August 2005.
MOD (2005a). Architectural Framework Overview Version 1.0 31 August 2005.
NAP (1999). Realizing the Potential of C4I: Fundamental Challenges. Computer Science and
Telecommunications Board (CSTB), Commission on Physical Sciences, Mathematics, and Applications,
National Research Council, National Academy Press Washington, D.C.
NAP (2006). C4ISR For Future Naval Strike Groups. Naval Studies Board (NSB) Division On
Engineering And Physical Sciences National Research Council of The National Academies, The National
Academies Press Washington, D.C. www.nap.edu.
NATO (2010) NATO Information Assurance http://www.ia.nato.int.
NATO (2007) NATO Architectural Framework Version 3- NAF v.3(Annex 1 to AC/322-D (2007) 0048).
Navsea (2007). Naval Sea Systems Command NSWC PCD 10/07 https://www.djc2.org,
http://en.wikipedia.org/wiki/DJC2.
Nilsson P. (2003), Opportunities and risks in a Network-Based Defence, Swedish Journal of Military
Technology, #3 2003. http://www.militartekniska.se/mtt.
Rand (2009) Controlling the Cost of C4I Upgrades on Naval Ships. A study report for USN RAND
Corporation, National Defense and Research Institute USA(2009).
Reuters (2010a). UPDATE 2-Cyber attack appears to target Iran-tech firms An article on Fri Sep 24, 2010
Reuters (2010b). What is Stuxnet? Article on Fri Sep 24, 2010.
Robinson, C. (2002) Military and Cyber-Defense: Reactions to the Threat - Center for Defense
Information, Washington DC.
Saab (2010). Safir-SDK Development Kit- Software Development Kit for Truly Distributed C4I Systems.
http://www.safirsdk.com.
Saenz, A. (2010) Stuxnet Worm Attacks Nuclear Site in Iran – A Sign of Cyber Warfare to Come on
Singularity Hub on October 12th, 2010.
Sentek (2010). C4ISR Solutions(by Sentek Global) http://www.sentekconsulting.com/index.php.
Shamir, Adi (1979), “How to share a secret”, Communications of the ACM 22 (11): 612–613.
Snort (2010). Open Source Intrusion Detection System. http://www.snort.org.
Stallings, W. (2003) Cryptography and Network Security Principles and Practices Third Edition.
Stanton, N. A,, Baber, C & Harris, D. (2008). Modelling command and control. Event analysis of
systemic teamwork. Aldershot: Ashgate.
Stokes, M. (2010). Revolutionizing Taiwan’s Security – Leveraging C4ISR for traditional and non-
traditional challenges, 19 Feb 2010, Project 2049 Institute, Arlington VA. www.project2049.net.
Thales (2010) Link-Y Brochure and Specification Document. Downloaded on 15 Oct 2010.
http://www.thalesgroup.com/LinkY/?pid=1568.
Thales (2010) Thales Defence & Security C4I Systems Division (DSC) Research and contribution to the
cyber security – http://www.nis-summer-school.eu/presentations/Daniel_Gidoin.pdf.
US-CERT (2009). Quarterly Trends and Analysis Report, US CERT, June 16, 2009. (Vol. 4, iss. 1.)
http://www.us-cert.gov/press_room/trendsanalysisQ109.pdf.
US-DoD (1995). DoD Integrated Architecture Panel,1995, based on IEEE STD 610.12.
US-DoD (2005) Guide to Using DoD PKI Certificates in Outlook Security Evaluation Group Report
Number: I33-002R-2005.
US-DoD (1997). C4ISR Architecture Working Group, (US) Department of Defense. C4ISR Architecture
Framework Version 2.0.
US-DoD (2007). Department of Defense Architecture Framework v1.5
http://www.defenselink.mil/nii/doc/DoDAF_V2_Deskbook.pdf.
US-DoD (2009). Department of Defense Architecture Framework v2.0
http://www.defenselink.mil/nii/doc/DoDAF_V2_Deskbook.pdf.
USDoD (2005). The Implementation of Network-Centric Warfare (January 5, 2005), Force
Transformation, Office of the Secretary of Defense, 1000 Defense Pentagon, Washington, DC 20301-
1000, http://www.oft.osd.mil/library/library_files/document_387_NCW_Book_LowRes.pdf.
USESRC (2009). China’s Cyber Activities that Target the United States, and the Resulting Impacts on
U.S. National Security,” (Chapter 2, Section 4) in the US China Economic and Security Review
Commission’s 2009 Annual Report to Congress. http://www.uscc.gov.
W3C. (2007). SOAP Version 1.2 Part 1: Messaging Framework (Second Edition) 27 April 2007.
http://www.w3.org/ TR/ soap12-part1/#intro (http://en.wikipedia.org/wiki/SOAP).
Wiki (n.da). In Wikiorg, The Free Encyclopedia. Retrieved 15 Oct 2010, from
http://wiki.org/wiki.cgi?WhatIsWiki.
Wiki (n.db). In Techterms, The Free Encyclopedia. Retrieved 15 Oct 2010, from
http://en.wikipedia.org/wiki/Thin_client.
Wiki (n.dc). In Techterms, The Free Encyclopedia. Retrieved 15 Oct 2010, from
http://www.techterms.com/definition/wiki.
Wortzel, Larry M. (2009). Preventing Terrorist Attacks, Countering Cyber Intrusions, and
Protecting Privacy in Cyberspace. U.S.China Economic and Security Review Commission, Testimony
before the Subcommittee on Terrorism and Homeland Security, United States Senate.
Zehetner A. R . (2004). Information Operations: The Impacts on C4I Systems. Electronic Warfare
Associates, Australia.
B
BGPHES Battle Group Passive Horizon Extension System
BLOS Beyond Line of Sight
C
C2 Command & Control
C4ISR Command, Control, Communications, Computers, Intelligence,
Surveillance & Reconnaissance
CDCIE Cross Domain Collaborative Information Environment
CDF Combat Direction Finding
CEC DDS Cooperative Engagement Capability Data Distribution System
COMSEC Communication Security
COMSEC COMmunications SECurity
COP Common Operational Picture
COTS Commercial Off the Shelf
CSTE Classification Stateless, Trusted Environment
CV/TSC Carrier/Tactical Support Center
CWID Warrior Interoperability Demonstration
D
DES Data Encryption Standard
DJC2 Deployable Joint Command and Control
DODAF Department of Defense Architecture Framework
DoS Denial of Service
DSCS Defense Satellite Communications System,
DTD Data Terminal Device
E
EHF Extremely High Frequency,
EMF Management Framework
ESM The Enterprise System Management
F
FOS Family of Systems
G
GAL Global Address List
GBS Global Broadcasting System, Inmarsat- International Maritime
Satellite,
GCCS Global Command and Control System
GIG Global Information Grid
H
HAIPE High Assurance Internet Protocol Encryptor
HF High Frequency
I
ICT Information and Communication Technology
IMINT Image Intelligence
INFOSEC Information Security
INTELSAT Intelligence Satellite
IPC Internet Protocol Convergence
J
JMPS Joint Mission Planning System
JSIPS-N Joint Services Imagery Processing System-Navy
JTIDS Joint Tactical Information Distribution System
JTRS WNW Joint Tactical Radio System Wideband Network Waveform
K
KRA Key Recovery Authority
L
LAMPS Light Airborne Multipurpose System
LLC Link-Level COMSEC
LLC Link Level COMSEC
LOS Line-of-Sight
M
MASINT Measurement and Signatures Intelligence
MD5 Message-Digest 5
MODAF Ministry of Defense Architecture Framework
MPAs Maritime Patrol Crafts
MUOS Mobile User Objective System,
N
NAF NATO Architecture
NAVSSI Navigation Sensor System Interface
NBD Network-Based Defense
NCO network-centric operations
NCW Network-Centric Warfare
NEC Network Enabled Capability
NetD-COP Network Defense Common Operational Picture
NetD-COP Network Defense Common Operational Picture
O
OS Operating System
P
PC Personal Computer
PEM Privacy Enhanced Email
S
S/MIME Secure/Multipurpose Internet Mail Extensions
SIGINT Signal Intelligence
SMS/NAVMACS Stores Management System/Naval Modular Automated
Communications System
SNC System Network Controller
SOA Service Oriented Architecture
SPCs Signal Processing Controllers
STDN Secure Tactical Data Network
T
TACTICELL Tactical Cellular
TADIL Tactical Digital Information Link
TAMD Theater Air and Missile Defense
TBMCS/JTT Theater Battle Management Core Systems/Joint Tactical Terminal
TDS/DLP Operator Interface System-D Tactical Data System/Data Link
Processor
TEMPEST Transient Electromagnetic Pulse Emanation Standard
TPT Top Performing Technologies
TRMS Type Commanders Readiness Management System
TSAT Transformation Satellite
U
UAVs Unmanned Aerial Vehicles
UFO Ultra High Frequency Follow-On
UHF LOS Ultra High Frequency Line of Sight
USW Undersea Warfare
V
VHF Very High Frequency
W
WGS Wideband Gapfiller System
View publication stats