1 of 8
Distributed StealthNet (D-SN): Creating a Live, Virtual, Constructive (LVC) Environment for Simulat-
ing Cyber-Attacks for Test and Evaluation (T&E)
Gilbert Torres, NAVAIR Systems Command
Kathy Smith, James Buscemi, GBL Systems
Sheetal Doshi, Ha Duong, Defeng Xu, Rajive Bagrodia, Scalable Network Technologies Inc
H. Kent Pickett, MITRE Corp.
ABSTRACT
The Services have become increasingly dependent on
their tactical networks for mission command functions,
situational awareness, and target engagements (terminal
weapon guidance). While the network brings an unprece-
dented ability to project force by all echelons in a mission
context, it also brings the increased risk of cyber-attack on
the mission operation. With both this network use and vul-
nerability in mind, it is necessary to test new systems (and
networked Systems of Systems (SoS)) in a cyber-
vulnerable network context.
A new test technology, Distributed-StealthNet (D-SN),
has been created by the Department of Defense Test Re-
source Management Center (TRMC) to support SoS test-
ing with cyber-attacks against mission threads. D-SN is a
simulation/emulation based virtual environment that can
provide a representation of a full scale tactical network
deployment (both Radio Frequency (RF) segments and
wired networks at command posts). D-SN has models of
real world cyber threats that affect live tactical systems
and networks. D-SN can be integrated with live mission
Command and Control (C2) hardware and then a series of
cyber-attacks using these threat models can be launched
against the virtual network and the live hardware to deter-
mine the SoS’s resiliency to sustain the tactical mission.
This paper describes this new capability and the new tech-
nologies developed to support this capability.
I. INTRODUCTION
D-SN has been developed for use in a distributed test in-
frastructure environment where live systems are located at
different labs across the test community and connected via
a high-speed backbone network. The Joint Mission Envi-
ronment Test Capability (JMETC) [1] is an example of a
classified, high-speed, Wide Area Network (WAN) that
links many of the DOD Test Ranges and key development
facilities. It is at these Test Ranges where the military
hardware (some under development, some currently de-
ployed) resides. Through the use of the Test and Training
Enabling Architecture (TENA) middleware, the military
hardware elements can be logically linked exchanging tac-
tical information (as they would in a SoS field support
mission) forming a distributed test environment (see Fig-
ure 1). D-SN is thus a key capability for representing the
mission network and introducing the effects of cyber-
attack on mission networks and systems in this distributed
testing environment.
This paper describes the key technologies developed to
support D-SN that extends the StealthNet LVC framework
for cyber operation test and evaluation described in [2] to
operate in a distributed manner.
Section II describes the elements available in the
StealthNet system to model the tactical network and the
simulated cyber-attacks that can be used to test the mis-
sion’s cyber robustness of these tactical networks.
Section III describes the technology development that
was necessary to represent the full tactical network envi-
ronment in a distributed test infrastructure. In this case,
multiple Instances of StealthNet must run at each of the
T&E installations participating in the WAN based distrib-
uted test. The “distributed” Instances of StealthNet must
be synchronized so that representation of the simulated
tactical network state (message location, link loading (for
both RF and wired portions of the network) and message
arrival timing) can be seamlessly represented between
StealthNet Instances.
Section IV addresses the problems in representing the
attack environment. Cyber-attacks initiated in one
StealthNet Instance must be seamlessly integrated into the
Network Architecture Under Test (NAUT) represented by
all StealthNet Instances. Furthermore, the natural intermit-
tent latencies of the test network infrastructure connecting
StealthNet Instances must have a negligible impact on the
fidelity of representation of the NAUT. Section IV also
describes how pipelining synchronization between
StealthNet Instances helps to minimize the impact of these
WAN infrastructure latencies.
Section V describes related work efforts and Section VI
provides the conclusion.
