SDN Battlefield Study

Download a PDF version of these web pages
Battlefield Use Case
1 of 5

The Armed Forces has widely varying network contexts. There are the established networks, from Pentagon to Pacific, that are either classified or unclassified. Classified networks ideally are implemented with an air gap. Unclassified networks are in a state of cyberwar. It is the state of assault by nation-states and actors with equivalent resources that distinguish this use case. Economics of attack and defense are arguably inapplicable when the adversary has effectively unlimited funds and is not seeking monetization.

A second, similar category of networks are ones that are established, but mobile. These networks include the ones found on naval ships. Unlike the first category of networks, these have to operate under very strict limitations. Equipment failures cannot be fixed by simple replacements if a vessel is thousands of miles from the nearest friendly port. Therefore, equipment must undergo rigorous certification procedures, making tasks as simple as firmware upgrades long, arduous procedures. Additionally, the rigid requirements of the network make enforcing network compliance a difficult task when housing personnel that bring their own devices.

The final category of networks of interest are those that must be immediately deployed, often in domains with little preexisting infrastructure. The preexisting infrastructure may be putatively under the control of allies; however, even in this case the insider threat is so extreme as to make these network components effectively untrustworthy (e.g. vehicles in the front lines of combat). In this case operators themselves are untrustworthy without considering the more fundamental question of SDN as allowing trusted operations on untrusted hardware.

Continue