The Army’s Blue Force Tracking system uses Global Positioning System information to track friendly and enemy warfighters and deliver the data to troops in the field in near real time. But that’s only half the job. Securing that transport network is essential.
“It’s a critical command, control and communications system for the Army,” said a C3 information assurance engineer at the Aberdeen Proving Ground in Maryland.
The system uses GPS to provide live information on the location of individual combat vehicles and global radio and satellite networks to consolidate the data and distribute it to troops in the field to provide situational awareness. “We operate several network operations centers with redundancy to provide worldwide support,” the engineer said, who spoke on the condition of not being identified.
Ensuring the system’s security requires a fast, highly scalable analysis system.
“We have the capability to monitor and manage our intrusion prevention and other security systems, such as firewalls, centrally,” the information assurance engineer said. That is done through an advanced flow analysis capability originally developed as an engineering tool for nuclear power systems and commercialized as a security tool by NitroSecurity.
“Our integration of flow data has been a real plus in the federal space,” said Salo Fajer, chief strategy officer at NitroSecurity. “The government has been dealing with advanced persistent threats much longer than the private sector has. It takes some research and analysis to correlate the data, and they see the value of flow and event analysis.”
The Blue Force Tracking system uses a geographic information system to provide a computer display in combat vehicles that shows the location of other friendly troops, known as blue forces in military parlance, in the theater of operations. This facilitates coordination and synchronization of troops during operations and helps reduce the risk of friendly fire incidents. Users also can input and update operational graphics, including obstacles and terrain features in the area and the location of enemy troops, or red forces.
The blue force system is a component of the Force XXI Battle Command Brigade and Below system (FBCB2), a communications platform built on Red Hat Linux to provide command capability and situational awareness in the field. It has been incorporated into not only ground combat vehicles, such as tanks and personnel carriers, but also aircraft, such as the Apache Longbow attack helicopter. TRW was awarded the prime FBCB2 contract in 1995. Since 2002, the company has been part of Northrop Grumman, which still holds the contract.
FBCB2 was introduced into combat forces beginning in fiscal 2000 and, along with Blue Force, has seen use in combat operations in Afghanistan and Iraq. It now is installed on nearly 70,000 platforms that support Army, Marine Corps and Air Force personnel, and plans call for expanding it to nearly 200,000 vehicles and individual soldiers. A follow-on system, the Joint Battle Command-Platforms, which standardizes Army and Marine Corps blue force tracking systems, is expected to be in the field by 2014.
The Blue Force Tracking system supports about 80 percent of Army Brigades and uses an L-Band satellite communications transceiver. The remaining 20 percent uses the Enhanced Position Location Reporting System tactical radio network to deliver position data via FBCB2.
There are five primary blue forces network operations centers for relaying tracking data from 10 distributed sites that feed the system, operating at three different security classification levels. There are at least 25 intrusion prevention systems and receivers for enterprise security management, also operating at different classifications. For the past three years, the U.S.-based operations center has been using NitroSecurity’s Intrusion Prevention System and its Enterprise Security Manager for security information and event management.
The ability to integrate security feeds from a variety of devices and analyze the data quickly enough to provide operational awareness of network security, rather than just forensic analysis after an event, was critical in selecting the tool, the Army information assurance engineer who uses the system said.
“It is invaluable in that ability,” he said. “The way it scaled to the network still is not matched by any other vendor out there.”
The tools came out of research and development by NitroSecurity's founders while at the Idaho National Laboratory, which was developing an engineering system that can analyze large volumes of data with real-time queries. The company saw that the real-time, high-volume capabilities of the engine were well suited for IT security information and event management, Fajer said. The system can analyze billions of events and can be used for anomaly detection within the data flow, rather than for only analyzing events after they occur. Users can tag the data with geolocation information to indicate its origin.
The secret to the high-speed analysis is the indexing technology that NitroSecurity developed and patented, Fajer said.
“We avoid table scans,” he said. “There is a lot of intelligence in the indexing itself. Whether you have a billion events or 50 million events, the look-up time is identical,” so the system scales well for large numbers of events.
Because of that ability to rapidly scan and find data, users do not need to regularly discard event data. Greater granularity can be achieved because archived data can be maintained for future analysis. The security manager also is used in NASA’s security operations center, and the financial services and health care industries also are large markets for it.
Although the scalability and granularity of the security information and event management tool are important to the Army, the FBCB2 and Blue Force Tracking system are not as large as many corporate enterprises, with only about 25 receivers for security log data, the information assurance engineer said. “But it is a critical command-and-control application.”