Air Force wants a better way to map and analyze its networks

The MAMA program seeks increased mission assurance by analyzing network traffic flows and associated metadata.

The Air Force is looking for new technologies for cyber situational awareness under a newly consolidated program called Mission Awareness for Mission Assurance, or MAMA.

More specifically, the program will investigate the automated assessment of mission execution by analyzing network traffic flows, according to a presolicitation. Commanders using the technology could then prioritize essential functions, map out cyber assets, and assess and mitigate vulnerabilities.

In the face of threats such as denial of service attacks, insider threats and kinetic attacks on critical communications infrastructure, AFRL’s Information Directorate is looking for ways to make sure the Air Force can carry out its core missions.

“AFRL/RI recognizes that the first step to mission assurance, despite the presence of these threats, is improved SA for decision makers at all levels,” the solicitation says. “This program seeks to provide mission awareness through extraction and analysis of content transiting the Air Force Network (AFNET), to inform Command and Control (C2) elements monitoring mission execution, and to control critical network elements to improve mission effectiveness.”

The first and foremost challenge that MAMA will have to tackle is determining which missions are supported by which information flows, a process described as “mapping information to missions.” To achieve this goal, AFRL will build a system that would specify models based on the information needs of users. This would then be used by information management systems to administer information dissemination. The Air Force plans to investigate this focus area for fiscal year 2015-16 and is currently soliciting white papers.

MAMA’s second focus area will use analytics to monitor mission execution and system status. This would involve creating an analytics engine that can collect metadata moving to and from missions and assess their statuses based on that information. AFRL is hoping that the collected metadata could eventually be used to take on big data problems such as the identification of cyber threats. White papers for this focus area will be accepted in fiscal 2016.

The third and final focus area will involve the concept integration, demonstration and validation of the MAMA program. The program is looking to finish with a limited technology experiment in an operational context, with the use of red teaming to test active intrusions. White papers for this area will be accepted in fiscal 2017.

Through these focus areas, the program is seeking to provide mission awareness to command and control and to check the quality of service, indirectly providing increased mission assurance.

“MAMA, while not directly assuring the mission, supports mission assurance by providing a network elements basis for resource allocation, and monitors information flows to infer mission performance on a large scale,” the Air Force said.

AFRL is proposing that the program focus on the space portion of its core missions. Because space is a less mature domain, it is more receptive to technological developments, argues AFRL.

The inability of DOD to map its networks has been a roadblock to creating more-defensible networks, U.S. Cyber Command officials said earlier this year. The dependence on different vendors--each using different equipment--has resulted in networks that are difficult to map and were never designed to be integrated.