FORT BLISS, Texas – The Army’s semi-annual, large-scale Network Integration Evaluation, NIE, saw the technology of network forensics make an impact at NIE 14.2, the latest NIE, which concluded earlier this month.
The Fort Huachuca-headquartered U.S. Army Electronic Proving Ground, USAEPG, traditionally provides expertise in instrumentation for technology-based systems and is the Army’s designated tester for C4ISR systems, as part of the Army Test and Evaluation Command, or ATEC. USAEPG supported the U.S. Army Operational Test Command, under ATEC, during this latest NIE. This year, in addition to supporting with instrumentation, USAEPG brought a network forensics team to the technology-centric field evaluation.
“The [network forensics] team we took out there brought a commercial-off-the-shelf suite of software,” said Sgt. Maj. John Herring, senior enlisted advisor for USAEPG, “and produced a state-of-the-art package that was accessible by everyone who was out there.”
“Our military relies on networked systems to fight and win our nation’s wars,” said Col. Tim Karcher, USAOTC chief of staff. “Network forensics tools that EPG brought to the fight allow us to look inside the network, to peel back the onion, and quickly resolve problems during these types of test events.”
According to Ed Watt, an Army Civilian and project engineer with USAEPG, network forensics offers network operators and systems administrators the ability to monitor network traffic and data in real time. This allows technology professionals to establish a baseline of how normal network traffic should behave on the monitored network. This capability enables these professionals to identify network issues quickly, such as improperly configured or failing equipment and unauthorized use, among other network issues.
“When you start cleaning up the small things, the network gets better, data goes faster, all of a sudden, it’s a force multiplier,” said Watt, referring to the value of an efficient network for military operations.
The network forensics team provided support to all the participants of NIE, in essence creating a help desk-like support element for the event. Participants asked the network forensics team for assistance in characterizing or optimizing their respective network, whether carrying data or voice, at the tactical or operational levels. The network forensics team responded to nearly 100 requests for assistance, all with successful outcomes, according to Ari Nguyen, who is also an Army Civilian and project engineer with USAEPG.
“It’s a very good help desk tool, with very quick turnaround,” said Nguyen. “If something was acting up, you may not know it at the application or user level, but for them [the network forensics team], they could see it [network issue] pop up.”
Offering a Soldier’s perspective, Herring said network forensics should be considered for all future network exercises, evaluations or demonstrations, because of the fidelity of the information available to operators, engineers and evaluators.
Network forensics makes it easy to troubleshoot problems, tune a network, recover lost data and enforce network integrity.
“When people were probing the network, those guys could see all that,” he added. “It’s a phenomenal tool for commanders to use.”
Network forensics, though relatively new, is increasingly becoming the tool of choice on civilian and corporate networks, offering not only network tuning, but also intrusion detection. This tool is considered a proactive network protection tool, as it allows network operators to identify unusual network traffic and respond to compromised systems well ahead of more traditional means of detection, like antivirus.
“Any large-scale network test could benefit from this [network forensics],” said Watt. “There is a niche and it needs to get filled; people need this information.”