2021-01-22

Combat Cloud

 Combat Cloud 

Introducing modern computing and communications technology for 

the multi-domain fighting edge


"The western Armed Forces are at the centre of an "information in war" revolution, where the speed of information and advance of technology and organisational design are merging to change the execution of military operations. The 21st century demands a new, more agile, and integrated operational framework for the employment of allied military power, and to shift away from the structure of segregated land, air, and sea warfare." 


Definitions

Original concept created by David A. Deptula (ret Gen USAF) defines combat cloud  as an operating paradigm where information, data management, connectivity, and command and control (C2) are core mission priorities. According to Deptula, Combat cloud:
  • Treats every platform as a sensor and an "effector," and require a C2 paradigm that enables automatic linking, seamless data transfer capabilities, while being reliable, secure, and jam-proof. 
  • Inverts the paradigm of combined arms warfare— making information the focal point, not operational domains. 
  • Represents an evolution where individually networked platforms—in any domain—transform into a "system of systems" enterprise, integrated by domain and mission-agnostic linkages.
USDOD 2016 approach is to extend their Joint Information Environment (JIE) to tactical edge and platforms with combat cloud which is "an overarching meshed network for data distribution and information sharing within a battlespace, where each authorised user, platform or node transparently contributes and receives essential information and can utilise it across the full range of military operations." 

European Future Combat Air System (FCAS) concept seeks information control in theatres of operations.  It "requires a significant transformation of our operational architectures to place data at the heart of the future combat cloud. Expertise in the end-to-end architectures of functional chains should ensure interoperability, resilience and digital security of all systems and the sharing of information between all military personnel." 

Cloud computing "is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e. g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction." 

Fog/Edge computing "is a horizontal, physical or virtual resource paradigm that resides between smart end-devices and traditional Cloud or data centres. This paradigm supports vertically-isolated, latency-sensitive applications by providing ubiquitous, scalable, layered, federated, and distributed computing, storage, and network connectivity." 

New technology enables improved tactical effects

Evolution of commercial technology

Evolution of smartphone-based digital services, shortly:
  1. First smartphones integrated mobile phone and more computing performance. They were able to run applications on the phone and present information on-screen like calendar, notes, games, email, fax reader, etc. as in 1995 Nokia Communicator 9000 . These phones downloaded ringtones over a slow data connection.
  2. With better data transfer capabilities, smartphones were connected to the Internet with a higher speed network on 2.5 G mobile communications . This opened the mobile Internet and lead to specific smartphone applications to browse and utilise Internet services. Around 2000, the first sensor – camera – was integrated into a smartphone which made more than a terminal.
  3. Around 2007, the iPhone debuted and provided downloadable music services. Application store enabled users to download a wider variety of applications to their smartphones. Cloud-based social media applications like Facebook (2004), Twitter (2006) emerged and accelerated social content sharing.  
  4. Introduction of 4G mobile network, integration of sensors in smartphone (proximity, gravity, gyro, compass, barometer, fingerprint, camera, posture, etc.), more sophisticated cloud-based services and improved computer performance in smartphones have brought us to a realm where you go to a foreign country, speak to the phone your order, application in phone uses a cloud-based translator to convey your speech into the required language. Audio generator in phone speaks out your order in the local language.
  5. Introduction of smart (home, car, city) with 4G connectivity enables collecting a broad spectrum of sensor data fused with information from cloud databases. Your references by Facebook provide your phone screen or AR goggles a 3D presentation of information.
  6. Introduction of Internet of Things, Remote controlled devices, Autonomous devices, and 5G connectivity enable machines to exchange data, influence each other, learn from each other's (machine learning) and conduct complex functions semi-autonomic manner. All Things on Internet have sensors collecting information from their environment, 5G connectivity transfers the data with less than 50 ms delay, edge computers fuse and process data and feed it back to effector interfaces, AR/VR interfaces present events to human decision-makers within conceivable context, machine effectors take a predefined action.

In summary, advanced computer performance, robust and fast network connections, standard protocols, and interfaces, learning machines, and better user interfaces for humans promote new man-machine cooperation for private and public life. Military do adopt these technologies but with slower pace. The legacy Tactical Datalink (TDL 11, 16, or 22) anchors tactical communications at the level of first generation of smart phones enabling man-to-man communications over voice and message. With more remote and automated platforms, the battlefield needs advanced means for communications and computing.

Evolution of tactical military communications and computing

When studying the evolution of US DoD tactical data communications (TADIL), one can conclude that they have had challenges to migrate to newer technologies once the common interface has been established. For example, their intent to update or replace the legacy TADILs (L11 and L16) may look like the illustration in Figure:
  • US faces challenges in changing their existing TDL baseline quickly (challenges in JTRS program, freezing MADL). Thus, they adopt a strategy first to host many existing datalinks and their waveforms on the same HW platforms and achieve complex but sufficient interoperability. It may be the unmanned vehicles that have more flexible IP network applications over high-speed Mobile Access Networks.
  • Since Link 22 is compatible with L11 versions, it may become a parallel link. Still, it may be possible that the unmanned vessels and Intranet of Military Things will accelerate new IP MANET networks to bypass both (L11 and L22) old fashioned, TDMA based systems.
  • Seemingly US prefers the L16 based interoperability higher than other, more capacity providing TDL formats. They might have MIDS JTRS onboarded gradually delivering more waveforms in constrained space available in aircraft. New aircraft F-35 etc. may also open some existing constraints, but tactical interoperability may be preferred more than technical advantage. This may change only if RUS or CHI releases their ability to suppress L16 waveform and encryption.
  • However, an L16 network remains very complex to plan for each engagement and requires meticulous management by the Joint Data Link Management Cell. It is therefore not a Mobile Ad Hoc Network like our telephone networks, for example. Its bandwidth is also minimal and its latency high. The exchange capacities offered by these TDL messaging systems are also limited.  
  • Land forces have their WIN-T base station network in place. Next, they are planning to constellate LEO communications satellites to support the ground connectivity and connect soldiers to that trunk network with Handheld, Manpack and Small form fit (HMS) radios of JTRS family.
  • Modern US military networks and datalinks are an excellent example of sub-optimised systems designed for a particular task within a specific weapon system. Not a generic databus between a variety of sensor and shooter platforms. These stand-alone links include Link-16, Intra-Flight Data Link (IFDL), Tactical Targeting Network Technology (TTNT), Multifunction Advanced Data Link (MADL), and the Joint Aerial Layer Network (JALN) concept.  
  • From a technical viewpoint, TCP is not applicable in distorted channels of communications. Thus, a middleware-based Data Distribution Service may be discovered as a solution for future control and data transfer applications.  Furthermore, the data fusion requirements of fifth-generation aircraft (fusion warfare being the hallmark of the F-35) or the architectures being implemented step by step as of today by the US Navy (Cooperative Engagement Capability, then Naval Fire Control - Counter Air, then its extension to other missions) may accelerate the migration.  
Figure: One approach to US TADIL evolution

The Combat Cloud initiative and FCAS programme both provide strong need to lay off the constrained legacy connectivity and seek more man-machine teaming networks provided on ground, air, and space-based communications nodes.

Different approaches to combat cloud

Network Centric Warfare (NCW) or Network Enabled Capabilities (NEC)

Both US and NATO have been building network-centric or enabled warfare capabilities since the 1990s. The original idea was to break the platform centricity and connect sensors, decision-makers, and shooters to enable combined tactics. Therefore, the Combat Cloud concept reawakens the old principles but at a tactical level enabled with new technology.

The Network-Centric Warfare doctrine presented a fundamental shift in military culture, away from compartmentalised war machines and towards interconnected units operating cohesively. The tenets  of Network Centric Warfare were: 
  • A robustly networked force improves information sharing.
  • Information sharing enhances the quality of information and shared situational awareness.
  • Shared situational awareness enables collaboration and self-synchronisation and enhances sustainability and speed of command.
  • Speed of command, in turn, dramatically increases mission effectiveness.
The vision is much the same, and is an evolution of networking in US Armed Forces:
  • Global Information Grid (GIG) from the mid-1990's providing connectivity and computing for strategic and operational levels, 
  • 2014's Joint Information Environment was trying to introduce a single source of truth and present it on a standard pane of glass to all users:
- a 'single' or joint environment to all support operations. 
- to utilise modern cloud technologies
- supporting concepts of mobility (access anywhere, any place, any device).
  • 2020's JEDI initiative which seeks to consolidate all DoD computing on private Cloud and extend its services to soldiers from home garrison to abroad areas of operation, and 
  • 2030's Combat Cloud will connect combined sensors, effectors and decision-makers at a tactical edge with remarkably more computing power to make sense of the information flow.  

US DoD Combat Cloud

  • 2014 Gen(ret) David A Deptula's Combat Cloud "would integrate both manned and unmanned systems and utilise advances in stealth, precision weapons, and advanced command and control tools, ensuring that no single point of attack would cripple US combat operations. Such an effort would also present an opportunity to create modular, scalable combat capabilities, rather than force individual aircraft or other assets to take on more and more tasks." 
  • In 2016 the USAF published its vision for a future network of data distribution and information sharing known as the combat cloud. It defined it as "an overarching meshed network for data distribution and information sharing within a battlespace, where each authorised user, platform or node transparently contributes and receives essential information and can utilise it across the full range of military operations."   It should also be noted that recent news articles indicate that USAF is planning to increase funding for their Combat Cloud in FY 2021.
  • Rockwell Collins has developed the Ground Early Warning and Control System (GEWaCS)  utilising and modifying proven C2 systems.   The GEWaCS is comprised of hundreds of data processing engines connected by a virtualised network. The engines are hosted on Virtual Machines (VM) and are used to process, distribute, correlate, and store a cloud of a sensor, radar, and datalink tracks. Recently video tagging data has become available to the data link, enabling the display of sensor coverage in Link-16. Reaction times of days and hours are no longer viable – and this system allows for a commander to assign assets to a mission in real-time.

Other NATO countries

NATO's cloud-based operational network is called the Federated Mission Network (FMN) since 2015. The FMN is an evolution of the Afghanistan Mission Network. Furthermore, the European side of NATO is aiming to transform as follows:
  • NATO Supreme Allied Commander for Transformation: "It is a C4ISR [system] with the cloud ID and platforms that are either piloted or unpiloted…This is what we have to be able to build for the future, but we have to start it now." 
  • The Future Combat Air System (FCAS) is the critical project for French, German and Spanish air combat power from the 2040s onwards. In FCAS, the keyword is a 'system'. Because it will not be a manned aircraft or a drone, but a system of systems integrating, within a real cloud, sensors and effectors of various types and different generations."  
A NGF, future FCAS combat aircraft, a node of the Cloud at the extreme tactical edge, would thus comprise:  
  • Various applications designed for its different operational functions.
  • Automated analysis tools, possibly shared with other systems, implemented through its applications.
  • Common services also shared with other systems, operating transparently for the pilot.
  • Storage of large amounts of data.
  • Connection to the communication network with other platforms and units, a "self-forming & self-healing" MANET network.
Following the award of the Phase 1A Demonstrators contract for the Future Combat Air System (FCAS) earlier in the month, Airbus and Thales announced on 20 February that the two companies have agreed on co-development of the Air Combat Cloud (ACC) – a key enabler for the FCAS system of systems. 

France

Information control in theatres of operations requires "a significant transformation of our operational architectures to place data at the heart of the future combat cloud. Expertise in the end-to-end architectures of functional chains should ensure interoperability, resilience and digital security (cybersecurity) of all systems and the sharing of information between all military personnel."  The vision is illustrated in Figure.

Figure: View of combat air system by the French Air Force

General Breton, who heads the FCAS programme, explains that "an important aspect of innovation in FCAS will be networking: currently on the Rafale [in its present configuration] the pilot mainly uses own sensors and some information provided by the network". Thus, much of the data obtained by the aircraft is not shared, such as data from the Spectra system or the optronics sensor.  On FCAS [...] the transfer of data will be performed independently of the pilot, who will see the fused data. Nevertheless, he supervises the overall process. 

The French Air Force has also adopted an incremental approach to developing this Cloud, with milestones in 2025 and 2030, designed to prepare for the arrival of FCAS. This is the Connect@aero programme that goes hand in hand with the deployment of the F4 standard on the Rafale:
  • introduction of a higher-speed communication system and additional connectivity ramifications, including munitions
  • "detect enemy air defence systems with greater precision."
  • "collaboratively adapt the trajectories and manoeuvres" of effectors and their munitions, in a degraded positioning, navigation and timing (PNT) environment. 
France aims to implement a "global air combat system" within the next decade.  

Requirements for the connectivity of multi-domain combined weapons effect and joint tactical engagement

The communications and computing infrastructure for multi-domain combined weapons effect shall treat every platform as a sensor, as well as an "effector." It will require a C2 paradigm that enables automatic linking and seamless data transfer capabilities while being reliable, secure, and jam-proof. The new infrastructure shall destroy the boundaries of current domains and make promoting information on the focal point.  The following tactical requirements need to be addressed.

Sensors and Target Acquisition

  • Platforms that have longer-ranged weapons than their onboard sensors can acquire targets need hard quality target data from other platforms  
  • The future battlefield is multi-domain and requires multi-sensor integration. Strategic fires require multi-sensor, stealthy, long-endurance aircraft, "redundant and resilient" information networks, and "self-learning, self-protection capabilities."
  • New platforms like the F-22 and F-35 are information machines far above and beyond being killing assets.  
  • Multi-function assets and aircraft, capable of performing a strike, ISR, and other tasks, will steadily replace mission-specific assets. Target engagement based around the need to "destroy" a given aim point will give way to effects-focused engagement, driven by improving capabilities such as cyber warfare tools.   
  • As sensor fusion has evolved through artificial intelligence (AI) and other technologies, it has become possible to fuse what appears to be seemingly disparate data. These advanced fusion engines need data - which may be stove-piped in 5th generation fighter aircraft, advanced electronic warfare systems, or within video streaming systems. Benefitting from this information requires combining sensor data and creating IDs, intent, and patterns of attack. 

Command and Control

  • In an A2/AD warfare, a decision-maker can be in more places than before. The Recognised Operational Picture is available to everybody, enabling distributions of legacy command posts and cooperation beyond current line organisations. "We must prepare for an era of warfare requiring new levels of cross-domain collaboration, operational level command and control, and the dynamic integration of national, theatre, and tactical capabilities across the full range of military operations," 
  • Data, information, and ISR gathering and analysis will evolve as knowledge management becomes even more critical, as will predictive instead of reactive analysis.

Fires

  • Individual precision weapons will give way to "volumetric weapons," such as directed energy. 
  • Massed, non-stealthy strike packages of manned aircraft will evolve into more distributed force packages, with greater low observable (LO) characteristics, and more use of automated systems.   

Concept of operations for combat cloud in a generic Armed Forces

In a scenario where the adversary is launching a full force amphibious attack to the shores of a nation, Armed Forces, together with other national security agencies, must have the seamless use of information as illustrated in Figure. 

Nature of the conflict

The attack takes place in all dimensions parallelly and aims to utilise the strategic surprise as long as possible. The strike may include, for example:
  • Information operation trying to divide people from government officials, the cyber operation to shut down all government and local authorities web services, and electronic jamming to interfere TV and radio broadcastings.
  • The cyber-electronic operation aims to suppress authorities' decision-making and transactions of key financial institutes by launching earlier injected malicious software attacks within the systems and assassinating VIP authorities.
  • Kinetic amphibious attack to gain bridgeheads and foothold strategic targets like governmental offices, broadcasting stations, main transportation hubs, etc. The strike may include:
- Ballistic missile strikes against main command posts and government installations
- Suppression of coastal and air sensor systems by missiles or special forces
- Mining the flanks of the sea avenues for the incoming forces
- Blocking the junctions leading out from the garrisons and central depots
  • Besides the above, the adversary has infiltrated unidentified troops within the nation in preparation. The distributed cells aim to create chaos and terror as much as possible to overwhelm the authority's decision making and create confusion among the population.

Requirements for cooperation

  • As fixed sensor stations will be mostly destroyed, there is a need to use fused sensor information from space, air, mobile ground, and navy platforms to understand the main launch and bridgehead areas better.
  • Getting and sustaining a situational awareness among the chaotic situation requires a fusion of event data simultaneously from the information/cognitive, electromagnetic, cyber environment, space, air, maritime and land domains. 
  • The fused situational picture needs to be shared between all important tactical and operational decision-makers allowing the decision cooperation between different speciality agencies of each dimension.
  • Target acquisition becomes essential, for example, for Air Force assets which are the fastest deployable assets. The available sensors need to cooperate in creating targeting information for the incoming fighter-attackers.
  • As the theatre becomes rich in small tactical targets, the effect prioritisation becomes essential to focus on the most impacting adversary assets. Otherwise, the enemy tactics will quickly consume the operational ammunition and air assets dry up too fast.
  • Cost-efficient and continuous impact with combined weapons is essential in a distributed target scenario. Therefore, the defence needs to assign fire missions to best suitable arms without friction caused by organisational boundaries.
  • As tactical-level command and control are occupied in countering the ongoing attack, the operational level C2 should be seeing further and above the current situation. This requires cooperation over all the national defence actors in making sense of the enemy intent and their incoming second wave efforts.
Figure: A scenario of amphibious attack

The above scenario requires cooperation and therefore, interoperability between all domains and organisations. The basic idea for multi-domain collaboration is simple:
  • Collect all event data from available sensors and sources
  • Store it (so we can see the short and long term trends)
  • Make sense of it (with the help of analytics/machine learning/AI)
  • Pass it directly back to the decision-makers / soldiers who need the information.
  • Further analyse the data at the operational level, make sense of an operational situation, and prepare for the next phases.
The multi-domain interoperability requires data sharing, joint fusion, and sense-making at tactical and operational levels detailed in Table.
Table: Interoperability requirements in multi-domain operations

Concept of technology for combat cloud

Technical characters

The US DoD aspires that a distributed, self-forming, all-domain combat cloud that is self-healing and difficult to attack effectively significantly complicates an enemy's planning and will compel them to dedicate more resources toward defence and offence. In its ultimate manifestation, the combat cloud will be strategically dislocating to any military challenger. A mature combat cloud will provide superior conventional deterrence to a degree previously only achieved by nuclear deterrence and enable operational dominance in multiple domains. 
The above end state requires significant changes within the entire air defence systems and takes longer to transform. The human competencies will especially face significant transfer from current platform-based capabilities and behaviour towards more system-oriented qualifications that require different trust and cooperation between distributed actors. The following assessment does not address the human or organisational changes but explains the main technological features that enable the Combat Cloud capability in communications, computing and security.

Communications

Joint Aerial Layer Network (JALN) is augmentation and extension of tactical networks using a variety of communications capabilities that will support operations in challenging or degraded communications environments within a joint operations area (JOA). Its primary purpose is to connect/reconnect combatants, executing specific missions and tasks. 
The JALN will:
  • Integrate with space and surface layers
  • Increase communications access for the joint force at all levels
  • Enable on-the-move (OTM) and over-the-horizon (OTH) / beyond line of sight (BLOS) communications 
  • Provide modular, scalable, and flexible operational capabilities
  • Provide "mission persistent" connectivity as specified by the commander
 
Figure: Concept for Joint Aerial Layer Network

Computing

Computing is essential in processing big data within the digitalised air defence system. Computing is based on processors, storage, and software applications. They will have different life-cycles, which will challenge the current logistics and maintenance:
  • With doubling the computing performance every 18 months, the standard processor becomes exponentially better but chip design and production more complicated. Specialised processors become rarer as the performance of standard processors improves much faster. The features become more software-defined than before, even within sophisticated platforms like fighter-attacker. Countries with processor design and manufacturing abilities will constraint their distribution during crises.
  • Software-defined functions and features become more relevant, which means that systems are updated more frequently without changing the hardware. The whole length of the software supply chain will become a primary target for an attacker.  
Military computing may be distributed in the Joint Information Environment between platforms (fighter, sensor, soldier, tank) and global computing clouds: 
  1. Platform computing - autonomy will increase the volume of computing required onboard. Embedded sensors and weapons on each platform will increase. Swarming tactics with fleets of platforms will improve the firepower. Civilian terminology calls this edge computing or embedded computing. Maintenance and configuration of these computerised systems require different competencies from support personnel. Example: F-35
  2. Unit-based computing – all vehicles and platforms in a unit will onboard processors for their use and the use of the system. The system computing enhances information between the computing nodes and provides information services to soldiers and other machines. Civilian terminology refers to fog computing. For example, an infantry company becomes a cloud by itself and in connection to mission cloud. The company's computing nodes provide data storage and processing power to fuse sensor information and provide expert support for decision-makers even if it loses connections to mission cloud. Example: Finnish infantry company
  3. Mission computing – computing network for a mission is based on fixed military data centres within national borders and deployed nodes in the area of operation. This private military Cloud is the backbone for data management in all military operational actions. Example: NATO Federated Mission Network
  4. Hybrid computing – a computing network that combines onsite military data centres and public, global cloud service providers' infrastructure to a hybrid cloud infrastructure where military applications can support both military entities and their partners and vendors. Examples: US DoD JEDI hosting both NIPRNET and SIPRNET

Security and survivability

Communications security includes crypto security [i.e., encryption or decryption], transmission security, emission security [i.e., intercept and analysis of emanations from equipment], and physical security of COMSEC material.
Figure: Example of security applications on different OSI layers

The physical layer defines the physical connection between a computer and a network. Physical layer security is the cornerstone of all security controls. While security controls at other layers may fail without catastrophic results, the loss of physical security usually results in total exposure. In addition to physical security, transmission security is implemented on the physical layer. The physical layer implements, for example, frequency hopping (FH), spread Spectrum (SST), Automatic Power Control (APC)

The Datalink layer defines the protocol that computers must follow to access the network for transmitting and receiving messages.  The data link layer implements Authentication, Key management, Encryption.
  • Why is Data Link layer security not enough? The reason is that Data Link encryption will change hop-by-hop in the network. Each layer three device adds their own layer two header to the data packets when transferring them to the other hop. Therefore, sole encryption on the Data Link layer would not be a safe solution. To fill these security issues, we need to use different technologies like IP-Sec (at Network Layer) which dedicates a private tunnel between the sending and receiving machines.

The Network Layer defines how the small packets of data are routed and relayed between end systems on the same network or interconnected networks. At this layer, message routing, error detection, and control of node data traffic are managed. Network layer security controls have been used Frequently for securing communications, especially over shared networks such as the Internet because they can protect many applications at once without modifying them. The network layer implements confidentiality, authentication and data integrity, key management, encryption. IPsec is implemented at the network layer.

No comments:

Post a Comment