November 30, 2011

Project Review: the Afghan Mission Network


All ISAF forces (~100,000 additional users) must move to a common network to more effectively share information and resources across Afghanistan
(General Stanley McChrystal, USA, COMISAF)
History

ISAF (International Security Assistance Force) was created in accordance with the Bonn Conference in December 2001. Afghan opposition leaders attending the conference began the process of reconstructing their country by setting up a new government structure, namely the Afghan Transitional Authority. The concept of a UN-mandated international force to assist the newly established Afghan Transitional Authority was also launched at this occasion to create a secure environment in and around Kabul and support the reconstruction of Afghanistan.

On 11 August 2003 NATO assumed leadership of the ISAF operation, ending the six-month national rotations. The Alliance became responsible for the command, coordination and planning of the force, including the provision of a force commander and headquarters on the ground in Afghanistan.

For the majority of organizations operating in Afghanistan, the problem was not data scarcity. This was particularly evident after the first years of operations and interaction with military units, local and national leaders, regional and global media, fact-finding teams, governmental and non-governmental survey organizations, and an alphabet soup of other international actors. Rather than scarcity of data, it was both data overload and the “glare” of ambiguous, contradictory, inconsistent, latent, and incomplete reporting that often caused ISAF forces to avert their eyes and diffuse their attention from the underlying dynamics and relationships of key actors and drivers that really matter in the Afghan operating environment.

Already in 2006 the U.S. and NATO embarked on an effort to establish mail exchange between the NATO and U.S. mission networks. The U.S. mission network at the time was the Combined Enterprise Regional Information Exchange System (called CENTRIXS) Global Counter Task Force (GCTF) and NATO operations were conducted on ISAF SECRET. This project sought to enable email exchange between the two networks. Although the objective was achieved (mail was exchanged), the solution included various guards, firewalls and intrusion detection systems that made it difficult to use and administer. It was so difficult that the system failed for 35 days without even being reported.

The next notable effort in NATO-national interoperability in Afghanistan was the UK-led effort, OVERTASK. With the UK forces deployed to Regional Command South and Helmand in 2005, there was a requirement for UK forces to be interoperable with coalition partners. The solution to meet this requirement was OVERTASK which was based on an enclave within the NATO mission network, ISAF SECRET. A portion of the ISAF SECRET was dedicated for the use of UK forces. As the UK operated on the same network as NATO forces, interoperability was assured. However, operating on the same network requires centralised configuration control. This centralised control maked it difficult for individual nations to install and operate their own nationally-developed systems without considerable coordination.

The real genesis of the Afghan Mission Network can be traced back to 2008, when the Afghanistan campaign plan was revised and the U.S. brass began to look for a way to develop a true mission network for Afghanistan. At that point the U.S. was mainly operating on SIPRnet and NIPRnet, while NATO and the coalition members were on the ISAF secret network. NATO funded an effort to provide voice, chat and Web access over a United Kingdom network called Overtask. But there was still not a real capability for the U.S. to communicate with coalition members at the secret level.

In order to increase situational awareness, Gen. Stanley McChrystal, commander of the ISAF and U.S. Forces Afghanistan, required each coalition nation to share information on a single information infrastructure, the Afghanistan Mission Network. On 7 April 2010, NATO’s resource committees formally approved the way ahead for the Afghan Mission Network project, which radically changed the way Nations contributing to the ISAF mission share information.

The Afghan Mission Network basically provided the connective tissue between the U.S. CENTRIXS (Combined Enterprise Regional Information Exchange System), which is the theater version of SIPRNet, and NATO’s ISAF Secret network, to which the networks of the other ISAF nations connect. By law, SIPRnet does not allow access to non-U.S. users.

Initial operating capability for the network was declared in July 2010, signifying the availability of the network to at least 50 percent of all ISAF forces. AMN’s initial capabilities facilitated human-to-human contact that includes chat, VoIP telephone connectivity, e-mail, Web browsing, friendly force tracking exchange and video teleconferencing.

Analysis

Tipycally, Coalition forces do not easily share information, and Commanders had to gather at a central location to discuss plans without the use of advanced technology. Often, one of their only viable alternatives is to share mission-related information via "Sneaker net". This cumbersome practice called for the warfighter to transfer information onto removable media and manually move it from one system to another, which often is not secure, is very labor intensive, and prohibits information from being shared in a timely manner.

The Afghan Mission Network marks a strategic shift in the sharing of data.

U.S. Defense leaders and their counterparts from other nations say a network infrastructure linking coalition partners in Afghanistan has fundamentally changed the way the multinational effort has been conducted over the last several years. NATO, the U.S. military and other national forces say the Afghan Mission Network (AMN) as it now exists has been a game changer for operations in Afghanistan. Earlier efforts didn't work so well. As already stated, one progenitor to the AMN, geared toward bridging simple email capabilities between U.S. and NATO, was so cumbersome and hard to use that it went out of service for more than a month and no one noticed.

From their respective secure networks, and at their individual discretion, separate Coalition forces can share data, situational awareness and Commander’s intent across the battlefield on a centralized network.

AMN is also an example of technology that allows expeditionary forces to move their data as they deploy. Divisions install the AMN in their headquarters, which allow them to virtually move data when they deploy. This keep the units from having to physically move their servers and there is in principle no lag in the data because it is constantly being updated.

Nowaday, the success of the AMN is spreading beyond the ISAF coalition. Civilian partners in Non-Governmental Organisations (NGOs) have expressed interest in being able to share information with the AMN.

AMN in brief

The Afghanistan Mission Network AMN is the primary Coalition C4ISR network in Afghanistan for all ISAF forces and operations consisting of the ISAF-Secret network as the core with national extensions.

The Afghan National Army furnishes the infrastructure to enable the U.S. and other Coalition forces to provide them with relevant, though selective, data and situational awareness, which does not compromise the security of any partner including the U.S. The Afghan National Army can then respond, making crucial decisions based on current and comprehensive data.

As already stated, the ISAF Secret Network provided by the NATO NC3A is the heart of the AMN. It is connected via six network interconnection points to CENTRIXS and to the networks contributed by Italy, the United Kingdom and Canada. “If Italy wants to talk to us, they can transition across the ISAF core from their network and talk to us over CENTRIXS,” said Lieutenant Colonel Andy McClelland, who is attached to NATO Allied Command Transformation headquarters in Norfolk. “The core is the glue the binds all of the networks together.

The AMN allows nations to operate their own network within the ISAF SECRET classification, which seamlessly connects to the ISAF SECRET core through a series of Network Interconnect Points (NIPs).

AMN enables the 45 nations of the Coalition to unite and fight the enemy as a single force, leveraging the combined strength of each partner.

Red, Blue, Green, White

Different national networks use different viewers to examine data, i.e. the Canadians use a system called BattleView, the U.S. uses Command Post of the Future and the British have a system called JADOCS. The firts task of AMN was to make data available to all these viewers. “Data is published on a server,” said U.S. Army Colonel Pete Gallagher, chief of the ISAF CJ6 branch, at ISAF headquarters in Kabul, Afghanistan, “and users subscribe to that data.

But while the common perception is that battlefield systems provide information about friendly and enemy forces - so called blue and red forces - in Afghanistan, it may be the green and white icons on the screen that make the real difference. Green is the color for the Afghanistan government and security forces, while white represents the local population centers. “We’re trying to separate the red and the white, the insurgents from the population, and insert the green between them, which is the Afghan government and the security forces,” said Col. Derek Orndorff, USA, the communications director for the ISAF Joint Command in Kabul, Afghanistan. “That information is not in the normal, everyday battle command systems that we just pull off the shelf. This is all stuff that is created from the bottom up, from the guys who are on patrol walking around in the bazaars, who had a key leader engagement with an elder in a village. That information has to get into the system in ways that we’ve never done it before. We’ve been getting after that here in Afghanistan.

One way of providing access to that information has been to add a wiki capability to the AMN that allows tip-of-the-spear forces to share vital human intelligence at all levels. By clicking on a particular city or region, for example, a commander can research local leaders, based on impressions and information provided by personnel who have had first-hand encounters.

Cyber Issues

The Conficker computer virus, which was first detected in 2008, reared its ugly head on April 2011 in Afghanistan, where it was detected on the Afghan Mission Network.

We had an older virus that showed up on the network, and when that older virus was discovered, we immediately isolated it, protected the rest of the network, identified what we needed to do, and in about five hours, everybody was operating normally again,” says Col. Derek Orndorff. “It was the Conficker worm. It was a success story from our perspective because our tools picked it up, we identified it, we protected the entire network, and we were able to defeat the challenge relatively quickly and get back to business instead of letting it become debilitating to us.

Col. Orndorff credited network transparency for helping to quickly stamp out Conficker. “AFN is a very open and flat network, so if a user on an ISAF machine wants to see something on the United Kingdom OVERTASK, there’s no login, no firewalls, no certificates, no passwords. There’s nothing. What that means is that everyone who is part of the network has a shared vulnerability. Everybody shares the same risks. So therefore, when we have challenges, we have to have transparency between all the different parts and pieces or you’re going have problems with it,” he explained. Without that transparency, CENTRIXS network operators could have chosen to remain mum about the Conficker vulnerability, which would have allowed it to spread. “This incident was a perfect example of why this is so successful, because everybody understands where their piece is in this so we can all work together.

Comments

On the battlefields of Afghanistan, AMN has transformed the way Coalition Commanders share information,” said Brig. Gen. N. Lee S. Price, PEO for C3T. “Independent discussions and planning efforts between separate Commanders of different nations have been replaced by data sharing across AMN.

References: DefenseSystems.com (1,2,6,10), NATO (3,4), CimicWeb (5), AFCEA (7,11), Military Information Technology (8), KZO Innovations (9)

No comments:

Post a Comment