Learn How the Army Research Lab Is Paving the Way to a Virtual Reality-Based Security Operations Center In This Interview With ActiveCyber.net

I remember reading a novel several years ago by Tom Clancy that featured virtual reality (VR) as part of the plot’s security operations center capabilities. I remember thinking how this will never happen in my lifetime and how Clancy was getting way ahead of himself. Then, recently I was able to attend a conference about AR/VR technology at the University of Maryland. And there I discovered that the Army was building something very similar to what Clancy envisioned in his novel.  So read the Active Cyber interview below with Dr. Curtis Arnold and Lee Trossbach who are leading the efforts at the U.S. Army Research Lab to bring virtual reality to a new generation of SOC operators.

Spotlights on Dr. Curtis Arnold and Mr. Lee Trossbach

» Title: Dr. Curtis Arnold, Branch Chief, U.S. Army Research Laboratory; Mr. Lee Trossbach, Technical Director, ICF
» Website: Virtual Reality Data Analysis Environment
» LinkedIn: linkedin.com/in/curtisarnold / linkedin.com/in/lee-trossbach-446803143
» Email: usarmy.adelphi.7-sig-cmd.list.dev-vrdae@mail.mil

Read their bios below.

December 21, 2018

Chris Daly, Active Cyber™:  Give us some background on the branch of ARL conducting this research, and please provide an overview of VRDAE – its objectives, when it started, and what stage of research and development is it in today?

Dr. Curtis Arnold, Sustaining Base Network Assurance Branch Chief, U.S. Army Research Laboratory: The Sustaining Base Network Assurance Branch (SBNAB) is a Cybersecurity branch in the Army Research Laboratory that is currently transitioning to Communications Electronics Research, Development (CERDEC). The SBNAB mission is to conduct defensive cyber operations (DCO) and research, by leveraging real time operational data through the application of new technologies and advanced analytics to confront the most sophisticated and damaging cyber threats.

Lee Trossbach, Technical Director, Defensive Cyber Operations, ICF: The Virtual Reality Data Analysis Environment (VRDAE) objective is to leverage the recent surge in virtual reality (VR) peripherals and game engine technologies to provide a common and collaborative framework to support both cybersecurity analysts and researchers. The project kicked off in early 2016, and since then we have gone from being in the initial design stages to being on the verge of completing our fully functional version one prototype in early CY2019.

Active Cyber™: What is the concept of collaboration and interaction that is involved and how is collaboration achieved in your VR immersive approach? What types of use cases are you exploring?

Dr. Arnold: Our concept allows cybersecurity analysts and researchers, the primary target user base, to jump in and work in one or many fully tailored scenarios. Upon their need, they may also invite other VRDAE users to have an interactive experience together and hopefully gain more insight by seamlessly working together in VR space. In the security operational center (SOC) world, an analyst could be tracking down certain types of attacks which may be getting through their external barriers. During such cases, they may have to invite in senior analysts to get feedback, provide situational awareness, or hand off an ongoing problem. Researchers will be able to create data exhibits of their work. When they want to get help with a problem, share an insight, or get feedback from an analyst, they could invite one or many people in and have an interactive experience based on that need.

Mr. Trossbach: In these examples, we demonstrate that VRDAE users can author and edit content in VR space, and these actions will be reflected in each peer’s environment that joined the session in real-time. The real-time collaborative capabilities are currently achieved using the game engine’s networking features.

Active Cyber™: What are some of the early lessons and insights to date from testing with users in the lab or in field tests – good and bad? Are you finding that certain skills or attributes of users make them better at using VRDAE? If so, what are those and why?

Dr. Arnold: Most of our early lessons and insights are anecdotal, but according to our actual intended user base, they identify that they can see where the technology and the capability is going. They are looking forward to advancements with VRDAE and the hardware itself, so VR as a common working space is starting to become more viable. Users also identify that they can see the technology being useful in the near term on a case by case basis, and functionally become more useful in an integrated manner as everything improves in the future.

Mr. Trossbach: Generally speaking, users who have played video games that use a first person view, such as a first person shooter (FPS) type of game, or otherwise have a lot of experience with peripherals that use thumb sticks tend to integrate rather quickly into VRDAE. Those types of games and peripherals have been around for about two decades, so age may only play a role if in one’s experience the user is unfamiliar with them. People who identify as “gamers,” regardless of age, also tend to adapt to new things very quickly. Someone with little or no game experience usually lacks mental reference points and may need to take it slow or has an uncomfortable experience. There is also a category of technology “geeks” or “hackers” that are quick to get their hands on newer capabilities, representing that early adopter base. They also tend to do well even if they are not “gamers” per se. Of course, there are always exceptions, but this has been our experience.

Active Cyber™: What are some examples of the 3D data maps and interaction tools that have been built and are being used so far?

Mr. Trossbach: We have very few examples of 3D data maps so far. Most of the focus leading up to VRDAE version one have been making collaboration functional from the get-go versus building it in later. Though, we have a coded conceptual demo for a 3D network diagram that is animated with a variety of synthetic indicators but is based on real data models. As far as a real-world data map tool, currently we are working with Mr. Kaur Kullman, who is in the ARL Journeyman Fellowship program, with integrating his Virtual Data Explorer (VDE) analysis tool for VRDAE version one.

Dr. Arnold: We are unable to discuss how the capability is being used thus far with exception to our anecdotes as shared in this article.

Active Cyber™: What has been the hard part of this – getting the UI correct? Making the data representation better? Getting the tech to work?

Mr. Trossbach: We spend a lot of time explaining what VR is and what its potentials are, often times with people over the age of 40. We do a lot of out of the box demos from the Oculus Store or Steam, just so that they can understand the potential of VR overall as opposed to specifically what VRDAE does. As a note, one of the team members of the VRDAE project just turned 40, so peoples’ difficulties really come down to their background with modern technologies and games. Anyone self-identifying as a “geek” and/or “gamer” tends to integrate quickly with the VR environment because they are more likely to have used something semi-similar. Many people are ready to spend more time in VR, but we just need the hardware to continue to improve and need more integrated tools in our VRDAE “toolbox” to make it worthwhile in the long term.

Dr. Arnold: As far as making data representation better, representing data in the best ways will continue to challenge applications regardless of platform, because of the data’s volume and network complexities.

Active Cyber™: What VR tech are you using? What are the pros and cons and lessons learned in using and programming with this technology? What improvements do you see on the horizon that will help you?

Mr. Trossbach: Right now we are primarily using Windows 10 OS, with the Unity 3D gaming engine, Oculus Rift, and Oculus Touch. We have also included Leap Motion in a minor capacity. Our biggest concern is with vendor lock and data privacy issues being DoD data sensitivity issues, meaning that we need to pay attention to things that the vendor code does that may not align to DoD requirements or privacy standards. With that said, it can become challenging when vendors change something and not give us an option to ‘opt-out.’

Dr. Arnold: We’re advocates for an Open Standard, such as Open Source Virtual Reality (OSVR), with a lot of vendor peripherals we can pick and choose from. So maybe one day you can pick your favorite headset and it will just work the same as any other if the standard is available to anyone. One exciting thing is that a lot of new devices come out as often as annually if you look across the vendor board.

Active Cyber™: What is the state of standards for VR technology? Where do you see standards providing the most benefit?

Mr. Trossbach: Game engines, such as Unity or Unreal, tend to help a lot with standards in that all of the companies making virtual reality peripherals tend to want their devices to work with the most common platforms. That said, there is a long way to go. Standards tend to be good for everyone in the long run, and we certainly want to avoid a situation where a whole platform of capabilities just stop working because there was no standard. Less people will contribute to the overall growth of any technology if everyone is doing their own thing and there is no standard to guide compatibility.

Active Cyber™: What about AR? What plans do you have for that and how can that be used in the cyber realm? Will AR point clouds be something you will take advantage?

Dr. Arnold: There’s been a significant amount of investment in AR for the Unity ($400 M) and Unreal ($1.25 B) game engines. Whenever an AR device or SDK comes out, support is immediately provided for Unity or Unreal. There are also a lot of companies spending and investing in VR as well (which tends to leverage the same game engines), e.g., Facebook.

Dr. Arnold: We are a fan of both VR and AR, but in the Cybersecurity operations realm we think that the day to day analyst will need VR more in the long term since they work with a lot of data and applications. Notionally, we think exhibits of data should be able to work in VR or AR as needed.

Mr. Trossbach: A lot will need to happen to get to that point, but it is not far-fetched since a lot of VR and AR software use the same gaming engines. As such, it could be possible to work in a custom VR environment, then to go to brief your leadership on a finding, and finally transfer the data exhibit to a physical table for an AR supported briefing. AR point clouds would be useful here to allow multiple peers in the same meeting room location to see the content on a physical table from their own seats. We don’t have a near term plan to leverage AR in this way since our work is currently VR focused, however we are collaborating with other teams that are working in the AR space and will find an integration point in the long term.

Active Cyber™: As cyber teams adopt a “defending forward” approach, will VRDAE make a difference on how that approach is accomplished or succeeds? How do you envision VR supporting a distributed cyber team?

Dr. Arnold: We perceive that there is a great fit with the defending forward approach. The notion of an analyst being able to work with more data, be “hands on” in VR spaces such as VRDAE, and having those VR interactions cause real world changes fits the intent.

Mr. Trossbach: The difficulty with this approach is that the notion of doing so, even in a simple 2D web based interface, does not fit well with traditional DoD tactics techniques and protocols.

Dr. Arnold: The Defense Forward Strategy calls for an evolution in how we think and act defensively, it should create a paradigm shift where VR can fit as an enabler.

Active Cyber™: What is your outlook on how VR/AR will be used 5 to 10 years from now on the cyber battlefront?

Dr. Arnold: We think it will be more tightly integrated and it will be common to have both AR and VR gear deployed in network and security operations centers, regardless whether they are localized or deployed to a forward operating base (FOB).

Mr. Trossbach: Even in just the recent news, Microsoft HoloLens demonstrates this point, so in some capacity it could be sooner. On the VR side, the “sooner” will likely be realized in training environments, cyber or otherwise.

Thank you Dr. Arnold and Mr. Trossbach for sharing your insight in how you are breaking ground in the exciting new world of virtual reality and its application to cyberspace. I believe that the research you are conducting to improve our ability to operate in cyberspace will generate important dividends in our fight against cyber attackers as we bring in a new generation of cyber defenders. And that cyberspace fiction book by Tom Clancy where I remember reading about VR technology + cyberspace for the first time ?- now I see where he got his inspiration.

And thanks for checking out ActiveCyber.net! Please give us your feedback because we’d love to know some topics you’d like to hear about in the area of active cyber defenses, PQ cryptography, risk assessment and modeling, autonomous security, securing the Internet of Things, or other security topics. Also, email marketing@activecyber.net if you’re interested in interviewing or advertising with us at Active Cyber™.