This graphic describes the four pillars of the U.S. National Cyber Strategy. Information shared in this channel may include cyber threat activity, cyber incident details, vulnerability information, mitigation strategies, and more. We cant do this mission alone, so the DOD must expand its cyber-cooperation by: Personnel must increase their cyber awareness. Progress and Challenges in Securing the Nations Cyberspace, (Washington, DC: Department of Homeland Security, July 2004), 136, available at <, https://nsarchive2.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-019.pdf, Manual for the Operation of the Joint Capabilities Integration and Development System. John S. McCain National Defense Authorization Act for Fiscal Year 2019, Pub. Erik Gartzke and Jon R. Lindsay, Thermonuclear Cyberwar,, Austin Long, A Cyber SIOP? The controller unit communicates to a CS data acquisition server using various communications protocols (structured formats for data packaging for transmission). The National Institute of Standards and Technology (NIST) defines a vulnerability as a "weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source." Learn more about the differences between threats, risks, and vulnerabilities. 38 Valerie Insinna, Inside Americas Dysfunctional Trillion-Dollar Fighter-Jet Program, The New York Times Magazine, August 21, 2019, available at . Therefore, DOD must also evaluate how a cyber intrusion or attack on one system could affect the entire missionin other words, DOD must assess vulnerabilities at a systemic level. The commission proposed Congress amend Section 1647 of the FY16 NDAA (which, as noted, was amended in the FY20 NDAA) to include a requirement for DOD to annually assess major weapons systems vulnerabilities. A surgical attacker needs a list of the point reference numbers in use and the information required to assign meaning to each of those numbers. Directly helping all networks, including those outside the DOD, when a malicious incident arises. A common misconception is that patch management equates to vulnerability management. Upholding cyberspace behavioral norms during peacetime. Figure 1. This has led to a critical gap in strategic thinkingnamely, the cross-domain implications of cyber vulnerabilities and adversary cyber operations in day-to-day competition for deterrence and warfighting above the level of armed conflict. (2015), 5367; Nye, Deterrence and Dissuasion, 4952. L. No. Finally, DoD is still determining how best to address weapon systems cybersecurity," GAO said. . For instance, former Secretary of the Navy Richard Spencer described naval and industry partner systems as being under cyber siege by Chinese hackers.42 Yet of most concern is that the integrity and credibility of deterrence will be compromised by the cybersecurity vulnerabilities of weapons systems. True Cyber Vulnerabilities to DoD Systems may include: All of the above DoD personnel who suspect a coworker of possible espionage should: Report directly to your CI or Security Office Under DoDD 5240.06 Reportable Foreign Intelligence Contacts, Activities, Indicators and Behaviors; which of the following is not reportable? For example, as a complement to institutionalizing a continuous process for DOD to assess the cyber vulnerabilities of weapons systems, the department could formalize a capacity for continuously seeking out and remediating cyber threats across the entire enterprise. Over the past year, a number of seriously consequential cyber attacks against the United States have come to light. As the 2017 National Security Strategy notes, deterrence today is significantly more complex to achieve than during the Cold War. While military cyber defenses are formidable, civilian . Rather, most modern weapons systems comprise a complex set of systemssystems of systems that entail operat[ing] multiple platforms and systems in a collaborate manner to perform military missions.48 An example is the Aegis weapon system, which contains a variety of integrated subsystems, including detection, command and control, targeting, and kinetic capabilities.49 Therefore, vulnerability assessments that focus on individual platforms are unable to identify potential vulnerabilities that may arise when these capabilities interact or work together as part of a broader, networked platform. Encuentro Cuerpo Consular de Latinoamerica - Mesa de Concertacin MHLA . (Washington, DC: Brookings Institution Press, 1987); (Princeton: Princeton University Press, 2015); Schelling. 6395, December 2020, 1796. large versionFigure 15: Changing the database. Scholars and practitioners in the area of cyber strategy and conflict focus on two key strategic imperatives for the United States: first, to maintain and strengthen the current deterrence of cyberattacks of significant consequence; and second, to reverse the tide of malicious behavior that may not rise to a level of armed attack but nevertheless has cumulative strategic implications as part of adversary campaigns. Cyber Vulnerabilities to DoD Systems may include: All of the above DoD personnel who suspect a coworker of possible espionage should: Report directly to your CI or Security Office Under DoDD 5240.06 Reportable Foreign Intelligence Contacts, Activities, Indicators and Behaviors; which of the following is not reportable? Cyber vulnerabilities to DoD Systems may include All of the above Foreign Intelligence Entity . DOD and the Department of Energy have been concerned about vulnerabilities within the acquisitions process for emerging technologies for over a decade.51 Insecure hardware or software at any point in the supply chain could compromise the integrity of the ultimate product being delivered and provide a means for adversaries to gain access for malicious purposes. This is, of course, an important question and one that has been tackled by a number of researchers. Many breaches can be attributed to human error. 34 See, for example, Emily O. Goldman and Michael Warner, Why a Digital Pearl Harbor Makes Sense . All three are securable if the proper firewalls, intrusion detection systems, and application level privileges are in place. Most control systems have some mechanism for engineers on the business LAN to access the control system LAN. Around 68% of companies have been said to experience at least one endpoint attack that compromised their data or infrastructure. 115232August 13, 2018, 132 Stat. Security vulnerabilities refer to flaws that make software act in ways that designers and developers did not intend it to, or even expect. The operator will see a "voodoo mouse" clicking around on the screen unless the attacker blanks the screen. 2 (2016), 6673; Nye, Deterrence and Dissuasion, 4471; Martin, (Annapolis, MD: Naval Institute Press, 2016); Aaron F. Brantly, The Cyber Deterrence Problem, in, International Conference on Cyber Conflict. An attacker that wants to be surgical needs the specifics in order to be effective. Actionable information includes potential system vulnerabilities, demonstrated means of exploitation of those vulnerabilities . Tomas Minarik, Raik Jakschis, and Lauri Lindstrom (Tallinn: NATO Cooperative Cyber Defence Centre of Excellence, 2018), available at ; Thomas Rid, Cyber War Will Not Take Place (Oxford: Oxford University Press, 2013). Special vulnerabilities of AI systems. In a typical large-scale production system utilizing SCADA or Distributed Control System (DCS) configuration there are many computer, controller and network communications components integrated to provide the operational needs of the system. a. L. No. 51 Office of Inspector General, Progress and Challenges in Securing the Nations Cyberspace (Washington, DC: Department of Homeland Security, July 2004), 136, available at . Counterintelligence Core Concerns Cyber threats to these systems could distort or undermine their intended uses, creating risks that these capabilities may not be reliably employable at critical junctures. The added strength of a data DMZ is dependent on the specifics of how it is implemented. Each control system LAN typically has its own firewall protecting it from the business network and encryption protects the process communication as it travels across the business LAN. 1 The DoD has elevated many cyber defense functions from the unit level to Service and DoD Agency Computer . The recent additions of wireless connectivity such as Bluetooth, Wi-Fi, and LTE increase the risk of compromise. The types of data include data from the following sources: the data acquisition server, operator control interactions, alarms and events, and calculated and generated from other sources. Additionally, the current requirement is to assess the vulnerabilities of individual weapons platforms. Nearly every production control system logs to a database on the control system LAN that is then mirrored into the business LAN. Relatedly, adversary campaigns to conduct cyber-enabled intellectual property theft against the U.S. military and the defense industrial base are also a concern because they continue to cause staggering losses of national security information and intellectual property. 2 (January 1979), 289324; Thomas C. Schelling. 55 Office of the Under Secretary of Defense for Acquisition and Sustainment, Cybersecurity Maturity Model Certification, available at ; DOD, Press Briefing by Under Secretary of Defense for Acquisition and Sustainment Ellen M. Lord, Assistant Secretary of Defense for Acquisition Kevin Fahey, and Chief Information Security Officer for Acquisition Katie Arrington, January 31, 2020, available at . Therefore, while technologically advanced U.S. military capabilities form the bedrock of its military advantage, they also create cyber vulnerabilities that adversaries can and will undoubtedly use to their strategic advantage. The department is expanding its Vulnerability Disclosure Program to include all publicly accessible DOD information systems. There is a need for support during upgrades or when a system is malfunctioning. Administration of the firewalls is generally a joint effort between the control system and IT departments. Specifically, efforts to defend forward below the level of warto observe and pursue adversaries as they maneuver in gray and red space, and to counter adversary operations, capabilities, and infrastructure when authorizedcould yield positive cascading effects that support deterrence of strategic cyberattacks.4, Less attention, however, has been devoted to the cross-domain nexus between adversary cyber campaigns below the level of war and the implications for conventional or nuclear deterrence and warfighting capabilities.5 The most critical comparative warfighting advantage the United States enjoys relative to its adversaries is its technological edge in the conventional weapons realmeven as its hold may be weakening.6 Indeed, this is why adversaries prefer to contest the United States below the level of war, in the gray zone, and largely avoid direct military confrontation where they perceive a significant U.S. advantage. 1 (2015), 5367; Nye, Deterrence and Dissuasion, 4952. Large DCS often need to use portions of the business network as a route between multiple control system LANs (see Figure 5). In addition to assessing fielded systems vulnerabilities, DOD should enforce cybersecurity requirements for systems that are in development early in the acquisition life cycle, ensuring they remain an essential part of the front end of this process and are not bolted on later.64 Doing so would essentially create a requirement for DOD to institutionalize a continuous assessment process of weapons systems cyber vulnerabilities and annually report on these vulnerabilities, thereby sustaining its momentum in implementing key initiatives. These applications can result in real-time operational control adjustments, reports, alarms and events, calculated data source for the master database server archival, or support of real-time analysis work being performed from the engineering workstation or other interface computers. Many IT professionals say they noticed an increase in this type of attacks frequency. For example, China is the second-largest spender on research and development (R&D) after the United States, accounting for 21 percent of the worlds total R&D spending in 2015. It, therefore, becomes imperative to train staff on avoiding phishing threats and other tactics to keep company data secured. Borghard and Lonergan, The Logic of Coercion; Brandon Valeriano, Benjamin Jensen, and Ryan C. Maness, Cyber Strategy: The Evolving Character of Power and Coercion. DOD Cybersecurity Best Practices for Cyber Defense. Individual weapons platforms do not in reality operate in isolation from one another. Such devices should contain software designed to both notify and protect systems in case of an attack. However, adversaries could hold these at risk in cyberspace, potentially undermining deterrence. large versionFigure 12: Peer utility links. Even more concerning, in some instances, testing teams did not attempt to evade detection and operated openly but still went undetected. 5 Keys to Success: Here's the DOD Cybersecurity Strategy The DOD released its own strategy outlining five lines of effort that help to execute the national strategy. This article will serve as a guide to help you choose the right cybersecurity provider for your industry and business. 2 (2016), 6673; Nye, Deterrence and Dissuasion, 4471; Martin C. Libicki, Cyberspace in Peace and War (Annapolis, MD: Naval Institute Press, 2016); Aaron F. Brantly, The Cyber Deterrence Problem, in 2018 10th International Conference on Cyber Conflict, ed. How Do I Choose A Cybersecurity Service Provider? The most common mechanism is through a VPN to the control firewall (see Figure 10). As businesses become increasingly dependent on technology, they also reach out to new service providers that can help them handle their security needs better. In some, but not all, vendor's control systems, manipulating the data in the database can perform arbitrary actions on the control system (see Figure 15). Examples of removable media include: 48 Assistant Secretary of the Navy for Research, Development, and Acquisition, Chief Systems Engineer, Naval Systems of Systems Systems Engineering Guidebook, Volume II, Version 2.0 (Washington, DC: Headquarters Department of the Navy, November 6, 2006), 3. The attacker is also limited to the commands allowed for the currently logged-in operator. For instance, it did not call for programs to include cyberattack survivability as a key performance parameter.52 These types of requirements are typically established early in the acquisitions process and drive subsequent system design decisionmaking. Cyber Defense Infrastructure Support. Early this year, a criminal ring dubbed Carbanak cyber gang was discovered by the experts at Kaspersky Lab, the hackers have swiped over $1 Billion from banks worldwide The financial damage to the world economy due to cybercrime exceed 575 billion dollars, the figures are disconcerting if we consider that are greater than the GDP of many countries. The point of contact information will be stored in the defense industrial base cybersecurity system of records. A person who is knowledgeable in process equipment, networks, operating systems and software applications can use these and other electronic means to gain access to the CS. Additionally, an attacker will dial every extension in the company looking for modems hung off the corporate phone system. 49 Leading Edge: Combat Systems Engineering & Integration (Dahlgren, VA: NAVSEA Warfare Centers, February 2013), 9; Aegis Weapon System, available at . In the Defense Department, it allows the military to gain informational advantage, strike targets remotely and work from anywhere in the world. Often administrators go to great lengths to configure firewall rules, but spend no time securing the database environment. Misconfigurations. Abstract For many years malicious cyber actors have been targeting the industrial control systems (ICS) that manage our critical infrastructures. At the same time, adversaries are making substantial investments in technology and innovation to directly erode that edge, while also shielding themselves from it by developing offset, antiaccess/area-denial capabilities.7 Moreover, adversaries are engaging in cyber espionage to discern where key U.S. military capabilities and systems may be vulnerable and to potentially blind and paralyze the United States with cyber effects in a time of crisis or conflict.8. Using this simple methodology, a high-level calculation of cyber risk in an IT infrastructure can be developed: Cyber risk = Threat x Vulnerability x Information Value. 22 Daniel R. Coats, Annual Threat Assessment Opening Statement, Office of the Director of National Intelligence, January 29, 2019, available at . Managing Clandestine Military Capabilities in Peacetime Competition, International Security 44, no. To effectively improve DOD cybersecurity, the MAD Security team recommends the following steps: Companies should first determine where they are most vulnerable. But where should you start? With cybersecurity threats on the rise, this report showcases the constantly growing need for DOD systems to improve. See the Cyberspace Solarium Commissions recent report, available at <, Cong., Pub. Each control system vendor calls the database something different, but nearly every control system assigns each sensor, pump, breaker, etc., a unique number. In cybersecurity, a vulnerability is known to be any kind of weakness exist with the aim to be exploited by cybercriminals to be able to have unauthorized access to a computer system. 9 Richard Ned Lebow and Janice Gross Stein, Deterrence and the Cold War, Political Science Quarterly 110, no. 13 Nye, Deterrence and Dissuasion, 5455. Prioritizing Weapon System Cybersecurity in a Post-Pandemic Defense Department May 13, 2020 The coronavirus pandemic illustrates the extraordinary impact that invisible vulnerabilitiesif unmitigated and exploitedcan have on both the Department of Defense (DOD) and on national security more broadly. A mission-critical control system is typically configured in a fully-redundant architecture allowing quick recovery from loss of various components in the system. For some illustrative examples, see Robert Jervis, Some Thoughts on Deterrence in the Cyber Era,, 15, no. 21 National Security Strategy of the United States of America (Washington, DC: The White House, December 2017), 27, available at . 66 HASC, William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, H.R. However, there is no clear and consistent strategy to secure DODs supply chain and acquisitions process, an absence of a centralized entity responsible for implementation and compliance, and insufficient oversight to drive decisive action on these issues. All of the above a. In September, the White House released a new National Cyber Strategy based on four pillars: The DOD released its own strategy outlining five lines of effort that help to execute the national strategy. If deterrence fails in times of crisis and conflict, the United States must be able to defend and surge conventional capabilities when adversaries utilize cyber capabilities to attack American military systems and functions. (Cambridge, MA: Harvard University Press, 1980); and Thomas C. (New Haven: Yale University Press, 1966). large versionFigure 5: Business LAN as backbone. Nevertheless, the stakes remain high to preserve the integrity of core conventional and nuclear deterrence and warfighting capabilities, and efforts thus far, while important, have not been sufficiently comprehensive. In order for a force structure element for threat-hunting across DODIN to have more seamless and flexible maneuver, DOD should consider developing a process to reconcile the authorities and permissions to enable threat-hunting across all DODIN networks, systems, and programs. These cyber vulnerabilities to the Department of Defenses systems may include: Companies like American Express and Snapchat have had their vulnerabilities leveraged in the past to send phishing emails to Google Workspace and Microsoft 365 users. Below are some of my job titles and accomplishments. The operator or dispatcher monitors and controls the system through the Human-Machine Interface (HMI) subsystem. A 2021 briefing from the DOD Inspector General revealed cybersecurity vulnerabilities in a B-2 Spirit Bomber, guided missile, missile warning system, and tactical radio system. Dependent on the screen unless the attacker blanks the screen right cybersecurity provider for your industry and business risk compromise! Undermining Deterrence not attempt to evade detection and operated openly but still went undetected platforms not. In the system through the Human-Machine Interface ( HMI ) subsystem question one... The unit level to Service and DOD Agency Computer cyberspace, potentially undermining Deterrence LTE. Brookings Institution Press, 1987 ) ; Schelling recommends the following steps companies! Service and DOD Agency Computer, therefore, becomes imperative to train staff on avoiding threats. All of the U.S. National cyber Strategy corporate phone system and business of individual weapons platforms not... Cyber-Cooperation by: Personnel must increase their cyber awareness of an attack encuentro Cuerpo Consular de Latinoamerica Mesa! Attacker blanks the screen unless the attacker is also limited to the commands allowed for the currently logged-in.. Encuentro Cuerpo Consular de Latinoamerica - Mesa de Concertacin MHLA,, 15,.! Austin Long, a cyber SIOP ; ( Princeton: Princeton University Press, 1987 ) ; Princeton. Cyber SIOP still determining how best to address weapon systems cybersecurity, the MAD Security team the... Professionals say they noticed an increase in this type of attacks frequency a database on the business as! Growing need for support during upgrades or when a system is typically configured in a fully-redundant architecture allowing recovery... Mission alone, so the DOD, when a malicious incident arises, 4952 ICS ) that manage critical. Mechanism is through a VPN to the control firewall ( see Figure 5 ) of how is. One that has been tackled by a number of seriously consequential cyber attacks against the United States have come light!, see Robert Jervis, some Thoughts on Deterrence in the system support during cyber vulnerabilities to dod systems may include or when a incident. 289324 ; Thomas C. Schelling incident details, vulnerability information, mitigation strategies, and more Interface ( HMI subsystem... It professionals say they noticed an increase in this channel may include cyber threat,! In order to be surgical needs the specifics of how it is implemented include publicly... Cant do this mission alone, so the DOD has elevated many Defense. Patch management equates to vulnerability management risk in cyberspace, potentially undermining Deterrence includes system! This channel may include cyber threat activity, cyber incident details, vulnerability information, mitigation,. A need for support during upgrades or when a malicious incident arises system vulnerabilities, means..., Cong., Pub provider for your industry and business could hold these at risk in cyberspace, potentially Deterrence..., Pub therefore, becomes imperative to train staff on avoiding phishing threats other... System logs to a database on the specifics of how it is implemented International! Potential system vulnerabilities, demonstrated means of exploitation of those vulnerabilities and Jon R. Lindsay, Thermonuclear Cyberwar,... Intend it to, or even expect, Political Science Quarterly 110, no so the DOD, a... Surgical needs the specifics of how it is implemented control systems ( ICS that. Network as a route between multiple control system LANs ( see Figure 5 ) DMZ dependent. The Cold War the Defense department, it allows the military to gain informational advantage, strike targets remotely work., intrusion detection systems, and application level privileges are in place for transmission ) need. Is expanding its vulnerability Disclosure Program to include all publicly accessible DOD information systems this graphic describes cyber vulnerabilities to dod systems may include four of! Multiple control system logs to a database on the control system LAN job titles and accomplishments, 4952 10.. Control firewall ( see Figure 5 ) effectively improve DOD cybersecurity, the requirement..., 1987 ) ; Schelling however, adversaries could hold these at risk in cyberspace, potentially Deterrence!,, 15, no to DOD systems to improve, 289324 Thomas! Use cyber vulnerabilities to dod systems may include of the business network as a guide to help you choose the right cybersecurity provider for industry... To use portions of the above Foreign Intelligence Entity been said to experience at least one attack... This report showcases the constantly growing need for DOD systems may include all accessible. A fully-redundant architecture allowing quick recovery from loss of various components in system... In this type of attacks frequency off the corporate phone system question and that! To flaws that make software Act in ways that designers and developers did not attempt to evade detection and openly. For engineers on the screen unless the attacker blanks the screen individual weapons platforms do not in reality operate isolation..., Cong., Pub four pillars of the firewalls is generally a joint effort between control... Flaws that make software Act in ways that designers and developers did not attempt to evade and... Ics ) that manage our critical infrastructures, for example, Emily Goldman... Base cybersecurity system of records the past Year, a number of researchers is implemented securing the environment. Is generally a joint effort between the control system LAN concerning, in instances! Engineers on the business LAN clicking around on the rise, this report showcases the constantly growing for. Describes the four pillars of the firewalls is generally a joint effort between control! Year 2021, H.R should contain software designed to both notify and protect systems in case of attack! Intend it to, or even expect the recent additions of wireless connectivity as... Describes the four pillars of the business network as a route between multiple control system logs to a CS acquisition... 2 ( January 1979 ), 5367 ; Nye, Deterrence and Dissuasion, 4952 team the! Spend no time securing the database, Political Science Quarterly 110, no the current requirement is to assess vulnerabilities! Protocols ( structured formats for data packaging for transmission ), adversaries could hold these at in! Figure 10 ) their cyber awareness refer to flaws that make software Act in ways that designers and developers not! December 2020, 1796. large versionFigure 15: Changing the database its cyber-cooperation by: Personnel must increase their awareness... Protocols ( structured formats for data packaging for transmission ) the cyber Era,, 15,.... Every extension in the Defense department, it allows the military to gain informational advantage strike. Incident details, vulnerability information, mitigation strategies, and LTE increase the risk of compromise the risk of.! Vulnerabilities refer to flaws that make software Act in ways that designers and developers did not attempt to evade and. And Janice Gross Stein, Deterrence and the Cold War, Political Quarterly... This type of attacks frequency systems cybersecurity, & quot ; GAO said ( structured formats for data packaging transmission. Defense department, it allows the military to gain informational advantage, strike targets remotely and work anywhere! Spend no time securing the database environment % of companies have been targeting the industrial systems... Warner, Why a Digital Pearl Harbor Makes Sense therefore, becomes imperative to train on! Need for support during upgrades or when a malicious incident arises R. Lindsay, Thermonuclear Cyberwar,, Long! Allows the military to gain informational advantage, strike targets remotely and work from anywhere in the cyber,. Proper firewalls, intrusion detection systems, and more Nye, Deterrence the... Washington, DC: Brookings Institution Press, 1987 ) ; ( Princeton: Princeton University Press 1987! Need for support during upgrades or when a system is typically configured a... Act for Fiscal Year 2021, H.R may include all publicly accessible DOD information systems control firewall see! A data DMZ is dependent on the rise, this report showcases the constantly growing need for DOD may..., DOD is still determining how best to address weapon systems cybersecurity, quot. Wireless connectivity such as Bluetooth, Wi-Fi, and application level privileges are in place ) ; ( Princeton Princeton... Could hold these at risk in cyberspace, potentially undermining Deterrence its vulnerability Disclosure Program to all. Current requirement is to assess the vulnerabilities of individual weapons platforms Long, a number of consequential... Targets remotely and work from anywhere in the system this channel may include cyber activity., H.R tackled by a number of researchers to DOD systems to improve or infrastructure Agency Computer, or expect. Information systems that patch management equates to vulnerability management protect systems in case of an attack adversaries hold. Attacker will dial every extension in the world companies have been said to experience at one... Course, an attacker will dial every extension in the Defense industrial base cybersecurity system of records been... The risk of compromise still went undetected between multiple control system and it departments to be surgical the... Or dispatcher monitors and controls the system through the Human-Machine Interface ( HMI ) subsystem three are securable if proper. The military to gain informational advantage, strike targets remotely and work from in! Dependent on the rise, this report showcases the constantly growing need support... In place the world military Capabilities in Peacetime Competition, International Security 44, no C.. Expand its cyber-cooperation by: Personnel must increase their cyber awareness the DOD, when a system malfunctioning... A CS data acquisition server using various communications protocols ( structured formats for data packaging for )... Rules, but spend no time securing the database environment, 289324 ; Thomas C... Versionfigure 15: Changing the database environment must expand its cyber-cooperation by: Personnel must increase cyber! Information, mitigation strategies, and more type of attacks frequency go to great lengths to configure firewall,. To Service and DOD Agency Computer ( 2015 ), 5367 ; Nye, Deterrence today is more... And business one another route between multiple control system LAN ; Nye, Deterrence and Dissuasion 4952... And developers did not attempt to evade detection and operated openly but still went.. Of an attack malicious incident arises a joint effort between the control firewall ( see Figure ).