Sponsored by Spectra Group
06 Jul 22. US Vendors prep for new cyber rules of the road. Federal policy is shifting to impose tighter cybersecurity requirements on government contractors and Congress appears poised to impose new standards throughout the private sector.
There may soon come a day when it will be nearly impossible for companies to do business with the federal government, defense or civilian agencies, without first providing binding assurances that certain cybersecurity measures have been met.
Right now, there are two trends that could have a long-term impact on companies: the Defense Department’s ongoing implementation of a unified cybersecurity standard for contractors and the burgeoning regulatory efforts targeting the private sector and how companies secure consumer data and privacy.
For the latter, it could mean increased scrutiny from federal watchdog agencies like the Securities and Exchange Commission and Federal Trade Commission. For the former, it means companies that want to work with the Pentagon will have to meet specific standards of the Cybersecurity Maturity Model Certification (CMMC) program.
Participation in that program will eventually become a part of all contracts and requires companies to attest or be evaluated by an approved third party organization. Failure to comply could simply mean a company loses a customer but that might not be good for business.
Vendor cybersecurity at DOD
Kelly Fletcher, the Defense Department’s principal deputy chief information officer, said part of the preparedness starts with embracing the idea of cybersecurity-as-a-service so that medium-sized and smaller companies can meet CMMC standards even as they change to keep pace with new threats.
“I’m really hopeful that as folks buy cybersecurity as a service from true cyber experts, this is a chance for those experts to change what they provide to them or to make sure that the most current threats are accounted for and what is being provisioned as this turnkey service,” she said at the RSA conference in San Francisco in June.
But not taking early steps could mean ceding business to companies that got an earlier start, potentially shrinking the Defense Department’s already dwindling contractor pool.
“When these [requirements] first hit contracts, which is summer of next year, I think in the end, we’re gonna get everybody over the line. I think everybody who wants to pursue CMMC certification is going to get there,” Fletcher said. “But I do think there might be a little bit of time where not everyone is there. And so those companies that do have that certification done, I think they’re going to be in a little bit less competition.”
Fletcher said the DOD is “at an inflection point” where it’s a priority to fix things like technical debt, and that shift will be more visible across the federal government within the next few years.
“It is a priority for us and that’s across the board not just for the [defense industrial base], but also for our own systems. And I think that I’m seeing this throughout the federal government to some degree, but absolutely within DOD,” Fletcher said. “I think [in] the next year or two, we’re gonna see a big shift in how we apply resources and what we prioritize.”
Drew Bagley, Crowdstrike’s vice president and counsel for privacy and cyber policy, told FCW that expectations of cybersecurity measures were coming from legal requirements directly applicable to certain sectors, or potentially certain data types, “while simultaneously getting an expectation that in order for companies to compete fairly, then they really have a duty to pay attention and heed those warnings to use the best information possible to fix vulnerabilities.”
CISA in the mix
Thanks to the Biden administration’s cybersecurity executive order, that means practices like endpoint detection and response, zero trust, threat hunting, logging are now directly applicable to federal agencies, he said.
“Something that I think is really important for raising the bar with DOD cybersecurity is really enhancing cybersecurity in the DIB. Related to legal requirements, what we’ve seen over the past few months is the new requirement for organizations that are deemed critical infrastructure, including DIBs, to report cyber incidents to CISA and to report ransomware payments to CISA,” Bagley told FCW during the RSA conference.
Bagley said the Cybersecurity and Infrastructure Security Agency’s reporting requirements were important because it “creates incentives for organizations to enhance their cybersecurity so that they’re not in a position to have to do breach reporting. But similarly, there needs to be actions taken to incentivize the use of managed service providers.”
And it’s also important to have flexibility with respect to enforcement.
“Because if you think about how diverse the DIBs companies are in terms of size, scope and resources, you have obviously these supply chains in which you have very, very small providers who may be making very critical parts, especially if we’re talking about military hardware, and yet, maybe very small in and of themselves, and not able to fully deploy a mature security program, like a large defense contractor. And nonetheless, they can still use all the same technologies and methods that are called for in the executive order that are expected from federal agencies now by using managed service providers,” he said.
“So it’s really important for DOD to be flexible in the way in which those requirements trickle down to the entire ecosystem, by focusing on those end means of getting the technologies, tools and methods deployed, rather than focusing squarely on who does it.”
Michael Baker, the vice president and IT chief information security officer at DXC Technology, said one of the things companies should do in the face of cyber standards like CMMC is be honest when they’re not doing well – and then ask for help.
“You’re given the gift of the prioritization of the requirements in the DoD assessment methodology, they have a scoring mechanism, right, use it. Use it to your advantage. And honestly, if your score is low, ask for help,” Baker, who was previously a CISO at GDIT, said during an RSA conference panel on CMMC.
“That was one of the things that dawned on me when in my previous role: [how] most people hid those scores. Don’t hide them. Bring him to the front. Let’s solve it together.”
Baker said it’s easy to get swept up in “a blame game” in the cyber world where if “you get breached and you point a finger and say, A-ha!” But to get ahead, companies, large contractors in particular, should prioritize making sure their critical subcontractors are in good cyber shape.
“I would really prioritize that if you have the resources to get ahead of it and make sure that you’re fulfilling the obligations because not only is it the right thing to do, but it’s also the right thing to do for business because you don’t want to have a vulnerability in your supply chain. That then you have to answer to the DOD for in the long run because you weren’t doing what you needed to do.”
When regs proliferate
But business groups are concerned about the potential ramifications of having to meet multiple – and possibly overlapping – reporting requirements. And whether it’s a privacy law or DOD’s CMMC, those cyber requirements could end up in contracts.
“You’ll still have these privacy laws likely touching most of the significant organizations in that time. And interestingly enough, analogous to what we were talking about with DoD contracts, and the entire supply chain ecosystem and how those requirements flow down, many of these privacy laws actually impose requirements that end up being applied via contract to the entire ecosystem of service providers,” Bagley said.
“So for example, if you take cybersecurity requirements in California’s [California Privacy Rights Act] those are requirements that end up not just affecting entities that are serving California consumers, but end up flowing down to their service providers, and in many instances, those service providers, service providers and so on. So I think you’re going to just see a lot of natural legal concern and awareness as a result of this even if we don’t see, to your point, laws keeping up with every type of cyber incident.”
For the private sector, Bagley laid out the current cyber law landscape, describing the emergence of state level breach notification laws for private sector companies, such as encryption compliance required for personal health records held by businesses and vendors as part of the HITECH Act.
“What you see is that you have a duty to report a breach, if there is a breach. But the other trend we’ve also seen over the past couple of decades, that is also codified in these sector specific federal regulations, is a requirement to protect data to begin with. So you see that in financial services, again with HIPAA, and what you see is a requirement that is principles based: you must protect data in a manner that’s reasonable to the risk, is usually how these obligations are worded.”
Some states have adopted privacy laws that carry cyber requirements, including the CPRA. And those cybersecurity requirements serve a dual purpose.
“With CPRA, even though it’s built naturally as a privacy law, it has these cybersecurity requirements. And so that means where you see organizations that provide goods and services to customers they’re going to have an obligation for cybersecurity, but lots of those same companies provide services to the government,” Bagley said.
“So you’re already seeing a trend where there is, in essence, a standard of cybersecurity that’s being raised by a law that’s not even directly applicable in the public sector context. And yet is naturally incentivizing these companies.”
There’s momentum in Congress behind a federal data privacy standard to pre-empt the patchwork of state rules. The American Data Privacy and Protection Act was advanced by a subcommittee of the House Committee on Energy and Commerce on June 23.
Bagley said the law’s debate should extend beyond whether or not the U.S. should have a federal privacy law and could have ramifications as it relates to federal contractors that also sell directly to consumers.
“You’re going to see that cybersecurity is a part of the current draft. And even though parts of the current draft may change, for sure,” he said, “one thing I expect that will remain, probably similar, are the security requirements that are in this draft.”
The version of the bill that passed the subcommittee requires covered companies to “maintain reasonable administrative, technical, and physical data security practices and procedures to protect and secure covered data against unauthorized access and acquisition.
That standard of “reasonableness” will shift with time, Bagley said.
“Whatever is reasonable in 2022 is not going to be reasonable in 2025. What is very interesting from a cyber law perspective, is that we’ve already seen that where you have the federal government being very active with trying to get information out to those best equipped to fix vulnerabilities, for example, you then see the [Federal Trade Commission] taking note and essentially further defining what an unfair trade practice may be in today’s era,” he said.
For example, when the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) disclosed vulnerabilities related to Log4j and instructions for companies to patch them, the FTC then issued a notice saying that failure to patch could have legal implications.
“The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future,” the notice states.
Moving the front lines
But cyber is tricky because technology, threats, and vulnerabilities are constantly changing, while laws and regulations can take years to make and even longer to change or strike down. So the question remains: How will cyber law and standards be able to keep up? And what’s to come?
For Matthew Travis, the CEO of the Cyber AB, the organization in charge of standing up CMMC, it could mean the eventual adoption of the single standard at least in federal acquisitions. Travis said the organization has been approached by other federal agencies, entities across infrastructure sectors, and nations “who see the value of a third party certification conformance regime” because “it lowers risk and it gives you more fidelity into who you’re doing business with and what’s in your supply chain.”
And while it’s not appropriate to scale CMMC while it’s still in the beginning stages, he said during the panel, it’s unlikely that other federal agencies will come up with their own standard for contractors.
“There needs to be a unifying standard for federal acquisition, these companies who support not only DOD, but they’re supporting [Department of Energy] and [Department of Homeland Security] and, and others,” Travis said during the panel.
“Ultimately, this is a journey and I think there’ll be a confluence of smart folks who realize that the federal acquisition community needs a unifying standard. I think CMMC is it, as NIST 800-171 continues to evolve.”
Then he added: “anytime we’re spreading cybersecurity hygiene, it’s good for the nation.”
Meanwhile, Bagley thinks more “pure-play cybersecurity requirements” are coming, most likely in the form of data breach notification and privacy laws.
“I think that you are naturally going to see legal teams, compliance teams, and privacy teams, assisting security teams, and working together with security teams to really raise the bar whether or not you see an evolutionary development in national cybersecurity laws in the United States.” (Source: Defense Systems)
07 Jul 22. Mercury’s advanced encryptor receives certification from National Security Agency. Powerful, miniature data-at-rest encryptor weighing less than a pound can be easily integrated into existing avionics systems, safeguarding sensitive data. Mercury Systems, Inc. (NASDAQ: MRCY, www.mrcy.com), a leader in trusted, secure mission-critical technologies for aerospace and defense, announced today that its Jannson Data-At-Rest (JDAR) encryptor has been certified by the National Security Agency (NSA) to protect stored data classified secret and below.
Fully certified as an NSA Type-1 cryptographic module and developed in collaboration with the Department of Defense, the encryptor offers an innovative approach to the growing need for data-at-rest protection in an ultra-low size, weight, and power form factor while providing high throughput, ruggedization and anti-tamper protection.
Sensitive data is vulnerable when deployed at the edge and must be protected from local or remote attacks. The JDAR module protects data-at-rest and can be easily integrated into many of Mercury’s existing avionics, unmanned and unattended sensors, surveillance, communication, and wearable systems, ensuring sensitive data cannot be compromised.
“Weighing less than a pound and the size of a smartphone, our advanced miniature NSA Type-1 JDAR encryptor is the smallest in the industry and provides the flexibility and performance needed so today’s critical missions can address emerging threats,” said Mark Bruington, vice president, Mercury Mission Systems. “The innovative, purpose-built design makes it more cost-effective and easier than ever before for our A&D customers to entrust their most mission-critical avionics challenges to Mercury.”
07 Jul 22. July Spectrum SitRep. Products.
Rohde & Schwarz’ new communications intelligence products launched during this year’s Eurosatory exhibition can be used alongside the company’s CEPTOR COMINT software shown here.
Rohde & Schwarz took advantage of the Eurosatory defence exhibition held in Paris between 13th and 17th June to launch its UMS400 lightweight Communications Electronic Support Measure. A press release said the system covers an eight kilohertz to eight gigahertz waveband. It can be used for spectrum monitoring and emitter location. The UMS400 was not the only new product from the company launched at the event. Two new monitoring and direction-finding antennas, the ADD557SR and ADD597 respectively, were also unveiled. The press release said these can be installed on vehicles to detect and locate low probability of interception signals. All these products can be used alongside Rohde & Schwarz’ CEPTOR communications intelligence software.
Leonardo launched its Newton electronic warfare simulation software at this year’s CANSEC defence exhibition held in Ottawa, Canada between 1st and 2nd June 2022. Announcing the news in a press release, the company said the software can be used to “accelerate and validate the development of new electronic warfare technologies, tactics and techniques.” It can help model and test new technologies in realistic contemporary, and anticipated future, environments. As well as simulating RF (Radio Frequency) threats and countermeasures, Newton can replicate optronic and infrared threats and responses. The press release added that the product replaces the firm’s Tactical Engagement Simulation Software.
French maritime Signals Intelligence (SIGINT) provider Unseen Labs were also exhibiting at Eurosatory and revealed plans for new satellites. The company provides maritime SIGINT to government clients and private sector customers like marine insurers. Unseen Labs has a constellation of seven BRO (Breizh Reconnaissance Orbiter) satellites collecting maritime SIGINT. Company officials told Armada these provide global coverage. They have revisit rates of between six and eight hours for emitters of interest anywhere on the globe. Officials declined to provide specifics on the frequencies covered by Unseen Labs’ satellites. They did say these include standard vessel radio frequency emissions. This means the satellites maybe capable of detecting emissions from three megahertz/MHz to 10.68 gigahertz/GHz. Such a waveband comprises marine radio and standard vessel navigation radars. Unseen Labs will add a further three satellites to the BRO constellation by the end of the year, officials continued. This should reduce current revisit rates to the circa six-hour mark. Over the longer term, the company plans to have a constellation of 25 satellites. This would cut revisit rates to every 30 minutes for targets anywhere on earth.
Netline unveiled its latest version of its DroneNet-RD Counter-Uninhabited Aerial Vehicle (CUAV) sensor at Eurosatory. In a press release, the company said that DroneNet-RD detects and locates a UAV via the latter’s Radio Frequency (RF) emissions. UAVs use radio signals to link the aircraft to its pilot on the ground. In addition to detecting the aircraft, the press release stated that the DroneNet-RD can also jam UAVs.
Bird Aerosystems was also exhibiting at Eurosatory and showcased its new Hybrid Eye self-protection system at the event. This takes capabilities the company has developed for aircraft self-protection and adapts them for vehicle protection. Hybrid Eye uses a phased array radar transmitting in C-band (5.25GHz to 5.925GHz) to detect incoming threats. The radar is supplemented by infrared and laser detectors. These sensors are housed in four boxes positioned on the vehicle in such a way as to provide 360 degrees of protection. Once the incoming threat is detected, countermeasures are triggered. Company officials told Armada that Bird Aerosystems has won a contract to demonstrate Hybrid Eye on a vehicle.
MAG Aerospace and Boldend announced via an 8th June press release that they had successfully completed the integration and testing of Boldend’s cyber capabilities on an airborne platform. This tested the integration of cyber, EW and information operations capabilities on an airborne platform. According to the press release, “The test was conducted to not only demonstrate the ability of the tool to successfully operate at altitude and speed on an airborne platform but, demonstrated both companies’ ability to rapidly prototype, integrate, and connect next generation technology in a swift and reliable manner.” The concept was developed, the systems integrated and prototyped and tested within seven days, the press release said.
On 21st June COMINT Consulting unveiled its new Krypto Keyfinder product. A company press release said this enables the decryption of ARC4 40-bit encryption. Krypto Keyfinder is used with COMINT Consulting’s Krypto1000 Communications Intelligence (COMINT) software. This can run on any standard personal computer or group of PCs. COMINT Consulting told Armada that extracts from intercepts containing the key are sent directly from the Krypto1000 software to the Krypto Keyfinder for immediate analysis.
ARC4 encryption is commonly used by Digital Mobile Radios (DMRs). As the ongoing war in Ukraine shows DMRs are often used by militaries, particularly at squad and platoon levels. As Krypto Keyfinder software can run on standard PCs, this means that ARC4 decryption can be done close to the tactical edge. This saves time. Raw COMINT no longer needs to be sent up echelon for decryption and analysis elsewhere: “This could take days, weeks or months, assuming the particular service/agency (where the COMINT is sent) even has such a capability”, says the company. Such an approach greatly accelerates the COMINT intelligence cycle at the tactical level: “The ability to do this in the field in a matter of seconds, minutes, hours or days is a huge advantage. Also, end users not only can now listen to all of the previously-decrypted files, but they can continue to listen to the now-decrypted target network in real-time”. COMINT Consulting said that Krypto Keyfinder is available now and ready for use.
Towards late May, fedscoop.com reported that the US Army was looking for technologies to help protect its aircraft against Directed Energy Weapons (DEWs). DEWs use highly focused concentrations of electromagnetic energy to destroy targets. This is distinct from electronic attack weapons like jammers which use energy to disable or destroy a specific system like a radar or radio. The army is seeking solutions via a Small Business Innovation Research Opportunity (SBIR). In particular, it is keen to use comparatively low-cost paint or adhesive materials which could be quickly applied to an aircraft’s skin. Such coverings represent comparatively low-cost solutions. The army is targeting a unit cost of under $10,000 per aircraft.
Giga-tronics has been awarded a contract worth $783,000 to supply the firm’s Radar/Electronic Warfare Threat Emulation System (TEMS) to the US Department of Defence. A company press release said the TEMS “will play a critical role in the development, testing and fielding of a new advanced weapon system program of record” namely the US Air Force’s Lockheed Martin F-35A Lightning-II combat aircraft. It is likely that TEMS will be used to help evaluate the F-35’s radar and electronic warfare systems.
Janes reported on 23rd June that the Luftwaffe (German Air Force) is expected to receive its first Eurofighter Typhoon-EK (Elektronischer Kampf/Electronic Combat) aircraft in 2028. This is three years later than the originally-planned 2025 in-service date. These aircraft will replace the Luftwaffe’s existing fleet of Panavia Tornado-ECR air defence suppression aircraft. The report articulated that the delay may be wholly or partially due to the German government’s decision to abandon the purchase of the Boeing EA-18G Growler. Acquisition of this latter aircraft was originally planned as the Tornado-ECR replacement. The report continued that the Luftwaffe is expected to sign a formal contract for the Typhoon-EK acquisition in 2024.
In late July, Newsweek reported that the Russian Army is flying Mil Mi-8 (NATO reporting name Hip) series electronic warfare helicopters in support of the ongoing war in Ukraine. These aircraft are outfitted with the Rychag-AV series electronic support and electronic attack system. A confidential source told Armada that Rychag-AV targets emitters transmitting on frequencies of two gigahertz to 18GHz. These aircraft are deployed to target ground-based emitters used by land forces such as conventional radio and satellite communications, and ground-based radars. Open sources say that Rychag-AV may have a jamming range of up to 200 kilometres (124 miles) for ground-based emitters. The helicopters are believed to provide operational-level electronic warfare for the manoeuvre force. It is thought that up to three helicopters furnish each of the army’s jamming squadrons. At least one jamming squadron equips each of Russia’s four military districts, the source continued. (Source: Armada)
07 Jul 22. Kromek Group plc, a leading developer of radiation and bio-detection technology solutions for the advanced imaging and CBRN detection segments, announces that it has entered into a distribution agreement with Smiths Detection Inc. (“Smiths”), a global leader in threat detection and security screening technologies.
Under the terms of the agreement, Smiths will distribute the Group’s wearable radiation detection and identification solutions to North and South American markets. Smiths will be focused on marketing and distributing Kromek’s D3 and D5 series of wearable radiation detectors, which are designed to enable first responders, armed forces, border security and other CBRN experts to detect radiological threats such as dirty bombs, radioactive contamination and smuggling of radioactive substances.
Smiths Detection, part of Smiths Group, is a global leader in threat detection and screening technologies for aviation, ports and borders, defence and urban security markets. Its experience and history across more than 40 years at the frontline, enables Smiths Detection to deliver the solutions needed to protect society from the threat and illegal passage of explosives, prohibited weapons, contraband, toxic chemicals and narcotics.
Dr Arnab Basu, Chief Executive Officer of Kromek, said: “We are delighted to partner with Smiths Detection, which has been at the forefront of providing solutions needed to protect society for over four decades. Our wearable D3 and D5 family of products are closely aligned to the needs of Smiths Detection’s customer base and complement their existing product offering. We look forward to working with Smiths Detection to deliver our solutions to customers across North and South America.”
06 Jul 22. The US Department of Defense (DoD) has launched its first bug bounty program called “Hack US.” The DoD is experimenting with paid incentives in HackerOne’s vulnerability disclosure program (VDP), according to the campaign page, by offering a limited bounty pool that started on 4 July. The challenge is open to the global public.
The DoD Cyber Crime Centre (DC3) has been running a vulnerability disclosure program for many years, according to Casey Ellis, founder and CTO at Bugcrowd.
“To see them ‘upgrade’ to a paid bug bounty program makes a lot of sense,” Ellis added.
According to security experts, bug bounty programs have become increasingly popular among the public and private sectors alike, offering several benefits.
“It takes an army of adversaries to outsmart an army of allies, and many organisations are tapping into the community of ms of good-faith hackers around the world who are skilled, ready, and willing to help,” Ellis said.
High and critical severity findings are the only submissions eligible for a bounty on any publicly accessible information systems, web property, or data owned, operated, or controlled by DoD. The types of submissions received during this time will help inform the DoD on the feasibility of providing financial incentives for valid security issues identified across the DoD information systems on a continuous basis. (Source: https://www.cybersecurityconnect.com.au/)
05 Jul 22. AT&T, 26 other companies join USAF’s $950m JADC2 effort. More than two dozen companies including a division of AT&T Inc. are entering the competition to make real the Pentagon’s vision of seamless communications as part of a deal worth up to $950m. The U.S. Air Force on July 1 selected an additional 27 vendors, both large and small, to compete for work tied to Joint All-Domain Command and Control, or JADC2, which aims to better connect sensors and shooters and enable rapid responses on the battlefield. C4ISRNET in November 2020 reported the Air Force made similar awards to 93 total companies.
While the Department of Defense on Friday did not specify what the contractors would produce, a related contract announcement said they would be tasked with the “maturation, demonstration and proliferation of capability across platforms and domains, leveraging open systems design, modern software and algorithm development.”
The indefinite delivery, indefinite quantity, multiple-award contract was done through Air Force Life Cycle Management in Ohio. IDIQ contracts provide for a number of products or services over the course of a predetermined timeframe. They are frequently used by the federal government and are thought to streamline the procurement process.
The July 1 awardees include:
- ADDX of Virginia
- Capella Space of California
- AT&T Corp. of Virginia, a unit of AT&T Inc.
- Applied Information Sciences of Virginia
- Atmospheric & Space Technology Research Associates of Colorado
- Credence Management Solutions of Virginia
- Edge Technologies of Virginia
- EOS Defense Systems USA of Alabama
- Exfo America of Texas
- Hermeus of Georgia
- Ierus Technologies of Alabama
- Cyberspace Solutions of Virginia
- Labelbox of California
- Nalej of New York
- OST of Virginia
- Praeses of Louisiana
- Real-time Innovations of California
- Riverside Research Institute of New York
- Saber Astronautics of Colorado
- Shared Spectrum Company of Virginia
- Shield AI of California
- Skylight of Florida
- Sparkcognition Government Systems of Texas
- Tenet 3 of Ohio
- Trace Systems of Virginia
- Ultra Electronics Advanced Tactical Systems of Texas
- BrainGu of Michigan
Work is expected to wrap by the end of May 2025. Exactly where the work will be conducted depends on the orders and winners.
An inquiry made July 5 to the Air Force was not immediately answered.
JADC2 is meant to give the U.S. an advantage over large, technologically advanced opponents by speeding the collection and distribution of information and allowing the best-positioned or most-qualified force to confront a threat. The effort relies on heaps of technology — artificial intelligence, cloud environments, 5G — and requires linking once-incompatible systems across land, air, sea, space and cyber.
The services have their own contributions to JADC2: The Army has Project Convergence, the Navy has Project Overmatch and the Air Force has the Advanced Battle Management System, or ABMS.
Air Force Secretary Frank Kendall considers the buildout of ABMS, a next-generation command and control system, an imperative. In recent months, he has called for more tangible, operational results and less arcane experimentation.
Members of Congress in June sought clarity on the price and progress of JADC2 and included an audit of the endeavor in a version of the annual defense bill. House staffers at the time said the review would help gauge “the state of play” and inform future decisions. The evaluation, they added, is not meant to be punitive. Some $231m for ABMS was requested in fiscal 2023. (Source: Defense News)
04 Jul 22. US Navy concludes first lab integration event of MQ-25’s GCS.
The test showcased how ground control station can command uncrewed aircraft in carrier environment.
The US Navy has completed the first lab integration event to demonstrate the capabilities of MQ-25 Stingray uncrewed aerial refuelling aircraft’s Ground Control Station (GCS).
The event was conducted by the Uncrewed Carrier Aviation Programme Office (PMA-268) at Patuxent River on 28 to 30 June.
It was led by two industry prime partners and a government team at the programme’s System Test and Integration Lab (STIL).
The test showcased how GCS can command the uncrewed aircraft in the carrier environment.
During the test, Lockheed Martin’s GCS controlled Boeing’s hardware-in-the-loop (HITL) air vehicle for the first time, using aircraft’s hardware and software to provide a realistic surrogate for the air vehicle.
According to MQ-25 labs and integration manager TJ Maday, the team aimed to send a basic command between the GCS and HITL.
For achieving this goal, Lockheed Martin and Boeing were required to provide functional software to the government to exercise GCS, HITL and network components and establish connectivity between systems.
Maday said: “The team met initial goal ahead of schedule and used remaining time to exercise more functionality like sending taxi commands.
“They also simulated a lost link that verified proper GCS display indicators, which is a critical function to ensure network connectivity between development environments.”
The team is planning to simulate a complete flight using HTIL this autumn.
Additionally, the team will demonstrate switching connection links to the aircraft and adding other aircraft hardware and software into the mix.
MD-5 GCS falls under uncrewed carrier aviation mission control system (UMCS), which is needed for MQ-25A command-and-control.
The UMCS includes US Navy-produced ancillary equipment, carrier and shore site infrastructure modifications and integration with command, control, communications, computers and intelligence (C4I) systems. (Source: naval-technology.com)
04 Jul 22. Sedgefield-based Kromek Group plc has won first place at NATO’s Allied Command Transformation’s Innovation Challenge awards for its KAPscan pathogen detection technology. The biannual awards, hosted at the North Macedonia Ministry of Defence Military Academy in Skopje, focused on preparedness and effectiveness in the face of biological threats.
Competitors from ten nations were given a scenario in which they were asked to help NATO military medical services prepare for and ensure the identification and monitoring of hazardous biological outbreaks.
KAPscan (Kromek Automated Pathogen Scan) was awarded first prize with Mion’s BIONER solution, and Networkcentric’s A/VR Enabled Bio Crisis Management and Mitigation Training System named as the runners up.
KAPscan is an automated and autonomous technology solution that discovers the presence of airborne and waterborne pathogens. The integrated, portable environmental monitoring system allows early detection of any biological threat across large areas and can inform appropriate and timely response to potential danger.
Dirk Demuth, product manager at Kromek, who was part of the team, said: “The NATO Innovation Challenge is like the Oscars for Kromek. The biggest prize of all was being in front of NATO and networking with the other businesses.
“Apart from the uniqueness of the technology, which stood out to the judging panel, I think a lot of our success was down to going having a strong understanding of NATO’s needs and focusing on what was asked of us for the task itself. We were dealing with a complicated subject matter, so, we kept our explanations clear, simple and to the point, covering all the aspects of the scenario.
“We hope that winning this award will open doors for us to work further with NATO in the future.”
Dr Arnab Basu, CEO of Kromek, said: “Dirk and the team did a fantastic job presenting to NATO and I’m delighted that their hard work paid off and we brought home first prize.
“Kromek is at the forefront when it comes to delivering early warning systems to national and international organisations, and this award demonstrates the world-class talent and skill we have within our organisation.”
01 Jul 22. UK Prime Minister Boris Johnson announced a new phase of UK-Georgia cyber program at the NATO summit, which will see the UK strengthen Georgia’s resistance to Russian cyber attacks by providing additional security support. More than £5 m of additional funding marks the next phase of UK cyber support for Georgia.
Announced by UK Prime Minister Boris Johnson at the NATO summit, the funds will allow the Georgian National Security Council to deliver their new cyber security strategy which aims to identify and repel attacks from malicious cyber actors seeking to undermine both Georgian and European security. The UK is also set to work directly with the Georgian Ministry of Defence to bolster their cyber defences and capability.
“The people of Georgia live every day on the frontline of Russian aggression.
“Putin cannot be allowed to use Georgia’s sovereign institutions to sharpen the knife of his cyber capability.
“The UK has world-leadig cyber prowess and the support announced today will protect not just Georgia, but also the UK and all other free democracies theatened by Russian hostility,” Prime Minister Johnsn sai
The announcement comes as Georgia’s Prime Minister Irakli Garibashvili addresses the NATO leaders’ Summit. Prime Minister Garibashvili and Ukrainian President Volodymyr Zelensky are both addressing the meeting o allies in Marid. As NAO Enhanced Opportunity Partners, the security of both countries is integral to the security of NATO and the Euro-Atlantic as a whole.
Russia has long used Georgia as a testing ground for its cyber capability, in 2008, when some of the world’s first coordinated cyber attacks were used to cripple the country’s security architecture while Russia carried out its illegal annexation of South Ossetia and Abkhazia.
Over the past 15 years, both Ukraine and Georgia have experienced the terrible consequences of Russian military aggression, both directly in their territories and indirectly through cyber and other attacks.
In October 2019, the government of Georgia, alongside international partners including the UK’s National Cyber Security Centre (NCSC), called out a large-scale, disruptive cyber attacks carried out against Georgia by the GRU. The attack affected a range of Georgian web hosting providers and resulted in websites being defaced, including sites belonging to the Georgian government, courts, non-government organisations (NGOs), media and businesses, and also interrupted the service of several national broadcasters.
UK bilateral support for Georgia’s cyber security will be complemented by an additional package of tailored support from NATO which will be agreed by leaders in Madrid, focusing on increased defence training. The UK NCSC has worked closely with its Georgian counterpart since 2018, providing training and support to improve the country’s cyber capability. (Source: https://www.cybersecurityconnect.com.au/)
Spectra Group Plc
Spectra Group (UK) Ltd, internationally renowned award-winning information security and communications specialist with a proven record of accomplishment.
Spectra is a dynamic, agile and security-accredited organisation that offers secure Hosted and Managed Solutions and Cyber Advisory Services with a track record of delivering on time, to spec and on budget.
With over 15 years of experience in delivering solutions for governments around the globe, elite militaries and private enterprises of all sizes, Spectra’s platinum and gold-level partnerships with third-party vendors ensure the supply of best value leading-edge technology.
Spectra was awarded the prestigious Queen’s Award for Enterprise (Innovation) in 2019 for SlingShot.
In November 2017, Spectra Group (UK) Ltd announced its listing as a Top 100 Government SME Supplier by the UK Crown Commercial Services.
Spectra’s CEO, Simon Davies, was awarded 2017 Businessman of the Year by Battlespace magazine.
Founded in 2002, the Company is based in Hereford, UK and holds ISO 9001:2015, ISO 27001:2013 and Cyber Essentials Plus accreditation.