Sponsored by Spectra Group
https://tacs.at/Spectra
————————————————————————
08 Nov 18. Symantec Uncovers New Cyber Espionage Group Targeting Government, Military and Defense Sectors. Symantec’s Artificial Intelligence-based Targeted Attacks Analytics spotted the previously unknown Gallmaker group and its under-the-radar techniques. Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, has discovered a previously unknown attack group with the help of Symantec’s artificial intelligence-based Targeted Attack Analytics (TAA) technology. Dubbed Gallmaker, Symantec researchers discovered the group targets government and military organizations, including several overseas embassies of an Eastern European country and military and defense targets in the Middle East.
Gallmaker shuns malware to compromise organizations, instead relying on publicly available hack tools and software already installed on targeted computers. Such techniques, known as living off the land, have become increasingly popular for attackers, as they can be difficult for traditional security tools to detect. Gallmaker notably sends a Microsoft Office document that would be of interest to the organizations it seeks to compromise, exploiting an unsecure protocol in Office to gain access to victim machines, thus infiltrating their network. The group has been operating since at least December 2017, with its most recent activity observed in June 2018.
“Gallmaker bears the hallmarks of a highly targeted cyber espionage campaign supported by a nation-state,” said Greg Clark, Symantec CEO. “They try to stay covert, hiding in plain sight by using tools and techniques that make its activities extremely hard to detect. The group might have continued to go undetected were it not for Symantec’s AI-based Targeted Attack Analytics technology, alerting Symantec’s Attack Investigations Team to the workings of this highly sophisticated and well-orchestrated group. We have been working closely with the organizations targeted by Gallmaker as well as relevant government authorities and law enforcement as appropriate.”
Targeted Attack Analytics (TAA) combines the capabilities of Symantec’s world-leading security experts with advanced artificial intelligence and machine learning to provide organizations with their own “virtual analysts.” Since its inception, TAA has detected security incidents at thousands of organizations, automating what would normally have taken many hours of analyst time. In this latest discovery, TAA identified the specific PowerShell commands used by Gallmaker as being suspicious.
While Gallmaker’s activity appears to be highly targeted, it serves as a reminder to all organizations that they must remain vigilant against the growing threat of attackers utilizing tactics to stay undetected. To take a more active defense against such attacks, enterprises will soon be able to use Symantec’s Targeted Attack Analytics, enabling customers to leverage advanced machine learning to automate the discovery of targeted attacks using living off the land tactics. (Source: BUSINESS WIRE)
08 Nov 18. Businesses are future-proofing security controls as regulation deadline approaches. Tomorrow the UK government will identify ‘operators of essential services’ that will be required to comply with the security and incident reporting requirements set out in the European Security of Network and Information Systems (NIS) Directive. The Directive requires the identified businesses and service providers to ensure their technology, data and networks are secured and cyber resilient. The NIS Directive ties into the UK government’s National Cyber Security strategy of ‘Defend, Deter and Develop’. Under this strategy, organisations within vital sectors will be required to take appropriate and proportionate security measures to manage risks to their network and information systems and report their plans accordingly. Cyber attacks are on the rise; a recent report by the National Cyber Security Centre highlighted that the UK has been hit by more than 1,000 serious cyber attacks over the past two years. The increasing threat of cyber attacks has also led to greater spending on security with 69% of UK organisations reporting an overall increase in their IT security spending.
However, the growing sophistication of cyber attacks requires a more robust approach to cybersecurity than increasing spend on cybersecurity products, warns systems integrator World Wide Technology. The first step for companies should be to gain enhanced visibility across their systems and identify the gaps within their security infrastructures, and then integrate dynamic policies to maintain resilience against cyber security threats.
Dave Locke, Chief Technology Officer at World Wide Technology comments: “The increase in regulations combined with the augmented risk of cybersecurity attacks has led to an exponential rise in companies focusing on revamping their security and compliance infrastructures. Strategies have been remodelled to move on from corrective measures to a more proactive approach to cybersecurity. Businesses are increasingly undergoing full assurance exercises to map out applications and processes in their existing system before embedding new controls into their target environments.
“But due to the complex nature of existing systems which have been built with different and sometimes conflicting metrics over the years, legacy infrastructures now consist of a complex patchwork of applications which communicate with each other in complicated ways. This network of opaque interdependencies creates a significant challenge to businesses, which means they have to undertake an extensive discovery phase to create a real-time picture of the entire network. They can then adopt a zero-trust model allowing applications to speak to each other only after passing several layers of authentication. Once this has been done, dynamic controls can be embedded so the IT networks are not only immune to cyber vulnerability, but also increasingly transparent and self-auditable –future-proofing in the face of cyber threats.”
About World Wide Technology
World Wide Technology (WWT) is a technology solution provider with more than $10bn in annual revenue that provides innovative technology and supply chain solutions to large public and private organizations around the globe. Through its culture of innovation, WWT inspires, builds and delivers business results, from idea to outcome. It has won a number of accolades from the likes of Glassdoor, Fortune and Best Place to Work, recognising the inclusion and diversity within WWT’s workplace. WWT is one of America’s largest minority owned businesses. WWT works closely with industry leaders including Cisco (NASDAQ: CSCO); Dell Technologies (NYSE: DVMT); Hewlett Packard Enterprise (NYSE: HPE); Microsoft (NASDAQ: MSFT); NetApp, Inc. (NASDAQ: NTAP); VMware; AT&T Inc. (NYSE: ATT); Boeing (NYSE: BA); and the U.S. Air Force. WWT employs more than 4,000 people and operates over 2 million square feet of warehousing, distribution and integration space in more than 20 facilities throughout the world.
06 Nov 18. Harris Corporation Receives NSA Certification for AN/PRC-163 Handheld Radio.
Highlights:
- Radio certified to transmit voice and data up to Top Secret level
- Delivers communications and intelligence, surveillance and reconnaissance full motion video
- Software-defined architecture allows future capability expansion as mission requirements change
Harris Corporation (NYSE:HRS) has received National Security Agency (NSA) Type-1 certification for its AN/PRC-163 multi-channel handheld networking radio – bringing groundbreaking capabilities to the warfighter, with the ability for future expansion.
The Harris AN/PRC-163 combines communications and intelligence, surveillance and reconnaissance (ISR) capabilities to address the users’ unique mission needs in a small, portable form factor. This certification allows the radio to transmit secure voice and data communications up to Top Secret level on both channels for VHF/UHF line of sight, SATCOM and Mobile Ad-Hoc Networking applications.
As a software-defined radio, it can be easily upgraded in the field and includes a mission module expansion slot that allows for changes based on evolving mission needs. It also has coalition and built-in backward interoperability to communicate over legacy SATCOM, VHF/UHF line-of-sight, and Mobile Ad-Hoc Networking applications. It can operate in the harshest environments and meets rigorous requirements for small, lightweight, multiband, multifunction and multi-mission tactical radios.
“This important NSA Type-1 certification is a key milestone in delivering revolutionary capability in a handheld radio to our warfighters,” said Dana Mehnert, president, Harris Communication Systems. “The ability to securely transmit information using VHF/UHF line-of-sight, SATCOM, and Mobile Ad-Hoc Networking, as well as future applications in increasingly challenging communications environments, is critical to the warfighter. This radio delivers that capability now while providing room for future growth.” (Source: BUSINESS WIRE)
06 Nov 18. USAF to upgrade A-10Cs with 3D-audio for pilot situational awareness. The US Air Force (USAF) is moving ahead with plans to equip its Fairchild-Republic A-10C Thunderbolt II combat aircraft with 3D-audio to enhance the situational awareness of its pilots. Following a request for information (RFI) issued in December 2017, a notification was issued by the service on 5 November disclosing that it is to award Terma a sole-source Indefinite Delivery/Indefinite Quantity (IDIQ) contract to equip between 150 and 200 of its A-10Cs with a system to provide the pilot with 3D-audio cues. As noted by the USAF, the overall acquisition strategy of the 3-Dimensional Audio Program is to deliver a commercial off-the-shelf (COTS) system to drastically improve the spatial, battlespace, and situational awareness of its A-10C pilots by providing audio cues that are accurate to within 15° of both azimuth and elevation. Already operational on Royal Danish Air Force Lockheed Martin F-16 Fighting Falcon combat aircraft, the Terma 3D-audio system adds to what was previously just a simple visual warning on a cockpit control panel with a directional audible sound in the pilot’s helmet, intuitively informing them where exactly the threat is coming from and enabling them to instinctively react to it. As noted by Terma, applications for 3D-audio cueing include missile warning system threats; radar warner receiver threats; laser warner system threats; threats from small arms detection systems; indication of terrain obstruction warning and cueing; and applying direction to audio cues to aircraft subsystems to link display and auditory information. There are approximately 350 A-10s in the inventories of the active USAF, Air Force Reserve, and Air National Guard, although a number have already been sent for mothballing at Davis-Monthan Air Force Base in Arizona. (Source: IHS Jane’s)
06 Nov 18. UK warns telecoms groups to check security of 5G suppliers. Letter to network operators is aimed at China’s Huawei, says industry. Any move to ban Huawei would mean UK networks could only realistically use 5G hardware from Nokia, Ericsson or Samsung. The UK has warned its telecoms companies to consider their suppliers carefully as they build 5G networks, in a move that industry figures said was targeted at Huawei, the Chinese equipment maker. Matthew Gould, the head of digital policy at the Department for Digital, Culture, Media and Sport, and Ciaran Martin, the head of the National Cyber Security Centre, wrote to several telecoms companies warning them that their 5G supply chain may be affected by a review of the UK’s telecoms infrastructure that was launched in July. The letter said the review aimed to ensure that Britain’s “critical national infrastructure remains resilient and secure”. It did not mention Huawei by name, but said the “outcome of the review may lead to changes in the current rules” and that the companies “will need to take the review into consideration in any procurement decisions”. Matthew Howett, principal analyst at Assembly Research, a research house that focuses on regulation and policy in the communications market, said: “I doubt we would have seen this if it was Nokia or Ericsson.” Telecoms executives said the government may be pushing operators to make sure Huawei is only one of a diverse range of suppliers. But they also said it was possible that the Chinese company could be barred from the rollout of 5G in the UK, a move that would delay networks that are due to come online in 2019 and 2020. Both the US and Australia have blocked Chinese suppliers, including Huawei, on security grounds from being used as telecoms operators begin to build and test the next generation of mobile network. In April, the NCSC warned telecoms companies not to use China’s ZTE as a supplier because of concerns over the “long-term negative effect on the security of the UK”. The NCSC added in July that it was concerned over “shortcomings” in Huawei’s engineering processes that expose British telecoms networks to “new risks”, including a cyber attack. A government spokesperson played down the threat to Huawei, saying: “This is not a binary review of the country of origin of telecoms suppliers. It is about ensuring we have the right overall framework in place to ensure secure and resilient telecoms networks.” Recommended Future Connectivity Global 5G regulators pit light touch against heavy hand BT, via its EE mobile arm, has launched a 5G test network using Huawei equipment in Canary Wharf in east London and Three has signed a deal with the Chinese company to supply 5G radio access equipment. Three took 18 months to select Huawei and kept the NCSC up to date with its plans throughout the process. Mr Howett said the latest letter had arrived “too late” to be credible. Any move to ban Huawei would mean UK networks could only realistically use 5G hardware from Nokia, Ericsson or Samsung. Huawei is seen as a cheaper and more advanced supplier than some of their rivals, said two people with direct knowledge of network equipment procurement plans. Huawei has been a core part of the UK telecoms supply chain since winning a contract with BT in 2005 and has expanded its footprint across Europe since. The company declined to comment. (Source: FT.com)
22 Oct 18. Nuclear counter terror detection systems to be bolstered in high-tech drive. Counter-terrorism officers are to be equipped with a new fleet of high-tech nuclear and radiological detection vehicles to trace weapons-grade materials in the UK. The Home Office is planning to buy up to 10 mobile gamma and neutron radiation detection systems to bolster its defences against them being used in a terror attack. Ports and airports across the country already have screening systems in place to spot anyone smuggling nuclear or radiological materials into the UK as part of the Border Force’s Cyclamen monitoring system. Similar equipment was used at the Olympic Park during the 2012 Summer Olympics in London.
But, the new fleet is understood to be able to carry out searches for such materials inland and be deployed with speed at key locations.
A Home Office source insisted that the threat of such materials being used in a so-called dirty bomb terror attack remained “highly unlikely”.
However, in 2006 Russian agents were accused of smuggling in polonium 210, a highly radioactive chemical, to poison fatally the former KGB agent Alexander Litvinenko.
A procurement notice, lodged last month, states that ministers are inviting bids for between five and 10 “modern vehicle-based gamma and neutron radiation detection systems for various national security and radiological and nuclear counter-terrorism activities.”
Statistics held by the International Atomic Energy Agency shows that in 2016 there were 189 incidents of nuclear materials being discovered outside of state control. That compares to 147 such reports made to the agency five years earlier.
While those reports will include illegally trafficked materials, it will also log scrap metal contaminated with radiological materials after being broken up.
This summer, the Government published its counter-terrorism strategy, called CONTEST, in which it underlined its commitment to “refreshing” defences with new technologies to “enhance our detection and screening capabilities, for example at borders, airports and crowded places”.
The report, released following the Manchester and London terror attacks, highlighted the need for “cutting-edge” detection system that “can be flexibly deployed in a range of environments.”
The report adds: “We will deliver this through investment in modern systems, informed by the latest science and technology research and international collaboration.”
A Home Office spokesperson said: “This procurement activity relates to the CONTEST commitment to continue to strengthen the UK’s existing radiological and nuclear detection capabilities. It does not relate to chemical or biological materials.
“This particular activity is not in response to a specific threat. The use of radiological or nuclear materials in an attack by terrorists remains significantly less likely than a conventional or chemical attack.”
He refused to be drawn on the possible cost of the vehicles.
BATTLESPACE Comment: Sources close to BATTLESPACE suggest ed that the rush to procure these vehicles may have been due to the discovery of the loss of some nuclear-based cancer detecting radioactive isotopes, radiopharmaceuticals or radiotracers at a hospital in the North West of the UK. A tiny amount of these particles, around 30 grams could cause massive damage and disruption if strapped to a dirty bomb initiator. However when asked the Home Office repeated the quote as given to the Telegraph. Background:
- The UK continues to invest in and enhance these radiological and nuclear detection capabilities. Development is informed by the latest science and technology research and international collaboration.
- The Government and emergency services have well-developed response programmes in place to effectively deal with the highly unlikely event of a nuclear terrorist attack.
- Our radiological and nuclear detection capability at the border – Cyclamen – is operated by Border Force to detect and intercept the illicit importation of radiological and nuclear material into the UK. Our fixed and mobile border detection capabilities are complemented by inland detection capabilities.
- The CONTEST strategy, updated in June 2018, sets out the UK Government commitment to:
o Invest in cutting-edge detection systems that can be flexibly deployed in a range of environments as part of a layered approach;
o Deploy these innovative detection and search capabilities at the border and inland.
- The UK’s Radiological and Nuclear (RN) detection capability at the border (Cyclamen) is a key feature of CONTEST.
- The capability uses fixed and mobile equipment to screen vehicles, containers, freight and pedestrians for the presence of RN materials at UK points of entry.
- It would be inappropriate to comment on the cost of specific Counter-Terrorism capabilities.
06 Nov 18. Defence technology and training support company, MASS, has successfully developed and supported the delivery of the Advanced Command and Staff Course (ACSC) ‘Ends’ Module Capstone Exercise. The ACSC, which runs for 44 weeks, focuses on ‘Ends’, ‘Ways’ and ‘Means’ Modules and aims to help participants develop the skills necessary to solve the complex defence and security problems they will experience as they progress through their careers. The ‘Ends’ module explores how policy and strategy is formulated and executed from a practitioner’s perspective.
MASS Training Support Consultants design and help deliver a week-long exercise to test the participants’ understanding of the ‘Ends’ module, looking specifically at strategy and higher level policy formation. The exercise also helps deepen participants’ understanding of cross-government working at the national strategic level.
The exercise is set in the real world (as opposed to a fictitious scenario) in a security environment that throws up a wide range of issues extending beyond the traditional confines of defence and security to initiate exercise game play. The direction of the exercise is generally determined by the actions of the participants, who may be guided and lightly steered by exercise staff, in line with the Module’s objectives. The hallmark of the exercise is that it is managed not choreographed.
MASS Managing Director Chris Stanley commented, “This exercise provides participants the opportunity to use the tools they have learned during the course and apply them to a real world situation. Therefore, it is important that the experience is as realistic and immersive as possible. To ensure this, we produced a range of supporting material including departmental and country briefs, Wiki-pages, national and strategic digests, of which encourage participants to think strategically about the situation and work collaboratively to solve the problem at hand.”
05 Nov 18. DISA Prepping Three Contracts to Manage All Its Mobility Services. The military’s IT office plans to award all three contracts for mobile services and content management—classified and unclassified—before the end of fiscal 2019. The Defense Information Systems Agency will continue to supply the military with mobility solutions but, under a new crop of pending procurements, plans to get out of managing those contracts. DISA officials are planning to release the final request for proposals in the next two weeks for the classified portion of the Mobility Enterprise Services, with the unclassified portion on schedule for release early next year. These contracts together with the Mobile Content Management RFP expected to be released soon will encompass all of DISA’s mobility solutions offerings. As part of the award, a single vendor will manage the contracts and services being provided.
“To date, my team does a lot of the detail work and working with 16 different vendors,” Jacob Marcellus, portfolio manager for the Defense Department’s mobility program office, said Monday during DISA’s Forecast to Industry day. “With this new contract—once it’s awarded—we will expect that the actual awardee does those things for us,” Marcellus said. “We expect that they can do it more efficiently so that my government team can work on things more like requirements and the enhancements—moving at that speed of mobility.”
For the classified network contract, MES-C, Marcellus’ office expects to award a single indefinite-delivery, indefinite-quantity contract to support the department’s secret and top secret Defense Mobility Classified Capability programs. After the final RFP is released in a couple weeks, DISA officials plan to announce the award in the third quarter of fiscal 2019. The program office also expects to make a single award for the unclassified portion, MES-U, though the acquisition strategy is yet to be determined, Marcellus said. DISA plans to issue an RFP for the contract in the second quarter of fiscal 2019 and make awards by the end of the fiscal year. The final pillar of DISA’s mobility strategy is the Mobile Content Management contract, which will be available to users at all of the service branches to help move and manage large amounts of data. The solution will center on a “commercial-based cloud mobile content management that will be a catalyst for new applications,” Marcellus said. The program office is already aware that mission partners at the Pentagon and branches will be looking to this contract for support using applications that require large amounts of storage on end devices, such as electronic flight bags or digital libraries. The MCM contract will offer managed services for both sides of the coin, Marcellus said, whether managing a data repository that devices can access or pushing content out to an endpoint. The mobility program office plans to release the final RFQ this quarter for a single-award IDIQ, with an award announcement expected in early 2019. (Source: Defense News Early Bird/www.nextgov.com)
05 Nov 18. Persistent Systems’ MPU5 radio to be integrated into ScanEagle. Insitu will incorporate Persistent Systems’ Wave Relay mobile ad hoc network (MANET) technology into its line of unmanned aerial vehicles (UAVs), including the ScanEagle, ScanEagle2, ScanEagle3, Integrator, and RQ-21A Blackjack. Persistent Systems has entered into several five-year agreements with UAV manufacturers, including Martin UAV and Raytheon, Louis Sutherland, vice-president of business development for Persistent Systems, told Jane’s. What makes each agreement unique is that Persistent Systems must take a different approach for integrating its MPU5 radio not just into the different company UAVs, but the different product lines within each company, Sutherland noted.
“When we integrate [the MPU5] we try to do it in a way that makes it the most optimal for their platform, but frankly there is a unique discussion for each platform because some companies have more than one,” he said. (Source: IHS Jane’s)
05 Nov 18. Bundeswehr to seek BMS for upcoming NATO deployment. Germany’s Bundeswehr is preparing to launch an urgent procurement programme to equip its Very High Readiness Joint Task Force (VJTF) in 2023 with a new battle management system (BMS), industry sources told Jane’s . Designed to support deployments to hot spots that could include Eastern Europe on 1 January 2023, the army has been considering buying software-defined radio (SDR) and command-and-control (C2) solutions. A request for information is due to be published in November 2018, following parliamentary discussions regarding future funding, the sources said. A request for proposals is due to follow in the first quarter of 2019. “There is a little bit of time pressure there, but the budget is not yet available,” one industry source explained, adding that final products must be “in place” at least one year before units are due to deploy in support of VJTF 2023. (Source: IHS Jane’s)
05 Nov 18. Azure Summit demonstrates 3U Switchblade RF receiver to US Navy. Engineering firm Azure Summit Technology has demonstrated its latest 3U Switchblade radio-frequency (RF) receiver to the US Navy. The four-channel 3U open VPX software-definable RF receiver offers modular, open-architecture multi-channel RF performance with low cost and reduced size, weight and power (SWaP). The equipment includes fully integrated RF, digital and on-board computing resources in a form factor designed specifically to suit small manned and unmanned air, surface and subsurface platforms.
Azure Summit Technology chief executive officer Dr Thomas Green Jr said: “With the addition of the 3U form factor to the Switchblade product family, the navy can deliver the same advanced RF mission capabilities to the warfighter across larger platforms, hosting the 6U, and smaller platforms, hosting the 3U, achieving substantial software / firmware reuse, simplified logistics and lower development and lifecycle costs.”
In addition, the Azure system is fully compatible with all tuner modules and software/firmware applications that are available and in use with the company’s production Switchblade 6U transceivers, including both the 80MHz and 500MHz instantaneous bandwidth (IBW) tuners.
Furthermore, the RF receiver is also compatible with the Switchblade Wideband Transmitter Module, which is currently under development.
Once built, it will enable the 3U to operate as a wideband transceiver.
Currently, the company is in the process of finalising the development and design of the 3U Switchblade system.
The receiver will be ready to enter full-rate production in the second quarter of the fiscal year 2019. Last month, Azure received a $5m second delivery order on its five-year, $48.5m indefinite-delivery / indefinite-quantity (IDIQ) contract, for the supply of four, five and eight-channel Switchblade RF transceivers to the US Navy. (Source: naval-technology.com)
04 Nov 18. The sun’s setting on Corps’ last EA-6B Prowler squadron with end of final deployment. Marines deployed with Marine Tactical Electronic Warfare Squadron 2 on the ramp at Al Udeid Air Base, Qatar, Aug. 16. The EA-6B Prowler electronic warfare platform has been jamming enemy communications and conducting electronic attacks since the Vietnam War. But, its sun is now setting. The Corps is down to one final Prowler squadron, Marine Tactical Electronic Warfare Squadron 2, or VMAQ-2, which is slated to return home in early November from its final deployment, according to Christopher Harrison, a Marine spokesman.
The squadron is set to “cease operations” in March 2019, Harrison said.
Members of VMAQ-2 recently have been deployed to the U.S. Central Command area of operations, where the U.S. military and host nation partner forces are still battling ISIS militants in Iraq and Syria.
Despite the aircraft’s age, the platform has been vital to operations in the CENTCOM region with its ability to jam ISIS communications and radio-controlled IEDs, and suppress Syrian/Russian air defense systems.
The Prowler was used to escort a pair of B-1 bombers in April as it carried out airstrikes against the Syrian regime in retaliation for use of chemical weapons. The EA-6B was likely used for its ability to suppress Syrian and Russian air defenses. In May, VMAQ-3 held a deactivation ceremony, leaving VMAQ-2 as the last still operational squadron. Those aircraft will be stored at the Aerospace Maintenance and Regeneration Group at Davis-Monthan Air Force Base in Tucson, Arizona, nicknamed the Boneyard.
“VMAQ-2′s deactivation in FY19 will mark the end of the EA-6B’s service in the Marine Corps, as well as its continuous employment as a joint tactical Airborne Electronic Attack (AEA) asset,” Capt. Sarah Mobilio previously told Marine Corps Times. The Navy’s EA-18G is set to replace the Prowler. (Source: Fifth Domain)
02 Nov 18. Raytheon Company’s (NYSE: RTN) GPS Next-Generation Operational Control System, known as GPS OCX, has completed rigorous cybersecurity vulnerability assessments that tested the system’s ability to defend against both internal and external cyber threats. GPS OCX prevented the broadcast of corrupt navigation and timing data in all tests, bolstering the program’s readiness for the GPS III launch next month.
“We’ve built a layered defense and implemented all information assurance requirements for the program into this system,” said Dave Wajsgras, president of Raytheon Intelligence, Information and Services. “We’re cognizant that the cyber threat will always change, so we’ve built GPS OCX to evolve and to make sure it’s always operating at this level of protection.”
GPS OCX is the enhanced ground control segment of a U.S. Air Force-led effort to modernize America’s GPS system. The program has implemented 100 percent of the Department of Defense’s 8500.2 “Defense in Depth” information assurance standards without waivers, giving it the highest level of cybersecurity protections of any DoD space system. The first tests took place April 2-13, 2018, and were led by a contracted ‘blue team’ that aimed to breach the system from within its information assurance boundary. The second round of tests took place May 16-20, 2018, and were led by an Air Force ‘red team’ of cyber-penetration testers who tried to breach the system’s IA boundary from outside. The system worked as designed, validating it is secure. The assessments took place on the launch and checkout system, GPS OCX Block 0, which was delivered to the U.S. Air Force last year as a fully cyber-secure satellite ground system.
02 Nov 18. General Dynamics demonstrates TACLANE-Nano mobile encryptor. General Dynamics Mission Systems has demonstrated the latest the TACLANE-Nano (KG-175N) small form-factor mobile encryptor to ensure secure communication. TACLANE-Nano is the newest addition to the company’s widely deployed family of TACLANE Type 1 encryptors. During the demonstration, the new encryptor transmitted live traffic, including a real-time streaming video with other TACLANE HAIPE encryptors. Fitted with the latest in crypto modernisation technology, TACLANE-Nano has been designed to protect information classified up to top secret/sensitive compartmented information.
General Dynamics Mission Systems cyber and electronic warfare systems vice-president and general manager Michael Tweed-Kent said: “We know our customers depend on TACLANE, and with this latest introduction, we continue to instill confidence in their digital world.
“Its size, features and performance mean the TACLANE-Nano can be deployed in a range of environments, spanning from an unmanned system, to a warfighter on the frontline, ensuring the secure encryption of highly classified communications and information sharing that is so critical to the mission.”
Suitable for mobile communications, the new system has been ruggedised to effectively operate in adverse environments, according to the company.
The encryptor can be best used for integration into flyaway kits and deployable systems, dismounted tactical forward deployment, as well as unmanned/manned intelligence, surveillance, and reconnaissance operations.
TACLANE-Nano is size, weight, power and cost optimised, with unmatched performance for a small form-factor inline network encryptor. The technology supports the bandwidth required to process voice, video and data applications, including real-time video and data analytics. In the fourth quarter of this year, General Dynamics intends to submit the TACLANE-Nano system to the National Security Agency for certification. (Source: army-technology.com)
01 Nov 18. National cyber strategy takes action on long-known solutions. The White House introduced a new national cybersecurity strategy September 2018, the first governmentwide strategy published in about 15 years. And while there isn’t a lot in the strategy that wasn’t already known by most of government and industry, the strategy is innovative in that it plans for action where previously the focus had been on policy, according to Federal Chief Information Security Officer Grant Schneider.
“If you read the national cyber strategy — a lot of the feedback I get from people is there’s not a lot of new. There’s not some new solution to the cyber problem, and that’s why there is a cyber event almost every day during October and lots of days the rest of the year,” said Schneider at the 2018 CyberCon, hosted by Fifth Domain.
“What’s new about the national cyber strategy, though, is it’s a movement from policy and process to one of action and accountability.”
He added that a lot of the strategy is about fulfilling the basics, as a May 2018 risk determination report across the federal government found that approximately three-quarters of agencies were at moderate or high cyber risk.
The strategy takes its lead from the four pillars of the National Security Strategy: protecting the American people and way of life; promoting American prosperity; preserving peace through strength; and advancing American influence.
“It is oriented around the National Security Strategy, which makes sense because cyber and cybersecurity are so critically aligned with our national security,” said Schneider.
Central to improving cybersecurity within the government and industry is increasing the cybersecurity workforce in the United States and encouraging them to join federal service.
“I don’t view cybersecurity as a technology challenge; I view it as a people challenge,” said Schneider.
“We don’t have enough of the people with the skills and expertise that we need across the nation in cybersecurity. And this isn’t just people who are the chief information officer, who work in the basement, who keep the lights running and keep the bad guys out of the system. It’s actually everyone having an awareness.”
For example, the other senior members of a private sector company or government agency need to have enough cyber understanding to know that there is no such thing as perfectly safe, and not punish a CISO for saying that they will always be in some level of danger, according to Schneider.
The administration has taken steps to address the needs for at least some of the cyber-specific workforce through a proposed rule change that would give direct hire authority decision-making to the heads of agencies rather than having it go through the Office of Personnel Management when it comes to hiring critically needed IT personnel.
Schneider applauded this step but said that the nation would have to take broader actions to really address the spectrum of cyber personnel needed in today’s environment.
“The other step, though, is that we have to look at education,” said Schneider. “We’ve got to look at how are we developing that awareness, whether it’s through grant money, through scholarship for service — which is a program the federal government has through the National Science Foundation where we will pay for I think three years of college and [then] someone needs to come work in the cyber realm for U.S., state and local or federal government for a number of years.”
Schneider said that the national cyber strategy would also work to address the broad spectrum of supply chain security issues that appear in federal acquisitions, critical infrastructure components and commercial products.
“I view supply chain as very broad,” said Schneider. “All of that matters.”
To ensure agencies are taking action on the needs outlined in the strategy, the administration is currently developing an implementation plan, which will not be publicly released in order to keep American adversaries in the dark about government cyber plans, according to Schneider.
Agencies will also have to weigh the balance of defensive and offensive cyber capabilities, the latter of which Schneider called an “inherently governmental” capability, that will fall into a larger international security strategy.
“I don’t think Putin is going to go, ‘Oh no, the U.S. has another offensive cyber thing, maybe I should stop using my offensive cyber capability.’ That said, I think our offensive cyber capability can be very, very targeted,” said Schneider. “We don’t use them for cyber means or cyber outcomes necessarily; it’s part of our national objective of what are we trying to achieve. We don’t drop bombs from airplanes because we want to see a hole in the ground; it’s part of a broader approach of what are we trying to accomplish in the nation to either deter people or to retaliate or respond in some way, shape or form. And I think our cyber tools are going to be used in the same way.” (Source: C4ISR & Networks)
————————————————————————-
Spectra Group Plc
Spectra has a proven record of accomplishment – with over 15 years of experience in delivering secure communications and cybersecurity solutions for governments around the globe; elite militaries; and private enterprises of all sizes.
As a dynamic, agile, security accredited organisation, Spectra can leverage this experience to deliver Cyber Advisory and secure Hosted and Managed Solutions on time, to spec and on budget, ensuring compliance with industry standards and best practices.
Spectra’s SlingShot® is a unique low SWaP system that enables in-service U/VHF tactical radios to utilise Inmarsat’s commercial satellite network for BLOS COTM. Including omnidirectional antenna for the man, vehicle, maritime and aviation platforms, the tactical net can broadcast over 1000s miles between forward units and a rear HQ, no matter how or where the deployment. Unlike many BLOS options, SlingShot maintains full COTM (Communications On The Move) capability and low size and weight
On 23 November 2017, Spectra Group (UK) Ltd announced that it had recently been listed as a Top 100 Government SME Supplier for 2015-2016 by the UK Crown Commercial Services
Spectra’s CEO, Simon Davies, was awarded 2017 BATTLESPACE Businessman of the Year by BATTLESPACE magazine and is a finalist in the inaugural British Ex-Forces In Business Awards in the Innovator Of The Year category.
Founded in 2002, the Company is based in Hereford, UK and holds ISO 9001:2015, ISO 27001 and Cyber Essentials Plus accreditation.
————————————————————————-