Sponsored by Spectra Group
https://tacs.at/Spectra
————————————————————————
14 Nov 18. USAF to wrap up electronic warfare study by January. Big changes to the Air Force’s electronic warfare capabilities may be coming in 2019. The service’s yearlong EW study is drawing to a close, with a final report expected in mid-January, Gen. Stephen Wilson, the Air Force’s vice chief of staff, told reporters Wednesday.
“We’re about two months away from having the results of that,” he said.
Wilson announced the EW study in late 2017. Then, Brig. Gen. David Gaedecke, the Air Force’s director of cyberspace operations and warfighting integration, was tapped earlier this year to lead an “enterprise capability collaboration team” that would explore new ways to perform electronic warfare and how to integrate those capabilities across the service.
Gaedecke will brief the results at the Weapons and Tactics Conference held Jan. 16 and 17 at Nellis Air Force Base, Nev., Wilson said. A public report is expected to follow in the months afterward.
While Wilson didn’t preview any of the report’s recommendations, he said that the findings make clear that the Air Force may be falling behind in the sphere of electronic warfare.
“We haven’t been paying attention to what I would call spectrum dominance,” he said.
“Almost everything we do in the military goes through the spectrum when you think about it, across any force. I’ll use an airplane [as an example.] An airplane uses GPS, it uses data links, it uses communications, it uses radars. Its weapons all go through the spectrum. If you don’t dominate the spectrum, you quickly resort to a World War II Army or Navy or Marine Corps or Air Force.”
Although few details about the scope of the study have emerged, a January 2018 request for information stated that it would identify near and long-term capability gaps, from fiscal years 2018 to 2040, with an emphasis on threats that would occur in a highly contested environment.
“Particular areas of interest” include the radio, visible, infrared, ultraviolet and millimeter wave portions of the spectrum, as well as space, cyber and directed energy, the RFI said.
Over the course of the study, the team contacted experts, industry, and the other services for feedback, Wilson said. It also brought in red teams to help isolate vulnerabilities. The electronic warfare study follows two earlier efforts, known as Enterprise Capability Collaboration Teams, that explored air superiority and multi-domain command and control. While these initiatives usually don’t directly result in funding for new capabilities, they help guide the Air Force’s long-term thinking about a problem, oftentimes informing follow-on studies. In some cases, the findings also prompt experiments such as the “Data to Decision” campaign that looked at using cloud-based technologies to expedite decision-making. This effort was spurred by the Air Superiority 2030 effort. (Source: Defense News)
14 Nov 18. US Air Force moves to fortify F-35 weak points against hacking. The U.S. Air Force is devoting fresh energy to plugging cybersecurity holes in the F-35’s external support systems, as they are deemed the easiest entry points for hackers into the fifth-generation combat jet, according to a key service official.
“It’s a software-based aircraft, and any software-based platform is going to be susceptible to hacking,” Brig. Gen. Stephen Jost, director of the Air Force F-35 Integration Office, told Defense News in an interview at the International Fighter industry conference here.
The service considers the information backbone of the actual airplane – managed by manufacturer Lockheed Martin – relatively safe. That is thanks to what Jost called “multilayer security protections” ranging from secure authentication when crafting mission data packages for each aircraft before takeoff, to pilots punching in personal identification numbers to start up the plane.
The confidence wanes “as you get further from the air vehicle,” Jost said. When taking into account systems like the Autonomic Logistics Information System or the Joint Reprogramming Environment, there are “a lot of nodes of vulnerability that we’re trying to shore up,” he added.
The Autonomic Logistics Information System, or ALIS, is a key application meant to provide unprecedented automation in monitoring the status of the aircraft’s components. The Joint Reprogramming Enterprise refers to government software labs compiling collections of updated threat characteristics – Russian tanks, for example – for upload into the aircraft so that its sensors can recognize targets.
Additionally, officials worry about cyber-hardening F-35 flight simulators, which could be attractive targets for hackers seeking information about the plane. The introduction of wireless applications for easier maintenance on the flight line also could pose new vulnerabilities that must be addressed, Jost said.
The Government Accountability Office published a report in October warning warned about cyber vulnerabilities in almost all of the Defense Department’s weapons. The shortfalls exist because many systems were conceived at a time when cyber attacks were still in their infancy.
“In operational testing, DOD routinely found mission-critical cyber vulnerabilities in systems that were under development, yet program officials GAO met with believed their systems were secure and discounted some test results as unrealistic,” auditors wrote. “Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications.”
A key examination phase for the F-35 program, called initial operational test and evaluation, was set to begin to this week. The test plan, required for all major programs, typically includes a regimen of cyber probing. (Source: Defense News)
13 Nov 18. US Navy issues second NGEN extension. The Navy for a second time awarded a contract modification for continued IT services under its Next Generation Enterprise Network program, currently in competition for a follow-on agreement. The extension was awarded Nov. 9 to incumbent provider Perspecta, which after a merger holds the contract originally awarded to HP Enterprise Services. The indefinite delivery/indefinite quantity contract has a maximum value of nearly $486m dollars, and adds a new option period that will extend the potential ordering period by eight months from Oct. 1, 2019, through May 31, 2020. In early September, Perspecta was awarded as similar contract worth $787m that added an option period extending the potential ordering period by 12 months from October 1, 2018, through September 30, 2019. Work on the contract will be performed in the United States, Europe, Guam, Korea and Japan.
Under the NGEN contract, Perspecta operates the Navy Marine Corps Intranet and provides IT and network security services for the Navy and the Marine Corps. The Navy is preparing for a broad effort to modernize and improve IT services, and has been working toward issuing Next Generation Enterprise Network Re-compete (NGEN-R) contracts.
The NGEN-R contract is divided into two segments: an end user hardware (EUHW) segment, and a service management, integration and transport (SMIT) segment. The EUHW segment focuses on hardware as a service and hardware for purchase, such as cellphones, laptops and tablets. SMIT prioritizes network services such as system integration, software core build services and computer network defense.
The Navy issued requests for proposals for the EUHW segment on September 18, though RFPs were originally expected over the summer. The deadline for proposals is November 19.
The latest extension to the NGEN contract, designed to give the Navy more flexibility in cloud and IT buying, follows a late September announcement on a separate Navy cloud procurement. The Navy awarded CSRA LLC, a General Dynamics Information Technology company, a blanket purchase agreement for commercial cloud services. The one-year base agreement comes with four additional one-year options which, if exercised, total nearly $96m. (Source: Fifth Domain)
13 Nov 18. The Pentagon still has not implemented a 2015 law requiring cyberthreat sharing. The Pentagon has not fully implemented a 2015 law aimed at improving how agencies share cyberthreat indicators and defensive measures, according to an inspector general’s report released Nov. 13. The Cybersecurity and Information Sharing Act, or CISA, has not been fully implemented because the Pentagon’s chief information officer did not establish a policy to follow the new rule, the report said.
“As a result, the DoD limited its ability to gain a more complete understanding of cybersecurity threats,” the report read.
In “DoD Actions to Implement the Cybersecurity Information Sharing Act of 2015 Requirements,” the Inspector General said that none of the four DoD Components, which include the National Security Agency, the Defense Information Systems Agency, the Pentagon’s Cybercrime Center, and U.S. Cyber Command, “implemented all of the CISA requirements.”
In 2015, CISA was enacted to share cybersecurity threats between government agencies and with the private sector and the report covered March 2017 through September 2018.
During that time, DISA and Cyber Command did not have “agency-level policies and procedures for sharing cyber threat indicators and defensive measures with Federal and non-Federal entities,” the report said. The Pentagon’s Cyber Crime Center did not verify that all individuals it shared threats with had an active security clearance. Violations of the CISA law by the NSA were struck from the unclassified version of the report and not released.
As a result of the failure, the report said the Pentagon “did not fully leverage the collective knowledge and capabilities of sharing entities, or disseminate internally generated cyber threat indicators and defensive measures.”
“This is critical because cyberattackers continually adapt their tactics, techniques, and procedures to evade detection, circumvent security controls, and exploit new vulnerabilities,” inspectors wrote.
Attempts to reach the office of the Pentagon’s top IT official, the department’s chief information officer, were unsuccessful. It is not immediately clear if the Department’s CIO, Dana Deasy, appointed in April, has drawn up a strategy to implement the CISA requirements, but Pentagon officials have publicly spoken about the importance of information sharing.
Threat sharing with the Department of Homeland Security and private groups is part of the Pentagon’s plan to protect the U.S. from cyberattacks, Ed Wilson, the deputy assistant secretary of defense for cyber policy said Nov. 13 during an event hosted by the Foundation for the Defense of Democracies. Wilson said he had not yet seen the watchdog report. Information sharing is also part of the Pentagon’s new cyber strategy. The department pledged to “streamline our public-private information-sharing mechanisms” in order to strengthen critical infrastructure sectors. However there have been questions about the usefulness of some threat sharing programs. Six companies are sharing cyberthreats with government, Chris Krebs, an undersecretary at the Department of Homeland Security, told reporters July 31.
“We have to establish a value proposition for an organization to share into the system,” Krebs said. Information about the number of companies sharing cyberthreats with the government was first reported by NextGov. (Source: Fifth Domain)
12 Nov 18. USMC eyes improved Arctic communications systems, procedures. The US Marine Corps (USMC) is exploring alternative concepts of operation (CONOPs) to overcome communications constraints in the Arctic, according to Captain Dez Hill, the USMC’s G6 projects officer for Europe and Africa. Coming directly from NATO’s Exercise ‘Trident Juncture’, which included a 10,000-person USMC presence, Capt Hill said at the Global Milsatcom conference in London on 7 November that the corps excels at network-enabled warfare, but noted that such a capability could be viewed as a ‘vulnerability’ by enemy forces now capable of hampering communications by “severing undersea cables, [executing] cyber [attacks] against commercial infrastructure, and space kinetic attacks”.
He noted that adversaries such as the Russian Armed Forces are now “task organised” to destroy critical infrastructure, which could negatively impact coalition connectivity in the Arctic.
Capt Hill warned that satellite communications (satcom) no longer remained a viable solution to ensure connectivity in the Arctic Circle. Instead, he said the USMC must consider a series of alternative or new CONOPS.
“Satcom is not the communications of choice up there and we need to look to terrestrial communications and leveraging commercial terrestrial infrastructure,” he said, and suggested the USMC should “suppress bandwidth appetite behaviour”.
Capt Hill called for a “culture change” in CONOPS designed to support increased connectivity demands. “Partner nation forces have wisely avoided bandwidth inflation by avoiding [command and control] by smartphone applications. Norwegian forces have better [tactics, techniques, and procedures] but equipment is not necessarily better. VHF is their primary communications for combat, not satcom,” he said.
He noted that Norwegian troops deploy reconnaissance patrols to mountaintops to establish tactical rebroadcasting stations, but Capt Hill conceded that “the USMC is not necessarily trained to replicate those TTPs”.
Moreover, Capt Hill warned that US Air Force Space Command’s Advanced Extremely High Frequency (AEHF) satcom constellation can be ineffective above the 65th Parallel North, and said the USMC was interested in “building terminals to support this [capability]”. (Source: IHS Jane’s)
09 Nov 18. SRC receives EWIR IMD contract. SRC has received a $33m contract from the US Army to deliver an end-to-end electronic warfare integrated reprogramming (EWIR) intelligence mission data (IMD) production process. The five-year contract has been awarded by the Technical Electronic Intelligence and EWIR branch of the US Army National Ground Intelligence Center (NGIC). Under the contract, SRC will provide skilled analysis, production, research, development and process support to NGIC. SRC engineers and analysts will work to deliver production process enhancements while performing signals analysis, engineering assessments, special information gathering, data reduction and product preparation tasks. EW data and systems produced by SRC provide electromagnetic spectrum superiority to help keep soldiers out of harm’s way. Paul Tremont, president and CEO of SRC, said: ‘The process of EWIR production is evolving quickly. As leaders in the EWIR field, SRC is excited to provide significant improvements in production quantity, quality and efficiency to help NGIC accomplish their important work.’ (Source: Shephard)
————————————————————————-
Spectra Group Plc
Spectra has a proven record of accomplishment – with over 15 years of experience in delivering secure communications and cybersecurity solutions for governments around the globe; elite militaries; and private enterprises of all sizes.
As a dynamic, agile, security accredited organisation, Spectra can leverage this experience to deliver Cyber Advisory and secure Hosted and Managed Solutions on time, to spec and on budget, ensuring compliance with industry standards and best practices.
Spectra’s SlingShot® is a unique low SWaP system that enables in-service U/VHF tactical radios to utilise Inmarsat’s commercial satellite network for BLOS COTM. Including omnidirectional antenna for the man, vehicle, maritime and aviation platforms, the tactical net can broadcast over 1000s miles between forward units and a rear HQ, no matter how or where the deployment. Unlike many BLOS options, SlingShot maintains full COTM (Communications On The Move) capability and low size and weight
On 23 November 2017, Spectra Group (UK) Ltd announced that it had recently been listed as a Top 100 Government SME Supplier for 2015-2016 by the UK Crown Commercial Services
Spectra’s CEO, Simon Davies, was awarded 2017 BATTLESPACE Businessman of the Year by BATTLESPACE magazine and is a finalist in the inaugural British Ex-Forces In Business Awards in the Innovator Of The Year category.
Founded in 2002, the Company is based in Hereford, UK and holds ISO 9001:2015, ISO 27001 and Cyber Essentials Plus accreditation.
————————————————————————-