Sponsored by Spectra Group
31 Jul 18. U.S. Homeland Security announces new first response cyber center. In the face of increasing cyberattacks, the Department of Homeland Security is creating a new center to share threat information with private companies and kicking off a 90 day sprint to identify the country’s digital “crown jewels” that may be especially vulnerable, the agency’s secretary said July 31. The National Risk Management Center is expected to provide a centralized home where firms and local agencies can turn for cybersecurity solutions.
“The next major attack is more likely to reach us online than on an airplane,” said Homeland Security Secretary Kirstjen Nielsen. She added that “intruders are in our systems” and “everyone and everything is now a target.”
The announcement came during a cybersecurity summit that the Department of Homeland Security hosted in New York City. The event aimed to bridge the gap between the government and some of the top companies in the United States that make up the critical parts of American digital life. It was envisioned as the start of a new relationship between the private and public sector.
Nielsen said that the threat center is “driven by industry needs” and is spurred by a ”re-emergence of the nation state threat” and the “hyperconnected environment” of the United States. She said that previously some local governments have called 911 during a cyberattack. In the future, they would call the new cyber center.
“Nation-state actors attempt to infiltrate critical infrastructure operations across multiple sectors,” a Homeland Security fact sheet on the new center read. It added there is a “need for an agreed-upon playbook to integrate government and industry response efforts.”
The center also provides a playbook for risk management and identifying critical cyber supply chain elements. Although there are already government-backed risk-sharing initiatives, DHS leaders hope that the private sector will be more willing to share their challenges and expertise. Jeanette Manfra, the assistant secretary for the Office of Cybersecurity and Communications at Homeland Security, told reporters that the new center is “going to start small, we don’t want to sign up for all sorts of things and then fail.”
The hope is for the national counterterrorism center to be able to focus on incident response, and the center announced on Tuesday will focus on identifying national risk. The risk center will pull staff from other parts of government, Manfra said. A leader has not been named, and it has not received an increased budget. Throughout the conference, government officials were eager to entice the private sector to work with the new risk center. It appears that business participation is a necessary condition for the centers’ success. The announcement comes just one week after Homeland Security warned that the Russian government is conducting cyberattacks against critical infrastructure sectors that include energy, nuclear, water, aviation and critical manufacturing.
“The warning lights are blinking red,” Coats said during a July 13 event at the Hudson Institute.
Current threat sharing portals have been described as ineffective. The Cybersecurity Information Sharing Act of 2015 already attempted to spur collaboration between the public and private sector. Some experts told Fifth Domain that they did not expect the new portal to be groundbreaking. Only six companies are currently sharing cyberthreats with government, according to Chris Krebs, head of the national protection and programs directorate at Homeland Security.
“We have to age to establish a value proposition for an organization to share into the system,” said Krebs. He highlighted better supply chain risk management as an incentive that would set the new center apart from previous intelligence-sharing schemes.
Companies can write into their contracts that their vendors must use the threat-sharing portal so they know that contractors are managing third-party risks, Krebs said. At the event in New York City, some of the largest corporations praised the new program while speaking onstage with top government officials.
“This was an obvious thing to do for a decade but it didn’t happen,” said John Donovan, the chief executive of AT&T. (Source: Fifth Domain)
31 Jul 18. Persistent Systems’ MPU5 gets FIPS 140-2 Level 2 validation. Persistent Systems, LLC (“Persistent”) announced today that the MPU5 mobile ad hoc networking (MANET) radio received a Level 2 Federal Information Processing Standards (FIPS) 140-2 security validation from the National Institute of Standards and Technology. Users in defense, government, public safety, healthcare, and other industries with a requirement of FIPS 140-2 Level 2 can now make greater use of the MPU5 radio.
“The MPU5 runs the Wave Relay® MANET routing protocol, allowing users to transmit and relay voice, video, text, and sensor data in a true peer-to-peer fashion,” said Eric Stern, Director of Engineering at Persistent Systems. “This makes it a very attractive option for a wide variety of users, from the military to law enforcement, to the federal government and the healthcare industry.”
In May, the radio received a Level 1 FIPS 140-2 validation. This meant that agencies that already used the Persistent MANET radio could also use it to connect to their enterprise networks. The FIPS 140-2 Level 2 validation incorporates the Level 1 cryptographic data security requirement with the additional requirement of physical security mechanisms, such as tamper-evidence. Now the MPU5 could be used for even more sensitive data transmission applications.
“We prioritize the security of our products because we understand the sensitive and critical operations where our products are used,” said Stern. “FIPS 140-2 Level 2 provides further confirmation that our MPU5 is not only the most advanced and most scalable MANET radio, but it is also extremely secure.”
Persistent has a long history of achieving security validations for past products. Our heritage products such as the MPU3, MPU4, and Quad Radio Router, were all FIPS 140-2 Level 2 validated. And our MPU5 continues this legacy of information assurance validations.
Federal agencies with FIPS 140-2 requirements should ensure that their wireless networking solution are on the Validated Modules list prior to purchase.
31 Jul 18. Australia invites research proposals to improve ADF cyber capabilities. The Australian Department of Defence is inviting research proposals from industry and universities in order to improve the Australian Defence Force’s (ADF) cyber capabilities. Defence industry minister Christopher Pyne said that the country needs to be better equipped to immediately respond to the current wide-spreading and persistent cyber threats.
Pyne said: “Malicious cyber activity costs Australian business and families over $1bn every year, and malicious cyber activity from state and non-state actors is a threat to Australia’s national security. The government encourages Australia’s scientists and researchers to contribute to the development of cyber capabilities, which is a priority for national security.”
Academia and industry will be invited to collaborate with the country’s Defence Science and Technology (DST) group and the Commonwealth Scientific and Industrial Research Organisation’s (CSIRO) Data61 digital research network. This partnership will help deliver technology developments and demonstrator systems to the ADF within three to five years.
Pyne added: “It is critical that Australia develops a sovereign capability to protect our nation.”
Funding of up to $650,000 for the cyber research programme is being provided by the DST’s Next Generation Technologies Fund (Next Gen Tech Fund). Initial research proposals will be financed for one year with the option of future funding for selected projects. The cyber research programme is focused on leveraging cyberscience, technology and innovation capabilities across the country in order to develop advanced and significant technology solutions for the defence department. (Source: army-technology.com)
27 Jul 18. From shelters to vehicles to rucks, here’s how the US Army is changing its command posts. As the Army looks to shrink its battlefield footprint, its researchers and engineers are finding ways to make the nerve center of the battle — command posts — lighter, more capable and easier to set up and tear down. A recently concluded three-year program aimed to do just that, with everything from the shelter devices used to house a command post’s gear, to refitting old and new vehicles, to moving an entirely vehicle-mounted communications system off the truck and into the ruck, cutting its weight by two-thirds in the process. These are some of the ways that experts with the U.S. Army Research, Development and Engineering Command’s Communications–Electronics Center are finding to make command posts more mobile, resilient and effective against enemies that can quickly target and destroy massed formations. Some of the advancements include the Expeditionary Command Post shelter, a 20-foot box with integrated power outlets, air conditioning, network cabling and video distribution system. It’s containerized so that it can be hauled on a truck or sling loaded under a helicopter. A four-soldier team can set up the structure within 30 minutes as the remaining command personnel hook up the computers, radios and other devices inside of the structure.
Jim Bell, operations expert with RDECOM, told Army Times that soldiers with the 1st Armored Division’s 2nd Brigade Combat Team set up the shelter in those time frames during field exercises. And during an experiment at Fort Hood, Texas, soldiers moved the shelter with a CH-47 Chinook helicopter. An even more mobile option that researchers have put together is the Light-Mobile Command Post, a pull-out table and tent combination that is installed in the back of a Humvee. It includes fixed TV monitors, built-in radio networks, cabling and computers. The system was designed primarily for light infantry units, but a similar configuration has also been installed on tracked command vehicles for armor units. This post can be voice comm and position location tracking operational within 15 minutes and fully operational in 30 minutes. Another Humvee-based answer to mobile command is a reconfigured command and control vehicle dubbed the Command Post Platform–Improved. It has a built-in power and cooling system and spots for two cases containing the capacity for six computer servers, enough to run a brigade’s worth of data. The setup includes seven radio nets, HF, UHF, VHF and SATCOM, and links for fiber optic, standard and secret lines of communication. A small but important feature allows the user to power the systems from either vehicle or external power. The system also has a 15-minute power backup so that the servers can continue to run as power is switched.
Beyond a structure or tent solution, researchers have also outfitted small and mid-size all-terrain vehicles, specifically the Polaris MRZR. The focus of these is to provide airborne or air assault operations with a full-fledged command post in a smaller package. The smaller MRZR uses a modular system that can be pulled and reinstalled quickly into another vehicle, should the ATV be disabled. And it has an extra-powerful alternator that can produce 120 amps, double the amperage of a Humvee alternator. It also includes a first-ever all-around handset that can plug in and communicate whether the speaker is using radio, Voice over Internet Protocol or VOIP, and other computer-based voice applications. On top of all these advancements, the Army also is working on reducing what was 60 pounds worth of gear that previously was only used during mounted operations into a much lighter, man-portable package.
“They were ripping stuff off of vehicles and coming up with a power source,” said Brad McNeilly-Anta, command post consultant for RDECOM. “That wound up with a 60-pound item, and they were jumping with it at the 82nd Airborne.”
Not the most convenient package to haul to the ground. The expeditionary Joint Battle Command Platform is a line of sight, two-way transmission that includes a tablet, battery, peripherals and a new fueled power source that allows it to run for more than 24 hours of continuous operations. Adjustments and replacements to the ruggedized computer, power source, transceiver and encryption device have trimmed the weight down to 23 pounds. Experimenters adapted a 1 L methanol power source to run the system but have also successfully experimented with windshield wiper fluid to run the system, McNeilly-Anta said. (Source: Defense News Early Bird/Army Times)
28 Jul 18. Targeting the future of the DoD’s controversial Project Maven initiative. Bob Work, in his last months as deputy secretary of defense, wanted everything in place so that the Pentagon could share in the sweeping advances in data processing already enjoyed by the thriving tech sector. A memo dated April 26, 2017, established an “Algorithmic Warfare Cross-Functional Team,” a.k.a. “Project Maven.” Within a year, the details of Google’s role in that program, disseminated internally among its employees and then shared with the public, would call into question the specific rationale of the task and the greater question of how the tech community should go about building algorithms for war, if at all. Project Maven, as envisioned, was about building a tool that could process drone footage quickly and in a useful way. Work specifically tied this task to the Defeat-ISIS campaign. Drones are intelligence, surveillance and reconnaissance platforms first and foremost. The unblinking eyes of Reapers, Global Hawks and Gray Eagles record hours and hours of footage every mission, imagery that takes a long time for human analysts to scan for salient details. While human analysts process footage, the ground situation is likely changing, so even the most labor-intensive approach to analyzing drone video delivers delayed results. In July 2017, Marine Corps Col. Drew Cukor, the chief of the Algorithmic Warfare Cross-Function Team, presented on artificial intelligence and Project Maven at a defense conference. Cukor noted, “AI will not be selecting a target [in combat] … any time soon. What AI will do is complement the human operator.” (Source: C4ISR & Networks)
26 Jul 18. JEDI $10bn final request drops – and it’s still single award. The Department of Defense July 26 released the final request for proposals for its $10bn combat cloud contract, moving forward with its controversial plans to award the solicitation to a single vendor. The Joint Enterprise Defense Infrastructure contract comes on the heels of contentious debate in the defense industrial and technology communities, as well as a shift in leadership on the project when DoD CIO Dana Deasy took the reins in late June. The RFP was originally expected in May.
“DoD has an incredibly unique and complex technology estate and finite set of talent and resources,” Deasy said in a released statement. We need help learning how to put in place an enterprise cloud, he said, and the JEDI cloud is a pathfinder effort that will help DoD do that.
Defense officials fielded “over 1,500” questions, comments and responses to earlier draft RFPs, many of which overwhelmingly pointed to a multi-vendor cloud solution as the better approach to meeting such expansive requirements for a global system capable of cutting-edge technology on the battlefield.
“To maintain our military advantage, the Deputy Secretary of Defense and Joint Staff established a requirement for an extensible and secure information environment that spans the homeland to the global tactical edge and can rapidly access computing and storage capacity to address war-fighting challenges at the speed of relevance,” one of the documents from the RFP package noted. The package’s document titled “JEDI Single Award Determination and Findings” specifically singled out the need for artificial intelligence and machine learning as “fundamentally changing the character of war.”
“Leveraging AI and ML at scale and at a tempo relevant to warfighters requires significant computing and data storage in a common environment. Modern cloud computing capabilities can access, retrieve, manipulate, merge, analyze, and visualize data at machine speeds, providing substantial decision-making advantages on the battlefield,” the document stated. “JEDI cloud is an acquisition for foundational commercial cloud technologies that will enable war fighters to better execute a mission that is increasingly dependent on the exploitation of information.”
The RFP was released at nearly the same time as the House of Representatives approved the fiscal 2019 National Defense Authorization Act, which would withhold a portion of JEDI funding pending a report from Deasy to Congress on the strategy, acquisition and planning. Defense officials for months have been defending the single-award approach, even as leaders in the technology community have railed against the decision.
“We’ve not heard anybody say that a multiple-cloud solution is a better solution for providing that capability to the war fighter, and that’s why we’re saying that based on where technology is today, based on where the offerings of the commercial cloud providers are and based on current acquisition law, the department’s optimal solution is a single award contract,” said Robert Daigle, director of cost analysis and program evaluation at the Pentagon.
While officials insist it’s a full and open competition, and measures in the RFP provide time for vendors without current classified capabilities to meet strict requirements for hosting secret and top secret data, only one company current has such capabilities: Amazon Web Services.
“The department has multiple cloud contracts and we will continue to have multiple cloud contracts. We are working with a variety of companies and we want to leverage the entire industrial base,” Ellen Lord, under secretary for defense for acquisition and sustainment, told reporters in April when asked if AWS winning the contract is a foregone conclusion.
“So there is ample opportunity for everyone to play throughout the department … I see no focus toward one company whatsoever.”
The deadline for bidding on the contract is Sept. 17. In-person question-and-answer sessions for those planning to bid will be held Aug. 13 through 15. (Source: www.federaltimes.com)
27 Jul 18. SRC to deliver multi-mission electronic warfare systems to US Army. The US Army has awarded a new contract to defence industry SRC to deliver next-generation, multi-mission electronic warfare systems. Under the $32m contract, the company will be committed to provide the army with a wide range of research, development, test and evaluation (RDT&E) services to extend the life of the service’s counter remote-controlled improvised explosive device (RCIED) electronic warfare (CREW) duke systems over the next ten years.
SRC president and chief executive officer Paul Tremont said: “We are proud to be leading the continued development of the army’s innovative CREW Duke systems. These advancements will provide state-of-the-art electronic warfare capabilities to warfighters, helping to ensure both their safety and continued spectrum superiority.”
As part of the project, the company will use its counter IED capabilities to enable the warfighters to use advanced technology to meet growing requirements in the EW battlespace. The upgraded technology will enable rapid reconfiguration of Army EW electronics to support a wide range of missions, including counter-IED, counter-unmanned aircraft system (UAS) and electromagnetic support.
US Representative John Katko said: “SRC continues to be a leader in technological development that protects our servicemen and women. The CREW Duke Electronic Warfare System gives our soldiers an adaptable, vehicle-mounted defensive capability that provides them increased survivability against improvised explosive devices. Technologies like CREW give our soldiers the tools to survive on an increasingly complex battlefield. I would like to thank SRC for their leadership within our community and look forward to helping them bring jobs back to Syracuse.” (Source: army-technology.com)
Spectra Group Plc
Spectra has a proven record of accomplishment – with over 15 years of experience in delivering secure communications and cybersecurity solutions for governments around the globe; elite militaries; and private enterprises of all sizes.
As a dynamic, agile, security accredited organisation, Spectra can leverage this experience to deliver Cyber Advisory and secure Hosted and Managed Solutions on time, to spec and on budget, ensuring compliance with industry standards and best practices.
Spectra’s SlingShot® is a unique low SWaP system that enables in-service U/VHF tactical radios to utilise Inmarsat’s commercial satellite network for BLOS COTM. Including omnidirectional antenna for the man, vehicle, maritime and aviation platforms, the tactical net can broadcast over 1000s miles between forward units and a rear HQ, no matter how or where the deployment. Unlike many BLOS options, SlingShot maintains full COTM (Communications On The Move) capability and low size and weight
On 23 November 2017, Spectra Group (UK) Ltd announced that it had recently been listed as a Top 100 Government SME Supplier for 2015-2016 by the UK Crown Commercial Services
Spectra’s CEO, Simon Davies, was awarded 2017 BATTLESPACE Businessman of the Year by BATTLESPACE magazine and is a finalist in the inaugural British Ex-Forces In Business Awards in the Innovator Of The Year category.
Founded in 2002, the Company is based in Hereford, UK and holds ISO 9001:2015, ISO 27001 and Cyber Essentials Plus accreditation.