Sponsored by Spectra Group
https://tacs.at/Spectra
————————————————————————
25 June 19. JEDI award expected in August. The Defense Department expects to make an award in its $10bn Joint Enterprise Defense Infrastructure cloud contract by the end of August.
DOD CIO Dana Deasy said at the Defense Writers Group breakfast June 25 that the timing of the award isn’t contingent on the outcome of a lawsuit from Oracle in the U.S. Court of Federal Claims looking to change the requirements of the JEDI procurement.
“We’re not waiting on a decision [in federal claims court] so that it impacts the source selection process,” Deasy said.
Microsoft and AWS are the final two companies vying for the contract.
The DOD CIO emphasized that any delay in the contract award would create major setbacks for the services and warfighter.
Deasy said his biggest concern is “if JEDI gets delayed” because “there are active sets of programs that the combatant commands are depending on when that contract gets released.”
U.S. Transportation Command is one of them, he said, and it is “actively developing a set of next-generation applications” for JEDI. “TRANSCOM’s ability to upgrade and move to next-generation application is absolutely imperative for the department.”
“If JEDI was to get further delayed, guess what happens? Now you’re back to the model where people need to go build their own cloud solutions,” he said. “That does not serve the Department of Defense well; it does not serve the warfighter well.”
Deasy said he doesn’t know what an exact contingency plan in case of delays looks like, but it would be whatever is needed to support warfighter missions.
Building cloud-ready applications
With JEDI soon becoming a reality, Deasy said his office’s top priority is educating the combatant commands and services. Right now, DOD is doing “an awareness campaign,” informing personnel and combatant commands on the construct but delaying technical training until the contract is awarded. Only then will services be in a position to determine which projects will first migrate to JEDI.
“Now that we’re getting closer, it’s the logical time to sit down with the various services, start to describe what we believe a general-purpose cloud environment will start to look like and, more importantly for them, to start to think about what activity set will they have coming up this fall and going into next year that might be a good candidate,” he said.
How the JEDI cloud shapes up will depend on the cloud service provider chosen for the contract and personnel training to take advantage of it, Deasy said. Still, the department needs more people who can oversee the cloud’s implementation, infrastructure, security, software and, more importantly, application builders.
“We need to have people who know how to provide oversight and that know-how to work with the services to identify opportunities that are well suited for a general-purpose cloud,” Deasy said. DOD is also focused on improving its ability to design applications for a cloud environment.
“That’s the area where I want us to quickly move to,” Deasy said. “The exciting part of all this is the speed of which we will be able to stand up new capabilities for the warfighter.” (Source: Defense Systems)
25 June 19. What the latest JEDI filings reveal. Documents filed in Oracle’s ongoing lawsuit over the Defense Department’s single-award Joint Enterprise Defense Infrastructure cloud procurement provide a window into the development of the $10bn procurement.
Amazon Web Services is helping the Department of Defense fight Oracle’s lawsuit as a defendant largely because much of Oracle’s case hinges on claims that Deap Ubhi, a current AWS employee with longstanding ties to the company who worked on the JEDI program when he was with the Defense Digital Service and helped formulate requirements in the cloud buy to the benefit of AWS.
Oracle bid on the contract, but was cut from the competition along with IBM for failure to meet certain gate requirements. AWS and Microsoft remain in the running for the award, which is set to be made in July of this year, after the case currently pending in the Court of Federal Claims winds up.
According to the Justice Department filing, DOD was in the midst of “robust debate” over whether to structure JEDI as a single-award or multiple-award contract as late as April 2018, with a final decision not coming until that July. Ubhi recused himself from participation in JEDI in late October 2017, according to the filing and other court documents, including citations from an internal DOD report from the contracting officer regarding possible conflict of interest on Ubhi’s part.
According to the internal report cited in both filings, “all the key decisions for the JEDI Cloud procurement, such as the actual RFP terms and whether to award one or multiple contracts, were made well after Mr. Ubhi recused himself, after being vetted by numerous DoD personnel to ensure that the JEDI Cloud RFP truly reflects DoD’s requirement.”
The AWS filing states that “Oracle’s assertion that Mr. Ubhi somehow influenced each decision is not only illogical but a nakedly self-serving attempt to impugn the integrity of the entire Department of Defense.”
A Justice Department filing also opposing a judgment in favor of Oracle on the basis of the administrative record concludes that even if the court decides the Pentagon’s internal report on organizational conflict of interest was flawed, the only relief that should be offered to Oracle is to require any award to AWS to wait until any conflicts are fully mitigated or waived by DOD.
“Even if Oracle were reinstated into the competition, its chances of being awarded the JEDI contract would be slim, minimizing the harm of its exclusion,” Justice Department attorneys stated. “Accordingly, Oracle would probably be better off with an award of bid preparation costs instead of an injunction.”
AWS also cited a pre-solicitation justification memorandum from DDS Deputy Director Tim Van Name from July 2018 that defends a JEDI requirement that DOD’s unclassified use of the platform will not constitute 50% of a vendor’s total cloud use across network, compute and storage.
“Not including this criteria will risk future military operations that depend on the overall ability of the Offeror to support surge usage at vital times,” Van Name stated in his memorandum.
Another filing in the case released this week includes a declaration from Lt. Gen. Bradford Shwedo, the CIO for the Joint Chiefs of Staff, about the “urgency and importance” of the JEDI cloud acquisition.
“As data increases in size and complexity, our current compartmentalized management of data is untenable to assist our warfighters at the speed of relevance,” Shwedo said. “JEDI Cloud is critical to safeguarding our technological advantage against those that seek to harm our nation.”
In particular, Shwedo stated that JEDI is critical to providing infrastructure and artificial intelligence capability to analyze surveillance data from across the military services that is currently not being exploited. The planned cloud infrastructure will also serve as a backup to traditional cable-linked communications in the event of a disruption — a real risk on the Korean peninsula in particular, Shwedo said. An enterprisewide cloud will also improve and accelerate training and therefore force readiness, he said.
“Delaying implementation of JEDI Cloud will negatively impact our efforts to plan, fight, and win in communications compressed environments and will negatively impact our efforts to improve force readiness and hamper our critical efforts in AI,” Shwedo stated. (Source: Defense Systems)
26 June 19. Raytheon (NYSE: RTN) today launched NexGenTrac, its first ever secure mobile application to connect with employees using iOS and Android smartphones.
“NexGenTrac can help any organization or agency connect with and protect their people in emergency situations,” said John DeSimone, vice president of cybersecurity and special missions at Raytheon Intelligence, Information and Services. “Now available for global governments, agencies or companies supporting a variety of missions, this application provides an immediate secure link to employees. Unlike many social media platforms used to provide status updates, NexGenTrac gives you the ability to own and manage your data in a secure environment.”
Using decades of experience developing secure global communications systems, Raytheon optimized NexGenTrac for commercial use. This provides a powerful, easy-to-use app to reach out to and communicate with employees in dispersed and remote environments. The application is hosted in a controlled and secure infrastructure, ensuring data integrity and accurate situational awareness. NexGenTrac combines the best employee safety features available with the security of defense-grade cyber protection.
Features of the app include:
- Data Security: Gives organizations deploying NexGenTrac complete ownership of user data and access to secured servers within the U.S.
- Emergency Alerts: Allows the user to initiate an emergency alert status.
- Chat: Provides a built-in secure messaging application
- MyLocation: Allows users to instantly identify their geographic location
- Smart Beaconing: Allows users to conserve power and battery life by updating location information based on movement of the device.
- Map Interface: Includes street-level mapping that allows users to visualize their location.
- Pulse: Provides a “pull” request for status initiated from the User Portal
26 June 19. NAVAIR contracts BAE Systems, Raytheon for Dual Band Decoy demonstration phase. The US Navy (USN) has selected BAE Systems Information and Electronic Systems and Raytheon Space and Airborne Systems to develop a new towed offboard radio frequency (RF) countermeasures system to protect the F/A-18E/F Super Hornet strike fighter against RF threat radars. Known as the Dual Band Decoy, the new countermeasure is intended to serve as a replacement for the BAE Systems ALE-55(V) Fiber-Optic Towed Decoy and the Raytheon ALE-50 Advanced Airborne Expendable Decoy systems deployed by the Super Hornet. The Dual Band Decoy will incorporate both high-band and low-band capabilities. BAE Systems was awarded a USD36.7m Demonstration of Existing Technologies (DET) contract by Naval Air Systems Command (NAVAIR) on 16 May for the demonstration and development of the Dual Band Decoy capability following the evaluation of three offers. (Source: IHS Jane’s)
25 Jun 19. Germany and Netherlands to sign MOU to pursue joint C4I programme. Defence ministers from Germany and the Netherlands will sign a memorandum of understanding (MOU) on 26 June to pursue the Tactical Edge Networking (TEN) programme, defence officials have disclosed to Jane’s. The MOU, which is expected to be signed on the fringes of the 26-27 June at the NATO defence ministers meeting in Brussels, marks the next step in the development of the multinational command, control, and communications (C3) programme that binds together the Bundeswehr’s digitisation of land based operations (D-LBO) and the Dutch Ministry of Defence’s (MoD’s) Foxtrot efforts. The MOU will follow the signature of a letter of intent agreed by the German and Dutch ministries of defence on 17 May 2018, with the aim of working towards the digital integration of both armed forces.(Source: IHS Jane’s)
25 Jun 19. DoD’s Defense Security Service (DSS) Becomes the Defense Counterintelligence and Security Agency (DCSA). Consistent with Executive Order 13869, “Transferring Responsibility for Background Investigations to the Department of Defense,” the Acting Secretary of Defense has renamed the Defense Security Service to be the Defense Counterintelligence and Security Agency (DCSA). This action became effective June 20, 2019. Charles Phalen, Jr. will serve as the Acting Director of the DCSA effective July 1, 2019. Mr. Phalen will remain the Director of the National Background Investigations Bureau. Mr. Phalen’s dual-appointment will be in effect until a permanent DCSA Director is named. DCSA will serve as the primary Federal entity for conducting background investigations for the Federal Government. The DCSA will also, as a continuation of the former DSS, serve as the primary Department of Defense component for the National Industrial Security Program and will execute responsibilities relating to continuous vetting, insider threat programs, and any other responsibilities assigned to it by the Secretary of Defense. (Source: glstrade.com)
25 Jun 19. US Naval Research Lab developing unique malware detection. The US Navy’s Center for High Assurance Computer Systems (CHACS) is developing new technologies for detecting malware, the organisation has told Jane’s. CHACS is a branch of the Information Technology (IT) Division within the Naval Research Laboratory (NRL). Cyber touches upon a range of areas within NRL, and CHACS is the organisation’s specialist arm in the rapidly developing domain. It divides its work across a number of different sections, from communications security to software engineering.
Joseph Mathews, section head for the centre’s network security research, told Jane’sthat malware detection work is being pursued through a project called MalSee, which is being carried out in partnership with academic and industry partners, along with the Office of Naval Research (ONR). (Source: IHS Jane’s)
25 Jun 19. What to make of US cyber activities in Iran. After the Islamic Republic of Iran shot down an RQ-4 Global Hawk drone June 20, President Donald Trump opted against physical military strikes as retaliation. Instead, multiple news organizations reported the U.S. military quietly conducted cyber operations that targeted computer systems that control Iranian missiles launches and an intelligence organization associated with the Iranian Revolutionary Guard Corps. Representatives from two cyber threat intelligence firms told Fifth Domain June 24 that they were aware Iran had conducted highly-customized spearphishing campaigns. In some cases, experts said, the attacks included what’s known as a lure document to entice victims to click and inadvertently install malware. U.S. government agencies were among the targets of the attacks.
In addition, experts said that the operation signals U.S. government leaders are becoming increasingly comfortable with cyberwarfare as a tool in the arsenal and, in some cases, now view cyber operations as a half-step removed from a kinetic conflict.
“This shows that we’ve improved our practical capacity to use the cyber domain as part of a whole-of-government approach, which in this case already included substantial amounts of sanctions,” said Bobby Chesney, a law professor at the University of Texas who teaches courses on cybersecurity.
Because Trump acknowledged an Iranian attack on an unmanned aircraft “is easier to accept to accept” than one that kills Americans, Chesney said “by the same token, striking back in a way that does not kill Iranians demonstrates that Cyber Command is providing him with tools for a more-nuanced responses.”
Other experts noted that along with a series of new authorities for military cyber leaders, the recent actions are further evidence that the U.S. government is approaching cyber activities more aggressively.
“We are in a new era when it comes to offensive use of cyber capabilities, where our policymakers and senior leaders are ready to provide DoD with more flexibility and authority, and an era where DoD, in turn, is likely to be more forward leaning,” Jamil Jaffer, founder of the National Security Institute at George Mason University Law School and vice president for strategy and partnerships at IronNet Cybersecurity, told Fifth Domain.
Cyber “may not be a silver bullet, but it does seem to be providing relatively non-escalatory tools to policy makers,” Chesney said. “Indeed, reading the tea leaves from this past weekend, it appears the cyber option helped ensure there was an off-ramp from a kinetic response that might have led to further escalation.”
A response to ‘malicious cyber activity’
U.S. government officials raised the alarm about Iranian cyber activities June 22, about five hours after reporters from Yahoo! News first broke the story of the U.S. response. Yahoo! News said the U.S. cyberattack was against an Iranian spy group that supported limpet mine attacks on commercial ships earlier in June.
In a tweet, Chris Krebs, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, wrote, “CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies … Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks.”
Wiper attacks are often destructive forms of malware of which all data on a network can be lost. Representatives from two cyber threat intelligence firms, FireEye, CrowdStrike, told Fifth Domain June 24 that they were aware Iran had conducted highly-customized spearphishing campaigns and representatives from two others, Recorded Future and Dragos, said while they had not seen direct evidence of the Iranian attacks, it fit the profile for their past work. In some cases, experts said, that included what’s known as a lure document to entice victims to click and potentially inadvertently install malware.
John Hultquist, director of intelligence analysis at FireEye, said his firm had identified “spearphishing activity conducted by Iranian threat actor APT33 concurrent with increasing tension in the Gulf region and with the U.S. The spearphishing campaign has targeted both public and private sectors in the U.S. This activity is consistent with intelligence collection, and the Iranian regime is also likely to be using cyber espionage to reduce the uncertainty surrounding the conflict. Notably, APT33 has historically carried out destructive cyberattacks in addition to intelligence collection.”
The key question becomes: what happens next?
Robert Knake, senior fellow for cyber policy at the Council on Foreign Relations and the co-author of the new book “The Fifth Domain,” said in this new digital landscape, both the United States and Iran are trying to be proportionate in their response.
“The question, when you’re talking about a nation state threat with the Iranians, is you really don’t know the level of sophistication they’re going to bring to the attack,” he said. “There’s no binary answer. Do I think most federal agencies are probably decently positioned to address run of the mill ransomware attacks, absolutely, right? Do the Iranians have a capability that they could cause consequences at a U.S. government agency? I think that’s likely.”
In terms of the specific targets Cyber Command reportedly hit, Chesney said he doesn’t view them as crossing a threshold. He pointed to reporting that the U.S. previously targeted North Korea’s missiles in what is called a “left of launch” approach ensuring the missiles fail to launch.
Cyber operations can be effective at eliminating these types of capabilities.
“[C]yber capabilities can be an extremely effective instrument of force projection with respect to neutralizing kinetic or conventional weapons,” Dave Weinstein, chief security officer for Claroty, wrote in an email to Fifth Domain. “Reports of the Trump administration responding to Iran’s downing of a US drone with a surface-to-air missile by targeting these same systems with cyber capabilities is a proportionate response and one that limits collateral damage – both diplomatically and kinetically.”
The operations, however, are not totally risk free.
“Of course all cyber operations usually come with a temporary loss of intelligence so these responses are not without cost,” Weinstein said. “However, it’s important to recognize the value of demonstrating that the U.S. has both the will and capability to conduct precision and timely cyber operations against conventional military targets.” (Source: Fifth Domain)
21 Jun 19. Elbit Systems showcases SuperVision airborne C2. Elbit System revealed its new SuperVision airborne command-and-control (C2) solution, which it calls a secure cloud-based avionics C2 solution, at the 2019 Paris Air Show. The system is designed to support air-to-air and air-to-ground missions. Elbit Systems’ vice-president for business development and strategy, Sagi Peleg, told Jane’s this backbone technology aggregates an array of data sources into a single mission network to provide ‘in-depth’ insights that can be shared across multiple mission platforms. Capable of fusing sensor and data streams, including the heads-up, heads-down, and cockpit displays of a pilot, SuperVision provides a ‘Siri-like’ voice command capability to users and enables them to manage networks, waveforms, and applications. (Source: IHS Jane’s)
21 Jun 19. Leonardo aims SRT-800 Airborne SDR at smaller aircraft, missiles. Leonardo’s SRT-800 Airborne software-defined radio (SDR), the latest addition to its family of S-Wave systems, was showcased at the 2019 Paris Air Show two years after its development was first announced.
Speaking to Jane’s from Le Bourget, Paris, Gabriele Pieralli, Leonardo’s senior vice-president for avionic equipment, said the SRT-800 was designed with as light and thin a form factor as possible, so it could be integrated in fixed- and rotary-wing airframes as well as tactical unmanned aerial vehicles (UAVs) and missiles.
The single-channel SDR, which weighs 4.5 kg, is scheduled to be fully qualified by October. The SDR would then begin live flight tests ahead of deliveries to two undisclosed customers in 2020 and beyond. (Source: IHS Jane’s)
————————————————————————-
Spectra Group Plc
Spectra has a proven record of accomplishment – with over 15 years of experience in delivering secure communications and cybersecurity solutions for governments around the globe; elite militaries; and private enterprises of all sizes.
As a dynamic, agile, security accredited organisation, Spectra can leverage this experience to deliver Cyber Advisory and secure Hosted and Managed Solutions on time, to spec and on budget, ensuring compliance with industry standards and best practices.
Spectra’s SlingShot® is a unique low SWaP system that enables in-service U/VHF tactical radios to utilise Inmarsat’s commercial satellite network for BLOS COTM. Including omnidirectional antenna for the man, vehicle, maritime and aviation platforms, the tactical net can broadcast over 1000s miles between forward units and a rear HQ, no matter how or where the deployment. Unlike many BLOS options, SlingShot maintains full COTM (Communications On The Move) capability and low size and weight
On 23 November 2017, Spectra Group (UK) Ltd announced that it had recently been listed as a Top 100 Government SME Supplier for 2015-2016 by the UK Crown Commercial Services
Spectra’s CEO, Simon Davies, was awarded 2017 BATTLESPACE Businessman of the Year by BATTLESPACE magazine and is a finalist in the inaugural British Ex-Forces In Business Awards in the Innovator Of The Year category.
Founded in 2002, the Company is based in Hereford, UK and holds ISO 9001:2015, ISO 27001 and Cyber Essentials Plus accreditation.
————————————————————————-