Sponsored by Spectra Group
https://tacs.at/Spectra
————————————————————————
23 Dec 19. What TRANSCOM learned from its system consolidation. On any given day U.S. Transportation Command (USTRANCOM) tracks more than 20 ships, 1,500 truck cargo shipments and hundreds of aircraft taking off or landing every two minutes. The Department of Defense command center is essentially the FedEx of the U.S. military, moving everything from food and uniforms to tanks and vehicles. Tracking the movements of all items across multiple modes of transportation is a herculean task that in the past has used more than 60 disconnected, stovepiped systems.
When making complicated transit moves, more is not necessarily better. Last year, USTRANCOM made the move to modernize and digitize its transportation operations by adopting a transportation management system (TMS). Now in prototype, the single common platform integrates transport operations across groups, provides visibility into cargo moves and supports auditability. Reaching these newfound digital competencies happened at an unheard-of fast pace, but it was far from easy.
DOD is vast and complex, pushing up the number of systems, domains and agencies impacted by the TMS prototype. Plus, the existing systems leverage older, less flexible technologies. For some new functionalities, the TMS was integrated with environments that have been in place for 30 years. At the same time, transportation operations can’t be put on hold, which meant the new TMS had to co-exist or integrate with legacy systems to ensure continuity.
Initially, designing and deploying an end-to-end transportation management solution for DOD seemed overwhelming, but — one year in — the team has learned an incredible amount about working in massive, complex legacy environments and modernizing them for 2020 and beyond. To be successful in similar environments, we advocate following these four best practices.
Prioritize speed. Sticking with old rules and strategies was not going to help USTRANSCOM achieve its goals of visibility into cargo moves or auditability. Instead of the classic waterfall development approach, we followed an agile development strategy within DOD requirements. We chose to release a subset of capabilities into the prototype, gather feedback and make improvements to those capabilities while adding more features and new user organizations simultaneously in future releases. This approach allowed us to deploy rapidly, similar to what most fast-moving digital enterprises are doing in the private sector. The agile development led us to delivering eight releases in less than 12 months.
Build a design with superior user experiences. The end-user experience should be a factor in all decisions. Make sure the functions and features of the system are not disconnected from the people using the system. Designing features and functionalities through the lens of the users — global leadership, carrier partners, soldiers — makes the overall solution better.
Expect ongoing adjustments to the rollout plan. Introducing a major overhaul often means addressing problems and new information quickly and adjusting to change in real time. What was agreed on yesterday may alter as new information comes in, so the team must expect changes that become both process and technology improvements. Willingness to change in the moment means we can meet schedules with timelines of days and weeks, not months.
Saving the most important for last: Create a team with a combination of industry, technology, global reach and leadership expertise. The size and scope of this massive project makes it one of the largest transportation projects ever in terms of the number of users and the value of freight moved. No one person or group knows everything, so we gathered experts from transportation management, military logistics, security and the list goes on. It took strong leadership to pull them all together and keep them focused on our end goals.
Thanks to our global partners, we brought together leaders from the Army, Navy, Air Force, Marine Corps, and DOD agencies to talk about their transportation needs. We also connected with defense partners and project teams from Canada, the Netherlands and Australia who shared their experiences and provided insight on capabilities needed within their defense ministries and departments. Having this global collaboration has been instrumental in making the project successful.
When government puts these best practices to work, it is possible to transform a complicated, disconnected set of systems into an environment that can readily embrace a modern, digital-ready future. (Source: Defense Systems)
23 Dec 19. There’s a new role for this Air Force cybersecurity outfit. Initially created to look at legacy weapon systems, the Air Force CROWS office will be taking aim at ensuring cybersecurity concerns are taken into account from the start of new programs. The Air Force Cyber Resiliency Office for Weapons Systems (CROWS), established by a provision in a 2016 law charging the Department of Defense to identify and mitigate cybersecurity vulnerabilities of weapon systems, initially focused on legacy systems. However, its director says now it’s also taking aim at new ones.
“We’re actually embedding cyber professionals within the program executive offices … [because] we want to explain to them what cyber is; we wanted them to spread that ‘cyber’ word in new acquisitions,” Joe Bradley, the director of CROWS, told Fifth Domain in a December interview.
As part of that effort, CROWS worked to distill the systems engineering handbook to eight or nine actionable pages to make it easier for officials and contractors to find quick solutions.
“They can go in there and they find language in the statements of work or for the request for proposals or the specs,” Bradley said, adding that this is really important to the industrial base because when the government makes changes from one program to another, they are scrambling to find out why that change was made.
“If we can use standardized language, then we can communicate to our industry partners, ‘hey, this is the same type of resiliency, the same posture we’re looking for as we did in the last acquisition,’” Bradley said.
This was done in conjunction with the commanders of the Life Cycle Management Center, Rapid Capabilities Office, Nuclear Weapons Center and the Space and Missile Center.
Bradley said he wants Will Roper, the service’s chief acquisition executive, to sign the language out, making it official.
“Down the road, I believe that if we do this right, by putting the emphasis on cyber right now today, it’s going to become in the mindset of every engineer — it’s in their toolkit; it just becomes another system engineering requirement,” Bradley added.
This is the reason, Bradley said, they’ve embedded officials within the PEOs to help engineers and commanders better understand the cyber portions of the programs. Though there are only three officials per PEO, Bradley said he hopes eventually there are cyber experts for each program within the PEO’s purview.
The biggest challenge, however, Bradley said, involves baking in cyber versus bolting it on later — a situation that will come down mostly to changing the culture. (Source: Fifth Domain)
23 Dec 19. 2020 NDAA brings cyber, acquisition, and IT changes. The 2020 National Defense Authorization Act was signed into law Dec. 20, and with it comes a range of cyber, IT personnel and acquisition policy changes. Here’s some of what FCW will be tracking in the New Year:
Consumption-based solutions. A consumption-based acquisition provision was originally recommended by the Section 809 panel’s suite of acquisition reforms. And while most of the panel’s suggestions weren’t expected to make it into the NDAA for 2020, this one did. Doing the study, which is due in March, allows DOD to evaluate how consumption-based solutions, which involve an agency getting billed for how much it uses, would affect its contracts.
Space Force acquisition challenges. Since the 2020 NDAA authorizes the standing up of Space Force, there could be new acquisition changes needed. The bill mandates a report due in March on whether there needs to be a new acquisition assistant secretary for space policy.
Report on edge computing technology. DOD’s acquisition chief will have to report to Congress on commercial edge computing technologies and best practices for warfighting systems.
More cybersecurity oversight is coming to DOD, starting with a mandatory cyber review every four years. This requirement begins in 2022 and includes an assessment of costs, benefits, and whether, possibly like Space Force, a cyber force should be a separate uniformed service. There will also be quarterly reviews on cyber mission force readiness.
Zero-based review for IT and cyber personnel. The Defense Department has until Jan. 1, 2021, to complete a zero-based review of cyber and information technology contractors, military, and civilian personnel.
The review will assess staffing needs and effectiveness and also evaluate whether job descriptions, duties, and “whether cybersecurity service provider positions and personnel fit coherently into the enterprise-wide cybersecurity architecture and with the Department’s cyber protection teams.”
Information operations. The military services have increasingly emphasized the importance of information warfare and operations in the wake of the 2016 presidential election and the aftermath of public and Congressional scrutiny.
The 2020 NDAA affirms this by requesting DOD appoint a “principal information operations advisor” to the secretary on “all aspects of information operations conducted by the Department.” In a separate but somewhat related provision, the bill authorizes research for “foreign malign influence.” (Source: Defense Systems)
21 Dec 19. The USAF just conducted the first test of its Advanced Battle Management System. The Air Force wrapped up Dec. 18 the first test of its new Advanced Battle Management System, a key technology the service is banking on to connect the information collected by various platforms into a complete picture of the battlespace.
During the three day field test, Air Force, Navy and Army platforms worked together to rapidly share data about a simulated a potential cruise missile attack on the United States, the Air Force said in a news release Dec. 20.
The cruise missile — simulated using by QF-16s — was detected by an undisclosed weapon system and relayed to Air Force F-22s, Air Force and Navy F-35s, the Navy destroyer Thomas Hudner, an Army unit equipped with the High Mobility Artillery Rocket System, as well as special operators.
That information, as well as other data from platforms participating in the exercise, was then pushed to a control room where leaders could watch updates in real time.
According to an Air Force news release, the technology under development in the ABMS program will give platforms the ability to simultaneously receive, fuse and act upon a massive collection of data from all domains instantaneously.
The service stated ABMS will require “software and algorithms so that artificial intelligence and machine learning can compute and connect vast amounts of data from sensors and other sources at a speed and accuracy far beyond what is currently attainable” as well as hardware updates that include “radios, antenna, and more robust networks.”
However, the service provided sparse detail about what kinds of technologies were used in the first experiment to link Air Force, Navy, and Army equipment together, saying only that “new software, communications equipment and a ‘mesh network’” linked together assets. It did not say whether artificial intelligence had been introduced to crunch data and send it to users who would benefit from that information.
The Air Force plans to hold similar demonstrations every four months in order to push forward the ABMS concept.
“The goal is to move quickly and deliver quickly. We want to show it can be done and then we want to push ourselves to continually enhance and expand our capability,” said Preston Dunlap, the Air Force’s chief architect charged with overseeing ABMS.
The Air Force expects to spend $185m in fiscal 2020 for ABMS, the service said in its release. (Source: C4ISR & Networks)
21 Dec 19. UniSA partners with defence industry to deliver communication innovation. The University of South Australia has announced it has secured two grants that aim to boost South Australia’s defence industry capability, by applying new research knowledge and innovation and working partnership with industry, to help solve some of the real challenges facing the defence sector.
The two projects, ‘Narrative Visualisation of Simulations for Force Design’ and ‘Optimal Target Detection for Marine Radars Using Waveform Diversity’, each received $150,000 in grants in the latest round of the South Australian Defence Innovation Partnership Cooperative Research Grants.
UniSA director defence and space, Matt Opie, said the results are a strong endorsement of UniSA’s defence research expertise.
“Not only are we leading two of the projects, but we are also a key partner in the other two defence industry projects,” Opie said.
“We undertake world-class research in virtual reality systems led by some of the leading experts in that field and our signals processing research expertise dates back 40 years – so we have the capacity to deliver the Australian Defence Force critical advanced capability.
“We are also highly experienced at working with industry and bringing together research teams that are outcomes focused.”
A relatively new field – narrative visualisation – brings data to life both qualitatively and by presenting a visual story about meaningful trends that can be rapidly understood and acted upon. The process reveals trends, casual relationships and decisive events and has the potential to be applied in real-time combat situations to ensure better and more informed decision-making.
“UniSA’s world-leading research in narrative visualisation will allow defence analysts to explore and analyse information and quickly make sense of what can otherwise be overwhelming amounts of data,” director of the Australian Research Centre for Interactive and Virtual Environments, Professor Bruce Thomas, said.
In the second project, ‘Optimal Target Detection for Marine Radars Using Waveform Diversity’, researchers will address the challenge of what is known as ‘sea clutter’ or the interference that waves on the ocean’s surface cause to the detection of targets on or above the sea surface, particularly an issue for small targets.
“This important research will advance high performance navigation radar systems for future marine platforms for both the Royal Australian Navy and the Royal Australian Air force,” UniSA’s associate head of engineering research and innovation, Professor Kutluyil Dogancay, said.UniSA researchers will also contribute to a project to devise conducting carbon coatings for naval vessels to deter marine creature growth on vessels and the development of a large-scale submarine model that with allow for simulator-based training for next generation submariners. (Source: Defence Connect)
20 Dec 19. Red Balloon Security and Atredis Partners Announce New Strategic Partnership. Red Balloon Security and Atredis Partners, two leading embedded device security companies, today announced a new strategic partnership to protect corporations, manufacturers and suppliers against hard to detect firmware-based threats.
The new collaboration will leverage both firms’ unique expertise and capabilities in critical areas of embedded device security. Red Balloon Security is a leading developer of firmware-based security solutions to protect embedded devices from a wide range of potential attacks. Atredis Partners provides advanced security testing, firmware analysis and assessment services for a full range of embedded device products and industries.
“We look forward to working with Atredis to deliver robust security solutions for embedded device manufacturers, developers and users,” said Dr. Ang Cui, CEO of Red Balloon Security. “The combined embedded security expertise of Red Balloon and Atredis will provide companies with advanced protection throughout their embedded systems.”
Red Balloon Security’s flagship product, Symbiote Defense, is the first universal embedded defense for all embedded devices and was originally developed in Columbia University’s Intrusion Detection Systems Lab. It is a platform-independent, OS-agnostic, real-time, host-based intrusion defense that is injected into the firmware of the device. It defends devices without requiring any code change from the vendor, any additional or upgraded hardware, and all without impacting the functionality of the device. Symbiote Defense is designed to protect any and all embedded devices, from printers to PLCs. It can be applied to any device regardless of OS, CPU type or hardware. The technology starts protecting the host the instant the host turns on, and will detect any unauthorized attempts to modify the firmware’s code or data within a fraction of a second, regardless of whether the device is in sleep mode, or busy servicing requests.
Atredis Partners provides a broad range of security testing and analysis services for embedded devices. The company takes a research-centric approach when evaluating complex hardware, firmware and embedded operating system targets. Atredis works closely with a company’s leadership, engineers and developers to achieve a sound understanding of the design, architecture and threat scenarios to model out in its assessments. Engagements begin with a complete tear-down of the device, mapping of circuits / hardware communication channels, identification of reachable attack surface and into reverse-engineering and instrumenting of firmware, bootloaders and monolithic software. Attack scenarios are then crafted, followed by development of proofs-of-concept demonstrating the risks and impact of identified issues, in order to deliver actionable, clearly-documented findings. Finally, Atredis works closely with clients to remediate these security issues and ship highly secure products to market. (Source: BUSINESS WIRE)
20 Dec 19. Pentagon wants open-source 5G plan in campaign against Huawei. Telecoms equipment makers urged to join forces to end dominance of Chinese company China’s Huawei dominates the market but many in Washington believe it poses a threat to US national security.
The Pentagon is urging US telecoms equipment makers to join forces on 5G technology in a drive to offer a homegrown alternative to China’s Huawei. Lisa Porter, who oversees research and development at the defence department, has asked US companies to develop open-source 5G software — in effect opening up their technology to potential rivals — warning they risk becoming obsolete if they do not. Making 5G tech open-source could threaten American companies such as Cisco or Oracle, the biggest American suppliers of telecoms network equipment. This technology — known as open radio access networks — would allow telecoms carriers to buy off-the-shelf hardware from a range of vendors, rather than bespoke systems. US officials hope it will provide an alternative to Huawei. The Chinese equipment maker dominates the market, but many in Washington believe it poses a threat to US national security. Ms Porter told the Financial Times: “I think those that drag will ultimately have to come along. It is just like any other historical trend — the classic one being Kodak, which invented digital cameras but then didn’t leverage them.” “The beauty of our country is that we allow that marketplace to decide the winners. The market will decide. If someone is dragging their feet, that’s up to them to decide, but then the market will decide from there who wins.”
EU needs common telecoms rules to thwart Huawei’s 5G threat US officials are hunting for ways to undercut the powerful position built by Huawei, which sells just under a third of the world’s 5G equipment, but whose products they warn could be used by Beijing for spying. Much of that effort has focused on how to cut Huawei out of the US and other western markets. The FT revealed last week that the state department recently asked US telecoms companies to sign up to a set of supply-chain principles that would in effect shut out the Chinese company — although it was rebuffed by executives who were worried about getting sued. At the same time, the Trump administration is also looking for ways to foster competition to the Chinese equipment maker. Senior members of the administration have discussed funnelling money to Nokia and Ericsson, Huawei’s European rivals, since no American company makes radio access towers. They have also asked Oracle and Cisco whether they would consider entering the radio transmission market, but have been rebuffed by both. Ms Porter said: “Ericsson, Nokia and Samsung are all in the mix and we recognise them as potential contributors clearly to that capability.” But she was more enthusiastic about the possibility that American companies could help develop open-source technology that would allow carriers to buy equipment from a range of suppliers. One of Huawei’s main selling points is that the company can build an entire 5G network, including everything from radio towers to individual routers. While US officials are considering granting tax breaks to help develop this open-source technology, some industry executives privately express concerns that they are giving an advantage to a particular product which will not be ready in time for 5G. Ms Porter said: “We think that the more you can open things up to follow the pathway of other historical technology advances like data servers, the more you’re going to play to the United States strengths and the strengths of our Western partners and allies.” (Source: FT.com)
————————————————————————-
Spectra Group Plc
Spectra Group (UK) Ltd, internationally renowned award-winning information security and communications specialist with a proven record of accomplishment.
Spectra is a dynamic, agile and security-accredited organisation that offers secure Hosted and Managed Solutions and Cyber Advisory Services with a track record of delivering on time, to spec and on budget.
With over 15 years of experience in delivering solutions for governments around the globe, elite militaries and private enterprises of all sizes, Spectra’s platinum and gold-level partnerships with third-party vendors ensure the supply of best value leading-edge technology.
Spectra was awarded the prestigious Queen’s Award for Enterprise (Innovation) in 2019 for SlingShot.
In November 2017, Spectra Group (UK) Ltd announced its listing as a Top 100 Government SME Supplier by the UK Crown Commercial Services.
Spectra’s CEO, Simon Davies, was awarded 2017 Businessman of the Year by Battlespace magazine.
Founded in 2002, the Company is based in Hereford, UK and holds ISO 9001:2015, ISO 27001:2013 and Cyber Essentials Plus accreditation.
————————————————————————-