Qioptiq logo Raytheon

C2, TACTICAL COMMUNICATIONS, AI, CYBER, EW, CLOUD COMPUTING AND HOMELAND SECURITY UPDATE

Sponsored by Spectra Group

https://tacs.at/Spectra

————————————————————————

09 Jan 20. Two Australian businesses to deliver new defence capability for ADF. Two Australian businesses have secured contracts from Leidos Australia to deliver new capability to safeguard the Australian Defence Force (ADF).

Leidos is collaborating with the two firms to provide equipment to shield from chemical, biological, radiological and nuclear (CBRN) threats.

A $17m contract has been awarded to Cairns-based small business J3Seven to deliver defence equipment to keep Australian soldiers safe from CBRN threats on the front line.

Australian Defence Industry Minister Melissa Price said: “This is a great investment in the Australian defence industry and highlights how Aussie ingenuity is keeping our armed forces safe.

“J3Seven will provide capabilities, including radiation detectors and incident response kits to protect our soldiers.”

Separately, Melbourne-based small business Point Trading has won a $7.4m contract to deliver chemical detection equipment for the ADF.

Melissa Price added: “Point Trading will support the delivery of this critical capability to protect our soldiers from chemical threats on the battlefield.

“The record $200bn investment we’re making in Australia’s defence industry is continuing to deliver jobs and more opportunities for small businesses like Point Trading right across Australia.”

Detectors and other equipment under the contracts will be manufactured in the country, bringing new opportunities and more jobs to regional areas.

In 2018, the Australian Government signed new contracts worth $238m with Leidos Australia under the ADF’s Land 2110 Phase 1B CBRN Defence Capability Facilities project.

The programme aims to offer both new and upgraded facilities at 14 sites in the country to support army personnel training against toxic industrial materials and CBRN weapons exposure.

In addition, Leidos Australia signed a memorandum of understanding with J3Seven to identify and develop novel technologies for the ADF in September 2018(Source: army-technology.com)  .

06 Jan 20. USAF Takes First Step Toward Commercial Internet Services. The experiment is expected to eventually lead to the wholesale replacement of the Air Force’s slow, cumbersome and ineffectual network with a modern, commercially procured one with improved speed, security and functionality.

A Chinese proverb says that a journey of a thousand miles starts with a first step, and last month the Air Force took such a step when an airman for the first time connected to the Internet via a commercial network, in this case one provided by AT&T.

That accomplishment at Buckley AFB in Colorado is expected to eventually lead to the wholesale replacement of the Air Force’s slow, cumbersome, and ineffectual unclassified network for email and Internet-based applications with a modern, commercially procured one with improved speed, security, and functionality.

“The Air Force is not happy with the performance of the Air Force network,” said Col. Bobby King from the Command, Control, Communications, Intelligence and Networks (C3I&N) program office, speaking Dec. 12 at AFCEA NOVA’s Air Force IT Day conference. Putting a point on his intended understatement, he quoted Air Force Chief of Staff Gen. David Goldfein as saying: “IT is crushing our airmen’s spirit.”

According to King, results of polls taken at eight bases where the Air Force is conducting experiments to identify the best ways it can “consume” commercial IT services (read below for more on that) showed that about 42 percent of Air Force personnel polled said the existing service network did not help them complete their mission. That’s a grade that deserves an F, said King, who is the senior materiel leader in C3I&N’s Enterprise Information Technology and Cyber Infrastructure Division.

“It’s a national security imperative to fix the Air Force network,” he said. “And when I say the Air Force network I don’t mean just the network. [I mean] all the IT services that support and connect airmen.”

The reason why so many senior officers say that the Air Force network is broken is a matter of numbers. More than 230 Air Force organizations can make changes on the network, according to King, and 41 separate groups acquire, integrate, and operate IT systems. There are 80+ Authority To Operate boundaries sprinkled throughout the network, which refers to individual organizations that have the power to authorize, implement, and monitor security controls. All those numbers lead to massive duplication of effort, poor configuration across the enterprise, and a terrible user experience.

It’s the network’s bad user experience, better known in the private sector as customer experience and even more recognizable by its acronym CX, that leads to Goldfein’s soul-crushing scenario. It’s easy to see why. CX is how users perceive their interactions with the networks through websites, mobile and web applications, call/help center contacts, and virtually every touchpoint.

Today’s most successful companies, like Apple, Google and Amazon, have created clean customer experiences that define their brands and separate them from competitors. People now expect elegant, simple, and fast experiences with companies, and no longer put up with clunky interactions. If it takes an airman 30 or more seconds to get to email because of all the internal firewalls that need to be traversed, or if an application that was used yesterday can’t be accessed today because a server was swapped out and the configuration changed, then working on the network becomes just an exercise in frustration.

“We’re so focused on security we forget that airmen are not going to use what we provide because it’s so locked down with security that it’s unusable,” said King. “We have to balance security with end user experience. We’ve been so focused on security we’ve forgotten about what airmen are experiencing.

At the same time, the Air Force network has been neglected through years of underinvestment. “It’s time to invest some dollars in our IT infrastructure so we can ensure that our airmen are connected the way they need to be connected to win the next war,” said King, adding that new infrastructure is needed to build the digital foundation that all future capabilities like artificial intelligence and quantum computing will ride upon. “That’s why I say this is a national security imperative.”

Building the Air Force’s Digital Infrastructure

To address all of the above, the Air Force over the last 14 months has started spending a significant amount of money on contracts that bring commercial, enterprise-wide IT services — such as Microsoft Office 365 commonly found in private-sector companies — into the military. The Air Force is funding the work through several Other Transactions Authority (OTA) contracts.

OTAs typically bypass traditional bureaucratic hurdles in the contracting process and have become the contracting vehicle de jour for rapidly prototyping information technology related technologies. A November report from the Government Accountability Office found that “obligations made on prototype other transactions nearly tripled from $1.4bn to $3.7bn” between 2016 and 2018. According to the GAO: “This contracting approach can help DOD attract companies that do not typically do business with DOD—such as commercial science and technology firms.”

In September 2018, the Air Force Life Cycle Management Center (AFLCMC), Hanscom AFB in Massachusetts, awarded AT&T and Microsoft three-year contracts worth $87m and $34m respectively for risk reduction experiments related to providing so-called Network as a Service (NaaS) capabilities.

(Commercial “as-a-service” offerings from software companies have proliferated across industry as they are designed to work specifically with a cloud computing solution. They are commonly abbreviated “aaS” with a noun preceding it, for example: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).)

The Air Force contract for NaaS is part of its larger Enterprise Information Technology as a Service (EITaaS) initiative. EITaaS is more simply referred to as Enterprise as a Service (EaaS) by the private sector. It typically entails pay-as-you-go IT services offered on cloud computing platforms that can be accessed on a worldwide basis. Many enterprise IT services are usually in the areas of business and process management.

EITaaS was a common theme throughout many of the Air Force IT Day sessions.

“Yes, Enterprise IT as a Service, OMG, please come faster,” said Kessel Run Commander Col. Enrique Oti to a laugh from the audience. “We need to get to an EITaaS future (rather than relying on dedicated circuits) if we want to be able to compete in contested and denied cyberspace.”

Kessel Run is the Air Force’s premier software development laboratory in Boston.

For the AT&T-Microsoft effort, the objective is the deployment and operation of a secure and reliable network using commercially proven products and services. This network will enable access to both classified and unclassified data and applications from Air Force facilities, as well as from mobile and remote locations. It includes base area networks, wide area networks and voice networks.

The milestone at Buckley AFB last week where an airman connected to the Internet via AT&T’s network falls under this contract.

“They can now reach the Internet from Buckley via the AT&T network; that’s huge,” said King. “It’s an enclave, by the way; the whole world is not on this network. It’s an enclave that’s part of the AT&T network.”

Buckley AFB is assigned to Air Force Space Command — now morphing into the Space Force — and counts about 92,000 active duty, National Guard, reserve and retired personnel. Now that the first airmen are using the AT&T network there, AFLCMC has received approval to extend Network as a Service capabilities to 10 percent of Buckley’s population, according to King.

In addition to Buckley, similar NaaS work is being implemented at seven other Air Force installations: Hurlburt Field, FL; Cannon AFB, NM; Maxwell AFB, Alabama; Offutt AFB, NB, Joint Base Elmendorf Richardson, AK; Pope Field, NC; Spangdahlem AB, Germany.

“These NaaS experiments will allow us to see what the commercial industry can do for us in terms of bringing the network performance we expect, while maintaining the network security we need, at a price we can afford,” said Brig. Gen. Michael Schmidt, program executive officer for Command, Control, Communications, Intelligence and Networks at Hanscom, in an Air Force news story.

AFLCMC’s second Network as a Service line of effort under EITaaS will bring end-user services to those same eight bases under a $73m, 3-year contract awarded to Unisys in February. Also referred to as a “risk reduction effort” by the Air Force, it will transition those same base facilities to a commercially provided, as-a-service approach for information technology service management, enterprise service desk, and end-user device management.

“The strategic intent is two-fold,” said Air Force Deputy Chief Information Officer William Marion, in another Air Force article. “First, improve the IT user experience and mission effectiveness of our airmen; and second, to focus less on running commodity IT services and more on our core competencies in the cyber warfighting domain.”

AFLCMC’s third OTA under its EITaaS effort is a $66m contract awarded to Accenture Federal Services this past June. This “compute and store” risk-reduction experiment, also to be conducted at the same facilities as the other two contracts, will provide hosting solutions for on-premises applications (those installed on Air Force computer hard drives) and those in the cloud. It will further provide airmen with compute and store abilities at the base level when connection to the Internet cloud is unavailable.

Going forward, the Air Force would like to begin scaling EITaaS to the rest of the Air Force. “The Air Force won’t be pushing buttons anymore; it will be our commercial industry partners doing that,” said King.

To figure out exactly how to do that, the service plans to begin issuing Requests for Information (RFIs) to industry beginning in the first quarter of 2020. (Source: Breaking Defense.com)

06 Jan 20. US Army calls for new approach to network resilience in cyberattack. The US Army Research Laboratory (ARL) has conducted a study to help improve network resilience in the event of a cyberattack.

The study was conducted in collaboration with Virginia Tech and found that adaptation is a key marker in determining network resilience amid cyberattacks.

The partnership was formed to develop network adaptation strategies that support the maintenance of services during cyberattacks.

ARL researchers stated that adopting a new approach could improve the resilience of the US Army’s computer networks when hit by a cyberattack.

US Army researcher Dr Terry Moore said: “Simply having network connectivity does not imply that a network can provide the services it needs.

“A key result of this work is showing that typical measures of performance for network resilience do not apply to mission-oriented or task-service networks. We mathematically prove that without consideration of the resources or task priority, network connectivity is not a sufficient measure for determining mission success.”

Focusing on network adaptability, the research is known as Network Adaptations Under Cascading Failures for Mission-Oriented Networks. The approach involves enabling networks to continue to perform amid component failures by incorporating changes in network structure or topology.

The research marks an initial step in the development of a network strategy that involves dynamically changing the network topology for the completion of critical missions, Moore added.

The study considered a tactical network that supports multiple tasks of different priority levels and focused on the survivability of the tasks when facing a cyberattack.

The focus was on how many tasks could be maintained in the face of component failure. Moore stated that this measure serves as a more appropriate marker in assessing resilience.

Researchers conducted a computational simulation. The study involved a scenario with limited resources for nodes.

To address the threat of sequential failure of nodes, the study suggested that new strategies could be adopted for selecting new nodes to ensure the tasks remain unaffected.

In a statement, the US Army said: “A new approach for these scenarios is adapting, or merging, a task assignment problem solutions and a resource allocation problem solutions for a mission-oriented network problem.” (Source: army-technology.com)

04 Jan 20. ‘They’re going to want bloodshed’: 5 ways Iran could retaliate in cyberspace. A U.S. airstrike that killed Qassem Soleimani, the leader of Iran’s Islamic Revolutionary Guard Corps’ elite Quds Force, could escalate the battle the two countries already have in cyberspace, experts warned Jan. 3.

The two countries were in a protracted cyber battle for most of 2019, but the death of Soleimani, one of the most influential figures in Iran and the Middle East, opens the door to a wider, more deadly, swath of retaliation.

The Iranian response, experts told Fifth Domain, will likely include cyberattacks, but almost certainly will include lethal attacks on U.S. personnel or regional allies. One expert described a response primarily reliant on cyberattacks to be the “best case scenario for the United States.”

“They’re going to want bloodshed in response for this,” said James Lewis, senior vice president and director of the technology policy program at the Center for Strategic and International Studies. He added “[turning] off the lights in Utah … isn’t going to make them feel better.”

Other experts warned of similar action.

“We should really be worried about people dying,” said Jon Bateman, a fellow in the cyber policy initiative at the Carnegie Institute for International Peace and former senior intelligence analyst for Iran at the Defense Intelligence Agency. “There’s the possibility of the outbreak of some sort of full-blown war. There’s the possibility of terrorist attacks, or covert action against U.S. officials, diplomats and troops in the region.”

Priscilla Moriuchi, director of strategic threat development at Recorded Future and former East Asia and Pacific cyberthreat expert at the National Security Agency, said that the response could “materialize in multiple scenarios.”

“Retaliatory measures could include the possible use of short-range ballistic missiles, cyber operations, bombings, and targeted assassinations,” she said. “Although Iran possesses highly capable cyber operational forces, we believe the most likely targets of cyberattacks remain U.S. and partner interests regionally.”

What could an Iranian cyber response look like?

So where do the cyber capabilities of Iran, considered by experts to be among the most capable nation-state actors, fit into a potential response?

While Iranian cyberactivity has been relatively limited to the action within the Middle East, Lewis said that the killing of Soleimani could provide an incentive to conduct operations outside the region.

“They’ve done their homework,” Lewis said. “They’ve looked at the U.S. critical infrastructure, they’ve spied on the people who make industrial control systems, so they have the capability.”

Bateman, the former assistant to Gen. Joseph Dunford, the previous chairman of the Joint Chiefs of Staff, described the Iranian cyber capabilities as being technically innovative. He laid out five possible ways the Iranians could respond in cyberspace: distributed denial of service (DDoS) attacks; data deletion; attacks on industrial control systems; information operations; and cyberespionage to enable military action.

“Iran is a creative actor in cyberspace so it’s possible they could unveil some sort of operational concept that we haven’t seen before or a new capability that hasn’t previously been demonstrated,” Bateman said.

Data deletion, or a wiper attack, is considered a primary Iranian cybertool and one it would likely deploy this time, Bateman said. In June, after Iran shot down a U.S. drone and the U.S. government was considering a response, the Department of Homeland Security warned of such attacks being aimed at U.S. infrastructure.

In 2012, Iranian actors launched such an attack against oil giant Saudi Aramco. Iranian hackers then launched the same in 2014 against the Las Vegas Sands Casino Corporation. In 2016 and 2017, Iranian actors scaled their attacks against several Saudi government entities and companies.

The most concerning use of this attack would be on a U.S. military network, Bateman said. He added that Iran hasn’t directly attacked a U.S. network, but has penetrated at least one — the Navy’s unclassified internal network back in 2013.

“This is more of a concerning operational concept because it can cause permanent damage to a network and potentially destroy physical hardware,” Bateman said.

Cyberesionage to track and target personnel for assassination or terrorist attack is another possibility.

“In 2020, an attack like that could use some sort of cyber-related intelligence to be facilitated — whether that be tracking someone’s phone to get real-time geolocation or develop a pattern of life that can then be used to target them,” Bateman said. “That’s something people should be very concerned about.”

Iranian actors have also used DDoS attacks to hurt U.S. banks starting in late 2011, though such tactics are a temporary measure that prevent the use of a network. Though it’s a less harmful attack, Bateman said that the Iranian attacks at the time were “quite technically innovative.”

Iranian actors are also thought to be behind the hacked and leaked cables of the Saudi Foreign Ministry in 2015. Iran could pursue a similar information operations route to cause public embarrassment for U.S. officials, Bateman warned.

In addition, Iran has proven its capability to penetrate industrial control systems. Last summer, Iranian cyber actors were blamed for intrusions into Bahrain’s water system. Bateman noted that while the country never publicly caused physical damage with a cyberattack, leaders warned that they could have learned from other actors that have, such as Russia’s attack on the power grid in Ukraine.

“That’s a capability that Iran has not publicly displayed, but would be conceivable for it to attempt because it’s been demonstrated by other actors and Iran has had time to learn from those operations and develop its own capabilities,” Bateman told Fifth Domain.

The news of the U.S. strike that killed Soleimani prompted Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency at Department of Homeland Security, to tweet a reminder for organizations to “brush up” on Iranian tactics, techniques, and procedures in cyberspace.

In September, Krebs, whose agency is charged with protecting U.S. critical infrastructure from cyberattacks, said that the threat from Iran remained “very active” after a summer of high tension.

As for the target that Iran chooses, it’s difficult to predict, Bateman said. Iran’s goal in such a response, he said, is to impose a psychological toll on U.S. decision makers and to demonstrate resolve.

“A cyberattack by itself cannot make up for the loss of Soleimani, so instead Iran will try to exact some sort of psychological penalty,” Bateman said. “That means that it really can choose any vulnerable target that fits that bill.”

Repercussions of a cyber response

Iran has interests in keeping the U.S. allies in Europe in the Iran nuclear deal, but a major cyberattack on the United States could upset those European nations that Iran has relied upon, Allison Peters, deputy director of the national security program at Third Way, told Fifth Domain.

“A major cyberattack on our territory, which Europeans have also faced from Russia, Iran and other countries, I think, could change their calculus,” she said. “They think Iran is really looking at Europe right now and trying to figure out what potentially its responses could be while not isolating them from Europe who’s tried to maintain the Iran deal.”

Still, with the death of a leader known for his connections to proxy groups, the cyber domain may not go far enough in terms of reassuring Iran’s network of proxy groups in the Middle East, said Daniel Byman, a senior fellow at the Brookings Institution’s Center for Middle East Policy.

A cyber response is “not going to have the same kind of cathartic, and from their point of view, deterrent effect as actual violence. So I can see it as a possibility but not as a replacement for more traditional force,” Byman said.

Cybersecurity experts from think tanks and industry released multiple statements Jan. 3 warning of the potential for a significant uptick in cyberactivity from Iran. But the threat is likely to be a combination of cyberattacks and physical attacks, experts stressed.

“If Iran were to somehow primarily use cyberattacks as its form of retaliation, that would be a best case scenario for the United States,” Bateman said. “If Iran … used every [cyber] capability in its toolkit, we should count ourselves quite lucky.” (Source: Fifth Domain)

————————————————————————-

Spectra Group Plc

Spectra Group (UK) Ltd, internationally renowned award-winning information security and communications specialist with a proven record of accomplishment. Spectra is a dynamic, agile and security-accredited organisation that offers secure Hosted and Managed Solutions and Cyber Advisory Services with a track record of delivering on time, to spec and on budget.

With over 15 years of experience in delivering solutions for governments around the globe, elite militaries and private enterprises of all sizes, Spectra’s platinum and gold-level partnerships with third-party vendors ensure the supply of best value leading-edge technology.

Spectra was awarded the prestigious Queen’s Award for Enterprise (Innovation) in 2019 for SlingShot.

In November 2017, Spectra Group (UK) Ltd announced its listing as a Top 100 Government SME Supplier by the UK Crown Commercial Services.

Spectra’s CEO, Simon Davies, was awarded 2017 Businessman of the Year by Battlespace magazine.

Founded in 2002, the Company is based in Hereford, UK and holds ISO 9001:2015, ISO 27001:2013 and Cyber Essentials Plus accreditation.

————————————————————————-

Back to article list