Sponsored by Spectra Group
16 Apr 20. Crystal Group, a leading designer and manufacturer of rugged computer and electronic hardware, announced today the National Information Assurance Partnership (NIAP) Common Criteria certification of its rugged firewall. Achieving NIAP approval represents a significant milestone in tactical cybersecurity proving the firewall’s effective layer of protection for networked communications in multiple harsh domains.
The RCS5516FW purpose-built, VPN-capable firewall provides both rugged and critical cybersecurity defense needed for seamless, high-performance networking in unpredictable forward-deployed environments. Built to withstand extreme temperatures, moisture, shock, vibration and other challenging conditions, the NIAP-certified solution provides unmatched versatility, industry-leading technology and reliable protection of critical networks in a rugged form factor.
“Crystal Group’s rugged firewall is supply chain-secure, made in the U.S. and safeguards against malicious tampering. As our nation’s warfighters defend homeland security, this firewall safeguards the networks they rely on for situational awareness, missile defense and countless other mission critical functions,” said Todd Prouty, business development manager at Crystal Group. “We’re proud to have reached the NIAP milestone in our ongoing commitment to provide our soldiers, sailors, airmen and Marines with advanced cyber-secure capabilities.”
Crystal Group is a long-trusted and designated mission-essential partner of the U.S. Department of Defense and other U.S. government entities. Crystal Group’s offerings, which also include an optional NIAP-certified IPsec module on their RCS7450 rugged switch, are employed across hundreds of defense programs and countless applications supporting critical infrastructure, transportation and other key U.S. industries and sectors.
NIAP, established by the National Security Agency and the National Institute of Standards and Technology, is the governing U.S. body within the Common Criteria Recognition Arrangement (CCRA), a 31-country consortium serving as the most widely recognized, global standard for IT security.
16 Apr 20. USAF advances electronic warfare testing of EPAWSS suite for F-15. The US Air Force (USAF) is progressing electronic warfare (EW) testing of the Eagle Passive/Active Warning and Survivability System (EPAWSS) upgrade for the Boeing F-15 combat aircraft, it announced on 14 April. An F-15E Strike Eagle fitted with the BAE Systems EPAWSS electronic defensive aids system began the first phase of critical EW testing at the Benefield Anechoic Facility (BAF) on Edwards Air Force Base (AFB), California, in May 2019. Testing is currently continuing at the same facility, the air force said.
“The ongoing tests are required to collect the data to establish the integration of the EPAWSS radar and missile warning capabilities and the electronic countermeasures (ECM) onto the F-15E platform,” Ed Sabat, Project Development Lead and Civilian Director of Operations with the 772nd Test Squadron was quoted as saying. (Source: Jane’s)
15 Apr 20. Statement on the DOD IG Report on JEDI Cloud Procurement. The Inspector’s General final report on the JEDI Cloud procurement confirms that the Department of Defense conducted the JEDI Cloud procurement process fairly and in accordance with law. The IG’s team found that there was no influence by the White House or DOD leadership on the career source selection boards who made the ultimate vendor selection. This report should finally close the door on corporate-driven attacks on the career procurement officials who have been working tirelessly to get the much needed JEDI Cloud computing environment into the hands of our frontline warfighters while continuing to protect American taxpayers. (Source: US DoD)
14 Apr 20. Netography Awarded AFWERX Small Business Innovation Research Grant from the U.S. DoD and Air Force. Grant paves the way for future collaboration with the Department of Defense organizations. Netography today announced that it has been awarded an AFWERX Phase 1 Small Business Innovation Research (SBIR) grant from the U.S. Department of Defense (DOD) and Air Force. The grant acts as a green light for Netography to partner with entities from within the DoD, to provide cross-network visibility for both cloud and on-premises environments through the Netography Security Platform, a SaaS solution.
“This grant speaks to Netography’s ability to provide a broad set of both private and government entities with shared visibility and traffic analysis across their network, that enables real-time detection and remediation,” said Barrett Lyon, co-founder and CEO, Netography. “We provide a powerful but light-weight SaaS solution that quickly ingests telemetry to detect and automatically remediate threats in real-time, and we’re excited about the opportunity to extend those capabilities to the Department of Defense.”
With the current challenges today and more end-users in remote locations, keeping the perimeter secure is more critical than ever. Netography’s capabilities can also extend to keeping an organization’s VPN secure. By monitoring VPNs, Netography can quickly detect any anomalies or known threats that might be present on the network as a result of using the VPN. The Netography rules-engine quickly applies one of the many out-of-the-box algorithms or a custom algorithm and remediates the security incident. Simultaneously, the platform also engages with the correct personnel to alert of actions taken or acts as an extended portion of the team by carrying out any instructions given to mitigate threats.
Netography’s extensive experience in network security has given the team a first-hand view of how legacy security solutions cannot protect dynamically and are limited in the kinds of attacks they can detect and stop. “There is a commonality with both enterprises and government entities, both need to deliver real-time protection against millions of network-based threats across the entire infrastructure; both on-premises and in the cloud,” said Lyon. Network and security teams can have shared visibility into their security posture and effectiveness of their security controls at any and every point in time. Netography’s high-performance processing power means that complex algorithms are running in real-time, and automatic remediation translates into a significant reduction in mean-time-to-repair. And, with a single-pane view of traffic flow and global assets across an entire network, organizations gain full network visibility of cloud and on-premises devices with minimal effort.
In 2018, AFWERX, the Air Force Research Lab (AFRL), and the National Security Innovation Network (NSIN), partnered to create “Open Topic” in an attempt to speed up the SBIR application experience, broaden the pool of potential applicants and decrease bureaucratic overhead. The result has been a shorter application process, an accelerated contract award, and a shorter period of performance. Since the introduction of the Open Topic in late 2018, the program has awarded more than 900 contracts worth a combined total of approximately $220m. (Source: BUSINESS WIRE)
13 Apr 20. JADC2 Needs To Change Course: More C2, Less Comms. Unless DoD puts the C2 back into JADC2, the multi-billion dollar effort meant to transform how America fights may well create the kind of brittle, centralized hierarchy the U.S. military is supposed to avoid.
The U.S. military is pursuing a new concept for managing operations called Joint All-Domain Command and Control. JADC2 seeks interoperability between every sensor, shooter, and command element in U.S and allied forces–essentially a military Internet-of-Things.
The goal of JADC2 is to help commanders to make faster decisions and better integrate actions across domains by accessing any ship, plane, satellite, or troop formation anywhere. In practice, however, JADC2’s current emphasis on communications over command and control could result in more hierarchical organizations, less creativity and initiative, and unrealistic communication demands for the contested electromagnetic environments facing U.S. forces in any conflict against the Chinese or Russian militaries.
Should C2 Be A Dictatorship Or A Democracy?
The inclination of militaries — and governments — toward highly-networked centralized control is understandable. With pervasive visibility into a military force or society and enough computing power, a leader’s planning staff could orchestrate activities to optimize the use of resources and achieve results. This approach could also stifle innovation and eliminate the flexibility to adapt when equipment fails or communications lost.
Drones An “Immediate Threat” – DoD Plans Rapid Acquisition of Counter-UAS Systems
When the Chinese government reported on March 19 that there were no new locally transmitted infections of COVID-19, much of the world looked on in envy. It was a remarkable turn of events from just a few weeks earlier, when 20,000 new cases of the disease were recorded in only 3 days. Some observers wondered whether this success is the ultimate argument for centralized control: after initially trying to protect the party and its image, the national government of China responded quickly and dramatically, locking down the entire province of Hubei to contain COVID-19’s spread.
We aren’t talking about clunky Soviet centralized planning, here, with its bread lines and autarky. China’s approach merges market forces and trade with country-wide information systems and predictive models to assess society and the economy in real time to an extent the Soviet State Planning Commission, or Gosplan, could only dream of.
Soviet planning promised the efficiency of centralized control. With supply perfectly matched to demand, the system could eliminate unemployment, inflation, and even the need for money itself. Obviously, this didn’t quite work out as theorized. Soviet planners lacked communications to closely monitor the economy across six far-flung republics. Even the Soviet invention of linear programming couldn’t provide detailed enough predictions to account for the local variations of the real world.
But what if the underlying assumptions changed? What if China could build a better machine, a “Gosplan with Chinese characteristics” which could take advantage of all the past century’s technological advances? Artificial intelligence algorithms, especially those for deep learning, thrive in the enormous datasets fed by the distributed sensor networks that cover China, from cell phones to street corner cameras to instrumentation of internet traffic.
This explains why China sees the race for artificial intelligence as existential, with Xi himself leading the charge to incorporate AI into academic, industrial, and socio-economic endeavors across China. For Xi’s vision to be realized, his government must deploy a pervasive sensor network to feed data-hungry AI that would make sense of the incomprehensible number and diversity of human activities. If this model works, the argument goes, the Chinese government could achieve unity of effort, its citizens will prosper, and its economy and power will grow. It is a compelling story.
“[T]he trend is that a larger percentage of our work will be able to be accomplished using commercial systems than in the past,” says Gauthier.
Yuval Harari concisely paints the contrast between forms of government as information processing systems: “Democracy distributes the power to process information and make decisions among many people and institutions, whereas dictatorship concentrates information and power in one place. “
A similar comparison can be made in military command and control. Given that sensors, computing, and artificial intelligence are becoming ubiquitous, what is the best architecture for their arrangement? Should data be kept within a “castle wall” and flow only to centralized decision-makers? Or should technology be diffused among the ranks, allowing for information-enriched distributed autonomous decision making?
The tragic progression of the COVID-19 pandemic creates a sort of natural experiment to assess these two information models.
After initially downplaying or covering up the crisis to protect its image, China centrally directed an unprecedented lockdown on 23 January, and ultimately drove its new community infection reports down to zero. Although its tests and data reporting may have been unreliable, China’s population was quickly instrumented in multiple ways to support pandemic control, with potentially-infected persons locations reported to government officials.
The centralized model’s vulnerability, however, is that it depends utterly on the perceptiveness, intentions, and foresight of the central decision maker. Even the best AI-enabled decision support tools will guess wrong sometimes, and the likelihood of a bad prediction rises exponentially when an opponent denies or manipulates incoming information. As we have seen in China, centralized decision-making may have resulted in many more deaths due to COVID-19 than has been publicly reported due to poor policy choices and information suppression.
In contrast, the U.S. model decentralizes information generation and use. In the case of COVID-19, we swim in a sea of information and disinformation, with algorithmically mediated social media providing news about the outbreak and disinformation like the case of the purported cocaine cures. Public officials both warn about the severity of the disease and deny its severity, a sort of mixed messaging that would be unthinkable in China.
As a result, early American action against the virus was largely decentralized, with businesses and local governments being the first to act. It reduces unity of effort, but the American model also enables this variety of organizations and actors to improvise innovative approaches including 15-minute point-of-care COVID-19 tests, distributed home tests, genomic monitoring, improvised emergency ventilators, or private industry analysis of social distancing.
Putting The C2 Back in JADC2
The centralized model of decision-making exemplified by China’s management of COVID-19 is also attractive to militaries. A commander could gain enormous advantage by rolling back the fog of war, carefully optimizing plans, and decisively implementing control across the battlespace. This was the aspiration of Net-Centric Warfare during the 1990s.
The U.S. military backed away from Net-Centric Warfare after it became clear the sensing and connectivity required for battlefield omniscience and control wasn’t possible with the funding or technology we had then. The human dimension of warfare also challenged attempts to optimize military operations through networking. As H.R. McMaster noted, even as technology provides improved visibility, “new forms of uncertainty emerge.” War’s fog and friction endures.
Air Force and Army leaders’ public comments on JADC2 could be interpreted as Net-Centric Warfare 2.0, with every sensor, shooter, and commander connected through improved communications links. The highly-networked force would then be able to optimize operations across a theater.
Despite advancements since the 1990s in information processing, AI and mobile communications, JADC2 could still succumb to the same friction, fog, and unpredictability that scuttled Net-Centric Warfare. Throw in world-class Chinese and Russian electronic warfare and JADC2 may end up being a modest improvement in connectivity rather than a game-changing revolution in military operations.
An alternate approach to JADC2 would increase its emphasis on command and control, instead of the current focus on communications. Instead of pouring scarce funding into a potentially-doomed effort to continuously connect every element of the U.S. military, JADC2 should provide a framework for distributing C2 capabilities to a broad set of users. In doing so, JADC2 could balance inevitable communication shortfalls with better local planning and predictive tools. Conversely, greater connectivity–when possible–between commanders, sensors, and shooters could mitigate limitations of C2 tools in modeling and simulation or data engineering.
In this alternative JADC2 model, instead of pursuing optimized theater-wide control, U.S. forces would use the greater interoperability provided by new datalinks, gateways, or on-demand translation to become more adaptable or recomposable, as in DARPA’s concept for Mosaic Warfare. Local commanders could exploit their forces’ adaptability to create dilemmas for the enemy using new C2 and decision-support tools, episodically aligning their efforts when theater-wide communications are available.
Making Mission Command Real
U.S. military leaders argue mission command gives American forces an edge over their adversaries by encouraging subordinate commanders to use their creativity and initiative to improvise new plans and tactics when communications are lost with central headquarters. In a contested electromagnetic environment, U.S. forces using mission command would theoretically be able to adapt and win against a force relying on centralized control.
As U.S. forces become more distributed, introduce more unmanned systems, and work across domains, individual commanders won’t be able to build plans on the fly without access to the planning staffs of central headquarters. JADC2 could overcome this challenge by giving commanders a combination of improved interoperability and decision-support tools, some of which are already in development.
There are clear lessons in the COVID-19 crisis for the architects of our military warfighting and decision-making systems. We should not copy the Chinese approach of feeding all data into a central decision-making apparatus, with its dependence on brittle, artificial intelligence techniques and fallible central decision-makers.
Instead of inadvertently creating hierarchical, centralized control, JADC2 should pursue widely distributed C2. Although, as in the COVID-19 response, centralized control may win a battle, the ability of forces using distributed C2 and mission command to adapt and learn are more likely to win the war. (Source: Breaking Defense.com)
14 Apr 20. Watchdog finds the Pentagon is behind on several cybersecurity initiatives. The Department of Defense is behind on several internal cybersecurity initiatives, years after some were expected to be completed, Congress’ watchdog agency has found.
An April 13 report from Government Accountability Office report, titled “DOD Needs to Take Decisive Actions to Improve Cyber Hygiene,” warned that the Pentagon faces increased cybersecurity risk because the department hasn’t implemented basic cybersecurity practices.
“Overall, until DOD completes its cyber hygiene initiatives and ensures that cyber practices are implemented, the department will face an enhanced risk of successful attack,” GAO officials wrote.
The watchdog evaluated three Pentagon initiatives: DOD Cybersecurity Culture and Compliance Initiative (DC3I), Cybersecurity Discipline Implementation Plan (CDIP), and cyber awareness training.
The DC3I initiative, which is aimed at boosting cyber training and integrating cyber into operational exercises, included 11 tasks that were expected to be implemented at the end of fiscal 2016. However, the GAO found that seven of those tasks are not yet complete. For example, as of October, some defense organizations haven’t received two cybersecurity training briefs created by U.S. Cyber Command for leadership training that would’ve provided important cybersecurity information, according to the report,
If these documents had been provided, “they may have learned, among other things, how to understand, assess, and interpret cyber-reportable events and incidents and how they affect military operations,” the GAO wrote.
The report also found that the seven remaining DC3I initiatives weren’t completed because the DoD’s Chief Information Officer’s office didn’t take steps to ensure their implementation. Leaders from the Pentagon’s CIO office told the GAO that they weren’t aware of this responsibility, although it has been tasked with the duty since December 2016.
“If DOD CIO does not take appropriate steps to ensure that the DC3I tasks are implemented, the department risks compromising the confidentiality, integrity, and availability of mission-critical information as a result of human error by users on the department’s networks,” GAO officials wrote.
Details about the status of several pieces of the DoD’s Cybersecurity Discipline Implementation Plan, an initiative with 17 tasks focused on eliminating preventable vulnerabilities from Pentagon networks, are murky. Four of the 10 tasks led by the CIO’s office remain incomplete. However, the status of seven others are unknown because “no DOD entity has been designated to report on the progress,” the report said.
Some tasks that lack a lead for implementation include basic cybersecurity hygiene capabilities include disabling links in emails and ensuring cyber incident response plans are documented and properly exercised. As for the four tasks the DoD CIO office didn’t complete, officials told the GAO the tasks are difficult to implement because of the old IT system used by DoD components.
The Defense Department also hasn’t fully adopted its 2018 Cyber Awareness Challenge Training, a program meant to teach the DoD workforce best cybersecurity practices, the report said. However, the DoD found that several components across the department didn’t collect information on the completion rate of the training.
For example, the Army couldn’t provide data on the number of users who had completed the training. Meanwhile, six components, including the Navy, Air Force, Marine Corps and European Command, didn’t collect information on who hadn’t completed the training. Navy officials told GAO that they didn’t see the value in collecting and reporting data to its headquarters.
The GAO also wrote that eight of 16 components evaluated didn’t know how many users had their network access revoked because they hadn’t completed the training.
“If the DOD component heads do not ensure that their respective components accurately monitor and report information on the extent that users have completed the Cyber Awareness Challenge training—as well as have access revoked for not completing the training—the components may be unable to ensure that DOD users are trained in the steps needed to address cybersecurity threats to the department,” GAO wrote.
The department has also identified the 177 cyberattack techniques used by adversaries, prioritized them by level of risk and released cyber hygiene practices to mitigate the most frequent attacks. However, the department doesn’t know the extent to which they are used.
“No component or office within the department has complete visibility of the department’s efforts to implement these protective practices across the department,” the GAO found.
The GAO made seven recommendations to the department, ranging from ensuring that the three cybersecurity initiatives are completed to accurate monitoring and tracking of implementation of different aspects of cyber hygiene.
The department fully agreed with just one recommendation – that all components be required to take the Cyber Awareness Challenge training. (Source: Defense News)
14 Apr 20. DoD approves functionality of equipment for second stage of Australian Army’s Currawong battlespace communications system. The functionality of the equipment involved in the second of three major releases for Boeing Defence Australia’s (BDA’s) Currawong battlespace communications system has been officially approved by Australia’s Department of Defence (DoD), the company announced on 14 April. Developed under Project 2072 Phase 2B and an AUD665m (US399m) acquisition contract signed by BDA in September 2015, Currawong aims to provide fast, reliable, and secure wideband voice, data and video services over wireless and wired infrastructure between headquarters and land-based Australian Defence Force (ADF) units deployed globally. Delivery of ‘Release 1’, providing the modular core black data network within man-portable units, was completed in April 2019. (Source: Jane’s)
Spectra Group Plc
Spectra Group (UK) Ltd, internationally renowned award-winning information security and communications specialist with a proven record of accomplishment.
Spectra is a dynamic, agile and security-accredited organisation that offers secure Hosted and Managed Solutions and Cyber Advisory Services with a track record of delivering on time, to spec and on budget.
With over 15 years of experience in delivering solutions for governments around the globe, elite militaries and private enterprises of all sizes, Spectra’s platinum and gold-level partnerships with third-party vendors ensure the supply of best value leading-edge technology.
Spectra was awarded the prestigious Queen’s Award for Enterprise (Innovation) in 2019 for SlingShot.
In November 2017, Spectra Group (UK) Ltd announced its listing as a Top 100 Government SME Supplier by the UK Crown Commercial Services.
Spectra’s CEO, Simon Davies, was awarded 2017 Businessman of the Year by Battlespace magazine.
Founded in 2002, the Company is based in Hereford, UK and holds ISO 9001:2015, ISO 27001:2013 and Cyber Essentials Plus accreditation.