Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars
AFCEA logo
 

Cyber

Advanced Capabilities Required for Future Navy Warfighting

April 4, 2013
By Robert K. Ackerman

Future conflicts likely will be fought in degraded information technology environments, which will require the U.S. Navy to develop and exploit new capabilities to continue to operate in contested cyberspace. Technologies such as a flexible information grid, assured timing services and directed energy weapons must be part of the naval information system arsenal if the sea service is to maintain information dominance through the year 2028.

These were just a few of the findings presented in the Navy’s Information Dominance Roadmap 2013-2028, which was released in late March. Presented by Rear Adm. William E. Leigher, USN, the Navy’s director of warfighter integration, the report outlines the growing challenges facing the fleet and how the Navy must meet them.

The report divides information dominance challenges into three areas: assured command and control (C2), battlespace awareness and integrated fires. While the United States will continue to maintain supremacy in those areas, that supremacy is shrinking as more nations are closing the gap between U.S. capabilities and the ability to disrupt them.

Among the advanced capabilities the Navy will require toward the end of the next decade is assured electromagnetic spectrum access. Achieving this will entail fielding greater numbers of advanced line-of-sight communication systems; being able to monitor combat system operational status and adjust it using automated services; having a real-time spectrum operations capability that enables dynamic monitoring and control of spectrum emissions; and generating a common operational picture of the spectrum that is linked to electronic navigation charts and displays operational restrictions.

The Continuing Journey to Fully Effective IT Acquisition and Management

April 1, 2013
By Kent R. Schneider

Those of us who have been involved with government information technology (IT) for some time clearly remember the many efforts to improve IT acquisition. All certainly remember Vivek Kundra’s IT Management Reform Program, the 25-point plan. Most would agree that progress has been made, but some would argue—correctly I believe—that work remains to be done.

The U.S. House Oversight and Government Reform Committee, chaired by Rep. Darrell Issa (R-CA), posted a draft federal IT acquisition reform act on its website last fall. As part of the review and revision process for this bill, the committee invited comments from a broad set of sources. It asked the Government Accountability Office (GAO) to study progress and issues related to IT acquisition and management, and it also held several hearings. Testimony at the most recent hearing, held February 27, revealed progress and disappointments.

The GAO report, delivered to the House committee on January 22, argues that billions of dollars are being wasted in execution of the nearly $80 billion annual unclassified federal IT budget. Most of this waste comes either from unneeded duplication in federal programs, systems and infrastructure, or from failed or ineffective federal IT programs.

While many reasons may exist for the duplications and failures, lack of effective communication seems to be at the heart of the problems. Government managers are not talking to each other, which results in stovepipes along organizational or functional lines. Government and industry are not communicating effectively, resulting in suboptimum outcomes and, often, yesterday’s solution. Do you remember the “Myth Busting Campaign” that Dan Gordon set up when he was administrator of the Office of Federal Procurement Policy? That was all about separating the real obstacles to effective procurements from those imagined by the legal and other communities. The GAO report separates some of that fact from fiction.

Consolidation Is 
the Course for Army 
Electronic Warfare

April 1, 2013
By Robert K. Ackerman

Melding the disciplines of spectrum combat will enable greater flexibility and more capabilities.

The growth in battlefield electronics has spurred a corresponding growth in electronic warfare. In the same manner that innovative technologies have spawned new capabilities, electronic warfare is becoming more complex as planners look to incorporate new systems into the battlespace.

No longer can electronic warfare (EW) function exclusively in its own domain. The growth of cyber operations has led to an overlap into traditional EW areas. EW activities for countering remote-controlled improvised explosive devices (IEDs) in Southwest Asia led to an increased emphasis on EW defense and offense. It also exposed the problem of signal fratricide when those EW operations interfered with allied communication.

The U.S. Army sped many systems into theater, and now it is working to coordinate those technologies into a more organized capability. The effort focuses on an integrated EW approach that will reconcile many of the existing conflicts and clear the way for more widespread use of EW in future conflicts.

“The Army definitely has wrapped its arms around the importance of EW,” declares Col. Joe DuPont, USA, project manager for electronic warfare at the Program Executive Office (PEO) Intelligence Electronic Warfare and Sensors (IEWS), Aberdeen Proving Ground, Maryland.

The majority of the Army’s EW assets currently come from quick reaction capabilities (QRCs) that have been fielded over the past decade; these capabilities are attack, support and protection. The requirements largely came from theater, and the next systems due for fielding reflect those requests.

Corps
 Blazes 
Ahead With Cloud Computing

April 1, 2013
By Rita Boland

As they put the necessary pieces in place, Marines are mindful of tight resources and are seeking help from industry.

For the past year, U.S. Marine Corps technical personnel have been implementing a strategy to develop a private cloud. The initiative supports the vision of the commandant while seeking to offer better services to troops in disadvantaged areas of the battlefield.

As part of this effort, members of the Headquarters Marine Corps (HQMC) Command, Control, Communications and Computers (C4) Department are working on enterprise licensing agreements with multiple vendors to achieve economies of scale. They also are examining thinning the environment as an element of infrastructure as a service, and they are exploring how an enterprise services support desk would support a cloud environment during the transition from a continuity of services contract to a government-owned, government-operated scenario. In place is a 600-day transition plan to help move from the former to the latter. Robert Anderson, chief, Vision and Strategy Division, HQMC C4, explains that the May 2012 “Marine Corps Private Cloud Computing Environment Strategy” serves as the driving document for the transition, and now Marines are trying to reach the point where they execute the requirements outlined in the paper. “There are multiple pieces that have to occur for this to happen,” he states. Personnel are working on follow-up documents now, including a mobility strategy and a five-year transition plan scheduled for release in June. The latter lays out the next steps for the cloud environment.

DISA Lays Groundwork for Commercial Cloud Computing Contract

March 26, 2013
By Max Cacas

One of the U.S. Defense Department’s top information technology officials says work is beginning on a multiaward contract for commercial cloud computing services, but the official says he has no timeline or total value for the business.

Cyber Investigators Analyze South Korea Malware

March 25, 2013

The malware that infiltrated computer systems across South Korea’s banking and television broadcast industries on March 20 shares similarities with the Shamoon program used last year to wipe clean the hard drives of 30,000 Saudi Aramco workstations, according to experts at General Dynamics Fidelis Cybersecurity Solutions. Investigators at the company’s newly-opened cyber forensics laboratory in Columbia, Maryland, say the malware is not a Shamoon variant, but that the two programs share some characteristics.

Company officials acknowledge the speculation that North Korea launched the attacks but did not comment on the program’s origin. It is not unusual, they say, for a criminal group or nation to use malware that deliberately mimics attacks used by others. Doing so, of course, casts suspicion elsewhere, helping to mask the malware’s true origins. “A number of commercial firms were hit with a somewhat similar attack. It was not Shamoon. But the techniques were somewhat similar,” says Jim Jaeger, the company’s vice president of cybersecurity services.

Cyber lab personnel identified the South Korea malware as “239ed75323.exe,” a malicious file capable of wiping data in disk drives. One of the areas it targets is the disk’s master boot record, without which a computer cannot load its operating system. The program writes a pattern to the disk that repeats the word “HASTATI.” Hastati is an apparent reference to a class of infantry in the armies of the early Roman Republic that originally fought as spearmen and later as swordsmen. The malware did not overwrite the entire disk, so some data can be recovered. The cyber lab experts posted their initial findings in a blog the day after the attacks.

 

Nuclear Agency's Cloud Computing Plan Comes Together

March 20, 2013
By George I. Seffers

The U.S. National Nuclear Security Administration (NNSA) began working on its Yourcloud solution about two years ago and expects to have the cloud computing solution in place by year's end. You can read more about this in "U.S. Nuclear Agency Enhances Cybersecurity With Cloud Computing
." 

One of the surprises along the way to cloud was that NNSA is not alone in the problems it needs to solve, according to Travis Howerton, NNSA chief technology officer. "When we first started putting this together, I would have thought that we were more unique than we are, but when I traveled around talking to other chief information officers and other leaders in government agencies, or even in the commercial sector, everybody's struggling with the same set of issues," Howerton observes. "In general, what surprised me is how much synergy there is in trying to solve this problem government-wide. We're happy to be part of that overall ecosystem and to share with others what we're doing that may be helpful."

Agency officials spent about a year developing a strategic plan for transformation, which includes three pillars: the NNSA Network Vision (2NV), which modernizes the current computing environment by providing a secure, mobile, agile and adaptive IT infrastructure that will allow the NNSA workforce to perform their duties from any device, anywhere, any time; the Joint Cybersecurity Coordination Center (JC3), which provides the agency a capability for understanding the health of the systems, data and network; and the Cyber Sciences Laboratory (CSL), which establishes a process through which theoretical research in IT and cybersecurity can be rapidly applied to operational computing environments.

 

 

U.S. Defense Science Board Calls for Segmented Force Cyber Defense

March 5, 2013
By Robert K. Ackerman

The United States quickly must adopt a segmented approach to its military forces to ensure that key elements can survive a comprehensive cyber attack, according to a recently released Defense Science Board (DSB) Task Force on Resilient Military Systems. This approach entails a risk reduction strategy that combines deterrence, refocused intelligence capabilities and improved cyber defense. The effort must constitute “a broad systems approach … grounded in its technical and economic feasibility” to face a cyber threat that has “potential consequences similar in some ways to the nuclear threat of the Cold War,” the DSB report says.

The report declares that the United States cannot be confident that its critical information technology systems will work under attack from sophisticated adversaries combining cyber capabilities with conventional military and intelligence assets. In particular, the Defense Department’s dependence on vulnerable information technology “is a magnet” to U.S. opponents. U.S. networks are built on “inherently insecure architectures with increasing use of foreign-built components.” The report states that the department and its contractor base already have sustained “staggering losses” of system design information representing decades of combat knowledge and experience.

No silver bullet exists to eliminate cyberthreats, the report allows. Instead, it recommends an approach analogous to that employed against U-boats in World War II. Risks are not reduced to zero, but the challenge can be contained and managed through broad systems engineering of a spectrum of techniques.

Military Moves on Mobile

March 4, 2013

Despite continued budget crunching, U.S. Defense Department officials are continuing to implement a three-phase plan to equip the department’s 600,000 mobile-device users with secure classified and protected unclassified mobile solutions that leverage commercial products. In conjunction with the Defense Information Systems Agency, the department’s chief information officer is establishing a basic multivendor mobility capability with the Defense Department for assessment. This first phase, which continues through April, deploys voice and data services over a commercial wireless network, and a contract will be awarded for the department’s initial enterprise mobile device management (MDM) and mobile application store (MAS). Phase two, which is set to last nine months, will focus on creating a security and service delivery infrastructure to support several competitive acquisition options. During the final phase, set to begin in October 2013, an operational capability will be offered to all Defense Department entities as a subscription-based service. Work is contingent on the availability of fiscal year 2013 and fiscal 2014 funding.
 

 

Change Is Challenge

March 1, 2013
George I. Seffers

Homeland Security Conference 2013 Show Daily, Day 3

Although many in government are moving as quickly as possible to adopt new technologies, such as cloud computing and mobile devices, individual agencies still face cultural challenges that sometimes prevent them from moving forward, according to officials speaking as part of the Chief Information Officer Council at the AFCEA Homeland Security conference in Washington, D.C.

Richard Spires, chief information officer for the Homeland Security Department (DHS), reminded the audience that DHS was created by joining a lot of disparate agencies, all of whom owned individual networks. While the department is working to integrate the information technology infrastructure and consolidate data centers, officials still meet some resistance at the individual agency level. “There’s still have lot of duplication and in some ways duplication is holding us back. I’d like to say we’re making progress, but I’ll let others grade us on that,” Spires said.

Other officials agreed that they meet resistance as well. Robert Carey, deputy chief information officer for the Defense Department cited a culture of change and said a constrained budget environment can be a power catalyst for action in moving toward a more centralized environment.

Cybersecurity itself can present challenges, according to Luke McCormack, chief information officer for the Justice Department. “Cyber’s hard. The individual pieces of that can be very difficult,” he said. He also cited the need to bring people together on emerging technologies, such as cloud-as-a-service, as a challenging issue.

Pages

Subscribe to RSS - Cyber