NATO Communications Have a Need for Speed
Disparate groups and methods that move at different paces must synchronize for swiftness.
The global onslaught of new information technology is forcing NATO members to find ways of helping the alliance build a supporting infostructure comprising innovative technologies and capabilities. But acquisition constraints, which can be serious barriers in individual countries, are even more complicated for a security alliance composed of 28 governments.
Partnering with industry has been a go-to method for NATO, but now it is heavily emphasizing this approach. Leaders of active member nations say it is the best hope for speeding up the acquisition of information technologies that serve both alliance and member needs.
NATO faces two significant challenges in cooperative information technology acquisition, says Maj. Gen. Koen Gijsbers, RNLA (Ret.), general manager of the NATO Communications and Information (NCI) Agency. The first is for industry to realize that the one-size-fits-all approach is not the best solution for NATO procurement. Information technology programs, along with other major acquisitions, move at different speeds, he points out. Infostructure programs can take four to six years to come to fruition, during which newer technologies can appear. Application programs take one to three years, and cyber acquisitions take three to six months.
NATO’s procurement process works well for larger infrastructure projects, for which speed is less of a critical factor, Gijsbers offers. However, cyber innovation requires faster acquisition methods. New necessary steps emerge constantly, and the alliance not only must have the money but also a process to act quickly, he says.
The second challenge is to ensure that industry builds in interoperability. Describing this period of time as ideal for tackling this matter, Gijsbers notes that NATO is moving hand in hand with the United States toward federated mission networking. Both NATO and its largest contributor use the same standards in their collaboration, and both must demand solutions that fit those standards and are plug-and-play from the start: “born interoperable,” he emphasizes.
In an operation, NATO brings only 10 percent of the necessary capability, Gijsbers continues. Other nations bring the remaining 90 percent. These nations must find ways to ensure that their information technology equipment can talk to one another. “Unfortunately, many defense industry solutions from different nations don’t talk to each other,” he shares. “Some in industry believe that if they build something that doesn’t talk to something else, then they sell more. I think that’s the wrong approach.”
At any given time, NATO works on three different information architectures—the current one, the next one and the future one. The next one is the architecture the alliance relies on for exercises to ready the NATO Response Force rotation. The future one lets the alliance try out new technology. Ultimately, NATO needs to develop incentives for industry to build in interoperability, Gijsbers says.
The alliance must work with industry to find ways of expediting the solutions it needs, particularly in cyber, he states. NATO experienced a 60 percent increase in cyber attacks in 2016 over the previous year, and it must defend a growing number of networks. One is the network of the NATO ballistic missile defense system, which attained initial operational capability last July.
The alliance also is examining smarter processes and procedures for faster delivery of industry products. A high-level group is focusing on this issue for cyber, and its report is expected this year, Gijsbers notes. The NCI Agency and RAND have worked on a study of best practices for cyber capability acquisition, and Allied Command Transformation (ACT) is examining cyber procurement with an eye toward rapidly implementing innovative solutions.
Gijsbers says he hopes member nations increase their efforts to share best practices with NATO, citing the Defense Innovation Unit Experimental (DIUx) in the United States as a model. This concept works well in an environment characterized by a concentration of innovative companies, which Europe lacks, he adds. The United Kingdom is trying to rectify this situation by bringing together different businesses in a hybrid cloud-based solution to serve the defense community.
NATO is looking at how other nations address these types of challenges as well. Many could share best practices to benefit the alliance, Gijsbers says. Although these practices would need to be translated to NATO-specific situations, “If a nation has done it, NATO can follow rather quickly,” he states.
Nations coming together on such an effort can produce positive results. Gijsbers cites the newest Multi-intelligence All-source Joint Intelligence, Surveillance and Reconnaissance Interoperability Coalition (MAJIIC) project as an example of how a multinational, secure cloud-based environment allows sensor data sharing among countries. NATO and individual nations such as the United States, the United Kingdom and France use this capability. All the MAJIIC nations agreed to hand over knowledge gleaned from the endeavor to the rest of NATO as a contribution in kind.
In a slightly different approach, the Multinational Cyber Defense Capability Development (MN CD2) program began with five nations and added partner countries along the way. All agreed to provide technology support while bringing their own national industries into the effort to develop work packages improving cybersecurity in each country. Participants could choose to share these packages with NATO. The program has developed several tools they can use collaboratively, and they can share system and incident information among themselves. Gijsbers explains that this small group has established MN CD2 capabilities that also can be shared with the wider group of alliance nations.
“In the more innovative areas, it is quite useful to have a group of nations with a similar challenge: to work together and be willing to move further,” he states.
NATO member nations themselves can help promote change within the alliance. Secretary General Jens Stoltenberg has asked a group of experts to examine the acquisition process for capability development as member nations have called for the process to be re-evaluated.
NATO’s acquisition processes can be cumbersome if many national and commercial interests are at stake, Gijsbers allows. He notes that exceptions can be made for operational necessity, in which case rapid acquisition and implementation can occur. Nonetheless, the alliance must not only improve internal processes but also engage with industry early to aid its ability to deliver innovative solutions. Many national defense departments or ministries tend to overstate their requirements, which in turn stifles industry innovation. “It is more difficult if you have to accommodate the industries of 28 nations because [the nations] all want to see some of the money they put into NATO come back into their national economies,” he admits.
Gijsbers lauds NCI Agency conferences with industry, such as the AFCEA/NITEC17 event this month in Ottawa. It includes an innovation challenge that seeks proposals from industry as well as academia. This challenge focuses on cyber, analytics, visualization and sensors, taking into account the Internet of Things. Winners are being announced at the conference, he adds.
In an innovation challenge two years ago, the University of Bologna in Italy contributed an approach allowing accreditation of cellphones in restricted domain networks. This technology was not available commercially at the time, and the conference at which it was unveiled enabled NATO officials to urge industry and the university to work together to bring it to market. Connecting academia and industry to generate useful capabilities over the next two to four years is a goal of both the challenges and the conferences, Gijsbers emphasizes.
While the NCI Agency has worked with industry for some time, it is exploring efforts with academia to look beyond what the commercial sector offers. “Academia can bring us the one generation immediately after what industry delivers,” Gijsbers says. “With one generation, I am not thinking about 10 to 20 years, but two to four years: what the next generation of solutions will be.”
Several major communications and information systems projects already are in the works. This year, the NCI Agency will be awarding a large satellite contract, and the agency may support that with a long-range wireless communication capability at a lower cost than traditional wireless services. The goal is to complement advanced military communications with low-cost satellite services for remote operations in areas where normal satellite links are not fully developed, such as polar regions.
Other technologies the NCI Agency is pursuing include service management and control; automation and analytics; big data; business intelligence; and software-defined networks. A deployable and scalable infrastructure in areas lacking it is a long-standing need that is increasingly important.
Many of these advances are linked to developments in the cloud, Gijsbers allows. NATO is deploying cloud technology in its information technology modernization program, and the alliance needs secure voice and data communication that runs over the cloud environment, he says.
The alliance, with its growing dependence on commercial products, also needs a sure way to accredit software security. Most of these industry offerings do not face the high demands for security placed on military uses, Gijsbers notes, but NATO wants to stimulate academia and industry to focus on this issue.
“We are looking at using commercial solutions in the defense domain, but with a higher level of security,” he states. “Adding on security allows us to leverage commercial developments and commercial innovations that are … forced by the demands of the civilian society but are usable in the defense domain.”
Ultimately, the alliance must wrestle with a challenge many national departments confront: how much to outsource to industry. Outsourcing information technology services will require mandating correct controls, Gijsbers points out. One successful example is the NATO Secret-level network in Afghanistan, which has been outsourced to Thales and is still operated by that firm. The company will innovate service throughout the network’s life cycle, which NATO never could have done on its own, he declares.
Members of the alliance must be open-minded about both private and commercial cloud solutions, but they also must balance those approaches with necessary security. One option under consideration is to put NATO’s defense operations network for developing software solutions in the public cloud because no classified data is involved. This would enable industry collaboration in pursuit of solutions, Gijsbers attests.