Director of Communications
Truth is, I became a writer because in high school, I couldn’t decide what I wanted to be when I grew up. I still don’t know. But I figured that, while I couldn’t commit to being a doctor or teacher for the rest of my life, I could write about doctors and teachers and cars and housework…oh, how the list goes on…and, OK, so Watergate was really big at the time.
But then, life happened. I met my husband during my first week at Marquette University and we married five years later. In 1983, we had our first of two sons, and I was fortunate enough to be able to be a stay-at-home mom. In 1992, I answered a classified ad for a publication assistant at AFCEA. I’d been out of the work force for nine years, and a “little thing” called personal computers had the nerve to move into offices while I wasn’t looking. But I couldn’t have landed in a better place. Rob Robinson, SIGNAL’s editor in chief at the time, allowed me to write for SIGNAL Magazine from time to time…and I learned. Since then, I’ve worked on a Mac at the office and a PC at home. I’ve had the opportunity to write about artificial intelligence, UAVs, satellites…oh how the list goes on.
Sometimes, people are impressed when I tell them I’m a journalist. I explain that, like most people, I hate to write…I like to have written. What I do enjoy is interviewing people who are passionate about what they do. And there are no more dedicated people in this world than members of the military.
My Recent Content:Bug Bounty Offers Big Bucks
A bug bounty program worth a total of $10 million aims at acquiring and developing active cyber-defense capabilities for some of the most popular software programs for Windows, MacOS, iOS and Android. The public program is offering payouts focusing on quality over quantity to identify and address some of the toughest problems.
Crowdfense Limited, a vulnerability research hub, is sponsoring the program. Payouts for full-chain, previously unreported, exclusive capabilities range from $500,000 to $3 million per successful submission. Partial chains will be evaluated on a case-by-case basis and rewarded proportionally. The company will only evaluate fully functional zero-day exploits affecting specific platforms and products, including Windows Chrome remote code execution, Sandbox Escape; and MacOS Safari remote code execution, Sandbox Escape.
The first researcher who submits indisputable proof of a fully working chain within the scope of the bounty program will receive a 10 percent bonus of the designated payout. Researchers also are invited to submit their original work about other products’ working vulnerabilities, which will be evaluated on a case-by-case basis.
"We work only with the best vulnerability researchers, focusing on very select capabilities with a highly structured and scientific approach," states Andrea Zapparoli Manzoni, director, Crowdfense. "Now that this originally underground practice has become a strategic high-tech industry, it is necessary to implement good business processes, checks and guarantees for all the parties involved. That is why we built Crowdfense: The market needed a neutral, reliable, law-abiding, process-driven partner to deliver top-quality active cyber-defense capabilities."
A global team of cybersecurity experts, researchers and lawyers developed the company in 2017 to work on some of the largest cyber defense challenges organizations and countries face today. The company plans to offer private challenges to selected researchers through its vulnerability research platform, which will be available later this year.
The U.S. Army is making some long-needed changes to the way it’s configuring the networks required to prepare for, conduct and win wars. With the promise of increased resources, the service plans to do more than just upgrade its information technology. Instead, it has designed a strategy that incorporates the successes of the past, adjusts where needed in the present and sets the stage for a future that takes advantage of innovative solutions.
To accomplish these tasks, Army leadership as well as soldiers who face networking challenges every day have opened up to industry during events such as the AFCEA Mission Command Industry Engagement Symposium, which took place April 3 in Kansas City, Missouri. Discussions centered around the Mission Command Network Modernization Implementation Plan, which reflects the Chief of Staff of the Army’s guidance to service leaders to synchronize, develop and deliver capabilities across doctrine, organizational structures, training, materiel, leadership, personnel, facilities and policy.
Maj. Gen. James J. Mingus, USA, director, U.S. Army Mission Command Center of Excellence, admitted that many attendees have heard about network modernization in the past and are justifiably skeptical. Although he could not speak for previous efforts, Gen. Mingus said this time will be different because of the energy and commitment of leadership. While transformation can take many forms—from process revamps to culture overhauls—the current approach aims at working hand-in-hand with the service’s units while also reaching out to industry where it makes sense to do so and ensuring ongoing progress remains as transparent as possible, the general said.
Maj. Gen. Peter Gallagher, USA, director, Network Cross-Functional Team, U.S. Army Mission Command Center of Excellence, described the primary goals of the effort. “We have to prepare the Army for war. Readiness is our number one priority, and we have to fight and win no matter where we go,” he explained. Warfighters must fight, move, shoot, communicate and protect themselves, and the network must be able to enable all of these tasks, the general added.
While creating a network that can accomplish all these tasks appears challenging in its own right, in truth the challenge is even greater. Gen. Gallagher explained that this network also must be simple, intuitive, resilient, mobile and capable of being operated and maintained by soldiers while simultaneously keeping up in a very lethal, volatile fight.
As service leaders took “a good hard look” at previous work, they determined that they have overprescribed their requirements in the past. Consequently, they determined that they don’t want to over-specify them in the future and instead give industry the leeway to put forth open solutions, he added.
Gen. Gallagher explained that the Army spends about $11 billion annually on this network of networks in four mission areas: the enterprise mission network, or Department of Defense Information Network (DODIN); defense intelligence; business mission, which generates readiness; and warfighting. All these areas are interrelated and interdependent, he stated.
“One of the main things we’re trying to accomplish in the enterprise is about establishing the joint information environment, which is about being more effective, efficient and secure," the general explained. "It’s about converging and collapsing a lot of those disparate networks; it’s about making sure we have a situational understanding and being able to see ourselves. We’ve had a very difficult time across the network with so much attack service across this enterprise network because it was built over time."
Some of the priority fixes the Army plans to make include flattening the network by getting rid of stovepipes; increasing the speed of the network; ensuring mobility; and boosting network protection. “In simple terms, we’re trying to take this complex thing that is really a network of networks that is somehow configured into a Frankenstein model that we have today, we’re trying to flatten it, we’re trying optimize it, we’re trying ensure that we adapt and buy solutions that are going to give us the marked advantage that we need, and we’re going to invest in the future in our science and technology efforts and our industry partnerships to get the network we need,” Gen. Gallagher stated.
“We haven’t made an institutional change this drastic since the ’70s,” he added.
To accomplish this task, the Army is taking a “team of teams approach.” Cross-functional teams within the service are examining how changes in one part of the network will affect other parts of the Army. The service also is teaming with academia and industry through organizations like AFCEA, Gen. Gallagher pointed out.
In the spirit of teaming, Gen. Mingus and Maj. Gen. John Morrison Jr., USA, U.S. Army Center of Excellence and Fort Gordon, tag-teamed the explanation of the implementation guidance and objectives of mission command and the networks. Paramount during the process of creating the mission command network modernization has been ensuring the ability to operate with allies around the world.
Gen. Morrison also pointed out the need to simplify systems so that soldiers pick up and learn how to use a piece of technology by following a few simple prompts instead of needing hours of training. Systems have grown too complex in part because of the number of requirements the Army has demanded in the past.
“What we have today is complexity at the edge and that’s the last thing we need,” Gen. Morrison said. Now, the Army wants the complexity of any capability to reside “behind the faceplate” within the enterprise, he stated.
This type of thinking reaches much deeper into the modernization planning. For example, network requirements were determined in great measure based on what capabilities a squad leader may need, and a niche product addressed that need. Simultaneously, requirements were being written based on the needs of a commander, and yet another solution was created to meet that need.
The modernization approach is to turn this thinking around and ask the question, “Who should have access to this network of this information?” By addressing the issue from this perspective, the solutions needed are more about leveraging advances in identity management and less about purchasing niche products that must then fit into an already complex network enterprise.
Despite new thinking, some of the mainstays of Army communications remain. For example, interoperability in both the joint and coalition environments is a must. Cybersecurity must be built into all solutions from the beginning. The ability to “hide in plain noise” will give warfighters an advantage they need in today’s growing electronic warfare environment.
To ensure that this iteration of modernization can take advantage of emerging capabilities, the implementation plan is designed to move forward by adapting innovation in a cascading manner with a successive set of future states in mind. For industry, this approach means that the service will “buy less more often,” Gen. Mingus stated.
The clear message to industry is that the Army wants technologies that are intuitive by nature, survivable and effective in severe environments, protected from cyber threats, interoperable in the joint and multinational operations, standards-based and highly mobile.
During the conference, industry’s message to the Army was equally clear. Maj. Gen. Jefforey Smith, USA (Ret.), vice president, global business development, Harris Corporation, who recently moved from the military to the industry side of the table, pointed out that the Army must better define its requirements to companies. Although industry has the research and development dollars to invest in innovation, he said, firms still must know exactly where to invest those dollars.
Gen. Smith also pointed out that the passion that Army leadership is demonstrating for mission command modernization must be maintained over time. A coalition with industry will help sustain the open lines of communication and bring the current vision to fruition.
Joseph Howard, enterprise account manager and Army tactical business executive, Hewlett Packard Enterprise, shared that it’s important for the Army to make it easier to work with the service by sharing the comments its leaders hear from the field about commercial capabilities. “The end state that’s been explained today is very much achievable in the next two years,” Howard said.
The generation that remembers “duck and cover” also recalls headlines that included the words Soviet Union and impending dangers. Today, a combination of global instability, rising authoritarianism and democracies in retreat may lead to similar yet more dangerous situations, and this time, the headlines also are likely to include the words “People's Republic of China.”
Charlie Allen, principal at The Chertoff Group, says that countries as well as state and nonstate actors can damage U.S. security very seriously. His assessment of dangers in today's world is sobering. "The aggregation of the threats, velocity of the threats and the depth of damage that can be done to U.S. interests both at home and abroad are the most significant since we had a nuclear strategic stand-off with the Soviet Union," he states.
Allen's experience makes him an expert in the intelligence and national security realms. In addition to being the former undersecretary for intelligence and analysis for the Department of Homeland Security, he worked as the assistant director of central intelligence for collection for the CIA at the time of the 9/11 attacks. But those are only two of his more recent positions. During his more than 40 years at the CIA, he earned a reputation for plain speaking, even when his opinions differed from those of senior officials.
Drawing on his years of experience, Allen sees new threats looming. "Ultimately, our most dangerous threat has to do with the threat of proliferation—that's long-term, but it's growing and increasing at a faster rate. In that proliferation feature, we have to bring in the Russian Federation and China because of the way they're operating globally. We have a very autocratic leader in Moscow, so we have to understand the depth and breadth of the Russian threat to the countries in Eastern Europe that are NATO countries as well as those that are not part of NATO such as the Ukraine," he says.
The United States also must understand how Russia is operating in other areas of the world such as the Middle East where Moscow is engaged in a very anti-U.S. effort, he adds.
Beyond these dangers, Allen perceives cyber operations as a major threat for the years ahead. "The Russians have weaponized the use of data and the use of their ability to conduct influence operations. In 2016, they conducted a classic active measures campaign. They had weaponized the use of cyber. That made it distinctly different. They continued their influence operations in other countries of Europe. Putin's goal is to diminish the power and influence globally of the U.S. and to shatter or splinter NATO," he says.
The proliferation of missiles, nuclear technology and biological warfare as well as the availability of chemical weapons that virtually any country and nonstate actor can obtain also troubles Allen. “Gene splicing raises a whole specter of the ability to create viruses that are antibiotic resistant, something that was worked on in the past by the Soviet Union,” he relates.
Allen also is concerned about the proliferation of technology superimposed on traditional weapons. "Advanced technologies can be used for good or for evil. We have artificial intelligence and machine learning. The Chinese are putting at least four times the amount of funding into that area than the United States. The United States still has the lead in AI and machine learning, but that lead is narrowing. China's working at it very hard as are other countries," he says.
Other emerging technologies also could affect future warfare. 3-D printing will experience a boon, and countries that can take a lead in this technology are going to be important, he predicts.
Although technologies such as big data and big data analytics are crucial, machine learning will be revolutionary. "We had the chip revolution in the 1980s; we later had the broadband revolution; and now we have the artificial intelligence and machine learning revolution, and we must stay ahead of that," he states.
Allen will lead a discussion about increasing global disorder and the current security environment at the AFCEA 2018 Spring Intelligence Symposium, a classified event. The panelists will include Chris Bort, national intelligence officer, Russia and Eurasia, National Intelligence Council (NIC), DNI; Neil Wiley, director of analysis, DIA; Randall Blake, national intelligence officer for transnational threats, NIC; and John Culver, national intelligence officer for East Asia, NIC.
A great deal of industry’s efforts will be discussed at the symposium, including topics such as how to handle overwhelming amounts of data collected. “I would suggest that we have so much data that we’re not able to process all of it. When I look at the processing challenges of the NSA, FBI, CIA and others face, it’s pretty stunning to make, as Andrew Hallman [Deputy Director for Innovation, CIA] once said to me, ‘What does all of this stuff really mean? What can we pull from petabytes of data?’” Allen relates.
One of the questions Allen has asked his panel members to consider in preparation for the panel discussion is, “Are we well positioned as an Intelligence Community to provide a warning of flashpoints/breakpoints prior to a full-blown crisis?” He says the answer to this question is important because the IC’s prediction record could be likened to that of weather forecasters.
“[We have] been extraordinarily slow, and we have not anticipated those abrupt discontinuities because we were not positioned to think of warning and think about how to think about the world of the future. There will be big break points. We had an Arab Spring where I don’t think the IC did well. We had the rise of ISIS; we were surprised by the speed at which it established a caliphate. The move of the Russians into the Middle East: They began bombing [Syria] on the 29th of September 2015, but they were getting ready to move into the Middle East long before that. I don’t think we served the last president well, and I hope we’ll serve this president better when it comes to strategic warning,” Allen states.
AFCEA regularly brings together IC and industry in classified environments to discuss the challenges the community faces as it attempts to predict future activities of adversaries. Learn more about other experts speaking at the Spring Intelligence Symposium online and explore upcoming classified events on the AFCEA website.
While stopping weapons of mass destruction and cyber attacks are high security priorities, the kinetic effects from cyber forces are a looming threat today. Malevolent uses for artificial intelligence combined with autonomous systems provide frightening new levels of capabilities to potential adversaries, and the U.S. Defense Department and the intelligence community are being called upon to address them with extraordinary vigor.
The National Security Strategy (NSS) and National Defense Strategy (NDS), both relatively brief documents, not only outline the threats from these emerging technologies but also the steps organizations must take to protect and defend the United States, the defense industrial base and the national security base from them. For example, the NDS states: “During conflict, attacks against our critical defense, government and economic infrastructure must be anticipated.”
Lewis Shepherd says this is the first time artificial intelligence (AI) is dealt with at these leadership levels and in substantive national security strategic and doctrinal ways. Currently an executive consultant on advanced technologies at Deloitte, Shepherd formerly worked for the Defense Intelligence Agency as well as several Silicon Valley companies.
“We’ve studied the issue [of AI] in several important reports over the past five years, but it’s the first time that it's called out, really rising to the strategic level for national security to take action,” Shepherd states. Under the call for modernizing key capabilities, the NDS calls on the Defense Department to invest broadly in the military application of autonomy, AI and machine learning.
Increasing attention to AI and autonomy is important to understanding the role they play for U.S. adversaries as well as how the United States could employ them better, faster and more effectively. The latter would enable the country to leapfrog some of the enduring challenges it faces as a large, open society that's democratically governed, he explains.
New technical capabilities also will be beneficial to the intelligence community for collection and analysis of information. “That's where AI capabilities are already beginning to add new strength. It kicks our capabilities up a notch in range and reach and tactical employment dexterity. It can be very, very powerful," he says.
Kicking up capabilities is especially important considering what Shepherd sees as an impending threat today: a hybrid of the kinetic effects from cyber forces. One example of this type of attack was Stuxnet. “But increasingly we see the ability to do that from adversaries in other domains like space and in other military domains. That’s the problem.
“If we think about drone warfare and unmanned aerial vehicles and unmanned autonomous systems at sea, that’s the translation of cyber effects into a kinetic package. No human is involved in many of those loops,” Shepherd says.
Some of the United States’ adversaries’ kinetic delivery systems already are becoming semi-autonomous, he adds. “So we have to study and understand them as cyber processes because that’s how they work, but they absolutely are translated in real and kinetic force," he explains.
The NSS and NDS also encourage new and more open collaboration between government agencies and industry, including an updated definition of the industrial base for defense and intelligence. A prime example in the intelligence community (IC) is the Intelligence Advanced Research Projects Activity (IARPA) prize challenges, a practice that is a staple approach in Silicon Valley and the technology industry to promote innovation, new ideas, new capabilities and new startups, Shepherd relates.
“We've had pinprick efforts from most of the IC agencies to foster and nurture startups and innovative participation in their efforts. But this is the first year that we've actually had those new nontraditional approaches explicitly called for, advocated and promoted at the level of the NSS and NDS. So there is absolutely vocal, energetic and funded support at the senior-most level of the government and the national security establishment to make sure the nation takes advantage of the energetic creativity that exists in the commercial world," he declares.
Both of the strategies as well as the hot topics of AI and autonomy will be discussed in depth at AFCEA’s Spring Intelligence Symposium. The classified (TS/SI/TK-NOFORN) event takes place April 18-19 at the NGA Campus East in Springfield, Virginia.
Shepherd sees the symposium as an important venue for building trust among the IC, Defense Department and industry. “Professionals in industry can sit side-by-side with truly top-level IC and Defense Department technologists, decision makers and policy makers and actually explore these kinds of challenges directly face-to-face in a really open and collaborative way,” he states. Because the forum is classified, participants are willing to share and explore new directions and be frank, which builds trust,” he states.
“On a broader level, there’s never been more of a need than now for collaboration and real hand-in-hand partnerships between the government and industry, particularly industry defined in a more inclusive way,” he emphasizes. In addition to traditional contractors and integrators, a new generation of technologists are working individually, on contracts or as part of efforts with data systems, programming languages and platforms that staff at government labs and spaces sometimes cannot access, Shepherd explains.
The timing of this year’s symposium also is key. “The IC is off and running at 100 miles an hour to execute on these two new strategies. … We’ve got a desire to explore a kind of massive mindset change from 15 years of prioritizing the counterterrorism threat to now one of understanding the new degree of threat from peer adversaries.
“This is really an extraordinary moment. It’s an inflection point with the [intelligence] community and all of its moving parts dealing with a moment of change. This symposium offers a great opportunity to influence the steps we all take out of it,” he states.
Cleared defense, intelligence and industry personnel can register for AFCEA’s Spring Intelligence Symposium online.
The Defense Advanced Projects Research Agency has begun a program to address an emerging conflict in a nebulous area between peace and conventional warfare. Dubbed the “gray zone,” actions in this space occur slower and are executed more subtly using social, psychological, religious, informational, cyber and other means to achieve physical or cognitive objectives with or without violence.
The lack of clarity of intent—the grayness—makes adversarial tactics more challenging to detect, characterize and counter. So the agency’s Strategic Technology Office has created the Collection and Monitoring via Planning for Active Situational Scenarios (COMPASS) program to develop software that would help clarify enemy intent by gauging an adversary’s responses to various stimuli.
COMPASS will leverage artificial intelligence (AI) technologies, game theory, and modeling and estimation. The goal is to identify stimuli that yield the most information about an enemy’s intentions and provide decision makers high-fidelity intelligence on how to respond—with positive and negative tradeoffs for each course of action.
Current military decision-making follows a well understood and effective OODA loop—observe, orient, decide and act. This approach is effective in traditional kinetic scenarios; however, it is not effective in gray-zone warfare. Signals in gray zone typically are not rich enough to draw any conclusions and, just as often, adversaries could implant these signals to induce ambiguity. COMPASS aims to add a dynamic, adaptive element to the OODA loop for the complex gray zone.
The COMPASS program will leverage game theory for developing simulations to test and understand various potential actions and possible reactions by an adversary employing gray-zone activity. It focuses on advanced software that would quickly present options to decision makers by assimilating a large amount of intelligence that has been collected using existing, state-of-the-art systems such as standard video exploitation or textual analysis tools related to rapidly changing scenarios.
“As we see increasingly more sophistication in gray-zone activity around the world, we need to leverage advanced AI and other technologies to help commanders make more effective decisions to thwart an enemy’s complex, multi-layered disruptive activity,” Fotis Barlos, DARPA program manager, says.
“We’re looking at the problem from two perspectives: Trying to determine what the adversary is trying to do, his intent; and once we understand that or have a better understanding of it, then identify how he’s going to carry out his plans—what the timing will be and what actors will be used,” Barlos explains. “The first is the what, and second is the where, when and how."
“But in order to decide which of those actions is important you need to analyze the data, and you need to understand what different implications are and build a model of what you think the adversary will do,” he says. “That’s where game theory comes in. If I do this, what will the adversary do? If I do that, what might he do? So it is using artificial intelligence in a repeated game theory process to try to decide what the most effective action is based on what the adversary cares about.”
The COMPASS program is seeking experts in AI, machine learning, game theory, modeling and simulation, control systems, estimation and other related fields. A Proposers Day is scheduled for March 30 in Arlington, Virginia. Registration instructions and more details are available on FedBizOpps. A Broad Agency Announcement solicitation is expected to be posted on FBO prior to the Proposers Day and will be available on DARPA’s FBO solicitation page.