Facing renewed challenges from peer and near-peer adversaries, the U.S. Department of Defense is returning to a command and control concept embracing joint and allied operations with the added domains of space and cyberspace adding to the mission space. But while this reorientation appears to revisit older Cold War-era strategies on the surface, it is the end result of careful analysis by the Pentagon to make up for operational deficiencies and neglected capabilities from two decades of counterinsurgency-oriented warfare.
In the peer adversary conflicts the U.S. military must prepare for in the 2020s, dominating the electromagnetic spectrum—from D.C. to daylight—will be as important, if not more, than dominating at sea, on land or in the air.
“Freedom of action in the electromagnetic spectrum, at the time, place, and parameters of our choosing, is a required precursor to the successful conduct of operations in all domains,” states the U.S. Defense Department’s Electromagnetic Spectrum Superiority Strategy, rolled out last fall.
There is a virulent plague spreading across the globe, Homeland Security Secretary Alejandro Mayorkas warned earlier this year. But he wasn’t talking about COVID-19. Instead, he was referring to what he called “an epidemic that is spreading through cyberspace: ransomware.”
As Mayorkas pointed out: “Ransomware is not new. It has been around for years. What is new is the evolution of attackers’ methods ... and the increased frequency of these attacks.”
Whether supporting missions downrange on the battlefield or supporting citizens down the street when a natural disaster hits, the U.S. government needs secure communications that are easy to deploy and easy to use. This is not a new need by the U.S. Government—and current solutions for field deployable voice communications fall short in several key areas.
The global race to roll out fifth-generation, or 5G, wireless networks and supporting technologies is poised to revolutionize commercial communications and networking and offers the U.S. military the potential for secure, high speed ubiquitous networking.
When the pandemic struck last year, the Department of Defense directed many employees to stay home to help prevent the spread of disease and protect its workforce. The scale and speed of the transformation to remote teleworking was breathtaking. DoD had to massively ramp up bandwidth and deploy collaboration tools to millions of users across its global network within weeks—it was an accelerated march to the cloud.
When it comes to insider threats, defense and intelligence agencies shouldn’t worry so much about the next Edward Snowden. The biggest internal attack vector is the spy in your pocket: “You may think of it as a smartphone,” warns Bill Anderson, president of CIS Mobile, “but it’s really a portable surveillance device.”
“Defense and intelligence agencies need a solution that puts them in charge of the smartphones their people are using,” says Anderson. “Their people need the chance to enjoy the productivity gains those smartphones can bring.”
As the U.S. government migrates to cloud-centric networks, the need to protect them from rapidly evolving cyber threats increases. Network encryption remains key to this, as it protects the integrity of classified and sensitive data and keeps defenses a step ahead of adversaries.
As cybersecurity threats become more sophisticated, organizations need a way to quickly detect and stop an attack or track and analyze its after-effects for clues. One important tool available to cybersecurity analysts is deep packet analysis.
Deep packet analysis, or packet sniffing, is a data processing technique that allows organizations to monitor network traffic for signs of intrusion, and to block or reroute it if an attack is detected. But its most important feature is the ability to record data traffic, allowing analysts to conduct detailed investigations into the nature of a cyber incident.
Experts have issued fresh warnings to U.S. citizens over the enormous amount of sensitive, personal information being routinely captured and commoditized, and that this same information is being weaponized by the country’s adversaries. A panel at the recent AFCEA TechNet Cyber conference highlighted that data gathering by Facebook, WhatsApp and Google presents a significant risk to both individuals and the nation.
Over the last two decades, unmanned systems have evolved from relatively simple surveillance and reconnaissance to sophisticated and increasingly autonomous system-of-systems that are a key part of U.S. military strategy and tactics.
In what seemed like science fiction only a few years ago, artificial intelligence empowered unmanned systems teaming with manned platforms are shaping up as the path for future operations. The evolution of smarter sensors coupled with automated processing tasks now being performed right at the point of interest are also essential to this growth, which is now mature enough to allow more coordinated teamwork between manned and unmanned systems on the battlefield.
We live in perilous times. The COVID-19 pandemic has precipitated an unprecedented international economic contraction. A World Bank report in June called the COVID-caused global recession the most far reaching since 1870.
In particular, the defense sector faces an uncertain future. The pandemic is threatening to change the way Americans think about security and raise questions about U.S. defense spending—which significantly exceeds the combined defense budgets of all its adversaries.
Information management is an integral part of any military operation, and in today’s operations, technology is a common tool used to facilitate a shared understanding of intel. A growing trend for military bases is to install large format direct-view LED video walls in locations like command centers, control rooms and briefing rooms to show an integrated big picture of data feeds and video feeds critical to decision-making during the mission. As global cyber threats increase and the Department of Defense ramps up expectations for cybersecurity, the manufacturing location for any technology systems which send and receive signals is a forefront concern for equipment installations for the military and government.
To deal with the coronavirus pandemic lockdown this year, the Department of Defense had to massively and immediately ramp up remote teleworking capacity all across its global network. This forced march to the cloud—unprecedented in speed and scale—makes it imperative that the department also move to implement a new generation security architecture. Without it, the cyber attack surface will expand as the remote workforce and the tools they use become new vectors for adversaries.
Identity drives everything across the federal space, from the PIV-CAC cards staffers carry to massive defense projects involving huge budgets and diverse players. The federal identity landscape has evolved rapidly in recent years, with the rise of public and private clouds, DevSecOps and zero trust. But underlying architectures have not kept pace with these advances. Established agencies are still grappling with aging investments made over successive waves of innovation, going from one authoritative directory behind a firewall to a growing collection of attributes scattered across diverse repositories.
The COVID-19 pandemic has forced federal agencies and private businesses around the world to adapt to a new reality, one where most of their employees now work remotely and communicate virtually. This “new normal” imposes changes on how organizations protect and manage their networks, making chief information officers (CIOs) and chief information security officers (CISOs) adapt procedures
to operate in this new reality.
The “new normal” caused by the stay-at-home orders imposed during the COVID-19 pandemic reflects the current state of remote work and its security requirements, says Rob Carey, vice president and general manager for Public Sector at RSA.
Mapping and location finding technologies common to every smartphone are making their way to 911 emergency calls, letting first responders know exactly where to go and saving precious time that can be used to save lives.
These capabilities are emerging in what’s known as Next Generation 911, or NG911. They represent a fusion of mobile device applications and services that are being overlaid or built into these new emergency telecommunications systems that let police, paramedics and firefighters get to exactly where they need to be.
Intelligence community and government personnel who work with classified or sensitive information often use multiple computers on their desks, each one connected to a separate network based on the security level of the information being accessed.
This can create a variety of IT and logistical challenges for workers onsite, but as ongoing COVID-19 pandemic and other circumstances force more people to work remotely, managing all of this equipment and their security requirements from a private home can be difficult or nearly impossible without multilevel secure systems capable of doing the job of multiple desktops in a single secure station.
As the Department of Defense (DOD) continues its digital transformation efforts with systems upgrades and emerging technology, it needs to consider the foundational piece—the network infrastructure. Network infrastructure—including fiber and copper cabling, antennas, wireless access points and switches—is the backbone for all current and future devices that run on the network.
The Department of Defense is rethinking how it approaches software and systems development in its technology programs by using more flexible methods to streamline the process and to improve cybersecurity from the start.
Because traditional DOD program development processes don’t have the speed and flexibility to keep up with rapid technological changes or fast-paced modern adversaries, new methodologies are being considered. One approach gaining traction in many parts of the DOD is Development, Security and Operations, or DevSecOps.
There’s no question that 2020 is going to be a big year for technology transformation in the Defense Department. The National Defense Authorization Act gives DoD a $738 billion budget – a $20 billion increase over last year – with an emphasis on fielding the technology necessary for a faster, more agile force, while improving operations and efficiency across the enterprise. That means having fast, low-latency cellular and Wi-Fi connections at every access point and refreshing its legacy infrastructure.
The Link 16 tactical data link has connected warfighters since the 1980s. But while the system is still associated with supporting large platforms such as aircraft and ships, it is now increasingly being used on the ground by smaller vehicles and dismounted troops to connect forces together into secure, ad-hoc networks capable of supporting a variety of missions.
Quantum computers will revolutionize information technology, ushering in an era where certain types of calculations will be performed with almost unimaginable speed. Practical applications will include healthcare disciplines such as molecular biology and drug discovery; big data mining; financial services such as portfolio analysis and fraud detection; and artificial intelligence and machine learning.
Supply chain management is vitally important to running and maintaining an organization’s IT systems, but like logistics systems, it is not inherently sexy and has historically drawn little attention from the C suite. When it is carried out, in many federal agencies it’s traditionally a manual process managed on spreadsheets. In recent years new directives have mandated that the Department of Defense (DOD) and civilian agencies must all begin monitoring this, especially for cybersecurity considerations within the Department’s Risk Management Framework (RMF).
5G wireless technology is poised to take the world by storm, offering fast and effective network connectivity at data throughput speeds once reserved for dedicated fiberoptic landlines. This increased speed will also fuel new developments in wireless applications and connected devices to vastly increase the size, depth and interconnectivity of networks of all kinds.
Link 16 is a secure system protocol that allows different military users to share data over the same network.
But like any good thing, everybody wants a piece of the action. As the popularity of Link 16 grows to include more platforms (ships, aircraft, vehicles, drones, etc.) and individual users, it will be important to expand Link 16 capabilities to help U.S. and coalition military forces adjust to new mission needs, enhance situational awareness, adapt to new technologies and improve warfighter safety.
When executives from Iron Bow Technologies sit down with officials from potential customer agencies, the goal is to understand the needs of the client rather than to close a deal, according to James Ebeler, the company’s CTO for Department of Defense (DOD) business.
Developed during the Cold War to direct U.S. and NATO fighter aircraft against the threat of incoming Soviet aircraft over Western Europe, the Link 16 datalink system is now becoming a ubiquitous situational awareness and command and control tool capable of providing all echelons and services with both theater and tactical battlespace data.
The days of holding onto legacy IT systems are over. Last year’s Executive Order has made data center and IT modernization an issue of “how” and “when,” not “if.” Despite the mandate to modernize, federal government agencies often struggle to transition from legacy facilities and legacy mindsets, largely because of three myths.
Myth #1: “Our legacy systems are working just fine.”
The slow speed of modernization is partly due to the idea that decades-old systems still seem to be working. You may see this mindset in your own agency: If it has served us well for this long, why would we change?
Meta: We examined the simulated phishing data of our federal customers and identified three tips program administrators and decision-makers in these organizations can use to strengthen their security awareness training efforts.
U.S. federal government agencies face ongoing scrutiny from virtually all angles, but cybersecurity has leapt to the forefront in recent years. From safeguarding elections to defending against nation-state attacks, federal organizations (and their workers) face many sophisticated and high-profile threats—in addition to day-to-day issues that impact data and system security.
Lockheed Martin’s F-22 Raptor is one of the most advanced fighter jets on the planet—not to mention one of the fastest. But over the past few years, as other nations began to test-fly and deploy their own fifth-generation fighters, Lockheed Martin realized that its software development practices were holding it back, delivering new capabilities to the Raptor too slowly to maintain its dominance.
Social engineering and its impacts on organizations worldwide are hot topics in infosec circles—for good reason. It’s no secret that cybercriminals use email-based phishing prolifically, in both broad and targeted attacks. But what are infosec teams—the boots on ground in the cyber war—experiencing in terms of impacts, and are they effectively managing risk?
When the NATO Communications and Information Agency (NCIA) went looking for technology to enable alliance officials to use smartphones without being eavesdropped on by hackers or spies, they immediately came up against a problem.
“There were a very limited number of solutions that had been accredited by member-nation security agencies to protect sensitive but unclassified voice [and text] communications,” NCIA General Manager Kevin Scheid said.
As conflicts become faster and more complex with multiple platforms and data streams feeding information to warfighters, there is a growing need to manage this process to improve operational efficiency. The Department of Defense (DOD) is investing in cloud and machine learning tools and systems to help improve situational awareness and connectivity at the last tactical mile.
The military is striving to maintain tactical dominance in two ways: (1) ubiquitous edge computing and processing on intelligence, surveillance and reconnaissance (ISR) platforms, and (2) cloud-based services and tools that can reach small tactical units to provide them with vital information even in contested electromagnetic environments.
From the end of the Cold War to the present era, there has been a growing need for military platforms to coordinate for operations and to share information. The Link 16 family of data links has been central to providing critical battlefield information to the U.S. and its allies since the 1980s.
But Link 16 has primarily been used for theater-wide operations, connecting fast jets and large platforms like ships. One area where the data link has not seen much use was in tactical missions on the ground connecting helicopters, ground vehicles and dismounted troops.
Talk about taking on a big job: Red Hat wants to bring agile software production practices — and the company’s OpenShift application development platform — into the Department of Defense with their decades of constraints, habits and bureaucracy.
And the task is made more daunting still, because making an organization agile isn’t just a matter of buying stuff.
“Agile is not bought, it’s taught,” said Red Hat Public Sector Lead Transformation Specialist Chuck Svoboda, “And it needs to be taught by seasoned practitioners.”
Svoboda dismisses the idea that an organization can become agile simply by buying the right technology—like the lightweight and easily replicable software called containers.
The major challenges faced by federal agencies and DoD components in managing their cybersecurity and other risks include personnel shortages, daunting compliance requirements and the need for consistent data reporting and management across multiple elements of a diverse and geographically dispersed enterprise.
The RSA Archer Suite helps by automating the drudge work, providing context for incident reports, and other data flows and ensuring a common taxonomy, workflow and metrics across the enterprise. RSA Archer leaves human security personnel free to look at the bigger picture—and make decisions based on real-time, accurate information, intuitively displayed.
A more flexible acquisition process is gradually coming into use throughout the Department of Defense that is especially well suited for technology-based projects such as software systems development. This process meshes well with software design methodologies such as agile development because it allows agencies to rapidly modify a project or a design well before its final stages, saving both time and money, and ensuring the solution meets end user needs.
Close air support, or “CAS,” refers to air action that assists friendly forces on the ground. It may sound hard to believe, but the technology behind CAS hasn’t changed that much since World War II, when ground forces used smoke to show pilots their location.
The story of CAS revolves around two key players: the warfighter on the ground and the pilot flying a mission. The warfighter on the ground, often known as the Joint Terminal Attack Controller (JTAC), is charged with directing the pilot to a specified mission target. Ed Priest, a member of the Viasat team, served as a JTAC in the U.S. Air Force for 25 years. He now works on supplying JTACs and pilots a better communications tool to coordinate mission strikes.