While improved service delivery and return on investment are top-of-mind procurement objectives when choosing a Software as a Service (SaaS) partner, federal agencies must equally prioritize “security first” measures to ensure vulnerable legacy systems are protected in today’s digitally dominated climate.
Companies that opened their doors a mere five years ago couldn’t have imagined the sudden, immense need for secure communications capabilities a pandemic would demand any more than financiers could have foreseen FaceTime and Zoom as a future investment windfall. But in March 2020, COVID-19 arrived, bringing surprising needs to the forefront. In a matter of days, government agencies had to continue operations while the fast-spreading virus required staff to shelter in place and videoconferencing replaced boardrooms and classrooms.
As military operations become more dependent on networked sensors and shooters seamlessly working together, there is a greater need for sharing critical information in real time to meet today’s and tomorrow’s challenges.
Resilient waveforms such as the Link 16 tactical data link will be key components in the U.S. Department of Defense’s (DoD’s) approach to networked warfare. Introduced 40 years ago to coordinate NATO air defenses during the Cold War, Link 16 communications continue to evolve into smaller and more diverse form factors, going from theater commands to individual warfighters.
The U.S. Navy is modernizing how it fights and operates in the modern battlespace by focusing on how information from sensors and other systems can quickly get to warfighters to help them make decisions, creating the need for a mission-proven technology platform to achieve a variety of digital transformation use cases.
Most of these efforts fall under the Department of the Navy’s Information Superiority Vision, which aims to upgrade the service’s infrastructure, develop and deploy new capabilities, and defend Navy data from cyber attack.
The rapid shift to telework and associated digital transformation brought on by the pandemic has accelerated cloud adoption across the U.S. federal government. Now the recognized cloud benefits of greater efficiency, accessibility and rapid innovation can be extended with confidence to include cloud-managed networks to support civilian and military operations.
The unseen team member of your control room. For organizations, it’s a matter of health and safety. It is also an issue of efficiency and overall productivity.
Regardless of how companies measure the importance of comfort and function in their space, many organizations struggle to balance the need for highly ergonomic control rooms with the investment they carry.
What’s all the buzz around cloud-native architecture and why is it so important?
There are a lot of products and solutions that are claiming to be cloud-native when in fact, they are simply cloud-enabled, or cloud-resident. You may ask, “What’s the difference and why should I care?” I hope to add some clarity and explain the difference and significance between cloud-native and cloud-resident solutions.
What is cloud-native architecture?
Zero trust has become the ubiquitous cybersecurity term and a strategic, need-it-now necessity that adapts rapidly to changing threats. It’s a digital architecture that provides secure access to data when users need it, from anywhere in the world and at any time of day or night.
I connected with Ned Miller, senior vice president and general manager of Appgate Federal, and with Michael Friedrich, vice president of strategy and innovation, during a Q&A session to learn how the Defense Department in particular can use the company’s influential dynamic zero-trust solution—today and in the near future.
There is a lot of information available about zero trust—at times inconsistent and unreliable. Talk to different vendors and you are likely to get different answers as to exactly what zero trust is and how to adopt it within your agency.
What you need to know is this:
Control room ergonomics are a matter of health and safety and an issue of efficiency and overall productivity.
Well-designed control room balance fits the demands of the job to the capability of the operators. An important aspect of any successful ergonomic control room upgrade is the console. Acting as a central nervous system, the console in any control room connects the operator to the technology, with significant impact on ergonomics.
The cost vs. benefits of incorporating an ergonomically designed console in a control room is analyzed from regulatory compliance, health and safety, and operator efficiency.
The speed and distributed nature of the modern public and private workplace means that getting the right teams and people aligned for a project can be challenging, as can coordinating and sharing information between those individuals. One way to do this is through virtual workspaces that can be applied to both existing physical spaces like meeting rooms and in a purely online setting.
This type of cooperation is important because it helps teams and decision makers work together in ways that traditional collaboration and screen sharing tools can’t because of their inherent limitations, explains David Kung, vice president for marketing strategy at Bluescape.
Somewhere in the Middle East, an unmanned aerial vehicle (UAV) is conducting intelligence, surveillance and reconnaissance (ISR). After taking video images from 50,000 feet high, the UAV transmits them to an Army command center 100 miles away.
The command center then shares the images with a Navy carrier in the Persian Gulf, with U.S. Department of Defense (DoD) officers and intelligence operatives on land and at sea—as well as in the Pentagon—collaborating via a tactical chat application about what the images mean, to better inform the mission at hand and facilitate command and control (C2).
Ransomware is a form of malicious software that infiltrates a computer or network and limits or restricts access to critical data by encrypting files until a ransom is paid.
Ransomware attacks are on the rise and continue to be a disruptive force in the cybersecurity industry, affecting everything from financial institutions to higher education. Due to the rise in remote work prompted by the pandemic, attacks are up 148%.
What comes to mind when you think of simplicity? Something that is readily apparent and understandable with little additional guidance? A simple algorithm or a simple mathematical solution? Or rather a simple solution to all problems? When we think of simplicity, we think of Edsger Dijkstra’s words: “Simplicity is the prerequisite for reliability.” Essentially, we’re talking about a solution that is simple, reliable, secure, and that meets all ends at any given stage in a single complicated journey.
“No Comms, No Bombs” is the mantra of Military Signals Divisions (Brigades or Corps), and they’re right: Communications is an integral part of any Army, Navy, Air or Space Force.
Luckily the reverse: Comms => Bombs, is not true and comms go far further in the modern military than providing time and location information for bombing. No Comms also means no search and rescue, no logistics support, no tactical awareness, ...
Examples of communications go:
Did you know, in 2020, there were a staggering 36 billion records exposed as a result of data breaches, according to a recent report from Risk Based Security? COVID-19 was of course the catalyst for these infringements, as the pandemic gravely impacted industries all over the globe and opened the door for cyber criminals to attack.
By design, the DoD Data Strategy compels transformational change in the way data is collected, analyzed and leveraged. The mechanics may be different depending on domain or joint all-domain mission, but as referenced in a previous SIGNAL special interest editorial, the strategy’s endgame is to ensure that trusted information gets to the right destination at the right time. As the largest and oldest service at the tactical terrestrial layer of the joint force, the Army has enduring data imperatives: speed, scale and resilience. Executed diligently, these imperatives facilitate an information advantage for ground forces in garrison and in theater.
Connectivity is at the heart of today’s modern military operations. To conduct complex, distributed multidomain operations at speed and scale, U.S. and allied forces need seamless connectivity to enable real-time communications and high-fidelity data flows.
But the military services have wrestled for decades with the challenge of communicating and sharing data securely with each other, let alone with non-DoD partners and allies. To take a few examples:
To maintain America’s advantage over potential adversaries, the Department of Defense last year outlined a data strategy directing that military leaders must “recognize that data is a strategic asset that must be operationalized in order to provide a lethal and effective Joint Force that, combined with our network of allies and partners, sustains American influence and advances shared security and prosperity.”
“Decision dominance … is the ability for a commander to sense, understand, decide, act and assess faster and more effectively than any adversary,” Army Futures Command Commander Gen. John “Mike” Murray, USA, told the Association of the U.S. Army Global Force Next virtual conference in March.
In modern warfare, against near-peer adversaries, victory will no longer be guaranteed by strength of arms alone. Speed and accuracy of decision making will be more critical than ever, and in many circumstances, decisive.
Cyber attacks present an increasing threat to the United States across all sectors of government and commercial industry, from the battlefield to the factory floor, requiring a strong, holistic approach to cyber defense through active monitoring and modeling techniques.
Recent attacks, such as the Russian-backed espionage operation that compromised a server at software developer SolarWinds Inc., affecting its downstream customers—including half a dozen federal agencies—and the recent ransomware attack on Colonial Pipeline Company, which halted fuel shipments to much of the U.S. East Coast for over a week, represent a grave threat to national security.
This scenario is all too common of late: A service man teleworks from home, supporting his command’s logistics and connected to his government network via a Common Access Card (CAC). While the pandemic abates across the United States, he and many in the workforce will continue telecommuting as governments have committed significant resources toward cloud-based services and cybersecurity solutions for accessing cloud data.
A Zero Trust approach is imperative in a world where data and users are not co-located within the same perimeter, as indicated by the May 12 White House Executive Order #14028. Deploying strong authentication upfront as a foundation when building out a Zero Trust strategy is also key to successful missions.
The digital transformation is no longer simply an enabler—it’s the “trunk of the tree” that provides the foundational structure for everything we do, according to Gen. Stanley A. McChrystal, USA (Ret.). “It shapes what we are and how we operate.”
Across the globe, ministries of defense are continually challenged with meeting the demands of armed forces who need access to the right intelligence products to protect citizens, defend borders and support humanitarian missions.
While the need for rapid decision-making has never been greater, decision makers often lack the timely information required to inform their choices. In dynamic military environments, situations and plans change quickly and intelligence can become outdated. The problem becomes even more complex during joint and multinational operations.
The next-generation battlefield has gone digital. The United States Air Force (USAF) is taking a major defensive leap into that new reality with its Advanced Battle Management System (ABMS) initiative.
As if cyber vulnerabilities during the pre-pandemic years weren’t worrisome enough, now cyber warriors must contend with a slate of issues. A new concern is two-fold: How to shore up the creep of pervasive vulnerabilities introduced by a remote and hybrid workforce and how to harness and empower it with efficiencies, built-in security and ease-of-use solutions to help get the job done—at speed and scale.
A delayed focus on IT modernization could create a gap between frequent high-impact cyber breaches and the U.S. Department of the Navy’s preparedness to address them. From the SolarWinds hack to ransomware, new cyber threats emerge almost weekly. Advances in technology to help defend against such threats occur so quickly that current acquisition and infrastructure programs cannot keep pace.
The Defense Department (DoD) is continuing to build out a truly data-centric approach based on the DoD Data Strategy, presenting new opportunities for transforming the way data is collected, analyzed and leveraged.
As the U.S. Department of Defense (DoD) drives forward on its cloud strategy, development teams and chief information officers alike are looking for faster ways to deploy new capabilities, proactively address cybersecurity challenges and take advantage of the resiliency of cloud operations.
The DoD has embraced the cloud to achieve speed, security and scale. The focus is now on clearing the blockers that have slowed deployment in order to accelerate the adoption of new services and unlock the transformational capabilities of cloud for the DoD enterprise and warfighters at the tactical edge.
As the Department of Defense migrates more mission-critical systems and software to cloud environments, it must also consider an innovative way for securing this new environment from potential cyber attack.
It is up to DoD organizations like the Defense Information Systems Agency (DISA) to work out the details of such efforts and ensure the military’s considerable inventory of legacy equipment and systems can continue to interoperate smoothly with the latest technologies. But integrating different technologies is never an easy process.
As U.S. intelligence agencies pivot from the war on terror to the new era of near-peer competition, the information landscape on which they operate is shifting dramatically, as detailed in the recently released report from the National Security Commission on Artificial Intelligence (AI).
For two decades, U.S. intelligence operated in an information poor environment—hunting its elusive adversaries through fleeting glimpses on surveillance video or wisps of cellphone traffic. And, thanks to the technical and operational excellence of U.S. collection, even that information poor environment often generated an overwhelming volume of data.
We live in a connected world. The ability to pass power, signals and data from one place to another is the lifeblood of that connection—the nervous system of our networked lives.
Although we tend to think of these networks as ethereal and invisible, in reality they all, at some point, need to be plugged in so they can be connected to the electricity that powers them, the information they carry or the signal they will broadcast. Coaxial copper wire, fiber optic cable, power lines: You name it, it all needs to be connected.
We might take those connections for granted, but without them, nothing would function.
To successfully overmatch near-peer adversaries in the 21st century, the U.S. military requires decision advantage. Multidomain operations coordinate and bring to bear assets across all five domains of land, air, sea, space, and cyberspace. Information dominance—getting the right information from the right sensors or systems to the right decision makers at the right time—is the key to victory on the multidomain battlefield of the future.
Joint All-Domain Command and Control, JADC2, is the path the Department of Defense has mapped out to achieve decision advantage.
Facing renewed challenges from peer and near-peer adversaries, the U.S. Department of Defense is returning to a command and control concept embracing joint and allied operations with the added domains of space and cyberspace adding to the mission space. But while this reorientation appears to revisit older Cold War-era strategies on the surface, it is the end result of careful analysis by the Pentagon to make up for operational deficiencies and neglected capabilities from two decades of counterinsurgency-oriented warfare.
In the peer adversary conflicts the U.S. military must prepare for in the 2020s, dominating the electromagnetic spectrum—from D.C. to daylight—will be as important, if not more, than dominating at sea, on land or in the air.
“Freedom of action in the electromagnetic spectrum, at the time, place, and parameters of our choosing, is a required precursor to the successful conduct of operations in all domains,” states the U.S. Defense Department’s Electromagnetic Spectrum Superiority Strategy, rolled out last fall.
There is a virulent plague spreading across the globe, Homeland Security Secretary Alejandro Mayorkas warned earlier this year. But he wasn’t talking about COVID-19. Instead, he was referring to what he called “an epidemic that is spreading through cyberspace: ransomware.”
As Mayorkas pointed out: “Ransomware is not new. It has been around for years. What is new is the evolution of attackers’ methods ... and the increased frequency of these attacks.”
Whether supporting missions downrange on the battlefield or supporting citizens down the street when a natural disaster hits, the U.S. government needs secure communications that are easy to deploy and easy to use. This is not a new need by the U.S. Government—and current solutions for field deployable voice communications fall short in several key areas.
The global race to roll out fifth-generation, or 5G, wireless networks and supporting technologies is poised to revolutionize commercial communications and networking and offers the U.S. military the potential for secure, high speed ubiquitous networking.
When the pandemic struck last year, the Department of Defense directed many employees to stay home to help prevent the spread of disease and protect its workforce. The scale and speed of the transformation to remote teleworking was breathtaking. DoD had to massively ramp up bandwidth and deploy collaboration tools to millions of users across its global network within weeks—it was an accelerated march to the cloud.
When it comes to insider threats, defense and intelligence agencies shouldn’t worry so much about the next Edward Snowden. The biggest internal attack vector is the spy in your pocket: “You may think of it as a smartphone,” warns Bill Anderson, president of CIS Mobile, “but it’s really a portable surveillance device.”
“Defense and intelligence agencies need a solution that puts them in charge of the smartphones their people are using,” says Anderson. “Their people need the chance to enjoy the productivity gains those smartphones can bring.”
As the U.S. government migrates to cloud-centric networks, the need to protect them from rapidly evolving cyber threats increases. Network encryption remains key to this, as it protects the integrity of classified and sensitive data and keeps defenses a step ahead of adversaries.
As cybersecurity threats become more sophisticated, organizations need a way to quickly detect and stop an attack or track and analyze its after-effects for clues. One important tool available to cybersecurity analysts is deep packet analysis.
Deep packet analysis, or packet sniffing, is a data processing technique that allows organizations to monitor network traffic for signs of intrusion, and to block or reroute it if an attack is detected. But its most important feature is the ability to record data traffic, allowing analysts to conduct detailed investigations into the nature of a cyber incident.
Experts have issued fresh warnings to U.S. citizens over the enormous amount of sensitive, personal information being routinely captured and commoditized, and that this same information is being weaponized by the country’s adversaries. A panel at the recent AFCEA TechNet Cyber conference highlighted that data gathering by Facebook, WhatsApp and Google presents a significant risk to both individuals and the nation.
Over the last two decades, unmanned systems have evolved from relatively simple surveillance and reconnaissance to sophisticated and increasingly autonomous system-of-systems that are a key part of U.S. military strategy and tactics.
In what seemed like science fiction only a few years ago, artificial intelligence empowered unmanned systems teaming with manned platforms are shaping up as the path for future operations. The evolution of smarter sensors coupled with automated processing tasks now being performed right at the point of interest are also essential to this growth, which is now mature enough to allow more coordinated teamwork between manned and unmanned systems on the battlefield.
We live in perilous times. The COVID-19 pandemic has precipitated an unprecedented international economic contraction. A World Bank report in June called the COVID-caused global recession the most far reaching since 1870.
In particular, the defense sector faces an uncertain future. The pandemic is threatening to change the way Americans think about security and raise questions about U.S. defense spending—which significantly exceeds the combined defense budgets of all its adversaries.
Information management is an integral part of any military operation, and in today’s operations, technology is a common tool used to facilitate a shared understanding of intel. A growing trend for military bases is to install large format direct-view LED video walls in locations like command centers, control rooms and briefing rooms to show an integrated big picture of data feeds and video feeds critical to decision-making during the mission. As global cyber threats increase and the Department of Defense ramps up expectations for cybersecurity, the manufacturing location for any technology systems which send and receive signals is a forefront concern for equipment installations for the military and government.
To deal with the coronavirus pandemic lockdown this year, the Department of Defense had to massively and immediately ramp up remote teleworking capacity all across its global network. This forced march to the cloud—unprecedented in speed and scale—makes it imperative that the department also move to implement a new generation security architecture. Without it, the cyber attack surface will expand as the remote workforce and the tools they use become new vectors for adversaries.
Identity drives everything across the federal space, from the PIV-CAC cards staffers carry to massive defense projects involving huge budgets and diverse players. The federal identity landscape has evolved rapidly in recent years, with the rise of public and private clouds, DevSecOps and zero trust. But underlying architectures have not kept pace with these advances. Established agencies are still grappling with aging investments made over successive waves of innovation, going from one authoritative directory behind a firewall to a growing collection of attributes scattered across diverse repositories.
The COVID-19 pandemic has forced federal agencies and private businesses around the world to adapt to a new reality, one where most of their employees now work remotely and communicate virtually. This “new normal” imposes changes on how organizations protect and manage their networks, making chief information officers (CIOs) and chief information security officers (CISOs) adapt procedures
to operate in this new reality.
The “new normal” caused by the stay-at-home orders imposed during the COVID-19 pandemic reflects the current state of remote work and its security requirements, says Rob Carey, vice president and general manager for Public Sector at RSA.
Mapping and location finding technologies common to every smartphone are making their way to 911 emergency calls, letting first responders know exactly where to go and saving precious time that can be used to save lives.
These capabilities are emerging in what’s known as Next Generation 911, or NG911. They represent a fusion of mobile device applications and services that are being overlaid or built into these new emergency telecommunications systems that let police, paramedics and firefighters get to exactly where they need to be.