Military Information Technology GNEC Issue

EC LE N PP G SU Y UT M LL-O AR PU

IA EC SP

The Voice of Military Communications and Computing

T EN M

Network Constructor Lt. Gen. Jeffrey A. Sorenson

www.MIT-kmi.com

C4ISR July 2009

Chief Information Officer/G-6 Department of the Army

Volume 13, Issue 6

PRSRT STD U.S. POSTAGE PAID ROCKVILLE, MD PERMIT # 2669

Infrastructure Modernization ✯ Cloud Computing Security Technical Implementation Guides ✯ VoIP

✯ ✯

X-band SATCOM Virtualization Security

MILITARY INFORMATION TECHNOLOGY

JULY 2009 VOLUME 13 • ISSUE 6

FEATURES

COVER / Q&A Bringing VoIP to the Field As use of Voice over IP grows, the military and industry are developing and testing new ways to enhance utility, security and interoperability of the technology. By Tom Marlowe

Encyclopedia of Security

In the ongoing battle to protect Department of Defense networks, one of the bulwarks is a set of security standards and guidance documents known as Security Technical Implementation Guides. By Peter Buxbaum

X-band Advantage

Amid constraints in the supply of commercial C- and Ku-band space segment, DoD is looking to commercial X-band satellite communications to supplement the MILSATCOM fleet. By Adam Baddeley

25 Lieutenant General Jeffrey A. Sorenson Chief Information Officer/G-6 Department of the Army

DEPARTMENTS 2 Editor’s Perspective 4 People

The Cloud’s Unlimited Possibilities Through the cloud computing model of IT services, the military can better manage the unpredictability and dynamic nature of IT support to warfighter operations. By Lauren C. States

20 JTRS Update 22 Data Bytes 42 COTSacopia 43 Calendar, Directory

Modernization Program Delivers

Since its inception in 2006, the Army’s Infrastructure Modernization Program has been the most massive restructuring of information technology in the history of the military. By Jeana Cunningham

INDUSTRY INTERVIEW

Virtualization Arsenal Improved security and reduced costs are among the attractions for the military of this increasingly popular approach to utilizing computing resources.

44 Mike Bradshaw Director Google Federal

MILITARY INFORMATION TECHNOLOGY VOLUME 13, ISSUE 6

JULY 2009

The Voice of Military Communications and Computing EDITORIAL Managing Editor Harrison Donnelly harrisond@kmimediagroup.com Copy Editors Regina Kerrigan reginak@kmimediagroup.com Diana McGonigle dianam@kmimediagroup.com Correspondents Adam Baddeley • Peter Buxbaum • Scott Gourley Tom Marlowe

ART & DESIGN Art Director Anna Druzcz anna@kmimediagroup.com Graphic Designers Scott Morris scottm@kmimediagroup.com Anthony Pender anthonyp@kmimediagroup.com Jittima Saiwongnuan jittimas@kmimediagroup.com

ADVERTISING Account Executives Tabitha Naylor tabitha@kmimediagroup.com Dean Sprague deans@kmimediagroup.com Ted Ventresca tedv@kmimediagroup.com

KMI MEDIA GROUP President and CEO Jack Kerrigan jack@kmimediagroup.com Executive Vice President David Leaf davidl@kmimediagroup.com Vice President of Sales and Marketing Kirk Brown kirkb@kmimediagroup.com Editor-In-Chief Jeff McKaughan jeffm@kmimediagroup.com

If you can only improve what you can measure, as the saying goes, there is still a lot of work to be done in the area of information assurance/ cybersecurity. That’s one conclusion to be drawn from a recent report by the Department of Defense’s Information Assurance Technology Analysis Center (IATAC), titled “Measuring Cyber Security and Information Assurance,” which looks at the vexing question of how to objectively evaluate efforts to defend military and other networks. Although network defense depends critically on the ability to gauge security status in real time, the report makes clear, there is no universally recognized way to rate the success of that defense and how it changes over time and in response to different policies. To be sure, there has been progress, especially compared with a decade or so ago, when there was real debate over whether IA metrics would be useful or even feasible. These days there seems to be a consensus that measuring IA is a good idea, and indeed is essential in light of growing federal mandates in this area. Government, industry and academia have been working hard to develop measurement strategies, and a number of processes and frameworks have emerged to offer guidance. IA statistics can be combined into composite ratings, such as the Common Vulnerabilities Scoring System, to create an overall picture of security status. Automatic tools for IA measurement also exist, although more often as custom developments than commercially available products. The report concludes with a call for further efforts to advance the state of the art of IA measurement, including development of a standard set of definitions and common data formats. Particularly important for the military, it seems to me, will be to come up with real-time measures for immediate Harrison Donnelly diagnosis of intrusions and other security events. You can’t tell if harrisond@kmimediagroup.com you’re winning unless you can keep score. (301) 670-5700

Controller Gigi Castro gcastro@kmimediagroup.com Publisher’s Assistant Carol Ann Barnes carolannb@kmimediagroup.com

KMI MEDIA GROUP FAMILY OF MAGAZINES AND WEBSITES

OPERATIONS, CIRCULATION & PRODUCTION Circulation Specialists Dena Granderson denag@kmimediagroup.com Davette Posten davettep@kmimediagroup.com

Military Medical/ CBRN Technology

Geospatial Intelligence Forum

Military Logistics Forum

Military Space & Missile Forum

www.MMT-kmi.com

www.GIF-kmi.com

www.MLF-kmi.com

www.MSMF-kmi.com

Special Operations Technology

Military Information Technology

Military Training Technology

Military Advanced Education

www.MIT-kmi.com

www.MT2-kmi.com

www.MAE-kmi.com

MARKETING & ONLINE Marketing & Online Director Amy Stark astark@kmimediagroup.com Trade Show Coordinator Holly Foster hollyf@kmimediagroup.com

A PROUD MEMBER OF SUBSCRIPTION INFORMATION

SS m ra og Pr s M ate CO d O Up

All Rights Reserved. Reproduction without permission is strictly forbidden. © Copyright 2009. Military Information Technology is free to members of the U.S. military, employees of the U.S. government and non-U.S. foreign service based in the U.S. All others: $65 per year. Foreign: $149 per year. Corporate Offices KMI Media Group 15800 Crabbs Branch Way, Suite 300 Rockville, MD 20855-2604 USA Telephone: (301) 670-5700 Fax: (301) 670-5701 Web: www.MIT-kmi.com

World’s Largest Distributed Special Ops Magazine

Military Information Technology ISSN 1097-1041 is published 11 times a year by KMI Media Group.

SOF Leader Admiral Eric T. Olson

www.SOTECH-kmi.com

May 2008 Volume 6, Issue 4

Commander USSOCOM

Body Armor ✯ Image Analysis ✯ Weapon Suppressors Wearable Power ✯ CSAR with a Twist ✯ PEO Soldier

www.SOTECH-kmi.com

Alexander to Head Cyber Command Army Lieutenant General Keith B. Alexander, director of the National Security Agency and chief of the Central Security Service, is expected to become the head of the planned U.S. Cyber Command. The new command was announced by Secretary of Defense Robert Gates in a June memo to the Joint Chiefs of Staff, in which he indicated he would recommend that President Obama appoint Alexander

as commander. Cybercom will be responsible both for coordinating defense of military networks against cyberthreats, and for developing offensive cyberoperations. Alexander, who will also continue to serve in his current posts, is expected to be promoted to the rank of general. In a recent interview with MIT, Alexander observed, “Achieving the goal of cybersecurity will require the collective efforts of many across the government and private sector.” (MIT Volume 13, Issue 5, June 2009, page 25.)

p eop le Compiled by KMI Media Group staff

Navy Captain Sean R. Filipowski, who serves as division director, Computer Network Operations, Naval Network Warfare Command, has been nominated for appointment to the rank of rear admiral (lower half).

Officer, Office of the Secretary of the Air Force.

Regina E. Dugan has been selected as director of the Defense Advanced Research Projects Agency.

Office, Enterprise Information Systems.

Navy Rear Admiral (lower half) Janice M. Hamby, who has been selected for promotion to rear admiral, has been assigned as vice director of command, control, communications and computer systems, J6, Joint Staff.

of the Chief of Naval Operations, has been assigned as director, CJ6, Multi-National Force-Iraq.

Mark A. Floyd

mark.floyd@ safenet-inc.com

Lawrence B. Prior III

Maj. Mark Henderson Brig. Gen. Ronnie D. Hawkins Jr.

Air Force Brigadier General Ronnie D. Hawkins Jr. has been nominated to the grade of major general while serving as the deputy director, policy and resources, Office of Warfighting Integration and Chief Information

4 | MIT 13.6

Army Major Mark Henderson has been assigned as assistant project manager, Vehicular Intercom Systems, under the Defense Communications and Army Transmission Systems project office of the Program Executive

Air Force Brigadier General (s) Kenneth J. Moran has been assigned as director, Expeditionary Combat Support System Program, Electronic Systems Center, Air Force Materiel Command.

Lawrence B. Prior III has been selected as president and chief operating officer of ManTech International, where he will also serve on the board of directors. He had been serving as COO of SAIC.

Navy Rear Admiral (lower half) David G. Simpson, who has been serving as director, Navy Networks, N6N, Office

SafeNet Inc., a provider of information security, now affiliated under common management with Aladdin Knowledge

Systems‚ has hired Mark A. Floyd as chief executive officer. Floyd assumed a position that had been vacant since October 2006. Previously, he served as CEO of Entrisphere, a communications equipment provider; prior to that, he was the founder and CEO of Efficient Networks, a telecommunications equipment company specializing in Digital Subscriber Lines. Most recently, Floyd was a partner with El Dorado Ventures.

www.MIT-kmi.com

Secure Communications TACLANE ÂŽ-Micro (KG-175D)

TVE Desktop

Smallest, Lightest Tactical Network Encryptor

Multiple Levels of Security On a Single Computer

SectĂŠra ÂŽ vIPer â&#x201E;˘ Universal Secure Phone

SectĂŠra ÂŽ Edge Smartphone SME PED SIPRNET Access Whenever, Wherever

General Dynamics provides solutions enabling secure voice and data communication from the core of your network to the tactical edge. Our portfolio includes the smallest, lightest Type 1 network encryptor, software that allows users to view and access multiple security domains simultaneously from a single computer, the only VoIP desktop phone certiďŹ ed for Top Secret and below over commercial networks and the only NSA-certiďŹ ed SME PED Smartphone.

-YVT 5,;>692 [V +,:2;67 [V 05+0=0+<(3 s #ERTIlED TO 3ECURE )NFORMATION #LASSIlED 4OP 3ECRET AND "ELOW s (IGH 3PEED #OMPACT AND -OBILE s #OST %FFECTIVE 2EDUCES 3PACE 7EIGHT AND 0OWER 37A0 s %ASY TO 5SE AND INTEGRATE INTO EXISTING INFRASTRUCTURES s #OMPLIANT WITH 3TANDARDS (!)0%ÂŽ )3 3#)0 #RYPTO -ODERNIZATION s 3UPPORTED BY A 4ECHNICAL (ELP $ESK &OR MORE INFORMATION CALL OR 4YPE 5 EMAIL SECURE COMMUNICATIONS GDC S COM OR VISIT WWW GDC S COM SECUREPRODUCTS General Dynamics Secure Communications: We Bring You Whatâ&#x20AC;&#x2122;s Next.

Note: security classification labels shown on this equipment are for example purposes and do not reflect any actual classification; all information shown is unclassified. The SectĂŠra Edge was developed under the National Security Agencyâ&#x20AC;&#x2122;s Secure Mobile Environment Portable Electronic Device Program. ÂŠ 2009 General Dynamics. All rights reserved. TACLANE, SectĂŠra, vIPer and Edge are trademarks of General Dynamics. HAIPE is a registered trademark of the National Security Agency. All other product and service names are the property of their respective owners. Microsoft product screen shot reprinted with permission from Microsoft Corporation. General Dynamics reserves the right to make changes in its products and speciďŹ cations at any time and without notice. CNN web image courtesy CNN.

BY TOM MARLOWE MIT CORRESPONDENT MARLOWET@KMIMEDIAGROUP.COM

AS USE OF VOICE OVER INTERNET PROTOCOL GROWS, THE MILITARY AND INDUSTRY ARE DEVELOPING AND TESTING NEW WAYS TO ENHANCE UTILITY, SECURITY AND INTEROPERABILITY. Voice over Internet Protocol (VoIP) phones offer military units the where a commander can go into a field with a Global System for potential to deploy one network for data and voice communications, Mobile [GSM] cell phone and get into all of those networks. We are trystreamlining operations and saving money while providing versatile ing to show you can bridge the different networks that exist out there services. But although the Department of Defense has been using VoIP today with the equipment in the field. It doesn’t require the purchase technologies for five years or more, piecemeal adoption has left various of anything else; it’s just engineering,” he said. parts of U.S. military forces with different technologies. Matching DoD requirements, JUICE participants made use of a Because it’s imperative to make certain that those technologies session initiation protocol (SIP) that permitted translation between are secure and work well together, warfighters participate in exercises different networks. The exercise went well and callers successfully such as the Joint Users Interoperability Communications Exercise made calls between secure and nonsecure phones as well as phones (JUICE), held by the Army Communications-Electronics Command that delivered Voice over IP and those that didn’t. (CECOM) Lifecycle Management Command at Fort Indeed, the goal of reaching joint secure voice Monmouth, N.J. interoperability involved the use of radio over IP, The latest exercise, which occurred in June, examcellular, GSM, Iridium, Voice over secure IP (VoSIP), ined how to manage various communications techVoIP, GSM, and the Defense Red Switch Network nologies and thereby make phone calls from one kind (DRSN). of device to another, according to John Caruso, chief of “We had an IPv6 session going on with real IPv6 the Executive Agent for Theater Joint Tactical Networks addresses, not contrived ones. We had an up-and-run(EA-TJTN). ning IPv6 network, and we did voice, data and video “It takes a look at the operational gaps that exist in over it, which has probably never been done before. the field and the shortfalls out there,” Caruso said of We had IPv6 encrypters,” Caruso reported. JUICE. “We basically put together a network and make CECOM will generate a final report with empirical sure we have the right mix of communications to take a data on communicating across those technologies. John Caruso look at some of these gaps. It’s a real-world network. It Caruso and his team will identify technologies that has real-word services just as if it were deployed, and we may be useful in bridging those gaps and thus require put together pieces of it replicating issues and problems in the field to certification from the Joint Interoperability Test Command (JITC). EAtake a look at technologies, techniques and procedures.” TJTN will build upon those results for next year’s exercise to provide an This year, JUICE focused on supporting the warfighter in NATO evolution in the exercise scenario. and coalition forces and addressing communications gaps across Some of the most interesting results come from unplanned facets various technologies as well as testing interoperability between of JUICE. For example, this year’s exercise involved forces from the members of Joint Task Forces. Within those areas, JUICE examined regular Army, Navy, Marine Corps and Air Force, as well as from the power requirements and beyond-line-of-sight systems. VoIP phones, National Guard. The National Guard used Army radios to communiin particular, have power requirements above and beyond traditional cate, which was an unanticipated wrinkle in the exercise. But it went telephones. smoothly, and participants were encouraged about their capability to “One of the gaps that existed is that a commander goes into the bring others into the exercise. field and has six different phones sitting in front of him. Who you are “The theme this year was bridging the gaps. We will probably look talking to depends on which one you pick up,” Caruso described. at that again next year, but we will expand JUICE even further to bring “We put together a network with the cooperation of a lot of people, in more of the civil support people,” Caruso said. 6 | MIT 13.6

www.MIT-kmi.com

ISLANDS OF COMMUNICATION

requires vendors on its approved products list to implement new requirements periodically and to retest those products at the JITC to One of the approved technologies that JUICE made use of was the ensure that they can withstand a host of threats. TRANSip IP telephony technology suite, which is a full VoIP solution “When you think of your PC being connected to the network, you that provides interoperability between time division multiplexing have the risk of viruses or being brought down by a denial-of-service (TDM) and IP technologies from REDCOM Laboratories Inc. attack. The same thing applies to a VoIP switch,” Gueldenpfennig REDCOM has taken great care in the development of its products explained. to make certain that it does not leave communications gaps between JITC thus tests the information assurance of products periodically those using new and old equipment, according to to see that they meet security and reliability requireDinah Gueldenpfennig, REDCOM vice president of ments for warfighters. planning and government program administration. “One of the problems is that these kinds of threats “IP is a highly desirable technology due to its crop up at a really fast pace,” Gueldenpfennig said. “Every ability to transmit everything over one medium,” time there is a new threat, the requirements change to Gueldenpfennig stated. “VoIP is also still a push make sure that threat is mitigated. Whenever you go to technology. It has a lot of nice features, but you still JITC for testing, you have to meet those latest requirehave a lot of legacy equipment that is in use, and you ments. It takes a considerable amount of time to get cannot simply rip out and replace immediately. Part that accomplished. One of the challenges of this process of that is due to costs but it’s also due to logistics. is getting the product to the customer in a timely fashImagine somebody that is in theater with an effort ion.” going on and then he’s told he has to change out his In agreement with the need to get through the JITC Dinah Gueldenpfennig equipment.” in a timely fashion is Ed Bursk, who heads government So while VoIP offers a leap forward in communibusiness development for Nokia Siemens Networks. cations capabilities, warfighters must also continue “Nokia Siemens Networks has a long history of supportto communicate with those who do not have VoIP. ing U.S. government telecommunications and networkREDCOM’s switches with TRANSip, a technology ing, in over 100 sites, worldwide,” Bursk said. “Bringing that provides VoIP and TDM combined, enables key solutions through the JITC is essential—to us as a military users to place calls “from the foxhole to the partner to government to prove out government-specific Pentagon,” Gueldenpfennig said. capabilities, as well as to the government to assure the The use of such a technology eliminates the need security of our solutions. For an example, we’re now for everyone along a single line of communications bringing our next generation voice/video/data soluto upgrade to the same device, she added. “You don’t tion for DISA, Air Force, Army and more—including a want to do a rip and replace. It’s easier if you provide a multi-function softswitch and a local session controller product that you can adapt as you transition from one per DISA’s Unified Capabilities Requirements spec—into Ed Bursk technology to another without abandoning islands of the JITC, to show both LSC and MFSS with Assured one type of technology so you preserve your investServices SIP, for VoIP, video and data end-to-end across ed.bursk@nsn.com ment.” the network.” In addition to providing versatile and rugged The Nokia Siemens Networks solution overlays existhardware, REDCOM supports its products with ing TDM-based sites with Nortel, Siemens and other secure applications such as secure conferencing. switches seamlessly and enables reliable wide-area comThe company is participating in the AS-SIP pilot munications for voice, video, conferencing and collaboraprogram with the Defense Information Systems tion apps. The company is working closely with DISA on Agency (DISA) to test implementation of assured its next generation of networking services, Bursk noted. services SIP. AS-SIP meets requirements for estabDEFENSE SWITCHED NETWORK lishing communication with resource priorities, ensuring system and network access and control, The capabilities for using VoIP come from the and providing precedence and pre-emption policies Steven Derr switches installed on the Defense Switched Network to assure connectivity for command and control. (DSN) as well as the DRSN. For as long as those networks “While the goal is full interoperability and consteve.derr@nortelgov.com have been in existence, DoD has relied heavily on connectivity, there are islands of communication that are tractors such as Nortel. Voice over secure IP, that are not directly connected DISA hired Nortel to deploy a six-Multi-Function Switch backbone to the Defense Switch Network,” Gueldenpfennig said. “We have an for the DSN in preparation for the eventual transition to VoIP. Of the advanced VoSIP gateway application where you can make a call from one 22 sites selected for upgrade to Multi-Function Soft Switch capability, to another. It allows a user on a SCIP device in a legacy TDM network Nortel is currently providing voice service to 21 of them (with Nokia such as the DSN to dial a black number and speak securely to a classified Siemens Networks providing the other), said Steven Derr, vice presiVoSIP user.” dent of engineering for Nortel Government Solutions products. The JUICE exercise demonstrated those capabilities, enabling The first phase of the VoIP work occurred from 2004 to 2008, Derr users to conduct end-to-end interoperable command and control comnoted, where stakeholders developed the unified capability requiremunications across a variety of networks and standards. ments for DoD, resulting in the publication of the requirements in But VoIP brings with it challenges of security and reliability. DISA www.MIT-kmi.com

MIT 13.6 | 7

December 2008. DISA, Nortel, Siemens and others like Cisco participated in the four-year study to develop the unified capability standards, Derr remarked. From there, the project has entered the second phase, where deployment of the multi-function soft switch backbone occurs. Companies like Nortel are in the process of responding to requests for proposal to carry out that work. Derr anticipates contract awards in the third quarter of 2009 and implementation to occur through the final quarter of 2009 through mid-2011 to the 22 sites. A small number of sites would be upgraded initially, with multi-vendor participation anticipated, according to Bursk. The third phase of the project runs through 2015, whereupon all VoIP infrastructure should be installed and operational for the Army and Air Force. Defining the requirements for the project and preparing for its execution have posed unique issues, Derr noted. “The first challenge was being able to replicate the military-unique functionality that exists today in TDM. There was no way to do it in Voice over IP.” So DoD, Nortel, Nokia Siemens and others worked together to develop a standard signaling protocol based on SIP for assured services. Traditional assured services provide multi-level precedence and priority where users can preempt and override phone calls in a TDM environment based on privilege class, Derr said. Assured services SIP does the same thing for military users. With that breakthrough, warfighters are poised to take advantage of things VoIP can do easily that old TDM networks could do only with difficulty. For example, “Somebody could be out there on a very low-bandwidth satellite link and they are trying to report information back,” Derr offered. “Think of special operations forces on the edge. All they have is a low-bandwidth tactical link that they can set up once in a while. They send some information and have a quick conversation and then they have to move and ‘get out of Dodge’ and do something else so they don’t get caught. That’s the ultimate edge of the tactical network. “Those guys want to have a single unified client where they can communicate in whatever means that their bandwidth and network connectivity will allow,” Derr stated. The Nortel Application Server 5300 provides warfighters with a single client that can handle instant messaging, video, VoIP and other needs, thereby eliminating the need for multiple pieces of equipment to fulfill a single task of communicating forward information or providing situational awareness, Derr commented. The Nokia Siemens Networks Nil NGN solution provides integrated voice, messaging, video and data transfer capabilities from the desk to the field and back, with assured services end to end. In places where bandwidth isn’t an issue, for example at a major base, users can take advantage of readily available features such as instant messaging and Web collaboration within a robust environment, Derr added. While all of these operations have gone very well to date, Derr acknowledged that there have been some challenges about security in the future as IPv6 takes root in defense networks. A number of things must occur for a secure transition to IPv6, but no agencies are receiving dedicated funding to budget for the transition. “Nobody has an IPv6 transition budget to execute against, yet we keep having to develop and implement against the IPv6 RFCs that are out there in order to meet the JITC requirements,” Derr said.

8 | MIT 13.6

DOD CALLING A VoIP call requires a device to make that call, and developers such as General Dynamics have been stepping up to the plate to provide such phones. The Sectéra vIPer Universal Secure Phone is one of the top performers in VoIP communication devices. “One of its distinguishing factors is that in addition to Voice over IP, it acts as a universal phone. As organizations migrate to Voice over IP, they also have the capability to operate on the conventional PSTN network with a single phone. The user can convert the device over to Voice over IP when their organization converts to Voice over IP,” said Tom Liggett, business area manager for voice products at the Information Assurance Division of General Dynamics. The vIPer phone has the latest National Security Agency Type-1 cryptography in it, which makes it a superior option to legacy devices like the STU-3 phone, Liggett said. Indeed, as NSA continues to push forward with enhanced cryptography standards, Liggett noted, vIPer can implement upgrades to those standards easily as it makes use of software-based cryptography. vIPer also ensures interoperability with other communications devices on various networks, Liggett said. The phone interoperates with secure terminal equipment (STE) products, general cellular networks, and the Sectéra Edge secure smartphone, among other devices. And it does so with the highest security standards. “The vIPer phone provides end-to-end secure communications, which is a unique capability,” Liggett noted. “The voice conversation is completely encrypted from one end-device to another device. There are certain enclaves within the Defense Red Switch Network right now where that’s not the case. You might have an enclave of cleared telephones, and you might encrypt a link between your building and another building, but there is still a portion of that path where the voice communication is not encrypted. With the vIPer, you get complete encryption from end to end, so it allows another layer of security.” General Dynamics also focused a lot on voice quality in the development of its vIPer phone, Liggett said. That’s particularly important to tactical warfighters in low-bandwidth environments. “These devices go into a lot of environments where they might be ultimately operating over a SATCOM link or low-bandwidth links. There are a lot of aspects of the design that we went through to ensure good voice quality over these tactical networks,” he commented. The vIPer phone is also SIP-capable, making it ready for use over the VoIP switches to be deployed on the DSN, Liggett observed. General Dynamics is participating in the interoperability testing to ensure reliable communications over the new switches. Once the VoIP switches have been rolled out, all military agencies can take advantage of cost savings associated with VoIP, Liggett said. “Currently, networks are somewhat mixed. With analog phones in an organization, a different organization is typically maintaining your phone system than your computer network. One of the big advantages with Voice over IP for both clear communications and secure communications is that you can now have a single IT organization that administers your entire network,” Liggett stated. “As you add the security overlay into that, you can expand that network into secure areas and take advantage of the cost savings of Voice over IP,” he concluded. ✯ Contact Editor Harrison Donnelly at harrisond@kmimediagroup.com. For more information related to this subject, search our archives at www.MIT-kmi.com.

www.MIT-kmi.com

WHEN EVERY SECOND COUNTS BLUE FORCE TRACKING—HIGH CAPACITY Assured, secure communications. Anytime, anywhere. On the battlefield when our soldiers need reliable situational awareness information fast, they turn to Comtech. Our new Blue Force Tracking – High Capacity (BFT-HC) transceiver builds on our battlefield proven network experience to provide the Military with a flexible, forward leaning communications platform that seamlessly integrates with all existing BFT systems while providing very high data rates and increased capacity to support future missions. Comtech’s evolutionary product development process coupled with advanced technological breakthroughs give leaders the most cost effective path towards guaranteeing our soldiers receive the very latest communication capabilities—today and every day—because every second counts.

Transceivers

Network

Ground Stations

For more information please call 240-686-2113 or visit comtechmobile.com

Your Mobile Communications Experts

Encyclopedia of Security TECHNICAL GUIDES AND STANDARDS HELP AGENCIES PROTECT DEFENSE NETWORKS, AND COMPANIES ARE EAGER TO ASSIST WITH COMPLIANCE. In the ongoing battle to protect Department of Defense networks, one of the bulwarks is a set of security standards and guidance documents that collectively could be called an “encyclopedia of security”—the Security Technical Implementation Guides (STIGs) developed by the Defense Information Systems Agency (DISA). In a nutshell, DISA STIGs are the configuration standards for hardening DoD information systems and devices. There are STIGs on dozens of information system and networking components and on thousands of vulnerabilities, covering topics from application security, biometrics, databases and desktop applications to enterprise resource planning, instant messaging, network infrastructure, operating systems and wireless communications. Complying and tracking compliance with STIGs can be a daunting task for defense organizations, however. In response, a number of companies have stepped forward to offer products and services that can help agencies stay on top of these demanding but essential tasks. The STIGs are released under the authority of DoD Directive 8500.1, which requires that “all information assurance and IAenabled IT products incorporated into DoD information systems shall be configured in accordance with DoD approved security configuration guidelines.” The directive tasks DISA to “develop and provide security configuration guidance for IA and IA-enabled IT products in coordination with the director of National Security Agency.” “The DISA STIGs are key to establish10 | MIT 13.6

ing a repeatable secure baseline for defense and industry computing devices and applications,” said Colin Corlett, president of Excentium, which provides information assurance management services. “Initially, STIGs were available only for standard operating systems and databases. Recently DISA has focused its attention on developing standard guidance to establish baseline security for applications.” “STIGs reflect DISA’s desire to provide prescriptive guidance on how to use common COTS software and configure it to remove the default settings and move to a higher level of security,” said Sean Sherman, a senior compliance architect at Tripwire, which provides configuration control services. “The STIGs provide the nuts and bolts on how to check configuration settings. DoD has so many systems in the field, and their users need consistent security advice.” The STIGs are increasingly seen as the gold standard for information system security and have been gaining momentum outside of DoD, both in the private and public sectors. “Organizations trying to get government contracts often need to comply with the STIGs just to get a foot in the door of federal agencies,” said Tom Bain, manager for marketing and corporate communications at Application Security, a provider of database security solutions. State government agencies are also starting to get into the act. “The state of Alabama uses a number of DISA STIGs as the basis for their own statewide IT security policies and standards,” said Tony Pompliano, chief executive officer of Refense Technologies, a provider of vulnerability and compliance management solutions. “We expect this trend to continue

BY PETER BUXBAUM MIT CORRESPONDENT BUXBAUMP@KMIMEDIAGROUP.COM throughout government and private enterprise.” DISA has found the STIGs to have been well accepted. “For the most part, the feedback has been very good,” said Terry Sherald, chief of the agency’s information assurance standards branch. “Systems administrators like the STIGs, they want to use them, and they see their value. When we are developing or updating a STIG, we allow the community to comment after we have written a draft.” “There is a need being satisfied here,” added William Keely, DISA director of field security operations. “The STIGs give systems administrators some level of assurance that they are doing the right thing even if they do not always agree with the STIG in every detail.”

BEYOND MANUAL Not surprisingly, the process of evaluating operating systems, databases, Web servers and applications can become unwieldy with manual methods alone. “Although manual methods are still key to a complete security evaluation,” said Corlett, “automated tools have become necessary in today’s world of fast-paced and agile development.” There are a number of tools available on the market today that automate what was traditionally a manual auditing process to verify compliance with various STIG and other standards. “When an engineer is tasked with verifying that a network device is properly configured according to a security standard, he has to manually log in to that device and look at the configuration field to confirm that it is configured in the way the STIG requires,” explained www.MIT-kmi.com

Pompliano. “That manual process can take a well-skilled engineer an hour or two per device. Not only is this labor intensive, but it is also difficult to achieve a high degree of accuracy because people doing the audits are the same people who configured the device to begin with.” One of the products Excentium uses to evaluate the security baseline and STIG compliance of database applications is Application Security’s AppDetective product. “The product incorporates the configuration requirements identified in the database STIG,” said Corlett. “By using this product we have been able to reduce the evaluation time from a minimum of one day to a couple of hours.” DISA’s database STIG requires an indepth review of users, roles and privilege assignments, and mandates a process Sean Sherman to approve those privileges. Application ssherman@tripwire.com Security helps organizations comply with the database STIG and the specific requirements provided for Microsoft SQL Server, Oracle and IBM DB2. “Manually assessing the security posture of a database is a complex task that requires expertise and significant resources,” said Josh Shaul, the company’s vice president for product management. “Manually measuring and demonstrating compliance with industry and government regulations is Tom Bain even more difficult.” The Application Security product tbain@appsecinc.com works “by scanning the target database for vulnerabilities and misconfigurations, and then providing reports on the findings,” explained Shaul. “AppDetectivePro contains scan policies, or templates, specifically for the DISA STIG. The findings generated from the scan are presented in a format that makes it easy for organizations to assert compliance with the STIG.” The operating system STIG sets requirements for such things as access William Keely control, file permission, user accounts, and session management. Trusted william.keely@disa.mil Computer Solutions provides software that assess compliance with the STIG and provides fixes for operating systems such as Linux, UNIX and Solaris. “Operating systems like Linux and UNIX have evolved tremendously in the last 30 years to include a myriad of configuration fields,” said Jamie Adams, a senior secure systems engineer at Trusted Computer Solutions. “There are 340 line items in the UNIX STIG alone,” added Sherryl Dorch, vice president of marketing at Trusted Computer. “The default settings for Red Hat Linux 5.2 shows 54 discrepancy indicators with respect to the STIG, many of them significant. It would take a system administrator a lot of time to get in there and maintain the level of security required by the STIG.” www.MIT-kmi.com

“The STIG and checklist don’t always tell you how to configure the system in compliance with the STIG,” said Adams, “so you then have to dig into research to find out how to do that.” Trusted Computer’s Security Blanket product automates both the compliance assessment and the proper configuration of the system. The network infrastructure STIG is designed to assist in meeting the minimum requirements, standards, controls and options that must be in place for secure network operations. The document includes sections providing the minimum requirements for enclave perimeters, firewalls, routers, device management, authentication, authorization and accounting, passwords, network intrusion detection, switches and virtual local area networks. Tripwire’s network infrastructure product works by installing a software agent on each device, rather than on switchers and routers, explained Sherman. “The software makes sure that the STIG requirements are complied with,” he said, “such as making sure that passwords are of the required length and that users are locked out after entering three incorrect passwords.” Switchers and routers are monitored by the Tripwire product from servers. Running Tripwire first generates a report on changes on the system. It checks configurations of devices against the relevant DISA STIG checklist and generates a report showing “whether you are compliant with the STIG or how far off you are from compliance,” said Sherman. “DISA STIGs, along with VMware virtualization, are helping to provide a reliable and predictable set of processes and tools to efficiently

;f pfl _Xm\ k_\ @8 ZXgXY`c`kp kf Zfekifc e\knfib XZZ\jj6

8idp$Xggifm\[ jfclk`fe ]fi gfik$YXj\[ E\knfib 8ZZ\jj :fekifc

C\Xie dfi\1 nnn%]fi\jZflk%Zfd&;f;

MIT 13.6 | 11

and effectively manage DoD IT environments,” said David Hunter, In addition to these STIG-compliance activities, Refense can also chief technology officer for VMware Public Sector. “Starting with virscan networks for newly announced vulnerabilities. “With each of tual machine images whose base operating systems and these examples, Refense not only completes the audit applications have been configured and validated to STIG task much more quickly than a human could, but requirements, administrators can simply deploy new also does so with greater accuracy,” said Pompliano. VMs as required, using a standard master image. “In large organizations such as military branches that “VMware enables these master images to be modihave tens of thousands of network devices deployed, fied as STIG requirements change, and then transparsearching out these vulnerabilities and ascertaining ently deployed to end-users. Inventory management configuration postures would otherwise be akin to control and deployment applications such as vCenter looking for a needle in a haystack.” Lab Manager and Stage Manager environments can keep MOBILE GUIDES track of which VMs are deployed where and to which STIG version they comply. This can easily be done by Tony Pompliano DISA’s STIG for Windows Mobile Messaging, using standards such as the DMTF’s Open Virtualization which provides guidelines for DoD for the installaFormat to ensure compatibility across multiple virtualapompliano@retense.com tion, configuration and operation of non-BlackBerry ized environments,” Hunter added. mobile e-mail systems, was recently updated to VULNERABILITY MANAGEMENT include device support for Microsoft Windows Mobile 6.0. Requirements in the STIG include standards for The Refense VMS (vulnerability management soluBluetooth security, authenticated login procedures, tion) also assists in complying with the DISA network and standards for required actions in case of the loss infrastructure STIG by comparing the configuration of of the device. network devices against the security policies detailed in Trust Digital, a company that provides mobile the STIG and isolating misconfigurations and known phone security products and services, has develvulnerabilities. oped mobility management software specified for “Refense VMS mimics the tasks performed by an compliance with the wireless STIG. In addition, information assurance officer,” said Pompliano. “The Trust Digital’s Bluetooth smart card reader, which Josh Shaul solution includes a level of intelligence that is basically enables access to mobile devices using the DoD akin to human auditors. The process takes a few seconds common access card, was also recently certified for each device instead of an hour or two if done manually.” for two-factor authentication. For example, Refense audits compliance against STIG requireDeveloping a STIG for Windows-based smartphones allowed DoD ments for routers. “The DISA STIG requires complex checking that a secure alternative to the formerly exclusive use of BlackBerry devices if done manually would take some time and would be prone to high within the department for mobile e-mail and messaging applications, error rates,” said Pompliano. according to David Goldschlag, Trust Digital’s executive vice president One STIG specification for routers requires that the router adminfor corporate strategy and technology. istrator restrict the premise router—the router connected to the “What DoD needed was a system that would provide enterprise upstream network provider—from accepting any inbound IP packets control and visibility,” Goldschlag said. “Because there is no thirdhaving a source field from BOGON or Martian IP addresses. “These party network operations center,” as is the case with BlackBerry mesBOGON and Martian lists are maintained to track unallocated or saging, “and messages stay within a native network operations center, reserved IP address space,” explained Pompliano. “Router administraclassified message incidents are mitigated, giving DoD and other tors would have to check this list and compare the IP address space federal agencies tighter control of information, as well as enhanced with their access control lists on their premise routers to ensure that auditing capabilities.” the access control lists match the current list.” The STIG for mobile devices provided guidance on how to deploy Another router requirement is for information assurance officers and use mobile Windows devices. “What the STIG did is to provide a to ensure that denied attempts to any port, protocol or service is blueprint for DoD buyers. It goes to a level of detail on what implemenlogged. “This would require that the information assurance officer tation of smartphones looks like and how they are to be configured,” or network administrator check every line of every access control list said Goldschlag. to ensure that logging is enabled for that entry,” said Pompliano. “If Among other things, the STIG requires that only phones with upthe devices have hundreds or even thousands of entries on the access to-date software and operated by the authorized individual be allowed control list, this can take some time to complete.” access to the network. It also provides standards for synchronizing the In addition, Refense can also analyze firewall rules to ensure a pare-mail available on smartphones with the command’s Exchange e-mail ticular rule is in place to block an IP range that is prohibited access to server. “One of the required components is the Trust Digital mobile DoD computers and systems. “There are multiple STIG requirements security management system,” said Goldschlag. that network managers restrict RFC 1918 IP addresses on the netThe tools used to help organizations comply with the STIGs are work,” said Pompliano. “An engineer would need to review all firewall designed to evaluate compliance and diagnose problems, but not to fix rules and access control lists to ensure that statements are present that them with the application of software. DISA does issue software fixes block these IP addresses.” aimed to do just that. Tripwire’s Sherman cautions against jumping to RFC 1918 IP addresses are those that have been designated for actually running those scripts, however. private use. “The DISA utilities can be used to harden a server for you,” he said, 12 | MIT 13.6

www.MIT-kmi.com

HMS now includes the AN/PRC-154 Rifleman Radio – to seamlessly connect every rifleman to the combat network, enabling voice and data communications for better decisions, safer environments and mission success at the very edge of the battlefield. Designed to bring secure intra-squad communications to the tactical edge, this handheld enables Team and Squad leaders to track and assess riflemen GPS locations and other vital situational information. And because it’s HMS, it meets real JTRS requirements now and provides the capabilities needed today.

Ready. Real. Required.

For more information, visit www.gdc4s.com/riflemanradio

“but in the real world the STIG is a baseline prescriptive standard.” The only current tools that DoD and DISA develop to automate The reality of information systems is that they are complex, and the remediation of vulnerabilities are the Gold Disk and SCRI. In configuring a server by running a DISA script could have unintended both cases there is published guidance encouraging the users to consequences. “It is possible to configure an operating system so validate remediations in a lab environment prior to applying fixes to that applications won’t run,” said Sherman. “If you blankly apply the production systems. scripts as produced by DISA you might find yourself in ACCESS CONTROL an uncomfortable position. Our product goes in and checks server systems to see if it matches what the The STIG addressing network access control (NAC) DISA checklists prescribe. That is where our product provides processes for identifying, authenticating and makes its play.” authorizing access to protected assets and presents Trusted Computer Solutions takes a different a methodology for selecting and integrating access approach, by also providing the fix to the operating syscontrol solutions. The key feature of the NAC STIG tem configuration problems it covers. “From feedback is a multilayer approach that places great emphasis from customers, we understand that they want to know on controlling traffic at switch ports internal to the exactly what we are fixing,” said Adams. “Our product network rather than on perimeter control. provides them with that information.” ForeScout Technologies offers a product called But Adams agreed with Sherman that the impact of David Goldschlag CounterACT CT-1000 to address the requirements the STIG fixes on applications is unknown, until they are actually tested. That is why the Trusted Computer dgoldschlag@trustdigital.com for port-based access control outlined in this STIG. CounterACT is the only approved network access product comes equipped with an “undo” function that control solution on the U.S. Army Information Assurance Approved restores all the configuration fields and values to where they were Products List. before. “If you can’t get your applications to work with the STIG conCounterACT is a switch-agnostic network appliance that provides figurations, you have to apply for a waiver,” Adams noted. real-time visibility and control over port-based access requests. It From DISA’s perspective, the STIGs have made their marks and will addresses the key criteria of the STIG, verifying that both the comcontinue to do so. “They have become the foundation to a lot of security puter and the user have authorized access and that the computer processes within DoD,” said Keely. “They are foundational to our operaconfiguration is compliant with security standards. tions, and their importance continues to increase.” “When a device connects to the network, CounterACT will see and identify the device and the user,” explained Don Byrne, ForeScout’s federal director. “It will determine if the device is properly patched, whether its anti-virus is up to date and whether it is otherwise compliWhat kinds of Security Technical Implementation Guides ant with requirements.” (STIGs) are we likely to see in the future? As technology If CounterACT identifies a problem with a device, the system continues to develop, the Defense Information Systems administrator can take appropriate action: update the anti-virus softAgency (DISA) plans on issuing STIGs to cover them. ware, integrate with a patch management solution, or issue a comVirtualization of everything from data centers to operamand to shut down the switch port to prevent an unauthorized access tions centers to applications will require the development to the network. of a new STIG to cover those, according to Dave Hoon, a CounterACT works whether or not a network has implemented contractor supporting the DISA IA standards branch for Protocol 802.1x, a network access standard promulgated by the IEEE. EDS, an HP company. Few DoD systems have implemented this protocol, Byrne noted, A STIG covering virtualization, streaming technologies although other network access solutions require 802.1x compliance and cloud computing will likely be “the thrust of DISA’s in order to work. efforts in 2010 and 2011,” he said. “The requirement that the DISA STIG identifies is basically two“We also need to look at platforms that provide applicafold,” added Steve Cooper, a former chief information officer of the tions as a service,” he added. “As data is increasingly stored Department of Homeland Security who is currently a partner and in virtualized environments, we need to develop requirefounding member of Strativest. “First it says, ‘Network ports should be ments for the separation, storage and transport of data as both physically and logically secured to prevent unauthorized access well as for access controls. We need to make sure that the to the DoD enclave.’ It goes on to say, ‘Both unclassified and classicommercial entities providing these services meet the same fied networks require the implementation of a logical network port requirements as DoD in their own environments.” security solution.’ Many of these requirements are already addressed in “Basically the requirement says device access must be controlled existing STIGs, such as the one addressing network infraat the switch port. Not all NAC solutions are alike, so you need to structure, but, as William Keely, DISA’s director of field be sure that if you are implementing an NAC solution, it meets this security operations, noted, the increasing utilization and fundamental requirement outlined in the STIG,” Cooper said. ✯ complexity of virtualized environments makes it necessary to refine the requirements and bring them together in a Contact Editor Harrison Donnelly at single document.

STIGs for the Future

harrisond@kmimediagroup.com. For more information related to this subject, search our archives at www.MIT-kmi.com.

14 | MIT 13.6

www.MIT-kmi.com

Two constellations of satellites are providing commercial X-band satellite communications to the U.S. government. [Images courtesy of XTAR, Paradigm Secure Communications]

DOD LOOKS TO COMMERCIAL X-BAND SATELLITE COMMUNICATIONS TO SUPPLEMENT THE MILSATCOM FLEET. BY ADAM BADDELEY MIT CORRESPONDENT BADDELEYA@KMIMEDIAGROUP.COM As the U.S. defense and intelligence community have substantially increased their reliance on commercial satellite related services in recent years, the supply of commercial C- and Ku-band space segment has gone from plentiful to severely constrained. This has sparked new interest in commercial X-band and Ka-band coverage as a better approach to supplementing the MILSATCOM fleet. “The global Ku- and C-band markets have become very expensive, and there is now substantial interference in those bands affecting our government customers. That is why CapRock started to look at X-band and Ka-band as viable options for meeting our customers’ requirements,” explained David Cavossa, vice president of operations at CapRock Government Solutions. This prompted CapRock to sign a multi-year, multi-transponder agreement last December with commercial X-band provider XTAR. “That deal was the largest U.S. sale in commercial X-band,” Cavossa explained. “In March, we announced that we had signed up customers from the intelligence community and from the Department of Defense. We’ve got additional customers in the pipeline who will start moving toward X-band this year or next.” The contracts referred to by Cavossa were multimillion-dollar agreements to provide more than 200 MHz of commercial X-band satellite services to two U.S. government agencies. The satellite services will utilize the XTAR-EUR and XTARLANT satellites, which are reserved exclusively for government and military applications.

The contracts represented two of the largest single awards of commercial X-band satellite services, and came just two months after CapRock’s government solutions division unveiled the industry’s first commercial X-band managed service offering. To support the missions of its government clients, the company has made significant investments in X-band teleport infrastructure and satellite capacity, signing a strategic agreement with XTAR that includes multiple transponders on its X-band fleet. A number of factors have led DoD to increase its take-up of this SATCOM frequency, Cavossa said. “Until recently, X-band was considered too expensive. I’ve seen the price for Ku-band as high as $8,000 per MHz, but X-band is more competitively priced. The supply rates on global Ku-band are in the high 80s or low 90s, so there is very little Ku-band available. With so many users packed into such a small amount of space, the price gets driven up and there is limited flexibility and availability.” X-band has a number of inherent advantages, noted Andrew Stanniland, business development director for Paradigm Secure Communications, which provides such services for NATO and recently began offering capability to the U.S. DoD. “X-band is very useful for a number of reasons,” he said. “There are many X-band terminals out there, and once you have them you want to use them. They are also very expensive to buy compared to the nearest equivalents in the commercial world, which is an incentive for people not to switch frequencies unless they absolutely have to. “Also, you don’t have to retrain personnel because they have used the kit already. And because there are fewer X-band users around the world, even if you don’t have a hardened military satellite, you get some level of protection just through the rarity of it, which is interesting to the military user,” Stanniland added.

Using the available X-band bandwidth is dependent upon having terminals on the ground. [Photo courtesy of L-3 Communications]

www.MIT-kmi.com

MIT 13.6 | 15

SATELLITE ALLIANCE

ment for the current Commercial Wideband Satellite Program (CWSP) contract. Through this, SPAWAR will procure commercial capacity and other services on an ID/IQ basis. The space segment comprises C, Ka and Ku SATCOM, but unlike CWSP, the new program will also include X-band as part of the solution. “We view that as a very positive step and an acknowledgement that commercial X-band has a similar role to the other commercial bands in helping DoD, and in this case the Navy, meet mission requirements,” Schmidt said. “We are not submitting a response as a prime contractor, but we have provided support to all the prime teams that requested X-band. The Navy anticipates making an announcement soon.” Looking to the future, Curtin believes government demand for an end-to-end managed service offering in which X-band will be used is growing, “We are working with a number of companies to establish that kind of service. We see it as a real value added to the user in the sense that the user can focus on their core mission and the communication provider will focus on what their mission is, and that is to provide these communications links when and where they are required.”

U.S.-based XTAR is one of two companies offering commercial FSS X-band to the U.S. government. It is owned by Loral Space and Communications and a Spanish company, Hispasat, at a 56:44 ratio. Two satellites are in the constellation. One is owned by XTAR and the other is Spanish-owned, with XTAR owning an independent payload on it. “As a commercial provider of X-band, we like to be thought of and to be treated like any other commercial provider, whether it is Ka, Ku, L, S or any other band,” said Denis Curtin, XTAR chief operating officer. “We have coverage from Denver, east to Indonesia with dual coverage of Africa, Europe and the Middle East. We have excellent coverage of Afghanistan, Pakistan and those areas of interest today. “We are providing services both to U.S. government departments, including DoD and other agencies, and a variety of ministries of defense and other government agencies in Europe. It shouldn’t be any surprise that the majority of take-up has been within Southwest Asia and the Middle East, and we are now seeing take-up in support of endeavors within Africa,” he added. SKYNET CONSTELLATION Expansion of coverage is constantly under review, which could allow XTAR users to use the service Denis Curtin Paradigm is responsible for managing the Skynet throughout the Pacific area. “Right now our inclina5 constellation, which has been used for several years tion is to offer a hosted payload, as opposed to another dcurtin@xtarllc.com by U.K. armed forces, several NATO allies and NATO owned satellite,” said Bill Schmidt, the company’s vice itself. Earlier this year, it began supplying UHF and president of government services. “We think it gives X-band bandwidth to DoD on a commercial basis. The us more flexibility to meet the individual needs of our six-satellite Skynet constellation (three Skynet 4 satelcustomer.” lites and three Skynet 5 satellites) provides overlapping All military government traffic has to have end-tocoverage that begins in the Midwest and extends eastend encryption. In addressing military requirements ward to cover Japan and most of Australia. for further protection for the service, Schmidt said, “We have X-band capacity for sale in all the military “The commercial satellite fleet may not be as robust hotspots where people are currently deployed, and it is as military communications in the sense of nuclear or all NATO standard X-band,” said Stanniland. “Because EMI hardening, but the commercial operators are just of the way the U.S. and U.K. MILSATCOM systems as concerned about security and maintaining control have evolved, the U.S. doesn’t have anything quite of their security as is the government. XTAR has gone Bill Schmidt like Skynet 5. U.S.-protected services are supported above and beyond, in that our control systems utilize at EHF, and the workhorse for communications is the the National Security Agency-approved, Caribou-level wschmidt@xtarllc.com Wideband Global SATCOM (WGS) program. encryption scheme to ensure that those control links “Skynet 5 is halfway between the two,” Stanniland continued. “It are more robust.” provides protected, survivable X-band for both protected communicaA commercial network also provides security through diversity, tions and for high bandwidth communications. Although this has Curtin explained. “It is very difficult to knock out a commercial system arisen because the U.K. doesn’t have access to its own EHF capacity, because there are so many. There are too many targets to take them all this means that the Skynet 5 X-band effectively sits within a very out. That diversity also gives you alternate resources, so if one satellite attractive ‘capability niche’ for the U.S. military user. were taken, that traffic could be moved to another satellite. DoD feels “Each of our 15 transponders (per satellite) is connected to a 160W this is a real advantage, and they have said that.” amplifier,” he continued. “Since we deliberately built Skynet 5 with Other XTAR satellite features have advanced to meet more narrower bandwidth transponders than commercial satellites—20 demanding military requirements, notably use of the high power 72 MHz to 40 MHz—our power can be concentrated into a single tranMHz transponders offering double that typically found on commercial sponder, which is ideal for users with small ground terminals.” satellites, which allow the user community to transmit large amounts Stanniland explained other beneficial features of Skynet. “Operaof data from relatively small terminals. Steerable spot beams on board tional flexibility is the most important attribute you can give to the also allow for even greater concentration of that power. military communicator, and this is most easily seen on a geographical The U.S. Defense Information Systems Agency (DISA) and Departbasis. We can shape and steer all the uplink spot beams on each Skynet ment of State have their own Teleport site for XTAR use. XTAR is 5 satellite. We can use the same beam to generate up to seven hot spots currently on the cusp of deciding on the location of two Teleport sites within a single spot beam. That allows us to shape beams around a in Europe. country or region. We can even shape the beam to the same size and One near-term objective in the United States is inclusion in the shape as the coast of Africa. Navy’s Commercial Broadband Satellite Program (CBSP), the replace16 | MIT 13.6

www.MIT-kmi.com

R BANDWIDTH TO THE POWER OF OF

High Power

-Band Solutions for U.S. and Allied Governments

High capacity with 20 transponders ~ 4 Gbps Fast deployment and up-to-the minute interoperability Higher data rates via legacy X-band terminals, including dishes less than 2.4 meters 200 Mbps for terminals 2.4 meters and larger X-band On the Move supporting mobile teams with up to 3 Mbps data rates Global ﬁxed and steerable spot beams that can be positioned anywhere within the satellite footprint High power enables operations in adverse environments Works with all legacy and newer technology X-band capable equipment XTAR: Meeting the communications requirements that are the cornerstone of today’s military operations.

www.xtarllc.com Commercial X-band now available through the GSA FSC Group 70 and DISA DSTS-G contracts.

“We can put a hot spot over Iraq and a hot spot over Afghanistan in the same beam but include no intervening countries,” he continued. “Because of the way we designed Skynet 5 for the military operational requirement, we can switch the same channel to a different shape that does include intervening countries in a matter of minutes if it is preprogrammed ahead of time.” Skynet 5’s X-band bandwidth is already being supplied through DISA via the DISN Satellite Transmission Services-Global (DSTS-G) program, under a multi-year contract that will run at least until 2011. (See MIT, June 2009, page 9.) To meet U.S. demand, Paradigm has signed basic ordering arrangements, rather than partnering or distribution agreements, with a number of suppliers to the three DSTS-G primes. “This means that when they need something quickly, they can fill out an order form without having to also spend the time needed to negotiate terms,” Stanniland said. “That change has happened this year. Now they can go out and buy X-band from us, which they couldn’t before. Today we roughly provide 150 MHz to the U.S. under DSTS-G, through agreements with Intelsat General and DRS Technologies, with options for more.” In addition to X-band, Paradigm has also supplied UHF from Skynet 5 to the U.S. Navy since the start of the year, also through IntelSat General.

GROUND SUPPORT Using the available X-band bandwidth is dependent upon having terminals on the ground. L-3’s Microwave Group (L-3 MG) and L-3 Communications Systems West (L-3 CSW) have been supplying the DoD terminals to support this frequency on an ongoing basis, and in most cases offering multi-band solutions. “Focusing on the ground tactical SATCOM market, we have a number of products,” explained Mark Rayner, vice president of business development for L-3 MG. These include 0.45-meter and 0.5-m aperture communications onthe-move (COTM) antenna and terminal solutions, with L-3 Datron’s FSS-4180LP and FSS-4180LC, and L-3 Linkabit’s TRM-1000 terminal. In addition, there are the 3.9-m tactical SATCOM systems called Lightweight Medium Aperture Antenna (LMAA)—OE-593F. The latter are generally used as hubs, deployed quickly to theater to provide backbone communications and operate in C, X, Ku and Ka. Apertures as small as 2.4 m can also be used in this role, and the Air Force has acquired such terminals in quad band under the Ground Multiband Terminal (GMT)-AN/TSC-179 program. “These systems are all transit-case-based systems, unlike what you typically see with a HMMWV shelter-mounted 1.6-m or 2.4-m terminal, like the ‘pop up’ configuration for the quad band Phoenix terminals supplied by L-3 CSW and provided to the Army,” Rayner said. By opting for a transit case over trailer-based solutions, significant weight and volume savings are possible for shipping, Rayner noted. “We provide a system that is less than half the weight of the trailer-mounted 4.9-m Lightweight High Gain X-band Antenna, which is being used by the Army.” Opting for new or additional frequencies makes things more complex for terminal designers, Rayner said. “With Ku band, the highest frequency is 15 GHz. With Ka band, the highest frequency is 30 GHz, so Ka’s beamwidth is half that of Ku. The result is that terminal designers face difficult design challenges to ensure antenna stiffness to reject wind distortion.” 18 | MIT 13.6

In contrast, on the X-band side, which is about half the frequency of Ku band, wind isn’t as much of a problem. Instead, the frequency presents RF interference issues related to Passive Inter Modulation (PIM) performance, which impact the design of the reflectors and the feeder/RF electronics. Quad band provides considerable flexibility, but not all users need all four bands nor want to pay the inevitable premium. To meet user requirements for a modular system that allows users to increase or reduce the number of bands covered, L-3 GCS recently introduced the Hawkeye III, a modular design to handle C, X, Ku and Ka independently or in combination. “We have kept the same positioner and base structure, but offer different reflectors and amplifier sizes for different power outputs,” Rayner said. “Someone could buy an X-band terminal right out of the chute but may not want Ka band. They could potentially buy the C-band and two years down the road, buy the extra pieces that would allow them to do X-band. It’s a modular product line.”

WIDEBAND GLOBAL Despite the growing interest, commercial X-band is still more a support to the bulk of military X-band communications. That is the responsibility of the Air Force WGS program, which provides both X-band and Ka-band communications support to DoD. The WGS constellation is designed to be backward compatible with existing X-band terminals that operate with the predecessor Defense Satellite Communications System (DSCS). Each of the new satellites has more than four times the X-band bandwidth as a DSCS III (1715 vs. 405 MHz) and also takes advantage of spatial frequency reuse to utilize the increased bandwidth. WGS X-band communications are provided primarily by transmit-and-receive phased arrays, with each array forming eight independent shapeable and steerable beams to enable high gain coverage. The WGS program, for which Boeing is the prime contractor, is currently made up of two blocks of satellites. Block I consists of three satellites, including WGS-1, which was launched in 2007 and is currently supporting DoD communications in Pacific AOR. WGS-2 was launched in April 2009, completing in-orbit testing to verify functionality in June. It was turned over soon after to the government, which has begun testing to characterize payload from an operational perspective. WGS-2 is planned to be moved over the Indian Ocean, where it will support communications for both Operation Enduring Freedom in Afghanistan and Operation Iraqi Freedom in Iraq. WGS-3 is in final preparations for launch, which is currently scheduled for September. Block II WGS consists of a further three satellites. WGS-4 is in the integration and testing process, WGS-5 is beginning the integration of the payload portion of the satellite; and WGS-6 is building and delivering electronic units that go into the satellite. There are some significant technical differences between the two blocks, such as Block II’s use of two “bypass” channels at Ka-band, which are capable of supporting the higher data rate needs of airborne ISR platforms such as Global Hawk and Predator. DoD and the Air Force are currently considering extending the WGS program beyond the current six satellites. ✯

Contact Editor Harrison Donnelly at harrisond@kmimediagroup.com. For more information related to this subject, search our archives at www.MIT-kmi.com.

www.MIT-kmi.com

H`ncZi

DlcZY VcY deZgViZY Wn EVgVY^\b [dg XdbeaZiZ ZcY id ZcY hZgk^XZ hZXjgîn 8VeVXîn ^h VkVâVWaZ i]gdj\] JH eVgicZgh! hZgk^XZ egdk^YZgh! hZgk^XZ egdk^YZgh VcY iZaZedgih EgdkZc 9>H6 VcY 9d9 hZgk^XZ egdk^YZg ^c i]Z B^YYaZ :Vhi VcY =dgc d[ 6[g^XV *%%B=o VkVâVWaZ id hjeedgi bâhViXdb hZgk^XZh dkZg i]Z 6DG VcY >DG J@! C6ID VcY B68& Xdbea^Vci iZaZedgih lî] XdccZXi^kîn id iZggZhig^Va cZildg`h lll#eVgVY^\bhZgk^XZh#Xdb

+.*'WTia EVgVY^\b

9^kZghZ bâhViXdb hZgk^XZh 8dkZgV\Z VcY XdccZXi^kîn l]ZgZ ndj cZZY î

Waveform Meets the Test JTRS SUCCESSFULLY DEMONSTRATES WIDEBAND NETWORKING WAVEFORM CAPABILITIES. During the largest-ever demonstration of its kind, the Wideband Networking Waveform (WNW)—a critical capability of the Joint Tactical Radio System (JTRS)—effectively networked 30 mobile nodes and shared data and video across multiple sub-networks in a challenging forested and residential environment. The June 2009 demonstration for senior government officials took place at the Space and Naval Warfare Systems Center Atlantic in Charleston, S.C. “JTRS is no longer just in graphs on PowerPoint demonstrations,” said Howard Pace, deputy program executive officer for JTRS. “We’ve now demonstrated that the Wideband Networking Waveform capability successfully scales to 30 nodes with all the nets and subnets. It’s working and working well.” The demonstration showed how, when fielded, the softwaredefined radio waveform can overcome many of the mobile networking challenges soldiers face on the battlefield. Today’s forces use a variety of unique voice and data waveforms to communicate with each other or with modern Internet Protocol-based networks. These specialized systems can make it difficult to communicate between joint forces. WNW solves that communication challenge. A networking waveform that enables connections between vehicles, planes and ships utilizing mobile networking technologies, WNW offers the ability to transit more information with greater security and provide new capabilities to seamlessly route and retransmit information. The waveform can transfer information of different classifications over the same wireless network. “We are on track to meet joint warfighter requirements to provide a flexible and pervasive networking capability to address the challenges of modern battlefields,” said Navy Captain Jeffrey Hoyle, program manager, JTRS Network Enterprise Domain (NED). “The demonstration location offered significant opportunities to evaluate multi-path propagation effects in heavily forested terrain and marsh. “During the demonstration, WNW performed as expected, and we were able to validate laboratory performance improvements from recent waveform algorithm enhancements in the field,” added Hoyle. “The ability to integrate waveform enhancements rapidly while testing in the field [three times in as many weeks] thoroughly demonstrated a significant advantage that JTRS provides—the ability to upgrade warfighter communications and networking capability while deployed through software-only updates in fielded radios.“ Performance results measured during this demonstration indicate a significant new networking capability that will continue to improve as the data collected are thoroughly analyzed to enable additional waveform software upgrades, as well as through processor and power amplifier improvements inherent with the improved JTRS Ground Mobile Radio (GMR) engineering development model hardware being delivered now and the airborne/maritime/fixed station hardware in the future. 20 | MIT 13.6

A military vehicle operates the WNW on a JTRS ground mobile radio in Navy housing at Naval Weapons Station, Charleston as part of the demonstration at Space and Naval Warfare Systems Center Atlantic. [Photo courtesy of Joint Program Executive Office JTRS]

The WNW, operating on a JTRS ground mobile radio in a heavily forested suburban environment, demonstrated its validated design and tactical utility in tests held in June at Space and Naval Warfare Systems Center Atlantic in Charleston. Thirty ground mobile radios were used in the largest demonstration of the capability to date. [Photo courtesy of Joint Program Executive Office JTRS]

“The ability to expand and contract the network while soldiers are mobile is a mission-critical capability,” added Ralph Moslener, Boeing program director, JTRS GMR and NED. Boeing is developing the WNW for JTRS NED. “The demonstration proved that WNW will seamlessly connect soldiers and commanders so that they can trade real-time information and have greater situational awareness than ever before,” Moslener said. “The demonstration of the Wideband Networking Waveform capability is an important accomplishment,” added Hoyle. “This capability has now been successfully demonstrated in a field environment, and we can leverage it as other JTRS systems are developed and implemented.”JTRSvan Editor’s Note: This is another in a regular series of updates on the Joint Tactical Radio System (JTRS), as provided by the program’s Joint Program Executive Office (JPEO). www.MIT-kmi.com

■ ■ ■ ■

■ THE AN/PRC-117G(C) Multiband Manpack

JTRS Approved JTEL CERTIFIED NSA CERTIFIED JITC CERTIFIED

falcon III Networks the battlefield. falco ®

Harris has introdu introduced the world’s ﬁrst JTRS SCA-compliant Type-1 secure wideband/narrowband tactical radio. The AN/PRC-117G(C) delivers simultan simultaneous transmission of voice, video, situational awareness and intelligence data to the networked battleﬁeld. For more information informat visit us on the web at www.rfcomm.harris.com/117G or contact your Harris sales representative.

■ Secure ground-to-air communications Havequick interoperability.

■ TAC-CHAT

■ SECURE SATCOM REACHBACK

Instant sta t te text xtt messaging th throughout hroug tthe hee netwo network. t ork. ork

DAMA MILSATCOM and automatic BGAN satellite routing beyond terrestrial networking range today with fut future ture upgradability u for MUOS.

■ SSINCGARS AND MULTIBAND CCommunications

MEDEVAC ME E

F range combat net radio Full iinteroperability.

■ Streaming vi vid video deo o Display live video feeds feeeds from f UAVs and other video videeo so sources. ources.

ENEMY E NE NEMY ENGAGEMENT EN E NGAG

FALCON III ® Multiband Manpack

■ Situational Awareness Every node in the network shares a common operating picture.

www.harris.com 2& #OMMUNICATIONS s 'OVERNMENT #OMMUNICATIONS 3YSTEMS s "ROADCAST #OMMUNICATIONS s (ARRIS 3TRATEX .ETWORKS

assuredcommunications®

Compiled by KMI Media Group staff

Beyond-Line-of-Sight Solution Provides Army Communications L-3 Linkabit has successfully completed the integration and testing of a wideband-beyond-line-of-sight (WB-BLOS) capability in Army Brigade Combat Team vehicles intended for deployment in Operation Enduring Freedom. This resulting deployment will enable more Army units to have a robust, secure communications system in the field and supplies new and enhanced WB-BLOS and missioncritical data capabilities to Army units. The initiative used mature L-3 products and technology developed for the Warfighter Information Network-Tactical program, including the Network Centric Waveform, MPM-1000 IP modem and FSS-4180-LP SATCOM antenna. This transit case-based solution successfully coupled L-3’s hardware with COMSEC and other baseband equipment to provide a turn-key WB-BLOS subsystem solution. L-3 Linkabit provides turn-key SATCOM on-the-move solutions that enable mobile and halted forces to collaborate, access GIG resources and exchange voice, data and video in a tactical environment. Linkabit developed the MPM-1000 modem product family, which when combined with an antenna and tracking system provides an off-the-shelf SATCOM on-themove solution for both military and commercial applications. Bill Clark: bill.clark@l-3com.com

C2 Capability Provides Integrated View of Incidents SAIC has developed a service-oriented architecture (SOA)-based C2 capability to implement an overarching monitoring and control system for catastrophic threats, attacks and incidents. The solution can be adapted for any chemical, biological, radiological, nuclear and high yield explosive or cyberincident. SAIC’s net-centric, SOA-based C2 capability fuses data from information and sensor systems, accelerates and automates information analysis and correlation, and supports rapid decision-making. The solution can provide an integrated picture of the health, status and security posture of domestic and Global Information Grid infrastructure, consolidating a common operation picture and situational awareness. With this solution, SAIC has implemented an open, event-driven architecture to deal with operations and C2 at cyberspeed. It includes new search, recognition, retrieval and correlation capabilities to increase information aggregation and knowledge. SAIC used leading-edge modeling and simulation technology to determine time frames for all steps and actions involving human in the loop, information feeds, data access, correlation and patterning, comparable analysis, option identification, and implementation of rapid spirals and validation. Robert Hatcher: robert.m.hatcher@saic.com

Agreement Develops Multi-touch Technology for the Warfighter The Army Communications-Electronics Research, Development and Engineering Center (CERDEC) recently signed a cooperative research and development agreement (CRADA) with Microsoft to share research in support of developing multi-touch technology for the warfighter. The CRADA with the CERDEC Command and Control Directorate is only the second joint research project Microsoft has throughout the Department of Defense. The multi-touch portion of the CRADA’s tasks will be executed by the Command and Control Multi-touch Enabled Technology (COMET) team, which is researching the applicability of multi-touch technologies to command and control systems. Traditional collaboration tools such as paper maps, grease pens, acetate layers and sand tables are ineffective at recording, saving and transmitting information and are incapable of providing automated assistance or analysis. The electronic maps can respond in ways that paper cannot: Commanders can zoom in for additional detail, or change from raster to vector maps. Multiple users can simultaneously contribute to group activities such as war gaming, rehearsal or after-action reviews. Edric Thompson: edric.v.thompson@us.army.mil

22 | MIT 13.6

Contract Supports Multinational Information Sharing EDS, an HP company, has been awarded a potential five-year, $34 million contract renewal by the Defense Information Systems Agency (DISA) to continue supporting its Multinational Information Sharing (MNIS) program. Under the contract, EDS, through its teaming partner, Harris Information Technology Corp. (HITS), will provide systems engineering and technical assistance support to enhance the mission capabilities and effectiveness of the MNIS Program Management Office. The mission of DISA’s MNIS program is to ensure joint forces share a common operational picture and contribute to enhanced intelligence, informed decisionmaking and mission success. The MNIS program facilitates the sharing of encrypted information in a single joint environment to provide effective communication and promote teamwork among Department of Defense components, combatant commands and eligible foreign nations. This contract was awarded under the ENCORE II contract vehicle and is for one year with four one-year options. EDS and HITS will provide systems engineering, analytical services and thought leadership in support of MNIS’ efforts to ensure seamless information sharing among U.S. forces with their allied and coalition partners for military operations planning purposes. Ericka Floyd: ericka.floyd@hp.com www.MIT-kmi.com

Optimization Solution Speeds SATCOM Delivery Citrix Systems’ Government Systems team has partnered with TeleCommunication Systems (TCS) on its SIPR/NIPR Access Point (SNAP) program for the Army. Specifically, Citrix WANScaler technologies are integrated into TCS SNAP network packages that support ongoing military operations in both Afghanistan and Iraq. The Army Project Manager for the Warfighter Information Network-Tactical Commercial Satellite Terminal Program is funding these

procurements through the Army’s $5 billion World-Wide Satellite Systems contract vehicle, for which TCS is a prime contractor. The SNAP delivery order includes options for approximately 1,500 terminals and supporting equipment to be deployed in various sizes and configurations over the next few years, along with up to 30 field support personnel. Citrix WANScaler, a branch optimization solution that accelerates application delivery to globally distributed users, supports Space Communication Protocol Standards and uses flow control capabilities to seamlessly deliver data and applications, eliminating the latency issues that have plagued satellite communications in the past and enhances the delivery of the network to the front lines. These improved satellite communications capabilities also help the Army meet one of the goals in its CIO/G-6 500-day plan—the delivery of seamless LandWarNet to soldiers. Naomi Harker: naomi.harker@citrix.com

ISR Interoperability Exercise Includes 3G Wireless Network Empire Challenge, the joint/coalition ISR interoperability exercise, this year included QuicLINK, the 3G tactical network developed by Ericsson Federal Inc. (EFI) at both China Lake Naval Air and Weapons Center, Calif., and Patuxent River Naval Air Station, Md. QuicLINK provides all of the components for a 3G wireless network to deliver high-speed voice, video and data, and can be deployed in support of multi-domain tactical environments. It was to be deployed at the tactical operations center, aboard aircraft, watercraft and with tactical operations vehicles. EFI deployed a tactical network solution that includes the QuicLINK 3G cellular broadband network and IP multimedia services for collaboration between operators on the network, while providing tactical data to exercise wide area networks. The 3G network is essential for collecting and distributing full motion video, imagery and data during the exercise. Through the integration of IP multimedia services into a situational awareness environment, EFI can provide location knowledge of tactical users, voice, text chat, video calling and map-based white board collaboration for communications between the tactical edge and the tactical operations centers. Kristen Oelke: kristen.oelke@ericsson.com www.MIT-kmi.com

Multiservice Gateway Simplifies Network Convergence Juniper Networks has introduced a series of new applications and services that will enable customers to deliver voice, video and other multimedia services with exceptional efficiency, reduced costs and increased scale and reliability. Building on the Intelligent Services Edge portfolio, these new features simplify networks and facilitate convergence for enterprises, government agencies and service providers by fully integrating key service delivery and performance assurance functions directly within the routing platforms and IP network infrastructure. Additionally, Juniper is delivering hardware and software features that reduce costs by enabling customers to leverage investments in legacy voice and data networking equipment while they migrate to nextgeneration IP transport networks and services. The Integrated Multiservice Gateway solution tightly integrates standards-based session border control signaling and media gateway functions with sophisticated, highperformance routing and comprehensive security features that include intrusion prevention software, IPsec and firewall services. Jim Kelly: jkelly@juniper.net

Marine Operations Centers Add Internet-like Capabilities General Dynamics C4 Systems has been awarded $21 million to add Internet-like capabilities to the Marine Corps’ Combat Operations Centers (COCs), the focal point of decision-making for deployed Marine commanders and their staffs. Through this effort, General Dynamics will upgrade the COCs’ electronic systems to increase Marines’ situational awareness and informationsharing abilities, and improve network connectivity across the tactical battlespace. The contract being modified was awarded in 2002; the total value to date is $643 million. Identified as the COC Model G, the new system will facilitate sharing of mission rehearsal and execution information among other Marine Corps Combat Operations Centers and joint forces partners. The system will enable services such as electronic chat, e-mail and

VoIP communications. General Dynamics will also migrate existing hardware-based command and control, tactical data systems and other applications to software-driven services using the Marine Corps’ service-oriented infrastructure. The COC Model G is also part of the Marine Corps initiative to become compliant with the Department of Defense’s Net-Enabled Command Capability, which enables Internet-like access to joint tactical networks.

MIT 13.6 | 23

IT’S LIKE HAVING YOUR OWN TACTICAL OPERATIONS CENTER

Advanced Network Centric Solutions from L-3

L-3’s ROVER derivative products deliver networking capabilities that are truly seamless and interoperable across all platforms and services. Now all ground, airborne and satellite communications can be integrated to improve situational awareness, accelerate the exchange of information and shorten decision times, including the sensor to shooter timeline. Visit L-3com.com/CSW to see the difference our network can make to everyone, everywhere, now. C 3 ISR > GOVERNMENT SERVICES > AM&M > SPECIALIZED PRODUCTS

Comm unication S y s t e m s – We s t

L-3com.com

Network Constructor

Q& A

Building the “Always On” Global Enterprise Network Lieutenant General Jeffrey A. Sorenson Chief Information Officer/G-6 Department of the Army Prior to his current position as the Department of the Army CIO/G6, Lieutenant General Jeffrey A. Sorenson was the deputy for acquisition and systems management to the assistant secretary of the Army (acquisition, logistics and technology). Upon his graduation from the U.S. Military Academy, Sorenson was commissioned as a second lieutenant in field artillery, serving in tactical units at III Corps Artillery and in Germany. Following his transfer into the Military Intelligence Corps, he served as the division artillery intelligence officer and completed several assignments at the division staff and operational level. Sorenson has more than 20 years of acquisition experience as a certified Army material acquisition manager. His acquisition assignments include: director, program control (Joint Tactical Fusion Program Office); course director for the Executive Program Managers Course (Defense Systems Management College); director, science and technology integration (Office of the Assistant Secretary of the Army for Research and Development); product manager for Ground Based Common Sensor-Light TEAMMATE TRACKWOLF programs; project manager for night vision/reconnaissance, surveillance and target acquisition; director, Acquisition Directorate (Office of the Director of Information Systems for Command, Control, Communications and Computers); senior military assistant for the under secretary of defense for acquisition, technology and logistics; and program executive officer for tactical missiles. In addition to a Bachelor of Science from West Point, Sorenson earned an MBA from Northwestern University, majoring in finance, accounting and decision sciences. He is also a registered certified public accountant in the state of Illinois. His awards and decorations include being named the Army’s Project Manager of the Year in 1998. Sorenson was interviewed by MIT Editor Harrison Donnelly. Q: You have spoken frequently about the need to transform LandWarNet into an enterprise capability. In what ways is it not one today, and what needs to change to make it so? A: When I started in my current job as the CIO/G-6, there were a lot of different C4 programs that were being discussed, but I didn’t understand how they all related. I said we needed to get back to describing how these C4 programs support the warfighter, because if they didn’t support the warfighter, they were interesting, but maybe not necessary. The “soldier’s story”—a vignette that speaks to the network our soldiers and units currently use as they deploy into an AOR [area of operation]—emanated from that request. Today, when soldiers move from their post, camp or station for www.MIT-kmi.com

training exercises, to a power projection platform [where they get ready to deploy in theater], to deployment in theater, their communications capability is characterized by a network that requires constant changes along the way. E-mail addresses and phone numbers must be changed, as do where they store their data changes and how they obtain connectivity changes as well. Thus, what we have is a network that does not support expeditionary operations, and in fact sometimes hinders their ability to be connected through all the phases of a joint operation. The soldier’s story is about redefining the network to make it seem like the Verizon commercial that shows lots of people standing behind the network to ensure it is working. I also refer to our future plan as the BlackBerry story—the point being that when you can pull out your BlackBerry anywhere in the country or overseas, you can communicate without having to change your e-mail address, cell phone number or anything else. You always have connectivity. That’s what our soldiers don’t have today, because the network we use today requires constant changes in addressing, storage and connectivity functions. Q: What is the Army Global Network Enterprise Construct, and why is it needed? A: The vision of the Global Network Enterprise Construct [GNEC] MIT 13.6 | 25

is similar to Google, where you have access to data anywhere, anytime by anybody. Or you could look at it as a network that connects the right people at the right place and right time. We’re trying to make this network an “always on” network, and in doing that we’ve described the GNEC strategy as a global deployment of the network provided by five regional network service centers [NSCs] that support each one of the combatant commanders. Each one of the NSCs are responsible for ensuring that the Army portion of the network is fully capable, as well as interfaces into the joint network. These five NSCs provide a connect capability, the forward staging of data and applications, and network security, all within a network operations structure that is consistent and standardized throughout the globe. Thus, we want a plug-and-play concept, so that if you can connect to the network service center at your post, camp or station, such as Fort Hood, and you deploy into theater or anywhere else, the way you connect, get your data and access your applications will be the same when you connect to another network service center wherever you go.

of TRADOC, and others, describing the war fighting capabilities of GNEC. Once they understood the war fighting capabilities, they concurred with the concept of GNEC, and the question was how soon we could deliver the capability. “How about next year?” asked one of the senior leaders. My response was “not exactly,” as I detailed the transformational changes required to deliver GNEC. However, we’ve been working on accelerating the fielding of this capability, and have developed a strategy for delivering initial operational capabilities of the NSCs over the next three years. We will establish the first NSC in Europe in FY09, followed by NSCs in CONUS and Southwest Asia in FY10, and then an NSC in the Pacific in FY11. That’s the overall strategy for setting up the NSCs as an initial operational capability in the regional areas. At the same time, however, we’re continuing to implement enterprise upgrades, such as enterprise e-mail, to include standardizing and reducing the number of e-mail help desks throughout the Army. So we are working to provide enterprise capability improvement at the same time that we are establishing and deploying regional NSCs.

Q: What is your strategy for implementing the GNEC, and what issues and challenges do you think will require the greatest attention as you do so?

Q: What role will the NSCs play in the system? How will they interact with other entities in creating an “always on” network?

A: Initially, we spent a lot of time with senior leaders such as the Army chief of staff, vice chief of staff, commanding general

A: The basic element of the NSC concept is to enhance our ability to connect, specifically in this case linking the Army soldiers who are in an area of operation, but also any land components such as the Marines, with our joint service components. In fact, today we provide connect services to Marines operating in Southwest Asia for their intra-theater communications as well as their reach back to CONUS through our regionally based fixed regional hub. So the connect piece of the NSC will have the ability to connect everyone from anywhere from the Global Information Grid, incorporating into and connecting through the DISA Teleport sites, all the way down to soldiers deployed at the tactical edge through the use of WIN-T or the Marines’ Secure Wide Area Network [S/WAN]. With respect to services, in terms of data and applications, I’ll go back to what I mentioned earlier about enterprise e-mail. We are currently working with DISA to develop an enterprise e-mail solution for all of DoD. The Army is going to be the first user of this enterprise capability, because of our need to synchronize the transfer of e-mail services with our movement of units under BRAC. Fort Monmouth, N.J., is going to close and the personnel are going to move to Aberdeen Proving Ground, Md. So, as they move, we’re working to put some of those users into the enterprise e-mail capability, along with users from Army Materiel Command as they move to Huntsville, Ala., and other units that are associated with BRAC moves. Thus, we have some immediate needs now to accommodate and synchronize the transfer of e-mail services with our BRAC moves, as does TRANSCOM, which is the other first user of this enterprise e-mail capability within the joint community. With respect to security, we are working with DISA to leverage some of their network operation tools, specifically those that enhance the ability to see what systems are sitting on our network. Our goal is to achieve a machine-to-machine view of the network, so we can see what systems are functioning on our network. Part two is to achieve a better control of the systems on

The Small Business You Can Count On 2 hY 27th Year iin B Business i IA/Security Engineering Experts Provide All Aspects of IT Services 3 Time National Award Winners

Visit Us At LandWarNet

Booth #110 (301) 941-1983

(386) 437-7323

www.seidcon.com 26 | MIT 13.6

(760) 510-9800

www.MIT-kmi.com

the network. In all these cases, we’re working in partnership with DISA on a consistent basis. We are also spending a lot of time talking to the Marines, with respect to the network capabilities we can provide so they can take advantage of them as they deploy with us and integrate into our formations. We’re also working with the Navy and Air Force to define links into their global network capabilities. Q: What did you learn from the operational validation [OPVAL] of NSC conducted this spring? A: The operational validation was a success—in part, just because we did it. We took a brigade from Fort Bragg, and had them execute what I described earlier as the soldier’s story. However, unlike today’s soldier story, this brigade used the network capabilities of the NSC we set up at Fort Bragg, so they could draw their data and services and have their e-mail and their war fighting applications prior to their deployment. Once they deployed into theater, in this case into an exercise being conducted by the 7th Army in Europe, they virtually moved their organization into the theater of operations, functioning essentially as they did at Fort Bragg. They didn’t have to change e-mail or phone numbers, and they could get their data and applications from the network in Europe just as they did at Fort Bragg. They didn’t have to pack stuff up and move it; rather, they could draw their needed data and services from the network, as opposed to carry-

www.MIT-kmi.com

ing the network with them in server boxes and their own organic capability. They were able to function and demonstrate how the NSC capability would work. In CONUS they were connected to the network via the NSC, and once they deployed to Europe they were able to draw their war fighting capabilities from the NSC in Europe, so the regional concept was demonstrated. Did everything go perfectly? Absolutely not. We had some technical issues in terms of the resource forest for the e-mail and firewall management. There were many operational objectives we were trying to achieve, such as the seamless deployment and transport of unit network services via the NSC. And we had some training objectives, such as working with the 7th Signal Command, which recently was flagged at Fort Gordon, to standardize training for proper configuration of unit equipment connectivity to the NSC. There were many lessons learned, and there are more to follow. We’re hoping to host a meeting at Fort Bragg this summer to bring industry in for some day-long discussions of what we learned, what went right and what went wrong, and also expose them to some of the systems our soldiers use when they are deployed to give them an understanding of what is required to meet end-to-end connectivity. We’ll also take them around Fort Bragg and show them what the NSCs are supposed to look like. We are now writing the doctrine and tactics, techniques and procedures for how NSCs should function in preparation for another exercise next year. We had a whole host of people at the

MIT 13.6 | 27

OPVAL—such as observer controllers from FORSCOM, and Army Test and Evaluation Command and the Signal Center—to monitor what was taking place, in order to help write the doctrine for the operation of NSCs. Q: You have also emphasized the importance of talking to soldiers in the field. What procedures do you have to ensure that the warfighter perspective is included in your plans, and what ideas and changes have you made as a result of field input? A: We want to make sure that what we’re building now is something that supports the warfighter, and that the providers of this capability—our signalers—understand and support what we are asking industry to build for us. We developed a draft request for proposal for GNEC and put it on a wiki and asked everyone for their comments. It was a change of culture, as many people asked if we were serious about wanting their comments, and we said, “absolutely, yes.” I also spend time each year visiting with each of the combatant commands and the four sub-commands within 9th Army Signal Command—the 311th in the Pacific, 7th newly formed at Fort Gordon, 5th Signal Command in Europe, and 335th deployed in Southwest Asia. I not only visit those commands, but also spend time in Iraq and Afghanistan seeing signal soldiers and units that have embedded signal soldiers in their brigade formations. I want to get a feel for how the equipment is functioning, what their training needs are, and any other particular needs they may have identified during their deploy-

ment. I provide all the feedback to the Signal Center, NETCOM/9thSC [A], PEO C3T and others, to refine or modify some of the training courses down at the Signal Center, redefine our NSC doctrine, or identify equipment shortfalls. All the feedback gets fed into our system to improve what we’re doing to support our warfighters. Q: What are your key priorities and initiatives for cybersecurity? A: From my perspective, when we talk about cybersecurity, I’m mostly focused on computer network operations and computer network defense, those Title 10 functions the CIO/G-6 is responsible for providing on behalf of the secretary of the Army and the Army chief of staff. In that context, we have been working with the other staff elements to get better organized on how we provide support for cybersecurity. Today we have established within the G-3 an organization known as the Army Cyber Task Force. I took a general officer on my staff who was working on cyber-integration, and placed him within the G-3 staff section to effectively coordinate the various aspects of cyber from the headquarters perspective. Today, the task force has operational issues within G-3 channels, intelligence issues with the G-2, CIO/G-6 information assurance requirements, and computer network attack [CNA] and computer network exploitation [CNE] coordination with strategic organizations. The integrated group now supports the G-3, G-2, CIO/G-6, and in some cases the G-8 from a resourcing standpoint, to determine how the headquarters should provide oversight responsibilities of cyber issues. They are also tasked with determining the future organizational structure of Army support to the U.S. Cyber Command. At the same time, we’re working with Fort Gordon to assess from a training and doctrine perspective our future needs for a cyberforce. We are synchronizing our efforts with the intelligence community to ensure our training, personnel and organization are optimized to provide Army forces for the new U.S. Cyber Command. We’ve already begun to make some changes in our warrant officer MOS structure, establishing a couple of new MOSs to look at information assurance and cybersecurity demands in support of combatant commanders. Clearly, the computer network defense and computer network operations are still core responsibilities of the Signal Regiment. Q: Where does your data strategy stand today? A: It’s slow, but we’re making progress. We have formed a tremendous organization to get after this task, and they are achieving some success. We have solidified support among all the different elements within the Army that are working data issues. On the CIO/G-6 staff we have a “data czar,” who works within our architecture group to define the policies and procedures for how the data strategy ought to be implemented. We also are leveraging a group from CECOM known as the Data Center of Excellence, with about 60 people who are improving our delivery of data services as well as providing technical support for data strategies. At the same time, we must provide some guidance regarding standardization of the data framework. We have a group of folks with previous experience modifying Navy logistics data policies that we have integrated into the Army to assist us with the standardization of the data framework. Finally, we have another group working on data maturity, with a nationally recognized data maturity expert from the Massachusetts Institute of Technology who is assisting with our data analyses. We’ve combined these various groups into a single organization under the direction of our data czar, and they

28 | MIT 13.6

www.MIT-kmi.com

are now working on a number of use cases to improve how data is accessible, available and standardized within the department. The first use case is something we’ve been doing for the Army vice chief of staff on suicide prevention. We’re trying to work with data from a number of different sources—G-1, the Surgeon General, and Army Center for Health Promotion and Preventive Medicine [CHPPM]—to make data accessible to all organizations. Each of the staff elements has different databases, and no one is able to see all the data or look at it the same way. This is similar to 9/11, where the FBI, CIA and other organizations couldn’t share the data in their respective databases nor could everyone look at the data the same way. So we’re working now with all these staff organizations to expose their respective databases so that everyone can see each other’s data and eliminate the need for independent databases. We’ve established the suicide prevention use case among a number of other use cases to get at improving our data strategy, including an effort we have at the headquarters to provide better data visibility for the Army secretary and chief regarding unit status, readiness and so forth. At the same time, we’re working with Forces Command in Atlanta and TRADOC, trying to standardize use and make their organizational databases visible and accessible to those who require the data. We’re not there yet, but through some of these use cases we can demonstrate what our data czar group can do. Over time, we’re going to get away from everyone with their own Excel spreadsheets and separate databases, and get to the point where data is accessible and available to those who need to use it.

Q: What are you working on in the area of Army IT governance? A: The governance piece is all about ensuring that we operate effectively the same way, and that we operate in a way everyone understands what the configuration should be. We’ve redesigned our governance structure to set up two boards, in a manner similar to DoD. We have an Engineering Review Board, which looks at the technical aspects of our network, and an Operations Review Board, which looks at how we support the warfighter and what we need to do differently to effect those changes. Part of governance is also trying to standardize our procurement policies. We have recently spent some time emphasizing the four tenets of GNEC: operationalize the network, improve the security of the network, find efficiencies and effectiveness to afford the network, and make it joint. When you look at those four aspects, the one that clearly is the linchpin is efficiency and effectiveness. We’re working with the program manager for CHESS [Computer Hardware, Enterprise Software and Solutions] to standardize some of our procurement procedures, because we’ve found that in many cases people go out and buy IT when they want to, but the system they procured does not have the right standard or configuration. Part of this governance activity is to standardize procurement policies and processes, so that not only do we get the right configuration onto the network, we also save money by buying our systems with enterprise purchases. ✯

The leader in secure tactical wireless communications

Rugged. Mobile. Secure. Even in the most extreme conditions, the NEW Fortress ES210 Tactical Mesh Point delivers secure net-centric wireless communications to the warﬁghter — anytime, anywhere. Delivered in a small rugged form factor, the ES210 provides high performance wireless networking with integrated GPS. And the FIPS 140-2 security ensures that communications stay secure. The ES210 is one of SIX new Fortress products — delivering secure wireless communications for vehicle and dismounted soldier networks, tactical mesh networks, and 4.4 GHz solutions — debuting at LandWarNet.

www.fortresstech.com/landwarnet2009

COMMUNICATIONS TO THE EDGE

Come see us at LandWarNet, Booth 101 www.MIT-kmi.com

MIT 13.6 | 29

FOR THE MILITARY, CLOUD COMPUTING PROMISES TO DELIVER THE BENEFITS OF NETWORK-CENTRIC WARFARE WHILE ALSO PROVIDING A ROBUST AND AGILE INFRASTRUCTURE. BY LAUREN C. STATES LSTATES@US.IBM.COM

30 | MIT 13.6

Major business and market trends are spurring the growth of cloud computing within government and industry, even as the definition of this newly emerging information technology concept is still evolving. For the military, cloud computing promises to deliver the benefits of networkcentric warfare while also providing a robust and agile compute infrastructure capable of supporting a surge in processing during times of increased operations tempo. Cloud computing’s promise of a new service-delivery model is compelling entire industries to rethink their IT, and even their business models. Cloud computing offers a standard, simplified and centralized platform for on-demand use, characterized by self-service, rapid provisioning, elasticity and scale. From the providers’ perspective, cloud computing is an approach to sharing IT infrastructure in which large pools of secure computer systems are linked together to provide IT services. These services, described as infrastructure, platform or software “as a service,” will enable the further development of network-centric applications. www.MIT-kmi.com

Through the cloud computing model of IT services, the military can better manage the unpredictability and dynamic nature of IT support to warfighter operations. Enterprise data centers will operate like the Internet, providing extreme scale and fast access to users engaged in network-centric operations, with no discernable drop in performance. Working on hundreds of cloud computing engagements over the past two years, IBM has learned that workload characteristics, regardless of industry or public sector, provide the best insight into what business and IT services can be initially implemented. Workloads, such as collaboration, application development and testing, desktop and storage services, will move faster to cloud computing, presenting rapid return on investment and productivity gains. Complex transactional systems will be more challenging to host as shared standardized services. Applications and services across several lines of business in the Department of Defense are provided in a cloud delivery model today. From the Global Combat Support System to Defense Knowledge Online, users do not necessarily know the underlying IT, or care if the computing environment is on their installation or on the other side of the world. As new services and applications come into operation, the application owners can choose among multiple platforms for service delivery. The migration to more pervasive cloud computing in DoD will occur along multiple paths in parallel streams. As in the engagements we’ve worked on, the application development and testing environments at DoD are strong candidates for migration. Most commercial enterprises devote 30 percent to 50 percent of their technology infrastructure to development and test, but typically 90 percent of it remains idle. Safely enabling developers to serve themselves can dramatically reduce IT labor costs, reduce provision cycle times and significantly improve quality. Application service centers, such as Army Communications-Electronics Life Cycle Management Command’s Software Engineering Center, are prime candidates for these services.

STRATEGY FOR THE JOURNEY To begin the cloud journey, you must first create a cloud computing strategy to set priorities and establish a governance model. Next, you assess your environment and determine opportunities for consolidation and migration of workloads to cloud computing. The first place to look will be those applications and services that are built on industry standard interfaces and have a high degree of repetitive tasks. Some infrastructure software and applications can be determined redundant, and your governance model should establish criteria for collapsing these capabilities. New workloads will emerge during the migration to cloud, as high volume analytics are easily delivered in this highly virtualized environment. At DoD, this will play a key role in the detailed analysis required in applications, ranging from cyber-defense threat determination to facial pattern recognition. As defense organizations become more familiar with developing and deploying applications in this manner, they will create a broader, more highly interoperable infrastructure that enables mission and business transformation. Defense network operations will go through an equally transformational experience as cloud computing becomes more pervasive. The Global Information Grid is already a high-speed, meshed virtual network. The next stage will include pooled compute resources and www.MIT-kmi.com

a move toward the concept of ensembles, or collections of compute resources consisting of the platform, middleware and application layer. The management requirements of these systems will require a similar maturation from the domain level stovepipes of today to the business- and mission-aligned enterprise service management system of tomorrow. This will require a high degree of interoperability and collaboration among the global defense NETOPS community. In today’s challenging economic environment, government and industry are looking to cloud computing for ways to cut costs and reduce their impact on the environment, yet be able to quickly and massively scale when the OPTEMPO demands it. Initial results from cloud providers are promising. Some clients have reduced IT labor cost by 50 percent in configuration, operations, management and monitoring of application development environments, while capital utilization improved by 75 percent. Provisioning cycle times were reduced from weeks to hours or even minutes. And as desktop services virtualize, end user IT support costs have been reduced by more than 40 percent. Here are a few questions to consider as your organization gets started with cloud computing: • •

•

• • •

What advantage could you gain in achieving your mission by using cloud computing? What innovative internal and external services could you deliver at higher quality, lower cost and faster with a cloud model? What unique restrictions will your organization place on cloud computing and on the handling of data, either in transit or at rest? What policies, practices or legislation might be in effect that would support or inhibit the adoption of cloud computing? What are the security requirements of your organization? What do you need to provide a trusted environment? What government software applications, and what different kinds of users, might lend themselves more readily to a cloudbased approach?

Chances are good that these questions will bring on the realization that your organization needs to change at a time when you need to do more with less. With the spike in computing power at your disposal, and the emergence of cloud computing, there are unlimited possibilities to deliver services in new and innovative ways. The core of this transformation is a service management system that provides visibility into what’s going on, the ability to control the environment, and automation capability to enable unlimited application and service availability. Take all of these elements together and you’ll see that we have an opportunity to use IT in ways that weren’t imaginable just a few years ago. Cloud computing adds a powerful, new delivery model to your arsenal, reducing costs and enabling the military to rapidly respond to the needs of the warfighter. ✯

Lauren C. States is vice president of the IBM Software Group.

Contact Editor Harrison Donnelly at harrisond@kmimediagroup.com. For more information related to this subject, search our archives at www.MIT-kmi.com.

MIT 13.6 | 31

Modernization Program Delivers ARMY IMOD PROGRAM PROVIDES SOPHISTICATED SERVICES ON AN IT BACKBONE FOR GARRISONS THAT CURRENTLY LACK THE INFRASTRUCTURE.

BY JEANA CUNNINGHAM JEANA.CUNNINGHAM@US.FUJITSU.COM Since its inception in 2006, the Army’s Infrastructure Modernization Program (IMOD) has been the most massive restructuring of information technology in the history of the military. Its ultimate goal is to provide a superior communications infrastructure to support the warfighter. IMOD and its $4 billion cost ceiling have been divided among 10 prime contractors charged by the government to improve, upgrade and re-engineer the entire basic infrastructure of voice, data and video at base level, which means all Army posts, camps and stations. IMOD, the successor to the Digital Switched Systems Modernization Program that expired in 2007, is in the third year of a five-year period of performance (POP) ending in April 2011. A second five-year time frame, the option POP, concludes in 2016. What makes IMOD’s scope so vast is its mandate to examine the current IT infrastructures at selected Army locations worldwide, determine where capabilities have been constrained by the architecture of the older systems, and develop an infrastructure that is reliable, secure and sustainable. All equipment required for the new architecture must be technically compliant and, in some cases, certified by the Defense Information Systems Agency Joint Interoperability Test Command (JITC). Certification by JITC means that a product has undergone rigorous testing and been approved in a number of critical areas such as security, protocol compliance, scalability and stability. As part of the process, there are two forces that impact IMOD decision-making, including the need for a state-of-the-art communications architecture on every military post or garrison. Modernized IT infrastructures are integral to the support of the warfighter and mission-critical facilities, especially in preparation for rapid deployment. In addition, a low cost of ownership must be maintained once the system is in place. The intent of this vast project is to provide sophisticated services on an IT backbone for garrisons that currently lack the infrastructure. The components required to accomplish this goal are many, including equipment, systems engineering, site surveys, state and local clearances, integration consulting, site preparation, installation, testing and logistics support. Compounding this task is that each solution is unique to each base. What works for one garrison may not apply to another. Fort Bragg, N.C., is an example. The number of military and 32 | MIT 13.6

civilian personnel on this long-time Army facility nearly equals the population of Chapel Hill, the state’s 16th largest city, making it a significant undertaking to completely redo Fort Bragg’s IT infrastructure. In addition, IT systems must provide support to different Army forces commands, such as Joint Special Operations and Army Special Operations. Yet the information architecture solution remains unique to Fort Bragg and may be completely inapplicable for other large posts such as Fort Hood, Texas, or Fort Benning, Ga. The Defense Department’s Base Realignment and Closure (BRAC) initiative presents other unique considerations, since it involves mass movements of battalions from one location to another. The primes and subcontractors must assure that the comprehensive architecture they deliver for the redeploying unit can not only handle the basics, such as the Army Knowledge Online Web portal, e-mail addresses, contact information, medical records and security data, but also everything else that the Army requires and may eventually need in its IT backbone. From an IT viewpoint, there is more at stake than infrastructure development for units that are moved thousands of miles. The goal is IT sustainability during and after, which is a vital component of national security. Prime contractors have diverse views of the impact of BRAC on IMOD. “From an environmental standpoint, it may cause IMOD to accelerate timelines for posts, camps and stations, which may affect how and when tasks are completed,” said Benjamin Fletcher Jr., vice president of Army infrastructure solutions at General Dynamics Information Technology. “However, our work is mutually exclusive from BRAC requirements, which enables us to focus on a successful project.” A different viewpoint was offered by Jeffery Murray, Federal Division senior vice president and general manager at Black Box Network Services, another prime contractor. “BRAC presents some technology challenges because it’s a program that is constantly shifting, growing, moving and changing,” Murray said. Regardless of all these tasks, the first three years of IMOD have already made an impact, according to Murray, who noted that IMOD “has brought benefits and provided advanced technologies and capabilities to many Army posts, camps and installations worldwide.”

PROMISE FULFILLED IMOD is fulfilling its promise based upon the results from initial installations. Delivery of data when and where it is most needed is being actuated through products that meet or exceed government requirements. The government will accept nothing less than superb technical platforms. www.MIT-kmi.com

It’s easy to focus on that initial $4 billion cost figure, but the Army is wisely concerned about controlling ongoing costs after IMOD and the total cost of ownership once new IT architecture is installed. The operational cost factor is especially important for prime contractors and subcontractors like Fujitsu, which provide and support optical networking equipment. The reason the government demands products that have undergone rigorous JITC testing is to assure the selection of secure and reliable platforms. This ultimately translates to lower long-term maintenance costs, technical compliance and ease of operation. But contractor responsibility does not end with product installation. Since the Army’s goal is to bring up services on a network rapidly and at minimal cost, a command center must be able to provision services across the network without having to dispatch technicians to remote sites. The awards during the current POP have already shown that the Army’s objective of low-cost, remote maintenance is being met. Another barometer of IMOD’s success is the creation of an environment in which government and private industry work openly, share information and create relationships. Much of that is due to the work of the Army’s Information Systems Engineering Command (ISEC), which sets the standards for engineering, site surveys, design and specifications. ISEC has held a number of conferences for prime and sub-contractors dealing with all of those standards and their implementation. “They constantly reach out to industry to find out what the

34 | MIT 13.6

best practices, architectures and solutions might be,” said Murray. “ISEC has done a fantastic job of interacting with industry.” Contractors emphasize IMOD’s importance for today’s and tomorrow’s Army. Fletcher said its most important benefit will be “a better and more reliable network with the best technology for men and women in uniform,” while Murray called IMOD “phenomenally successful.” The generation now serving this country is more computer savvy than its predecessors, with solid IT skill sets that can be maximized with IMOD implementation. Whether it’s the basics—medical, payroll, personnel records and training—or more sensitive and mission-critical information such as secure or secret traffic, IMOD has already begun providing reliable and state-of-the-art architecture on platforms that deliver missioncritical data and information across a garrison or around the world for training, deployment or executing the mission at low operational cost. ✯

Jeana Cunningham is vice president of federal sales for Fujitsu Network Communications. Contact Editor Harrison Donnelly at harrisond@kmimediagroup.com. For more information related to this subject, search our archives at www.MIT-kmi.com.

www.MIT-kmi.com

IMPROVED SECURITY AND REDUCED COSTS ARE AMONG THE ATTRACTIONS FOR THE MILITARY OF THIS INCREASINGLY POPULAR APPROACH TO UTILIZING COMPUTING RESOURCES.

(Editor’s Note: MIT Magazine recently reached out to executives of several companies for their perspectives on the potential of virtualization technology for the military. Following are their responses.)

Securing the Virtualized Network CONSOLIDATING NETWORK SECURITY WITH A UNIFIED PLATFORM DELIVERS PROFOUND IMPROVEMENTS IN THE ABILITY TO MANAGE THE DIVERSE RANGE OF THREATS THAT CONFRONT DOD NETWORKS.

BY JEFF LAKE JLAKE@FORTINET.COM

Information assurance or IT professionals concerned with network security in the Department of Defense are confronted by a constantly evolving array of threats and increasing compliance requirements. They must balance the ability to manage this dynamic “threatscape” against many other imperatives, including capital and operating costs, limited data center space, managewww.MIT-kmi.com

ability and, increasingly, environmental concerns. In the DoD world, the other factor of great consideration is the balance of deployable network security assets between tactical and garrison environments. Driven by space, power, budget and other constraints, consolidation has become both a tactical and strategic imperative for DoD IT and network defense professionals at all levels. The benefits of consolidation, whether physical or virtual, are well-known, including lower equipment and operations costs, less power consumption, improved manageability, and a better environmental footprint. Most of the buzz about consolidation concentrates on its application to the data center as a whole, or to application servers in particular. But this focus overlooks an area where consolidation offers even more dramatic advantages: network

security. In the case of application server consolidation, most of the benefits are in some sense peripheral to the fundamental task at hand, which is the delivery of application services. By contrast, consolidating network security with a unified platform delivers profound improvements in its ability to accomplish its fundamental task—managing the diverse range of threats that confront DoD networks. Consolidation yields superior threat intelligence by making possible the unification of threat research, which is the vendor-based research and development effort that supplies the multi-layered security intelligence necessary for successful threat management. Traditionally there has been something of a rivalry between antivirus and vulnerability researchers. As attacks become more complex and multimodal, however, they demand a hybrid approach to threat research that combines these two disciplines, as well as others. Just as enabling the various countermeasure modules in a consolidated solution to share knowledge makes the response to threats more effective, so too an integrated MIT 13.6 | 35

program of research and development across all threat types delivers more accurate countermeasures. Consolidating network security also delivers notable cost benefits. According to Gartner research, the most important way information security organizations would save money is to leverage the convergence of established security functions into network- or host-based security platforms that provide multiple layers of security in a single product to protect against an evolving multitude of network and content threats. The research estimated that by 2010, only 10 percent of emerging security threats will require tactical point solutions, compared with 80 percent in 2005.

NETWORK BENEFITS Virtual networking provides a method to consolidate multiple devices, such as those typically found in a garrison data center or in a deployed tactical environment, in order to simplify and reduce physical hardware requirements. This is especially important in tactical deployment scenarios where space and power are at a premium. Implementing virtual networking technologies allows a single network device to transparently host multiple networks or echelons on a common infrastructure. Virtual local area networks (VLANs) allow network links to be shared by virtualized servers to help improve network performance, reduce management complexity and enable more granular usage policies. Two important areas to review further in the virtual world are virtual domains (VDOMs) and VLANs. VDOMs enable the capability to use a common infrastructure to provide routing and network protection for several organizations or echelons. This is useful for DoD networks, where each organization requires its own network interfaces (physical or virtual), routing requirements and network protection rules. VLANs allow a single physical trunk to support up to 4,096 virtual networks. Using virtual networks allows a single trunk to support multiple echelons and applications while providing a method to manage traffic and network performance. Routing between VLANs and between VDOMs adds more flexibility and scalability. The primary reasons for implementing VDOMs and VLANs are to improve 36 | MIT 13.6

network manageability, scalability and security. Security solutions for virtual networks must allow management on a percustomer or per-application basis, while ensuring availability of the control itself and the systems it protects. Also required is a high-performance security platform that is capable of scaling to support thousands of virtual networks with management, logging and reporting customized for each customer or application. In a traditional virtualized model, where software appliances are loaded as guest machines in a virtual infrastructure, ensuring availability can be problematic. Ensuring that high-volume attacks do not monopolize resources on one machine while starving others often becomes an issue. This can be managed through complex rules that cross functional boundaries between security and systems administration. But this confusion of ownership and custodial care serves to weaken, not enhance, security programs leveraging traditional virtual infrastructures. Complexity is the enemy of security, and with the dedicated nature of the Fortinet FortiGate platform, such problems do not exist, while maintaining robust virtualization specific to IA and seamlessly integrating into traditional virtual infrastructures with greater security and decreased operational risk. Three key requirements for virtual network security exist: manageability, scalability and modular security. The solution must support the ability to manage multiple domains and multiple networks from a single device with domain-specific administrative profiles for log data, reports, alerts, options and menus. Scalability is a key requirement, as the performance to support thousands of VDOMs and VLANs without impacting overall network throughput, specific users or applications is vital. Lastly, modular security is imperative, since not all security settings are appropriate for every echelon being serviced. This requires a complete security suite in which specific solutions can be applied on a per echelon or per application basis while providing a low cost of ownership.

stantly being tested, finding ways to simplify network topologies and provide for a more effective event aggregation and correlation is crucial. As part of the federal Comprehensive National Cyber Security Initiative (CNCI), the Trusted Internet Connection (TIC) initiative has these goals in mind. The Bush administration developed CNCI to improve how the federal government protects sensitive information from hackers and nation states trying to break into agency and DoD networks. The White House assembled the initiative after a string of cyber-attacks on multiple agency computer systems. As one of the 12 components of the CNCI, the TIC initiative was formalized in November 2007, with the goal of decreasing the number of connections that agencies had to external computer networks to 100 or fewer. Officials believe that the fewer connections agencies have to the Internet, the easier it will be to monitor and detect security incidents. With this consolidation, virtualization and virtualized security will be cornerstones. Consolidating network security with a truly integrated unified threat management solution provides better network protection and more efficient use of capital budgets, lowers operational expenses by reducing the management burden as well as training, support and threat update costs, and preserves investments by allowing the ability to add robust security functionality with little or no additional hardware. Added to these hard savings are the green benefits of consolidation, most notably a smaller carbon footprint across the entire life cycle of the equipment. Disparate products, even when from the same vendor, lend to a complex integration that if not done correctly leads to gaps, which lead to vectors for infection and infiltrations. A consolidated security approach, however, leads to a more seamless deployment of security practices developed from the ground up to augment one another. In short, network security consolidation is one of the best investments DoD IA and IT professionals can make.

TRUSTED CONNECTION In todayâ&#x20AC;&#x2122;s environment, where the threat landscape changes daily and the cyberdefense of DoD networks is con-

Jeff Lake is vice president of federal operations at Fortinet, a provider of network security appliances and unified threat management. www.MIT-kmi.com

Open and Secure Virtualization OPEN SOURCE AND OPEN STANDARDS VIRTUALIZATION OF SERVERS AND DESKTOPS IS A POWERFUL TOOL FOR THE DELIVERY OF INFORMATION ASSURANCE.

BY DAVID EGTS DEGTS@REDHAT.COM Open source and open standards virtualization of servers and desktops is a powerful tool that system administrators and security personnel can use to aid in the delivery of information assurance and cybersecurity. Many are surprised to find out that virtualization technology isn’t new, but goes back to the days of the “big iron” mainframe. Unfortunately, mainframe virtualization did not become widespread, largely because of high barriers of entry related to steep startup costs and a need for specialized mainframe administration skills. Instead, many organizations based their server infrastructure on relatively lower cost and more open UNIX platforms, where skills were much more transferable between platforms. These UNIX systems weren’t cheap, however. To maximize their investment in UNIX hardware, organizations would run multiple services on a single server. UNIX servers are great at this. Their hardware architectures are highly scalable, allowing them to run many varying workloads at the same time. The downside from a security perspective is that if one service is compromised, all services and the system itself are compromised. For example, if the Web server software had a buffer overflow flaw leading to unauthorized administrator access, not only was the Web server and its content compromised, so was the ftp server and its content. One way to solve this legacy problem is through the use of mandatory access control (MAC) on the server, where there is a targeted policy for each service that needs to be secure. This works out of the box with Red Hat Enterprise Linux’s imple38 | MIT 13.6

mentation of SELinux, which was developed by the National Security Agency, Red Hat and many others. But not every off-the-shelf operating system supports MAC, including Windows and most UNIX variants. As such, if one service on these systems is compromised, the entire system is compromised. Another approach to this problem is through the use of virtualization. You could have one physical server running two virtual machines (VMs), where one runs the Web server software and the other runs the ftp server software. In this case, if the Web server is compromised, the ftp server is still safe. Going further, you could have one set of administrators managing the Web server VM and another team managing the ftp server VM. This keeps the Web and ftp data isolated on different VMs, although they may be running on the same physical server. Going further, if your hypervisor is MAC capable, you can again isolate the hypervisor and VMs from compromising each other even if the hypervisor itself is compromised, and even if the guest operating systems aren’t MAC capable.

DESKTOP INFRASTRUCTURE Virtual desktop infrastructure (VDI) is the next evolution of virtualization by adding the desktop into the virtual fold. One of the primary motivators for VDI is cost savings. Less time and effort required to provision, control, manage and update virtual desktops result in significant cost savings compared with their physical desktop counterparts. Plus, the thin desktop hardware itself has much lower acquisition costs and much longer refresh cycles. In addition to the compelling cost advantages, VDI provides tremendous advantages in terms of IA and cybersecurity. The most obvious security advantage of VDI is physical security. When the VDI virtual desktop image is stored in a SAN locked in a server room, the probability of disk drives disappearing is much lower than disappearing from a workstation

under someone’s desk. In addition to limiting physical access, the virtual disk files can be encrypted on the SAN, making them less useful outside the server room and making data at rest even more secure. Security teams can also control the access to USB and other devices through the VDI central management interface, adding yet another layer of security protection. Another advantage of VDI is the ability to rapidly re-provision systems using system build templates that are certified by your IA organization. Historically, desktop systems would stay secure by checking in with a systems-management server as the client boots, and periodically thereafter. The weak link with this approach is that the security team is counting on the client to phone home to pick up and deploy updates. If the client has been compromised, all bets are off for remediation and exposure containment. By using VDI, the security team can re-spin system templates and apply patches from the server and SAN infrastructure without the need to count on the client software to pick up the updates. Also, the re-provisioning of new systems happens at SAN speed, as opposed to LAN speed, so the ability to re-provision new, IA-certified VDI VMs weekly or daily is both practical and provides a significantly smaller time window for compromise. If a VDI VM is compromised, moreover, a snapshot can be taken instantly for forensics purposes, and the user can be issued a new VDI VM immediately without loss of productivity. Keeping the VM’s disk images on a high-speed SAN also significantly aids with disaster recovery planning and execution. If a facility encounters a catastrophic failure, the off-site disaster recovery facility could have both servers and desktops operational in hours or less by using traditional off-the-shelf SAN data replication technologies.

VELOCITY AND INNOVATION When considering which virtualization technologies to adopt, users should demand open source and open standards for two major reasons. First, open source delivers feature velocity and innovation. Proprietary vendors need to develop everything themselves, from the mundane to their own market differentiators. Open source www.MIT-kmi.com

vendors share upon one another’s successes by leveraging similar core technologies. This leveraging focuses a greater percentage of their engineering resources on driving innovation. When many vendors share the same core foundation, the security of the core code is much more robust and secure than code viewed by a select few. A perfect example of this is SELinux. Vendors that base their virtualization on open source have the option to add the time-tested and robust SELinux MAC efforts made by NSA, Red Hat and others, as opposed

to investing engineering resources in inventing parallel security technologies from scratch. Secondly, open standards lower barriers to exit. By mandating open standards, switching costs are lower and more choices are available, which leads to lower costs, vendor competition and better value. Open standards only work properly when there are open source reference implementations—that’s how users can be sure that the standard is practical, and that they won’t be beholden to a single vendor for compliance.

Virtualization: A Mission-critical IT Solution DESKTOP VIRTUALIZATION IS PERHAPS THE MOST

IMPRESSIVE COMPONENT OF THE VIRTUALIZATION SOLUTION ARSENAL.

BY TOM SIMMONS TOM.SIMMONS@CITRIX.COM Over the past year or so, the U.S. military has taken a closer look at virtualization technologies. With military thin client initiatives gaining ground within both the Army and the Navy, and with electronic medical records (EMR) mandates coming directly from the White House, virtualization technologies present a secure, cost-effective solution to complex military IT challenges. When considering virtualization solutions, it is important to note that the term “virtualization” can refer to different types of technologies: application, server and desktop virtualization. Application virtualization manages applications and licenses independently of the operating system. Applications run in more environments, and security is built in. Application virtualization has been around for years—even decades—and military IT pros are comfortable with this early generation of virtualization technology. Server virtualization provisions physical servers to act as multiple virtual machines. www.MIT-kmi.com

Because the data center can support more applications and users with fewer physical servers, data center costs and IT management time drop dramatically while the end-user experiences a boost in performance. Server virtualization has been on the IT landscape for a few years now and acts as a key component in some military IT solutions. Desktop virtualization manages a single “golden image” in the data center and delivers that image to desktops or thin clients. That golden image is housed, along with user profiles, behind the firewall in the data center. Only encrypted pixels and mouse clicks travel over the secure network. Security and performance for mobile and remote personnel improves, and expensive equipment lasts years longer, leading to big savings in the total cost of ownership for the desktop. Relatively new to the military IT lexicon, desktop virtualization is perhaps the most impressive component of the virtualization solution arsenal. There is already a great deal of interest in desktop virtualization, with pilot programs and proof-of-concept programs well under way.

END-TO-END SOLUTIONS Depending upon the mission, one particular level of virtualization may provide a meaningful solution. From a strategic, big-picture standpoint, however, end-to-end virtualization solutions—those employing multiple types of virtualization technologies,

Even if a proprietary technology has a current market lead in certain areas, users should take care. Open source has a proven track record of rapidly matching proprietary technology features and security robustness—and soon after surpassing them. Nobody is smarter than everybody.

David Egts is a principal solutions architect for Red Hat.

from the data center to the desktop—can provide the biggest performance and productivity gains and generate the most significant power and equipment savings. As the military moves forward with ITbased initiatives such as thin clients and EMR, the end-to-end virtualization approach provides the strongest and most secure data infrastructure, with the most robust end-user experience, for the most tangible cost savings available. Since computing is critical to every military function from the supply office to the front lines, the number of military desktops, laptops and other end devices has exploded. The drains on IT personnel and budget resources to maintain, manage and replace each individual computer have gotten out of hand. Software updates and patches, as well as equipment refreshes, take a lot of time and money in the traditional military computing environment. The military has already recognized that thin clients—diskless desktop computers that pass most processing and administrative chores to a centralized server—are the key to managing this exponential IT growth. Fewer moving parts and no local storage reduce administrative and energy costs. Security improves as well, since no data actually resides on the end device itself. The Army’s Thin Client Architecture Standardization for Army Small Computer Program, for example, takes advantage of virtualization technologies to support thin clients. Virtualization brings thin client computing to its highest level by: •

moving most processing and administrative chores to a centralized server; MIT 13.6 | 39

•

• •

•

securing data in the data center, behind the firewall, with no sensitive information stored on a vulnerable end device; converting outdated desktops and laptops into thin clients; enabling access to the latest applications, even from older devices; reducing power consumption of military desktops by up to 90 percent; and adding years to the life cycle of existing equipment.

Simply put, end-to-end virtualization offers the military a solution to make computing manageable, improve security, reduce costs and boost performance for the end-user.

SECURE DELIVERY Could the days of servicemembers handcarrying personal health records to each duty station and to each medical appointment become a distant memory? President Obama

says yes, stating in no uncertain terms that all medical records are to be digitized within five years. The military plays a key role in the implementation of this presidential mandate. The Department of Defense has been challenged to find ways to securely deliver the complex and sensitive records of each servicemember. Unique to the military is the need to deliver these EMR to both military health care installations and to the many private practitioners and specialists also treating servicemembers. Just as with thin clients, end-to-end virtualization provides a safe, secure solution for delivering all manner of applications and information for EMR. From the data center to the end device, virtualization technologies can build the military’s IT backbone for secure delivery of patient records, including images, to any physician authorized to log on to the secure network. All data still resides safely in the data center, and never on an end device. This provides an added level of security for the men and women who serve our country.

Virtualization Meets the Challenge DEFENSE LEADERS USE VIRTUALIZATION TO REDUCE COSTS, SIMPLIFY THE IT COMPLEXITY AND IMPROVE DEPLOYED OPERATIONAL CAPABILITIES. BY TIM BLOECHL TIM.BLOECHL@MICROSOFT.COM I am always amazed at the size and complexity of many of the military networks we support around the world. At Microsoft, we support a growing number of defense organizations that are embracing the power of the Internet, within policy and security constraints, to improve all aspects of their business and operational processes. They all face a common challenge—to meet the needs of a very IT-savvy work force within reduced or no-growth budgets. CIOs and other officials responsible for these military architectures are turning to virtualization as one means to 40 | MIT 13.6

meet this challenge. We view virtualization as a means to help IT departments maximize cost savings and improve business continuity. These solutions address both physical and virtual infrastructures, and are based on familiar Windows interfaces and work with well-known Windows-based technologies. Because of this standardization, virtualization solutions can be supported by a broad network of experienced Microsoft partners who can rapidly respond to the needs of our customers. We recently introduced Hyper-V technology with our Windows Server and System Center product, which is used to virtualize IT enterprises. We are finding this technology works very well in supporting the complex nature and size of defense networks. First, it allows IT professionals to optimize their assets seamlessly, centrally managing their physical and virtual resources across multiple hypervisors down to the application level. Second, the physical reduction of server infrastructures supporting defense networks

Another unique facet to the military’s EMR mission is the need to migrate the different health record systems of DoD and the Department of Veterans Affairs (VA) to a secure, interoperable system. Today’s active duty servicemembers are tomorrow’s retirees, and a successful military EMR solution must have the ability to make that same transition. DoD and VA are already working together on a virtualization solution that makes it easier to move EMR from one medical system to the other, and more virtualization solutions will come into play as EMR becomes a reality over the next few years. From thin client initiatives to electronic medical record mandates, virtualization technologies give the U.S. military the right tools to meet their IT missions. Security, savings and performance are all part of the virtualization package that presents military IT teams with an end-to-end data architecture that will work today and well into tomorrow.

Tom Simmons is area vice president for government systems for Citrix Systems.

is a huge win-win for a variety of reasons, including a smaller system to maintain and significant power savings. Third, the technology works with the tools IT staffs already know and use, which certainly helps to simplify deployment. This tends to reduce training requirements and cost across these large military enterprises. In fact, reducing cost is a major factor in customer decisions to employ virtualization capabilities. We are finding use of our Hyper-V technology, and virtualization server solutions are approximately one-third the cost of competitor solutions. However, we do ensure our solutions work with competing virtualization technologies so our military customers have the flexibility to choose.

CONSOLIDATION SOLUTIONS Resource utilization is also a key driver in customer decisions to turn to virtualization. It’s an increasingly important topic among defense CIOs who see their operations constrained by poor server and storage utilization. This means there may be over-investments in hardware, and thus wasted space and power usage, not to mention propagating operational inefficiencies. These in turn www.MIT-kmi.com

increase costs and lead to negative environmental impacts. Virtualization technologies help military organizations consolidate data centers, thus reducing costs and improving agility. We work with a wide range of storage infrastructure partners to deliver these data center cost savings through the combination of server and storage consolidation. The end result is minimized capital expenditures, reduced operating costs and improved service levels. Business continuity is also a major factor considered by CIOs when they turn to virtualization. Implementing a reliable, rapidrecovery strategy can be a time-consuming and expensive affair, requiring redundant server, storage and network infrastructure often in separate locations. Because of this, many defense organizations simply donâ&#x20AC;&#x2122;t have comprehensive business continuity plans to protect their critical infrastructure and applications. With virtualization business continuity solutions, CIOs can add high availability and disaster recovery options into their operations. Plus, if they already deploy business continuity for some of the applications they use across their networks, they can use virtualization solutions to extend protection to additional applications. Service personnel increasingly want access to software applications and data from anywhere or from any device. While this capability may add to their productivity, it can create complexity and higher pressures on cost control for IT departments. Additionally, as hardware theft rises, securing laptop and desktop PCs, and handheld devices, requires significant resources. We are seeing military IT leaders increasingly considering virtualization as the answer to these challenges. Device virtualization involves decoupling the different computing layers and storing some or all of them in a data center. Through virtualization, defense personnel can access their applications and data very safely over a network, minimizing the risk of data loss. On the IT side, virtualization accelerates deployment of new capabilities without needing to acquire new hardware and configure components. It also helps reduce application testing requirements and compatibility issues and simplifies disaster recovery and compliance.

DEPLOYMENT VIRTUALIZATION As deployed military forces operate from very austere locations, these remote sites www.MIT-kmi.com

in larger enterprises often have limited to no IT staff and depend on centralized and higher-level headquarters for most IT support. These central locations face various challenges, including reducing hardware and maintenance costs, quickly provisioning new servers, guaranteeing data protection and information assurance, and providing business continuity with maximum uptime. Virtualization provides tremendous benefits designed to mitigate these challenges. By comparison to commercial business, where remote and decentralized operations can be a way of life, recent Microsoft surveys have found that close to three-quarters of U.S. retailers and a majority of tier-one banks are turning to virtualization to solve their IT challenges. There are several ways to address virtualization for deployed forces. IT staffs can centralize services where servers and desktops are virtualized at the data center and applications are served to the remote locations over a WAN. Another method is to use a hybrid services approach in which services are centralized with local copies or caching mechanisms available at the remote locations, complemented with use of WAN Optimization technologies. Organizations can also virtualize servers and desktops locally at the deployed end while managing them centrally from the data center. In the future, I believe we will see a great deal of focus on this latter method as military organizations utilize deployable data centers into operational locations. There is no doubt our military forces are experiencing the benefits of operating in the information age. The requirement to maintain large defense computer infrastructures and the increasing use of this technology in every aspect of military operations challenge the best CIOs and their IT staffs, who are often asked to do more with less. Virtualization is the method many of these defense leaders are using to reduce costs, simplify the complexity of their IT enterprises, and improve deployed operational capabilities and business continuity. â&#x153;Ż

Tim Bloechl is managing director of worldwide public safety and security for Microsoft. Contact Editor Harrison Donnelly at harrisond@kmimediagroup.com. For more information related to this subject, search our archives at www.MIT-kmi.com.

PRECISE

NETWORK PROTECTION.

WE SEE EVERYTHING Detecting threats with unmatched visibility and lightning-fast reflexes is crucial to complete network security. Fortinet's razor-sharp defenses eliminate threats before they can infest your network. Fortinet is your market-leading network security provider and worldwide leader of unified threat management (UTM) solutions.

Security with bite.

WWW.FORTINET.COM

MIT 13.6 | 41

Compiled KMI Media Group staff Compiled by by KMI Media Group staff

Laptop Features Ballistic Armor Protection The Latitude E6400 XFR from Dell is engineered to meet the needs of even the most demanding customers in the harshest environments. The system meets a higher drop specification and offers a greater level of dust and moisture protection than any fully rugged laptop in its class. Designed for the military, first responders, oil and gas environments, manufacturing floors, field technicians, and homeland security, the Latitude E6400 XFR features the Dell-exclusive Ballistic Armor Protection System featuring PR-481, which leverages a high-strength substance used for applications such as cryogenics, aircraft components, military equipment and medical devices. The Latitude E6400 XFR also features PrimoSeal Technology to enhance protection from dust and liquid with compression gaskets. The fully rugged laptop is engineered and independently tested to more than 13 military standards for operation in challenging environments. It shares common images and components with the Dell Latitude E6400 laptops for easy integration into existing environments and enables low ownership costs.

Receiver Delivers Real-time ISR Video Harris has introduced the ISR Video Receiver, a portable product that delivers high-resolution full-motion tactical video to individual warfighters for real-time intelligence, surveillance and reconnaissance. The handheld Harris ISR receiver, known as the RF-7800T, provides a next-generation portable ground-based, remotely operated video enhanced receiver (ROVER) for video captured by the militaryâ&#x20AC;&#x2122;s growing fleet of UAVs. This is the first video receiver packaged in a standard military-hardened handheld form factor, greatly increasing both portability and survivability in demanding battlefield environments. The RF-7800T is part of an accelerated push by Harris to apply its leadership in software-defined communication systems to deliver ISR video directly to the tactical edge, where it can be viewed, analyzed and acted upon immediately. Harris previously introduced ROVER capability in its high-performance Falcon III AN/PRC-117G multiband manpack radio, targeting customers with dual needs for both ISR information and advanced multimode communications. The handheld ISR Receiver operates in the L-frequency band, and also supports both S-band and C-band. The initial release provides NTSC FM video formatted data. The device feeds video to a local display and is sold with both monocle and tablet display options. Kevin Aman: kevin.aman@harris.com

Low-latency Solution Enables Bandwidth Efficiency Multiplexer Enables Network Speed and Bandwidth Fujitsu Network Communications, a supplier of optical and wireless networking solutions, has announced the general availability of second-generation 40 Gbps interfaces for its Flashwave 7500 reconfigurable optical add/drop multiplexer (ROADM). Utilizing an innovative adaptive differential phase shift keying modulation scheme and Fujitsu-patented Variable Dispersion Compensation, the units enable network growth up to 1.6 Tbps of capacity to help customers meet ongoing demands for increased speed and bandwidth. Three new 40 Gbps units are now available for the Flashwave 7500 ROADM, including the 40 Gbps Transponder, 4:1 Muxponder, and 40 Gbps Regenerator. Primarily intended for 40 Gbps core router interconnection services, the 40 Gbps Transponder provides a full-band tunable network interface and an OC-768 client interface. Supporting four 10 Gbps client interfaces, the 4:1 Muxponder provides an efficient method for aggregating 10 Gbps traffic and quadrupling the capacity of existing 10 Gbps-based networks. The 40 Gbps Regenerator provides electrical signal regeneration for long spans, eliminating the cost and complexity involved with the use of back-to-back transponders. Jenna Cunningham: jenna.cunningham@us.fujitsu.com

42 | MIT 13.6

Comtech EF Data has announced the general availability of adaptive coding and modulation (ACM) for the CDM-625 Advanced Satellite Modem. The patent-pending and unique implementation of ACM is available for the CDM-625 when utilizing the next generation forward error correction VersaFEC. The combination of VersaFEC and ACM deliver significant lower latency benefits to VSAT users when compared to alternate implementations of ACM using DVB-S2. ACM turns fade margin into increased link capacity by automatically adapting the modulation type and forward error correction code rate to provide the highest possible throughput. ACM maximizes throughput regardless of link conditions. And, it can yield higher system availability even in severe rain fading conditions with lower throughput. VersaFEC was designed to provide maximum coding gain at the lowest possible latency for both constant coding and modulation and ACM operation. VersaFEC uses a constant number of symbols per frame. When compared to DVB-S2 ACM, which uses a constant number of bits per frame, the combination of VersaFEC and ACM provide a significant reduction in system latency. The new Comtech EF Data low latency ACM solution enables more bandwidth efficiency and increases throughput for IP-based point-to-point applications.

www.MIT-kmi.com

The advertisers index is provided as a service to our readers. KMI cannot be held responsible for discrepancies due to last-minute changes or alterations.

MI T CALEND A R & DI REC TO RY ADVERTISERS INDEX Cases 2 Go . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43 www.cases2go.com Comtech Mobile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 www.comtechmobile.com ForeScout Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 www.forescout.com Fortinet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41 www.fortinet.com Fortress Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29 www.fortresstech.com/landwarnet2009 Fujitsu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33 us.fujitsu.com/telecom General Dynamics C4 Systems-Needham . . . . . . . . . . . . . . . . . .5 www.gdc4s.com/secureproducts General Dynamics C4 Systems-Scottsdale . . . . . . . . . . . . . . . .13 www.gdc4s.com/riﬂemanradio General Dynamics C4 Systems-Taunton . . . . . . . . . . . . . . . . .C3 www.gdc4s.com Google . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27 www.google.com/federal Harris RF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 www.rfcomm.harris.com/117g Inmarsat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 www.inmarsat.com/government L-3 Communications East . . . . . . . . . . . . . . . . . . . . . . . . . . . .C4 www.l-3com.com L-3 Communications Global . . . . . . . . . . . . . . . . . . . . . . . . . . .37 www.l-3com.com L-3 Communications West . . . . . . . . . . . . . . . . . . . . . . . . . . . .24 www.l-3com.com Paradigm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19 www.paradigmservices.com Segovia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .C2 www.segoviaip.com Seidcon Inc. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26 www.seidcon.com Smartronix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34 www.smartronix.com Xtar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17 www.xtarllc.com US Falcon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28 www.usfalcon.com

GLOBAL NETWORK ENTERPRISE CONSTRUCT (GNEC) EADS North America . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17 www.eads-na-security.com Juniper Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .C2 www.juniper.net/federal NCI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 www.nciinc.com Safenet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .C3 www.safenet-inc.com/government STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 www.stginc.com

www.MIT-kmi.com

KMI Media Group is seeking a full-time CIRCULATION

MANAGER This iss a pe perma permanent, rmanen nentt, ful ffull-time full ll-ti l time ime su super supervisory p vis per viso i ory ory po position responsible for overseeing KMI Media Group’s circulation department which includes the operation of the circulation system, and scheduling and supervising department staff. Successful candidate will direct circulation strategy and monitor overall performance of services; be responsible for planning and implementing sales and service strategies; and maximize the military and defense industry circulation potential. Candidates must be innovative, have the ability to develop and manage employees, manage effective circulation marketing programs and be able to define and maintain distribution to qualified readers. QUALIFICATIONS: Former military and/or defense contractor employment. Position requires computer skills on Excel and Word. SALARY AND BENEFITS: Salary commensurate with experience. Health insurance and vacation. CONTACT: davidl@kmimediagroup.com

CALENDAR August 18-20, 2009 LandWarNet 2009 Fort Lauderdale, Fla. www.afcea.org

September 14-16, 2009 Air and Space Conference National Harbor, Md. www.afa.org

August 24-27, 2009 Air Force Information Technology Conference 2009 Montgomery, Ala. http://aﬁtc.gunter.af.mil

September 22-24, 2009 Biometric Consortium Conference Tampa, Fla. www.biometrics.org

September 9, 2009 ComDef 2009 Washington, D.C. www.ideea.com/comdef09/

September 29-October 1, 2009 Modern Day Marine Quantico, Va. www.marinemilitaryexpos.com

MIT 13.6 | 43

INDUSTRY INTERVIEW

MILITARY INFORMATION TECHNOLOGY

Mike Bradshaw Director Google Federal

Mike Bradshaw manages Google’s federal business based in Reston, Va. Prior to joining Google, he spent 15 years at Microsoft as director of the U.S. Department of Defense business. He also worked for IBM and Oracle in the civilian and commercial sectors. Bradshaw has an MBA from The George Washington University. Q: Google’s search technology is wellknown in the civilian world. What unique benefits does your company offer to military and intelligence users? A: That’s a great question. We are consistently working to adapt our Google.com technology for military and intelligence users. The major unique benefit we offer is our ability to deliver high-quality results in a firewalled environment that is attuned to the special security needs for the military and intelligence technology communities. It’s the ease of use, reliability and relevance that matters, plus the extra security integration. Information that you can’t find is useless, so we work hard to fix that issue for military users. Q: What are some of the ways in which DoD and the intelligence community are using the Google search appliance? A: I think the best way to answer this is through a customer example. One Google Search Appliance [GSA] government customer requires instantaneous access to data from 2,500 different data sources to evaluate the location and level of security threats and resources. It’s very important to get as much of the information linked together so that employees can work more efficiently and accurately. It’s a matter of security and safety for people who are using the information. The GSA searches multiple data sources quickly, and endusers now get data that is much more relevant to their searches on threats they were facing. In addition, they were able to start integrating the information with Google Maps and Google Earth, so they not 44 | MIT 13.6

Q: What do you see as the future for cloud computing in the military/intel sphere?

only get back more relevant information, but also can start looking at it in a geospatial context, which makes it much easier to determine where a particular security threat or helpful resource may be. Q: The company recently released a new version of the search appliance. What enhancements will it offer? A: We launched the GSA 6.0 on June 2, highlighting the capability to scale to searching more than a billion documents. We’re thrilled with the new version largely because it really helps our users in government with large document counts. The new 6.0 architecture also allows for really rich linking options within and across government and military organizations. The GSA can work within individual clusters, or it can link different organizations together. We can do it dynamically, unifying data stores then breaking those links if necessary, or leave them together at all times. Let’s say a military group needs to search across a variety of data stores, but individual employees have different levels of access to info. With the granular controls, the GSA can serve up the results that are most relevant to each employee, while staying true to individual security access levels. It’s just a really dynamic setup that gives great control to the admin. This kind of flexibility and control is critical in the military and intelligence world. So it’s a very exciting new architecture for us, because of the scaling potential and dynamic results.

A: I think there is a serious future for cloud computing within DoD, particularly with utility applications that have become mainstream and critical for office productivity, such as e-mail or word processing. It makes no sense for DoD to have in-house experts on word processing or spam filters when Google can leverage existing expertise on those tools. Part of the reason cloud computing is such a smart move for government also is its impact on budget—agencies and large organizations save significantly by adopting cloud tools like Google Apps due to economies of scale, and they get consistent innovation at the same time. Because Google Apps are hosted on the Internet [hence, cloud], Google can add updates, security fixes and applications immediately. There is no need to wait for patches/software to be downloaded and deployed, which can take time and makes an organization vulnerable in the interim. Cloud computing solves that issue. Also, when the customer (like DoD) doesn’t have to worry about spam in employee e-mail, the customer can better focus on its core mission—bringing on IT people to do more innovative work. Essentially, cloud computing can save DoD [and anyone else] time and money, as well as opening up a channel for increased technological innovation. So I think the future is bright. Q: Is there anything else you would like to add? A: I’d just add that Google is very much committed to working with the government—that’s why we opened a second Washington, D.C.-area office in Reston. There are many more Google tools we could talk about, but I guess they will have to wait for the next interview! ✯ www.MIT-kmi.com

WIN-T is… being fielded today. a self-forming and self-healing network. providing integrated network operations. a mobile, ad-hoc network. the U.S. Army’s current and future network. For more information please call 508-880-1759.

THE MOST SECURE WAY TO TRANSMIT IP DATA IS ALSO THE FASTEST

10 Gbps HAIPE®

KG-245X: IN A CLASS BY ITSELF NSA certiﬁed, fully programmable and lightning fast, the world’s ﬁrst and only 10 Gbps HAIPE® In-Line Network Encryptor is here. Engineered to deliver the highest possible encryption performance over IP networks, the L-3 KG-245X offers a balance of capability and user-friendly operation that lowers support costs and is easy to deploy across the enterprise and WAN environments. For more information about upgrading to 10 Gbps HAIPE encryption technology that will help secure your mission-critical networks, visit L-3com.com/HAIPE or call 856-338-6277 today.

C 3 ISR > GOVERNMENT SERVICES > AM&M > SPECIALIZED PRODUCTS Communication Systems-East HAIPE ® is a registered trademark of the National Security Agency. KG-245X incorporates NetHawk VPN Technology licensed by SafeNet Inc.

L-3com.com