The Voice of Military Communications and Computing
Cyberspace Warrior Vice Adm. Michael S. Rogers Commander, U.S. Fleet Cyber Command Commander, U.S. 10th Fleet Mobile Device Management O Data Center Consolidation DoD Timekeeper O Capability Set 13 O Mobile File Sharing
Volume 17, Issue 1
First Gen SIEM: Costly, Complex, Deficient
SIEM 2.0 | See what you’re missing.
Compromised credentials? Systems hacked? Data breached? In today’s IT environment, it’s a question of when, not if. LogRhythm’s SIEM 2.0 security intelligence platform provides a certified solution for Federal and classified environments that is as easy to deploy as it is to use – at a price that fits within your budget. It’s time to see what you’ve been missing. Call 1-866-384-0713 to learn more or schedule a demo. Or visit www.LogRhythm.com/federal
Certificate of Networthiness
A 2012 LEADER SIEM Magic Quadrant
Common Criteria Certified
military information technology Features
February 2013 Volume 17, Issue 1
Cover / Q&A
Lighthouse of the Skies As DoD’s official timekeeper, the Naval Observatory plays a critical role in a wide range of military technologies, from battlespace awareness to GPS. By Geoff Chester
16 Vice Admiral Michael S. Rogers
Stepping Stone to Change
The emergence of cloud computing has the potential to make data center consolidation a stepping stone toward a radical change in how DoD provides and consumes IT services. By Peter Buxbaum
Wanted: Mobile Traffic Cop
Seeking a “traffic cop” to enforce policies for both the network and mobile devices, the Defense Information Systems Agency recently issued a call to industry for mobile device management and mobile application stores capabilities. By Henry Canaday
Departments 2 Editor’s Perspective 3 program notes/People 14 data bytes 20 small business spotlight 26 COTSacopia 27 Resource Center
In November, the Army completed Network Integration Evaluation 13.1, as 3,800 soldiers of the 2nd Heavy Brigade Combat Team, 1st Armored Division tested the Capability Set 14 Integrated Network Baseline. By Adam Baddeley
Mobile File Sharing Security
By leveraging secure mobile file sharing technology, military IT decision-makers can streamline processes and cut costs. By Yorgen Edholm
Industry Interview Ken Kartsen
Vice President Federal McAfee
Commander, U.S. Fleet Cyber Command Commander, U.S. 10th Fleet
Military Information Technology Volume 17, Issue 1 • February 2013
The Voice of Military Communications and Computing Editorial Managing Editor Harrison Donnelly firstname.lastname@example.org Online Editorial Manager Laura Davis email@example.com Copy Editor Sean Carmichael firstname.lastname@example.org Laural Hobbes email@example.com Correspondents Adam Baddeley • Peter Buxbaum Cheryl Gerber • Karen E. Thuermer
Art & Design Art Director Jennifer Owers firstname.lastname@example.org Senior Graphic Designer Jittima Saiwongnuan email@example.com Graphic Designers Amanda Paquette firstname.lastname@example.org Scott Morris email@example.com Eden Papineau firstname.lastname@example.org Kailey Waring email@example.com
Advertising Account Executive Cheri Anderson firstname.lastname@example.org Dustin Roath email@example.com
KMI Media Group Publisher Kirk Brown firstname.lastname@example.org Chief Executive Officer Jack Kerrigan email@example.com Chief Financial Officer Constance Kerrigan firstname.lastname@example.org Executive Vice President David Leaf email@example.com Editor-In-Chief Jeff McKaughan firstname.lastname@example.org Controller Gigi Castro email@example.com Marketing & Communications Manager Holly Winzler firstname.lastname@example.org Operations Assistant Casandra Jones email@example.com Trade Show Coordinator Holly Foster firstname.lastname@example.org Operations, Circulation & Production Circulation & Marketing Administrator Duane Ebanks email@example.com Data Specialists Tuesday Johnson firstname.lastname@example.org Summer Walker email@example.com Raymer Villanueva firstname.lastname@example.org Donisha Winston email@example.com
EDITOR’S PERSPECTIVE Given its massive scope, the defense authorization bill for fiscal year 2013 naturally contains many significant provisions that don’t get much media attention. To cite just one example, the 681-page measure includes a whole subsection devoted to cyberspace issues related to the Department of Defense. The recently enacted legislation calls on DoD to: • Develop a strategy for implementing the Joint Information Environment. • Set in motion the acquisition of next-generation host-based cybersecurity tools and capabilities. Harrison Donnelly Editor • Implement a baseline software assurance policy for the entire lifecycle of DoD-acquired systems. • Inventory the department’s tactical data link programs and find ways to encourage competition in contracting. • Study ways to develop and demonstrate collection, processing and storage technologies for network flow data that save money and are potentially scalable to the volume used by Tier 1 Internet service providers. • Analyze the need for large-scale software database and data analysis tools, and foster competition in their acquisition. • Inventory software licenses held by DoD and manage them as cost effectively as possible. • Provide regular congressional briefings on the work of U.S. Cyber Command. • Report to Congress on penetrations into the networks of DoD contractors. Public opinion polls show that Americans currently hold Congress in lower regard even than in past years. As a former Capitol Hill reporter, this saddens me, but it’s hard to argue with the assessment. I don’t know if any of the above provisions represent unwarranted interference in executive branch affairs, or would lead to disastrous policy consequences, although most seem reasonable enough on their face. But amid all the negative publicity, on this point at least you have to give lawmakers credit for trying.
KMI MedIa Group LeadershIp MaGazInes and WebsItes Border & CBRNE Defense
Ground Combat Technology
Geospatial Intelligence Forum
Military Advanced Education
Military Information Technology
Border Threat Prevention and CBRNE Response
Integrated Fixed Towers
A Proud Member of Subscription Information Military Information Technology
ISSN 1097-1041 is published 11 times a year by KMI Media Group. All Rights Reserved. Reproduction without permission is strictly forbidden. © Copyright 2013. Military Information Technology is free to qualified members of the U.S. military, employees of the U.S. government and non-U.S. foreign service based in the U.S. All others: $65 per year. Foreign: $149 per year.
June 2012 Volume 1, Issue 1
Michael J. Fisher Chief U.S. Border Patrol U.S. Customs and Border Protection
Leadership Insight: Robert S. Bray Assistant Administrator for Law Enforcement Director of the Federal Air Marshal Service Transportation Security Administration
Wide Area Aerial Surveillance O Hazmat Disaster Response Tactical Communications O P-3 Program
Medical Military Training Military Logistics Military & Veterans Forum Technology Affairs Forum
Special Operations Technology
Tactical ISR Technology
U.S. Coast Guard Forum
Corporate Offices KMI Media Group 15800 Crabbs Branch Way, Suite 300 Rockville, MD 20855-2604 USA Telephone: (301) 670-5700 Fax: (301) 670-5701 Web: www.MIT-kmi.com
Compiled by KMI Media Group staff
Enterprise Licensing Pact Offers Major Software Savings Leveraging the buying power of more than 2 million IT users, the agreement has a mobile-first focus, and we expect to begin to take advanDepartment of Defense has awarded a three-year, $617 tage of Microsoft’s mobile offerings as part of our enterprise million joint enterprise license agreement for Microsoft mobility ecosystem.” products. “We were able to coalesce the requirements and By entering into a transformative three-year Joint strategies for the majority of DoD in a single contract, Enterprise Licensing Agreement for enterprise licenses and by doing so being able to ensure that they have a and software assurance, the Army, Air Force and Defense standard solution that enables interoperability from the Information Systems Agency (DISA) will expand access to joint perspective across the organizations. In addition, cost Microsoft solutions while also attaining the best pricing efficiency was one of the main driving factors that DoD DoD has received to date for Microsoft desktop and server was looking for, which we were certainly willing to support software licenses. The agreement provides all three orgaas they made the decision to standardize even further on nizations with a single vehicle for accessing the latest Microsoft technologies,” said Tim Solms, general manager Lt. Gen. Michael J. Basla Microsoft technologies in support of such IT priorities of Microsoft’s DoD business. as datacenter consolidation, collaboration, cybersecurity, Although the agreement does not cover the Department mobility, cloud computing and big data. of the Navy, which signed its own Microsoft contract last year, Solms raised This is the most comprehensive licensing agreement Microsoft has the prospect of further contract consolidation in the future. ever established with DoD, covering nearly 75 percent of all department personnel. The new contract was awarded to Insight Public Sector, a division of the Microsoft reseller Insight Enterprises. Compiled by KMI Media Group staff As part of the agreement, all three organizations can begin using the newest versions of Microsoft products, including Microsoft Office 2013, SharePoint 2013 Enterprise and Windows 8. The ability to standardize first chief executive officer. on SharePoint 2013 Enterprise will enhance cross-agency informationIn this new role, O’Berry will sharing through improved enterprise search and social communications lead NCOIC’s outreach to features while powering advanced business intelligence and reporting potential global government capabilities. customers and liaise closely The package has been customized to meet DoD security standards. with the consortium’s council The Army Network Enterprise Technology Command and Air Force of advisors. Program Executive Office for Business and Enterprise Systems have been Col. Peter A. Gallagher working closely with Microsoft to achieve Army Golden Master and Air Force Standard Desktop Configuration compliance for Windows 8. Department officials estimate savings could run into the tens of The list of Army colonels recently nominated for the rank millions over the course of several years through lower license and software of brigadier general includes the assurance costs. following: Colonel Christopher “This effort is a significant pathfinder on how to do major contract S. Ballard, who is currently awards for DoD,” said Air Force Lieutenant General Michael J. Basla, Air serving as director, Army Force chief information officer and chief of information dominance. “This Cyber Operations Integration contract award culminates over a year’s worth of great teaming between Vice Adm. P. Stephen Center/G-3, Second Army/Army the Air Force, Army and DISA, and ultimately the Air Force will see a cost Stanley (Ret.) Cyber Command, Fort Meade, avoidance of about $50 million a year.” Md.; and Colonel Peter A. Northrop Grumman has The Army will save more than $70 million each year for the span of the Gallagher, who is currently appointed Vice Admiral P. agreement, according to Deputy CIO Michael E. Krieger. serving as deputy commander, Stephen Stanley (Ret.) as “The Army Contracting Command negotiated terms that met the Army Network Enterprise vice president of cybersecurity/ complex technical and security requirements for the Army, Air Force and Technology Command, Fort C4 in the company’s governDISA in a single agreement,” Krieger said. “The spirit of collaboration Huachuca, Ariz. ment relations organizabetween the services enables unprecedented opportunities for improvements tion. Stanley’s military career in efficiency and productivity for DoD, and the Army is proud to have led included service as the printhe effort.” The Network Centric Operations cipal deputy director of cost Navy Rear Admiral David G. Simpson, DISA’s vice director and senior Industry Consortium (NCOIC) assessment and program evaluprocurement executive, said the agreement “gives us a good way of bringing has announced that Carl G. ation, Office of the Secretary of the volume of the government’s purchase to bear and reducing the time and O’Berry—its 2004 founding Defense. effort that Microsoft needs to spend negotiating across different agencies. chairman—now serves as its “[The agreement] recognizes the shift to mobility,” Simpson added. “Microsoft is committed to making sure that the technology within the
MIT 17.1 | 3
As DoD’s official timekeeper, the Naval Observatory plays a critical role in a wide range of military technologies, from battlespace awareness to GPS. By Geoff Chester The phrase “timing is everything” has never been more true than it is today. Virtually every facet of our day-to-day lives in the 21st century is touched by time. Most of us either own or have used a Global Positioning System (GPS) unit to navigate city streets. We communicate with cell phones and use the Internet. These technologies, which most of us now take for granted, simply cannot function without a precise time-scale reference. In the modern world of digital technology and interconnectivity, precise time is the critical element that binds everything together. Nowhere is this more important than in the field of battlespace awareness, where near-instantaneous knowledge of the positions of assets and targets, precise command and control, and real-time remote sensing of the changing environment dictate the success or failure of an operation. Fortunately, the Department of Defense supports an activity which provides the most precise timing in the world: the U.S. Naval Observatory (USNO). Tucked away in a quiet residential area of Washington, D.C., the USNO has the outward appearance of a museum in a park. Perhaps best known as the location of the official residence of 4 | MIT 17.1
the U.S. vice president, the USNO is actually one of the oldest scientific organizations in the nation, where a staff of about 100 highly dedicated specialists perform fundamental research into precise timing and reference frames and their practical applications, providing the linchpin in the digital domain of modern warfare. Originally envisioned by President John Quincy Adams as a “lighthouse of the skies,” the observatory was founded in 1830 as the U.S. Navy Depot of Charts and Instruments under the command of a single officer, Lieutenant Louis M. Goldsborough. Established to clean, repair and rate marine chronometers and other navigational instruments, USNO’s singular focus throughout its long history has been to provide the best astronomical reference and timing products to the fleet, DoD and the nation to support positioning, navigation and timing (PNT). Today the observatory is an Echelon IV command, part of the naval oceanography community reporting to the commander, Naval Meteorology and Oceanography Command, Rear Admiral Brian Brown. USNO is also a key player in the Navy information dominance community via its resource sponsor, the Oceanographer and Navigator of the Navy, Rear Admiral Jonathan White. The USNO superintendent, Captain Tim Gallaudet, is designated www.MIT-kmi.com
and the counter ticks off the units of that scale. The physical unit of time is the second, and as clocks have evolved over history, they have used various methods to produce seconds. These seconds, in turn, are related to a funMaster Clock damental reference frame that is commonly available to timekeepers everywhere. Up until The earliest time-scales were inextricably tied 1967 this reference frame was defined by various to the motions of the sun, moon, planets and motions of the Earth in relation to astronomically stars. These astronomical bases of timing have derived parameters. survived to the present day, but as technology has Clocks have evolved from devices that counted developed, the requirements for determining and Capt. Tim Gallaudet drops of water to mechanical systems using cyclidisseminating precise time now demand accuracal mechanisms such as the verge, foliot and pendulum escapecies that are far more critical than those that can be provided ments. The first practical pendulum clock, invented by Dutch by the stars. astronomer Christiaan Huygens in 1655, represented a technolUSNO has been at the forefront of embracing new technoloogy that changed comparatively little until the 20th century. gies to develop better timing systems throughout its history. During the post-World War I years, breakthroughs in theoThat legacy has led to today’s USNO Master Clock system, desretical physics revolutionized our understanding of the nature ignated by DoD instruction to be the sole timing reference for of space, matter and time. The desire to prove these new theories all timing-related activities within the department. drove the development of new types of clocks that could resolve The practical realization of time is done through clocks, the second into ever-smaller increments. Quantum theory also which essentially consist of an oscillator and a counter. Some sort led to the development of today’s state-of-the-art clocks in the of sustainable, periodic variation is used to define a time-scale, as DoD’s precise time and time interval manager, reporting in this capacity directly to the department’s chief information officer, Teresa M. Takai.
MIT 17.1 | 5
form of atomic frequency standards. However, the second itself was still defined by the motions of the Earth. By the 1950s physicists and engineers realized that the stability of atomic frequency “clocks” far exceeded the longterm stability of the Earth’s motions. In 1967 the world’s scientists adopted a new definition of the second: “the duration of 9,192,631,770 cycles of radiation corresponding to the transition between two hyperfine levels of the ground state of cesium 133.” USNO astronomers were instrumental in relating this definition to the astronomical time-scales then in use, ensuring a smooth transition for practical users of precise time. Central to USNO’s mission is the requirement to take this definition of precise time and to reproduce and disseminate it for practical use throughout the DoD enterprise.
Practical Time As the old saying goes, “A person with one clock knows what time it is, but a person with two clocks is never sure.” Even in today’s era of atomic clocks, this statement still holds true. Individual clocks will vary with respect to one another, but a time-scale derived from an ensemble of many clocks will be very stable over the long term. USNO’s Master Clock is thus not a single device but an ensemble mean of over 100 individual devices,
which together satisfy a specified precision requirement. That requirement is currently better than one nanosecond (one billionth of a second) per day. What impact does a nanosecond of timing error mean in the “real world”? Let’s take the example of GPS, which uses the differential measurement of timing signals from satellite-borne clocks to determine a position on the ground. Radio signals travel at the speed of light, just under 300,000 kilometers (186,200 miles) per second. In one nanosecond that radio signal travels about 30 centimeters (1 foot), so a clock error of just one nanosecond means a “built in” uncertainty of 30 centimeters of position. Each clock on each GPS satellite is compared on a daily basis to USNO’s Master Clock, much as chronometers of the past were compared to an astronomical time-scale defined at the observatory. While the clocks themselves are never adjusted, their drift rates against the Master Clock are carefully measured and incorporated into the timing data downlinked to a receiver on the ground. As long as the drift rates of the satellite clocks remain constant the system will function; clocks with anomalous drift rates must be quickly detected and removed from service. It follows that the more precise the Master Clock is, the better GPS will perform. USNO is committed to developing the best and most precise clock technology to support this goal. Its Navy
The Navy Rubidium Fountain Clock is the Naval Observatory’s newest and best clock. Designed and built in-house, these devices use the principle of laser trapping and cooling of rubidium atoms before “tossing” the atoms into a long high-vacuum microwave cavity, where their hyperfine resonances can be measured to the femtosecond level. [Photo courtesy of U.S. Naval Observatory]
6 | MIT 17.1
The clock vault contains a bank of COTS Symmetricom HP-5071A Cesium Beam Frequency Standards in the racks against the back wall; the boxes in the front are COTS Sigma-Tau Hydrogen Masers. [Photo courtesy of U.S. Naval Observatory]
Rubidium Clock development program has devised, designed, built and implemented the most accurate clock system in the world, capable of resolving short-term time-scales to the femtosecond (10-15 second) level. Four of these devices, all built in-house by staff members of the Observatory’s Instrument Shop, have been continuously operating in Washington for two years. Three more are being constructed for service at the USNO’s Alternate Master Clock facility, co-located with the Master GPS Control Center at Schriever Air Force Base, Colo. In addition to determining and disseminating precise time, the USNO also determines the Earth’s instantaneous rotation and orientation parameters with respect to a master Celestial Reference Frame. Utilizing a radio-astronomy technique known as Very Long Baseline Interferometry (VLBI), the small variations in the planet’s rotational motion and the angles describing the direction of its rotational axis can be tracked in near real time and predicted for several months in advance. Knowing these parameters is vital to position determination via GPS. Without these Earth Orientation Parameters (EOPs), GPS positioning errors can accumulate to about two meters in a week and up to 400 meters in six months. To carry out these observations, individual stations along the continent-spanning network of radio telescopes need to observe a celestial source simultaneously, so they are synchronized by the USNO Master Clock. The data from each individual station is then sent to USNO, where it is processed on a VLBI Correlator, one of three such installations in the world. In addition to EOPs, data from these observations produces a fundamental reference frame to which all other reference systems can be tied. This enables the smooth transition from the position of a target measured in a terrestrial spatial reference frame to one described by the GPS satellite constellation, which in turn is tied to the master celestial reference frame. A weapon deployed to strike the target can then easily transition between www.MIT-kmi.com
the satellite reference frame to the terrestrial one, ensuring an accurate hit.
Celestial Reference Optical star catalogs derived from observations made with telescopes in Washington and at USNO’s Flagstaff, Ariz., “dark sky” station are also tied to the master celestial reference frame and provide a navigational asset to strategic weapons systems designed to function despite the possible absence of GPS. These catalogs also provide a backdrop for space-situational awareness, enabling optical tracking systems to identify unannounced satellite launches from potential adversaries, track space debris that might endanger friendly space-based assets, or even detect asteroids that may potentially impact the Earth. Finally, USNO scientists have developed practical applications for astronomical data. Software designed by the observatory is used to plan special operations based on the illumination provided by natural sources. Software is also available that vastly simplifies the old tried-and-true method of positioning based on celestial navigation with sextant and almanac. This is still one of the few viable navigation systems available should GPS be denied in the field. Despite its small size and low profile, the USNO is more relevant now to the DoD enterprise than at any time during its 182-year history. It is living up to the motto bestowed on it by Rear Admiral Charles Henry Davis in 1867: “Pervenit in astra, et pontum caelo coniunxit—The stars are scaled, and sky with ocean joined.” O Geoff Chester is the public affairs officer for the USNO. For more information, contact MIT Editor Harrison Donnelly at firstname.lastname@example.org or search our online archives for related stories at www.mit-kmi.com.
MIT 17.1 | 7
Data center consolidation efforts could transform how DoD provides and consumes IT services.
By Peter Buxbaum MIT Correspondent
resources by maintaining fewer sites. By consolidating infrastructure, The Department of Defense’s data center consolidation program, DoD will be able to break down a lot of the existing information stovewhich was originally aimed at money on the maintenance and upkeep pipes and promote better information sharing. Reducing costs will of physical server space and was closely related to the base realignalso give DoD the ability to leverage newer technologies.” ment and closure effort, has been transformed into a program with Campbell has advised the Air Force, Army, and Navy on their data much broader and deeper implications. The emergence of cloud comcenter consolidation efforts. puting and the department’s strategic embrace of that phenomenon “The historical tendency within DoD has been to put up servhas the potential to make data center consolidation a stepping stone ers, but that leaves a lot of inefficiencies,” said David Egts, principal toward a radical change in how DoD provides and consumes informaarchitect at Red Hat. “One inefficiency is in purchasing tion technology services. power. Another is in the lack of standardization. When Similarly, many opportunities to modernize milyou don’t have standardization, it is hard to swap techitary networks have come about since DoD first nologies and people have to be retrained when they embarked on data center consolidation. The question move form one place to another.” now becomes whether the savings the department will generate through consolidation will be plowed back into IT, making networks more robust and Network Modernization more responsive to warfighter needs. Alternatively, looming budget constraints could motivate DoD to Data center consolidation could be a jumping-off save the money, pushing out modernization to some point for the modernization of military networks as a future date. whole, according to Anthony Robbins, vice president Rich Campbell The short answer, industry experts acknowledge, is of federal for Brocade. that these are not the best of times to be pushing for “DoD has one of the most complex networks on transformational IT changes. Nevertheless, those involved in military the planet,” he said. “The network is full of products at the end of their and other federal data center consolidation initiatives say the opporservice lives and at the end of their sales lives. There are way too many tunities are worth the challenges. applications supported by the department. All commercial companies “DoD has several goals with data center consolidation,” said Rich go through a rigorous process of application modernization. We have Campbell, chief technologist at EMC. “The department can save been advocating the use of new technologies to modernize, refresh 8 | MIT 17.1
transition into the cloud to better support missions and simplify government networks, to get hold of costs and to promote the flexibility required to support and improve performance.” military organizations in the dynamic nature of today’s In addition to spending reductions, data cenmil operations. Getting a handle on infrastructure is ter consolidation also presents DoD with improved an essential first step to that process.” information security possibilities as well as opera“The adoption of cloud computing will accelertional improvements, said Pat Tracey, vice president, ate consolidation,” said Egts. “Consolidation by itself homeland security and defense, U.S. public sector, HP can create a lot of organization friction because some Enterprise Services, Hewlett-Packard Co. people have to surrender a degree of budgetary and “The attractive feature to keeping information operational control. The way to encourage this to hapinside the infrastructure is that it is not resident on pen is to replace the existing situation with something individual laptops or desktops,” Tracey explained. “But David Egts compelling. With the self-service aspects of the cloud, the question of how information in a shared data ceninstead of standing up a virtual machine in a data center will be protected still needs to be addressed.” ter, which may take months, it can be provisioned in “Consolidating data centers means fewer ingress minutes or even seconds.” points to data,” noted Campbell. “That means a better With consolidation of data centers comes conability to rein in rogue users.” solidation of applications. As the military services have For Tracey, the potential for operational advanconsolidated their email servers, Quest Software has tages represents the most important aspect of data been working with them to consolidate their active center consolidation. “You are able to establish single directories and to virtualize their server management. sources of verified and validated information, applied “Various data centers and different branches were across all of DoD. It provides the opportunity to enable running different instances of their directories,” said more modern approaches to processes and decision Paul Christman, president and chief executive officer support, to standardize, modernize and rationalize Pat Tracey of Quest Software Public Sector. “This was remarkably applications and databases and to take a more strucinefficient and expensive and did not provide good tured approach to IT and infrastructure,” she said. service quality. As data centers are consolidated, the By structured, Tracey means a centralized approach services are creating larger and more unified email that could change radically how DoD organizes IT, as systems that provide better service.” well as how the department’s IT entities do business. Christman envisions an end state in which each “DoD elements have grown up being very decentralservice will eventually consolidate into its own unified ized,” she said. “Local functional and command prioriemail system. “Consolidating 10,000 or 100,000 users ties held sway. But this caused interoperability issues is challenging,” he said. “When you add another zero and information sharing problems.” it becomes even more so. We have found that once you It also caused problems as warfighters moved from get past a million users, the returns tend to diminish.” their garrisons to preparedness mode, and then to Quest is supplying products and services that deployment. “The focus for the last five years has been Paul Christman provide for interoperability between the old and new to get to a place where there is a more predictable level of support and consistency across this spectrum,” said email@example.com email systems for a seamless transition. “We also work with our clients to implement new tools to manTracey. “The services have been pursuing strategies to make access to age consolidated data centers,” said Christman. “You need different information seamless.” approaches, tools and metrics to manage virtualized environments. The challenge remains for IT organizations to balance centralizaInstead of measuring things like resource usage, our tools take a tion and standardization initiatives with local priorities, she added. transactional approach from the user standpoint. Our tools measure Other challenges will confront DoD IT organizations and change how efficiently the system performs user tasks.” how they operate. “Data center consolidation will break down barWhile consolidating email servers may reach a point of diminishriers and force IT departments to talk more and work together,” ing returns, Robbins believes that DoD is not being aggressive enough said Campbell. in consolidating its inventory of data centers. “DoD is starting out “Whenever people move to a shared data center, they give up conwith around 1,500 data centers,” he said. “Commercial best practices trol of the budget and also control of the service provider,” said Egts. dictate the consolidated number should be less than 100, possibly less “Relationships with vendors will change. Vendors will need to mainthan 50. By these standards, DoD’s efforts fall short of commercial tain relationships with end-users and establish new relationships with best practices.” the data centers. They still need to win the hearts and minds of users DoD documents indicate a disparity of goals for consolidation and also make sure their products fit within the data center’s specs.” among various DoD components. The Air Force expects to reduce the number of its data centers by 47 percent by 2015. The Navy plans a Cloud Computing reduction of 50 percent, while the Defense Logistics Agency’s goal is a 90 percent reduction, and the military health system is seeking a 70 DoD’s data center consolidation started without cloud computing percent reduction. in mind, but the advent of the cloud has made the implications of “As an industry partner I can say that data center consolidation is the consolidation all the more profound. “DoD is taking an approach an obvious and correct thing to do,” Robbins added. “But it is a work to cloud computing that begins with data center consolidation,” in progress and there is a lot of progress yet to be made.” said Tracey. “That makes a lot of sense to me. DoD is making the www.MIT-kmi.com
MIT 17.1 | 9
“I would give DoD a solid B+,” said Christman. “They are doing well considering the size of the organization and its geographical distribution. DoD is enjoying strong leadership on this issue. Eventually the effort should slow and stop when they reach an optimal number. That should definitely be a smaller number than they have now.” “It’s always a challenge to move from an IT infrastructure over which you have direct control to a managed service infrastructure, whether the provider is the Defense Information Systems Agency (DISA) or some outsourced provider,” said Tracey. “There is always that cultural barrier, but progress is being made. Each service has a good line of sight on how they want to proceed.” Hewlett-Packard learned from its own consolidation efforts that support of senior leadership is important. “It seems that DoD is benefiting from strong leadership in this area,” said Tracey. “DoD leadership appreciates fully the fact that their operations are network dependent. The younger generation of leaders understands this even better. “Accepting DISA as a service provider would have been difficult if not impossible 15 years ago. Today’s leadership is much more open to consider alternatives that provide effective mission support at affordable levels of expenditure,” she added.
Inventory Management But DoD is falling short in its IT inventory management, Christman contended. “Whenever you’re consolidating infrastructure, the first thing everyone realizes is that they have a poor handle on the ‘as-is’ state,” he said. “It can take years to figure that out, and when you start with dirty data it is hard to figure the delta so that you can measure success.” Christman urged DoD not to get bogged down figuring out where it started, but instead to create a baseline starting now. “It’s better to start driving costs out of the new state as opposed to focusing on the old state,” he said. “They should focus, as of today, on how much it costs to produce a unit of IT. That is where they will get the biggest bang for the buck.” “I think DoD is making some progress, but there is always room for improvement,” said Egts. “One area where I see a challenge is if DoD simply does consolidation without trying to take advantage of these efficiencies to make improvements to networks and systems.” The idea here, as Campbell put it, is that data center consolidation could “free up an astronomical amount of money” that could be sunk into the modernization of networks, applications and other systems. “Closing more data centers can create the funding to invest in infrastructure that is more aligned with what commercial businesses are doing,” said Robbins. “I think there is still a lot of work to be done to rationalize applications and modernize networks.” As Robbins sees it, DoD users want more access to data and applications and are increasingly using mobile devices for that access. “The question now becomes how do you make applications and data available to any user anytime with dramatically fewer data centers?” That is where network modernization comes in, and virtualization is one aspect of that effort. “There are now more virtualized machines out there than physical ones, yet virtualization has not yet occurred on a large scale in DoD,” said Robbins. “There is now more east-west data and application traffic than north-south traffic on networks, but DoD’s networks haven’t been modernized in a decade.” North-south traffic refers to the traditional client-server model of communications in which data flows from the core to the edge 10 | MIT 17.1
and back. East-west traffic refers to the patterns that predominate in virtualized and cloud environments, in which more data flows among servers. The network architecture could also be modernized, according to Robbins, to make it flatter and less complex. “Flattening makes networks simpler and require fewer people to operate,” he said. Simpler and flatter networks are characterized by more east-west traffic among servers and less north-south traffic, which requires transiting multiple network layers to make a request of a main server. Robbins also advocates overhauling the military network architecture to make use of standard protocols. “There are too many product protocols on military networks today. Proprietary protocols limit innovation, cost more money and slow the ability to modernize. Open standards reduce costs, increase competition and promote efficiencies. There are already a series of open protocols that have emerged that network vendors like us make the decision to support.”
Budget Issues But whether DoD will be able to make good on the transformation potential of data center consolidation is largely in the hands of budgeters and appropriators. “You have to spend some money to save some money,” said Campbell. “But the federal government and the DoD are struggling with budget issues.” Failure to properly fund the effort, Campbell added, could delay or even jeopardize the realization of the hoped-for results. “We see some projects waiting for funding. DoD is coping pretty well with this situation and is prioritizing pretty effectively, but a lot of low-hanging fruit ends up waiting based on mission requirements. DoD used to have a blank check. They could get this done in a year, but budget constraints don’t allow for that,” he said. “This is a hard time to be doing consolidation,” said Tracey. “It is easier to undertake change when the financial picture is a little less tight. Data center consolidation requires funds to move across organizations and budget boundaries and that is also difficult for DoD to manage, especially when money is tight. That is why it is off to a slow start. “But the Army has moved out by creating a vehicle that allows them to tap the best of industry to help execute a data center consolidation strategy and at the same time move to do application rationalization and standardization. So there are some good things happening,” he added. But Tracey warned that a physical infrastructure consolidation program alone will not reap the potential efficiencies that data center consolidation might otherwise promise. “This is very hard to do, and it is easy to look at it as a simple infrastructure consolidation project,” she said. “DoD is wise to realize that it’s bigger than just infrastructure consolidation. The benefits come from being able to modernize how applications operate. Some applications cannot operate effectively if they are consolidated purely on the basis of infrastructure. That is part of why DoD has chosen to move a little more slowly than some people would think they should. They are being prudent so that they can continue to support their missions on a day-to-day basis even as they execute consolidation.” O
For more information, contact MIT Editor Harrison Donnelly at firstname.lastname@example.org or search our online archives for related stories at www.mit-kmi.com.
Wanted: Mobile Traffic Cop DISA request highlights need for mobile device management technology to regulate devices and networks.
Seeking a “traffic cop” to enforce policies for both the network and mobile devices, the Defense Information Systems Agency (DISA) recently issued a call to industry for mobile device management (MDM) and mobile application stores (MAS) capabilities. The goal of the MDM is to ensure that security is not compromised by incorrectly configured devices, detect malware and control affected devices. It would also support wireless distribution of applications, remote data-wipes and configuration management and protect assets against data compromise. The MDM request for proposals (RFP) comes at a time of rapid change in mobile devices, given the decline and possible recovery in the popularity of Research in Motion’s (RIM) BlackBerry and a proliferation in alternative devices and operating systems for these devices. As in consumer mobile markets, proliferation offers benefits in functions and pricing. But unlike consumer markets, MDM for defense must meet tough security requirements for devices, operating systems, applications and data. Meeting DISA goals requires expertise in both traditional MDM and strong talents in security. www.MIT-kmi.com
The core of MDM is straightforward, explained Peter Coddington, chief executive officer of PaRaBaL, a mobile security and application development company. “In the old days, a company would issue you a BlackBerry, and they had an enterprise server to manage communication for company needs on BlackBerrys,” he said. “MDM means nothing more or less than that. As large organizations deploy iPhones and Android devices and soon Windows 8 devices, they need a system to manage these.” The potential for bring your own device (BYOD) by users means personal devices may be used for business purposes, creating support challenges. “You could have an application for looking at football scores that also comes with information and attachments,” Coddington noted. “MDM must cope with that.” The PaRaBal CEO sees the current MDM market as the result of Apple’s marketing prowess. Apple wanted to replace BlackBerrys with iPhones, then Google introduced the Android operating system so people could avoid paying high prices for iPhone functions, and now Windows 8 is coming, so Microsoft can compete very effectively. There are now about 84 MDM products in
By Henry Canaday MIT Correspondent
the overall market, both civil and military, Coddington estimated. “Everybody wants to get into that market. Three operating systems add chaos to the field as MDM companies vie for what RIM made for BlackBerrys.” Coddington predicted there will be a major shakeout as MDM vendors decline to five in a few years and eventually to two. “The survivors in the commercial space will be the same as in the military space. The government alone does not spend enough money to support survivors.” Federal customers have rigorous security protocols, with the military the most rigorous. These customers want COTS products adapted to meet tough requirements. “But they don’t want to spend enough money for adaptation,” Coddington said, adding that the government has been slow to develop MDM policies. “They do not understand BYOD, so they do not have a policy on BYOD.” Other differences are less important. The military wants rugged mobile devices for deployment, but commercial devices are already pretty rugged. Lack of communication infrastructure in theater means different communication protocols may be needed and could influence MDM. But this MIT 17.1 | 11
include end points like vending machines, medical equipment and vehicles. Because the BlackBerry Enterprise Server was originally developed for the military, Lucier said, its security functions are very strong. “We have the ability to lock down very flexibly.” RIM emphasizes ruggedPaul Lucier ness in developing Blackberrys for military customers, and the new BlackBerry 10 has already received FIPS Enterprise Device 140-2 security certification. The touchscreen model will enable accurate typing RIM has plenty of experience in military with one finger and let users easily flow MDM, at least for its own devices. “We had between applications. the first MDM in 1999 with the BlackBerry The new versions include BlackBerry Enterprise Server [BES],” said Paul Lucier, Balance, which enables separate perimeters vice president of global government solubetween personal and work data, so work tions at RIM. “We managed performance data can be wiped out without affecting a and devices for the military, DISA and the user’s personal content if the person leaves Department of Defense.” an organization. BlackBerry started as an enterprise device, and the U.S. government, including the military, was its biggest customer. So Bring Your Own RIM developed BES according to military requirements on downloading applications, Other firms understand military MDM setting different risk profiles and locking challenges well. “BYOD is clearly the bigdown devices. “We had a very close collaboragest trend across the market space providing tion with the military,” Lucier said. benefit to both users and companies,” said RIM developed BlackBerry Mobile Fusion Jim Quinn, vice president of C4ISR systems MDM as the BYOD movement brought for Lockheed Martin. Android and Apple’s iOS devices into enterBut federal agencies have been slow prise systems in the last two years. “At first to adopt BYOD, Quinn noted, and likely IT departments fought BYOD,” Lucier noted. will remain so due to fears of expanding “Then they decided they could benefit from it security boundaries to devices not totally to become more productive.” under agency control. Both DISA and the There are more MDM challenges with National Security Agency have begun to the new devices, especially managing across provide guidance for securing BYOD devices. platforms. BlackBerry Mobile Fusion enables “But it will still be slower going than in the many of BES’s BlackBerry functions to be commercial space.” applied to iOS and Android devices. Quinn expects military and federal RIM planned early in 2013 to introduce agencies to accept BYOD for less-sensitive BlackBerry 10 smartphones and BlackBerry data in the short term and develop tacEnterprise Service 10, which will expand tics, techniques and procedures for more the BlackBerry functions that apply to iOS sensitive data later. BYOD will come first and Android devices. “Data at rest and data in for applications like tracking physical transit will be at the same security level,” Lucand other training, then medical applicaier said. “It is an end-to-end solution.” RIM is tions. These uses will help administrators considering supporting other operating sysand security engineers to establish MDM tems, such as Windows 8, but no decision has and policies for C2 and ISR applications in been made yet. the future. BlackBerry Enterprise Service 10 will be For MDM on commercial mobile a robust, cross-platform and high-security devices, the military sometimes must enterprise mobility management tool. It will place an unusual degree of confidence in support the future of mobile communicanew and unproven entities, Quinn noted. tions, including management of machineWith Apple iOS devices, the military must to-machine communications, which could trust not just Apple software, but also Apple’s is not a significant additional security challenge. “There are lots of other risks than just communication,” Coddington observed. “There is software on the device and how data is stored. Also, devices have a several ways to pick up data, cameras, sensors and touch. All are ways intruders can penetrate the device.”
12 | MIT 17.1
certificate chain and the cloud-based Apple Push Notification Service required for MDM and application operation. “For an organization that is used to having everything behind the firewall, having even simple services in the cloud is a challenge,” he said. Lockheed Martin works with industry to identify MDM products suitable for the military customers. For the Coast Guard, for example, Lockheed is deploying a complete solution for mobile devices for clinical uses. The solution integrates secure wireless, virtual private network (VPN) and MDM to access electronic health records on iPads and iPhones. For the Coast Guard and other military customers that require Common Access Card-based (CAC) authentication, Lockheed offers MESA, with MDM capabilities allowing CAC-based VPN from iOS and Android devices. “This solution mirrors existing CACauthenticated implementations for Windows and allows use of any application the customer needs, whether developed internally or available on commercial app stores,” Quinn said, arguing that MESA allows military customers to exploit the mobile revolution while complying with evolving security policies. Lockheed has also developed MoGo, a secure mobility container solution backed by the company’s cybersecurity standards. MoGo delivers mobile application management (MAM), which relies less on device management, expands application re-usability across devices and provides a more costeffective BYOD solution. Some vendors focus on the military needs for strict security. “Traditional MDM and MAM alone do not provide much security,” said Senai Ahderom, chief executive officer of Better MDM. “They are very vulnerable and fall short of military requirements. There is a great deal of reliance on MDM features like remote wipe that require that the device is connected.” Better MDM provides real-time advanced security capabilities and analyzes supply chain risks for mobile devices. The firm is working on a proposal for the DISA RFP. “We hope they will be amazed by the innovation we bring,” Ahderom said. Better MDM offers a platform built especially for highly sensitive deployments of mobile devices. Instead of focusing on MDM, the firm focuses on security at two levels— the devices themselves and applications— and analyzes security risks at both levels. For example, an application may only be authorized to work at certain locations. www.MIT-kmi.com
“We have advanced geo-location beyond GPS in the device, which can be changed, to ensure the application only works in those locations,” Ahderom said, noting that since iPads are not connected most of the time, they must have defense in-depth like advanced geo-location that does not rely on GPS. Better MDM works for third-party applications, analyzing risks and vulnerabilities of each. “We analyze each new application, rather than just rely on what the developer says,” Ahderom said. “It might have back doors that can be remotely controlled.” For new mobile platforms, Better MDM reverse-engineers each device and analyzes its risk. With the explosion of applications and data, it is no longer possible to have just perimeters and firewalls. “You must wrap them with your security policies,” Ahderom said.
More than MDM DISA and DoD are concerned about how relevant BlackBerry will be to users as they move further into custom applications and mobilizing enterprise content, observed Dan Ford, chief security officer for Fixmo. “Also, they want to be able to use all the shiny new Apple and Android objects. They see this as a big potential boost to employee productivity and satisfaction.” The chief MDM challenge will be to provide the same risk profile as that developed for BlackBerrys, he said. The military wants more than MDM, Ford added. “In addition to core device management, they’re looking for defensegrade mobile security, data encryption and containment, application management and integrity monitoring. This is about empowering employees with critical mobile content and apps, without sacrificing current levels of security and compliance.” DISA wants integrity monitoring, which ensures that if a change is made to a device’s operating system, it can be detected and acted upon immediately. “There are a lot of malicious attacks on Android operating systems going on, and anti-virus software does not protect operating systems on mobile devices the way it does on PCs,” Ford said. “The military needs software that protects against this danger, goes beyond MDM, and ensures that the underlying system remains in a known trusted state.” www.MIT-kmi.com
DISA also wants to make sure military data is under control, encrypted and contained, so only authorized users and applications have access to it. Ford said he believes the award will go to a proposal that offers a combination of traditional MDM; containment and encryption of enterprise email and data so a task card is necessary to access it; centralized application management; and integrity verification to ensure each device is always operating in a trusted and high-integrity state. Combining all that will be tricky, as both iOS and Android operating systems have inherent risks. “What matters is residual risk,” Ford noted. “Apple controls the iOS environment and does not allow a security vendor to do much about risk. Android does, so Fixmo and other security vendors can modify it to reduce risk.” Ford predicts an increase in securityenhanced Android devices as the secured devices of the near future. “We can do something with Apple iOS, but not much. And we don’t know much about Windows 8.” Fixmo provides containment and encryption of corporate data as well as core MDM functionality, but its roots lie in monitoring and verifying integrity and compliance of mobile devices. “Our core intellectual property is looking out for malicious or undesired changes to mobile devices and ensuring they remain in a known trusted state,” Ford explained. “If you go to a website and download code, there is no valid reason why your browser should be modified or that a new module should end up on the device unless it is malicious.”
Integrity Monitoring Penetration of personally owned mobile devices and the diversity of these devices present significant challenges for IT and mobile security vendors, according to Giri Sreenivas, general manager of Mobilisafe. The National Institute of Standards and Technology (NIST) recently highlighted the importance of having trusted platform endpoints in mobile networks, which so far has been a weakness in these networks. “NIST talked about vulnerability and risks, and integrity monitoring,” Sreenivas said. He does not think the military will go with BYOD anytime soon, “but they must ask questions about the new devices they purchase.” BlackBerry’s slow rate of innovation helped ease the security challenges for RIM’s
BES platform, Sreenivas said. Apple’s iOS supports homogeneous systems, but Apple may cut off support for older versions as these are replaced. “That presents challenges as people may be carrying outdated firmware and lack compatibility.” Android devices present the most diversity as Android is an open-source platform that prompts device makers to add value by differentiating their products. “So Android presents a very dynamic landscape,” Sreenivas said. From a security point of view, MDM is thus always playing catch-up with new devices and new firmware on old devices. And there is a tension between ensuring integrity and getting the latest and greatest devices. For example, Dell has worked on a customized Android device that would meet military security requirements. “But it would have to stay very close to new releases, and Google releases a new version of Android every six months,” Sreenivas pointed out. So MDM must pay very close attention to firmware updates. While MDM usually focuses on asset management, Mobilisafe focuses on integrity monitoring, for example by analyzing how some devices can be unlocked without passwords. RIM has been very much a “securityfirst organization,” Sreenivas acknowledged. But future MDM for the military must be cross-platform and work with iOS, Android, customized Android, and Windows systems. Distinctively, Mobilisafe looks at the vulnerabilities and risks of new devices and permutations of differently updated operating systems on devices. It enumerates the points of vulnerability for each permutation, assesses how critical each is, and judges which data is secure and which data is not. These trust scores can help enforce security rules and block devices where appropriate. Mobilisafe can work for an enterprise that wants to improve security of mobile communication or supplement MDM for security purposes. “We can also identify any new devices that are connected to the network,” said Saj Sahay, senior director of mobile products. “Not all MDM can do that.” O For more information, contact MIT Editor Harrison Donnelly at email@example.com or search our online archives for related stories at www.mit-kmi.com.
MIT 17.1 | 13
DATA BYTES Waveform Offers High Data Rate Airborne Links
Software Waveform Completed for Mobile User Objective System Lockheed Martin has completed and delivered the software waveform for the Navy’s Mobile User Objective System (MUOS). The new waveform will enable military satellite communications terminal providers to deploy equipment that takes full advantage of enhanced MUOS capabilities. A next-generation narrowband tactical satellite communications system, MUOS will provide significantly improved and secure communications capabilities, including simultaneous voice, video and data, for mobile and remote users. MUOS satellites are equipped with a Wideband Code Division Multiple Access (WCDMA) payload that provides a 16-fold increase in transmission throughput over the current Ultra High Frequency (UHF) satellite system. Lockheed Martin tailored a previously commercial waveform to be used with the new WCDMA payload. The U.S. government has made the waveform available for military satellite communications terminal providers through the Joint Tactical Networking Center Information Repository, and contractors can now integrate the waveform into their MUOS-compatible terminals to provide WCDMA capabilities for users. Each MUOS satellite also includes a legacy UHF payload that is fully compatible with the current UHF Follow-on system and legacy terminals. This dual-payload design ensures a smooth transition to the cutting-edge WCDMA technology while the UFO system is phased out.
14 | MIT 17.1
The Air Force Research Laboratory has awarded Rockwell Collins an $18 million contract to complete the development and qualification of the Tactical Targeting Network Technology (TTNT) waveform, paving the way for the high-speed networking waveform to be implemented across a broad range of aircraft. The contract modification extends the current contract value and scope for the completion of the TTNT waveform development effort. The TTNT waveform will be made available for the Joint Tactical Networking Center’s Information Repository. TTNT provides high data rate, long-range communication links for airborne platforms. As a complement to existing tactical data link networks, TTNT adds significant airborne network capacity while providing rapid, low latency message delivery. The minimal network planning requirements of TTNT will enable participants to enter and exit the network without extensive preplanning. It has been used in demonstrations on more than a dozen airborne platforms, including the F-16, F-22, F-5, F/A-18, B-2, B-52, Airborne Warning and Control System, Battlefield Airborne Communications Node and E-2C Hawkeye.
Notice Identifies Key Gaps in Army Networking Capabilities A recent “sources sought” notice issued by the Army through the System of Systems Integration Directorate has identified some of the key capability gaps faced in the current and evolving networked equipment solution set. The identified gaps are: brigade/battalion command post mobility and scalability; network visualization on the common operational picture; aerial layer network extension—provide assured access for terrestrial network; integrated network assurance—network access control; and operational energy—energy sources with extended duration and power, monitoring and managing system power, supply and demand, and reducing reliance on petroleum-based energy. The purpose of the notice is to identify emerging capabilities from industry to be evaluated against a set of entrance criteria for an opportunity to participate in the Network Integration Evaluation 14.1 event, scheduled to take place this fall.
Air Force Orders Support for Top Secret Communications System The Air Force Intelligence, Surveillance and Reconnaissance Agency has awarded General Dynamics Information Technology a two-year, $6 million task order to provide technical support services to the Air Force Joint Worldwide Intelligence Communications System (AF JWICS) Enterprise. General Dynamics will help the Air Force streamline its communications networks and integrate with the new Intelligence Community Information Technology Enterprise and Desk Top Enterprise initiatives. Under this contract, General Dynamics will deliver a wide range of IT services to support the continued operations of AF JWICS from numerous service
centers, and will assist the government in operating, maintaining and sustaining the centers that will provide core services to support the Air Force missions worldwide. JWICS is the Top Secret/Sensitive Compartmented Information component of the Defense Information System Network used by the defense intelligence community to transmit classified multimedia intelligence communications worldwide. This task order was awarded under the Defense Intelligence Agency Solutions for the Information Technology Enterprise contract, a multiple-award, indefinite delivery, indefinite quantity contract awarded in May 2010.
Compiled by KMI Media Group staff
Marines Seek Mobile Devices for Trusted Handheld Platform AT&T Government Solutions has been awarded a Trusted Handheld Platform contract by the Marine Corps to develop and deliver trusted mobile devices. Under the award, AT&T and its technology providers will develop 450 prototype mobile devices for testing, certification and implementation by the Department of Defense and other stakeholders. These mobile devices will be able to send and receive highly secure voice, video and data across multiple security domains and wireless networks, domestic and international. Initially, the devices will run a modified
X-Band SATCOM Grows in Airborne ISR Market XTAR, the first U.S. commercial provider of satellite services in the X-band frequency, has gained a significant segment of the growing airborne intelligence, surveillance and reconnaissance (AISR) market over the last 12 months, the company announced recently. These contracts represent more than 100 MHz of bandwidth and are valued at more than $8 million. Under these various contracts, XTAR will provide high-powered X-band capacity on its XTAR-LANT and XTAR-EUR payloads to support critical services on manned aircraft using advanced antennas designed specifically for airborne applications. These terminals range in size from 0.8 meters down to 0.4 meters. This capacity will provide service over a coverage area extending from North and South America to Africa and the Middle East. Contract terms vary from six months to as long as 72 months. Advanced X-band satellites like XTAR-EUR and XTAR-LANT deliver the ideal bandwidth to support small AISR terminals. Given the four-degree spacing between X-band satellites and X-band’s ability to penetrate rain and other potential sources of interference, XTAR’s constellation provides the most reliable and technically capable communications network for airborne and other mobile applications.
version of the Android mobile operating system, but have the potential to support multiple operating systems and device platforms. The Trusted Handheld Platform was created by the Marine Corps to spur development of commercially available mobile devices that could support secure, classified and unsecure communications. The goal is to foster collaboration and advance the development of reliable, lowcost secure mobile solutions. AT&T’s team for the award includes Green Hills Software, SafeNet and Sequitur Labs.
Navy Multiband Terminal Cleared for Full Rate Production
Raytheon’s Navy Multiband Terminal (NMT), which will be installed on more than 300 Navy ships, subs and shore stations, has successfully completed a full rate production review by the Navy. The review included a report that determined NMT was both operationally suitable and operationally effective, and further recommended the continued fleet introduction of NMT as a replacement for legacy military satellite communications systems. Raytheon has already delivered 75 terminals under contract, with an estimated total of 350 over the life of the 15-year program. NMT provides secure, protected communications links with orbiting military satellites. The terminals will give the United States and three international partners—Canada, the Netherlands and the United Kingdom—up to five times the bandwidth with lower size, weight and power than the systems they will replace. NMT is one of three Advanced
Extremely High Frequency (AEHF) terminals from Raytheon that have passed production acquisition milestone decisions and successfully tested with the on-orbit AEHF satellite. All three terminals have supported, and are fully compatible with, the military’s two on-orbit AEHF satellites, as well as with the legacy Milstar satellites. The terminals will provide longawaited increased bandwidth using the satellite’s Extended Data Rate waveform, one of the military’s most complex, low probability-detect, anti-jam waveforms.
Governmentwide Contract Offers Wide Range of IT Services Aptima has been selected as a member of the Aquilent team under the NIH Information Technology Acquisition and Assessment Center (NITAAC) Chief Information Officer-Solutions and Partners 3 (CIO-SP3) program. CIO-SP3 is the pre-eminent governmentwide acquisition contract in today’s IT marketplace. The vehicle is a 10-year indefinite delivery, indefinite quantity contract with a $20 billion ceiling that can be utilized by any federal civilian or Department of Defense agency to satisfy their IT requirements. Through this procurement, NITAAC will award
multiple task order contracts under which a wide variety of IT initiatives can be addressed. CIO-SP3 is specifically designed to support the goals of the Federal Health Architecture, as well as the larger Federal Enterprise Architecture. Task areas include: IT services for health programs; chief information officer support; imaging; outsourcing; IT operations and maintenance; integration services; critical infrastructure protection and information assurance; digital government; enterprise resource planning; and software development.
MIT 17.1 | 15
Meeting the Challenges of Contested Cyberspace
Vice Admiral Michael S. Rogers Commander, Fleet Cyber Command Commander, 10th Fleet Vice Admiral Michael S. Rogers is a native of Chicago and attended Auburn University, graduating in 1981 and receiving his commission via the Naval Reserve Officers Training Corps. Originally a surface warfare officer (SWO), he was selected for redesignation to cryptology (now information warfare) in 1986. Rogers assumed his present duties as commander, U.S. Fleet Cyber Command/commander, U.S. 10th Fleet in September 2011. Since becoming a flag officer in 2007, Rogers has also been the director for intelligence for both the Joint Chiefs of Staff and U.S. Pacific Command. Duties afloat have included service at the unit level as a SWO aboard USS Caron; at the strike group level as the senior cryptologist on the staff of commander, Carrier Group Two/John F. Kennedy Carrier Strike Group; and at the numbered fleet level on the staff of commander, U.S. 6th Fleet embarked in USS Lasalle as the fleet information operations (IO) officer and fleet cryptologist. He has also led cryptologic direct support missions aboard U.S. submarines and surface units in the Arabian Gulf and Mediterranean. Ashore, Rogers commanded Naval Security Group Activity Winter Harbor, Maine (1998-2000), and has served at Naval Security Group Department; NAVCOMSTA Rota, Spain; Naval Military Personnel Command; commander in chief, U.S. Atlantic Fleet; the Bureau of Personnel as the cryptologic junior officer detailer; and, commander, Naval Security Group Command as aide and executive assistant (EA) to the commander. Rogers’ joint service both afloat and ashore has been extensive. Prior to becoming a flag officer, he served at U.S. Atlantic Command, CJTF 120 Operation Support Democracy (Haiti), Joint Force Maritime Component Commander, Europe, and the Joint Staff. His Joint Staff duties (2003-2007) included leadership of the J3 Computer Network Attack/Defense and IO Operations shops, EA to the J3, EA to two directors of the Joint Staff, special assistant to the chairman of the Joint Chiefs of Staff, director of the Chairman’s Action Group, and a leader of the JCS Joint Strategic Working Group. Rogers was interviewed by MIT Editor Harrison Donnelly. Q: How are Fleet Cyber Command and 10th Fleet organized, and how do their distinct missions both differ and complement each other? A: Fleet Cyber Command [FCC] is an echelon 2 command reporting to the chief of naval operations for administrative- and servicerelated matters. FCC serves as the Navy Component Command to U.S. Strategic Command and U.S. Cyber Command, providing 16 | MIT 17.1
operational employment of the Navy’s cyber, network operations, information operations, cryptologic and space forces; and the Navy’s Service Cryptologic Component commander to the National Security Agency/Central Security Service. 10th Fleet [C10F] is the operational arm of Fleet Cyber Command and executes its mission set through the same maritime war fighting organizations and mechanisms that the Navy uses in other war fighting domains. That is, C10F is a three-star numbered fleet that provides operational oversight and uses its Maritime Operations Center to execute command and control over its assigned forces and subordinate task forces. These task forces are organized to execute the actions necessary to support the combatant or joint force commander within their assigned mission sets of cybernetworks, information operations, electronic warfare, signals intelligence and space. The backbone of this cybercapability is a motivated workforce of uniformed and civilian teammates who are the foundation of our efforts in the cyberdomain. A copy of the C10F organizational chart is available at www.fcc.navy.mil. Q: As your commands complete their third year in operation, what areas would you highlight in making advances so far? A: As we near completion of our third year [having been established January 29, 2010], we have made significant progress. I will highlight two areas in particular, and these are areas where we www.MIT-kmi.com
will continue to focus our efforts in the near term. The first is in the area of cybersituational awareness. The Navy, our sister services and the joint community have a variety of tools and processes in place to monitor the health of our networks and identify adversarial activity. As we move forward, our goal is to continue to maximize cybersituational awareness across all levels of command, from tactical to the strategic, and to not only identify cyber challenges as they occur, but also to provide improved indications and warning of adversarial activity to the warfighter. The second is in the area of seamlessly integrating cyberspace operations into our traditional maritime operations. Fleet Cyber Command has worked closely technicians monitor network traffic in the information assurance office aboard the aircraft carrier USS John C. Stennis. with our counterparts at Fleet Forces Security [Photo courtesy of U.S. Navy] Command to integrate elements of cyberAs noted earlier, exercises provide the opportunity to better space operations into the Fleet Response Training Plan so that integrate cybercapabilities across the full spectrum of conflict. Spedeployed units and strike groups are adequately prepared to deal cifically, for example, in Exercise Terminal Fury this past year, the with the challenges of a contested cyberspace environment. cyber-offensive fires process was exercised, paralleling the existing Along with U.S. Cyber Command and the other service compokinetic fires model. Goals for integrating operational and fires pronent commands, we have worked to integrate cyberspace operations cesses between FCC and USCYBERCOM were successfully achieved, into major joint and fleet exercises. This has allowed us to test and including exercising command and control, maneuver, cyberprotecrefine our doctrine, tactics, techniques and procedures. tion and fires. One of the main takeaways was the value of remote support for operations. That is, FCC/C10F executed its mission Q: What are some of the cyberspace exercises your command has using resources from both our headquarters, here at Fort Meade, been involved with in the past year, and what have you learned as Md., and resources deployed forward in the operational theater. a result? Another valuable lesson was learned in using FCC/C10F Reserve Component [RC] personnel, leveraging their civilian skills, capabiliA: During calendar year 2012, Fleet Cyber Command participated ties and training. RC personnel were seamlessly integrated across all in 11 exercises, which the various U.S. Cyber Command compocyber lines of operation and phases of the exercise. nents supported for nearly every regional combatant commander. For example, FCC/C10F warfighters supported exercises: Austere Q: You recently commented on the need to shift from running Challenge, which Air Force Cyber led for U.S. Cyber Command in Navy networks to defending them. Why, and how do you hope to the European Command’s area of responsibility [AOR]; Internal bring that about? Look, which had Army Cyber in the lead for U.S. Cyber Command in the U.S. Central Command AOR; Judicious Response, which Air A: I believe too much of our cyber manpower has been focused Force led for U.S. Cyber Command in the Africa Command AOR; on simply operating our networks. Within the FCC arena, our and Cyber Flag 13-1, which was a U.S. Cyber Command-led exercise. workforce consists of approximately 14,000 uniformed and civilInnovation and tactical execution remains the benchmark for ian cyberwarriors focused on cyber-operations, which include success during these exercises. In fact, during Cyber Flag 13-1, operating and defending these networks in addition to conCryptologic Technician [Networks] 1st Class Petty Officer Jacob ducting a full spectrum of operations within the cyberspace Horne, from Navy Information Operations Command Texas, earned domain. The vast majority of those individuals, around 75 perthe exercise’s “General Alexander Innovative Leadership Award” for cent, are associated with the operating legacy networks; the developing creative and out-of-the-box tactics, techniques and proremainder are fairly evenly split between defensive actions and cedures that led to mission success. capabilities development. In addition, FCC was the lead U.S. Cyber Command component This large percentage focused on actually operating the netto four different exercises: Panamax, Ulchi Freedom Guardian, works is, again in my view, completely disproportionate to where Key Resolve and Terminal Fury. Panamax is an exercise conducted we need to be. The majority should be focused on continuing to within the Southern Command AOR, while Key Resolve and Ulchi provide Navy and joint commanders with an operational advantage Freedom Guardian are the exercises supporting U.S. forces within by ensuring access to cyberspace and confident command and Korea. Terminal Fury, arguably one of the largest exercises from a control, preventing strategic surprise in cyberspace and delivering cybernetwork perspective, is conducted annually within the Pacific decisive cyber-effects. Command AOR. www.MIT-kmi.com
MIT 17.1 | 17
The network must be treated as a weapons system as we continue the fight to maintain our advantage in cyberspace, and thus across the other four war fighting domains: sea, air, land and space. Indeed, the FCC/C10F team embraces the warrior ethos, and we must provide them with the ability to fight. As we shift into the cloud computing environment and we go forward across the Department of the Navy and the joint information environment, these improvements to network architecture will provide the opportunity to further train and refocus those network operators, reinvesting in them as the broader cyberworkforce of the future, empowering them to operate on the defensive and the offensive side. Q. Have you seen a warrior mentality develop in Navy cyberforces? A: Absolutely. First and foremost, the men and women assigned to FCC/C10F are warriors, as I have said before. These Navy cyberwarriors are doing an incredible job every day operating and defending the network and achieving information dominance. I could not be prouder of our success in this area. The FCC/C10F team and the Navy as a whole are very energized by the cyber mission set and this, I believe, will only continue to mature. Looking forward, in order to preserve the Navy’s cyber war fighting advantage in the electromagnetic spectrum and cyberspace, we must continue to develop an elite workforce that is recruited, trained and educated to better understand the cyber-environment, employ the latest technological advances, and deliver cyber war fighting capability anywhere around the world. Q: How would you describe your vision and strategy for Navy cyberworkforce development? A: Vice Admiral Kendall Card, deputy chief of naval operations for information dominance/ director of naval intelligence, and I recently signed the Navy Information Dominance Corps Human Capital Strategy, 2012-2017. The strategy charts a comprehensive course that ensures our workforce receives the training, qualification, experience and tools it needs to succeed through a commitment to workforce planning and management processes, delivery of a corps18 | MIT 17.1
wide learning continuum, and cultivation of an information dominance culture and warrior ethos. We will move forward with this guidance to lead the continued integration of cyberspace and information-dominance career fields, professions and skills, and we will produce an even more capable, effective and mission-ready workforce. I invite readers to read the strategy in its entirety at the following link: www.public.navy.mil/ fcc-c10f/pages/factsheets.aspx. Q: How do you see the active cyberspace inspection process you have instituted contributing to your mission? A: As I recently said to our U.S. Naval Computer and Telecommunications Station Guam teammates who had very successful inspection results, excellence in cyberwarfare and cybersecurity is an important part of war fighting in the future for our service and our country. Cyber-inspections provide a mechanism to assess our Navy’s cyber-readiness and ensure attention to detail and effective oversight of our Navy’s cybersecurity posture. We have to be as operationally ready in the cyberspace arena as we are in every other war fighting mission. Cyber readiness, like readiness in all war fighting areas, is a team effort—it takes all of our teammates across the Navy. The Cyber Security Inspection program, for example, is but one mechanism to ensure our readiness. High security standards coupled with a fair but intense inspection reinforces cybersecurity across the fleet. Only a sustained effort of disciplined network management and adherence to standards can produce positive results and is essential to assuring cyber mission readiness. As Chief of Naval Operations Admiral Jonathan Greenert has stated, the Navy’s three tenets—war fighting first, operate forward and be ready—are the framework through which we view our progress. The FCC/C10F inspection process stresses these tenets, because it emphasizes readiness and war fighting first. Our FCC/C10F team not only operates forward physically around the globe, but cyberspace also crosses all war fighting domains: air, land, sea and space. Your Navy’s cyberforce is ready today to meet the many challenges we face in this emerging domain. O www.MIT-kmi.com
Small Business Spotlight What separates Cornet Technology from others in the Department of Defense/federal market space? Cornet Technology Inc. is known for offering customizable commercial off-theshelf products and specially engineered solutions that meet our customers’ exact requirements with a tight turn-around. We can do this because all offerings are designed, engineered and manufactured in-house by Cornet Technology’s topnotch employees. A small international business, Cornet Technology offers deep technological expertise in the areas of voice, video and data communications subsystems. What customers does Cornet Technology currently support? Cornet Technology is primarily focused on defense, intelligence and aerospace markets both in the U.S. and abroad. Our communication products support off-vessel communications on
20 | MIT 17.1
over 120 U.S. Navy ships and submarines, offer mission support communications for the U.S. Air Force and provide tech control functions for the U.S. Army. Our video products are used for video distribution and surveillance applications by the Army, Navy and international air forces. What do you consider to be Cornet Technology’s niche IT service offerings? We are tightly focused on two areas: secure/non-secure C4 communications and video solutions for the intelligence, reconnaissance and surveillance environments. In addition, building on our wealth of experience in data communications, we offer serial-to-packet migration solutions based on the latest TDM-topacket technology. We also offer specially engineered products. These products run the gamut from radio adaptors to alert cell controllers for early warning systems.
What is Cornet Technology’s socioeconomic status and how does that benefit customers and partners? Cornet Technology is a small privately held business owned by key company employees. As a small business, our low overhead makes us agile and cost-effective. We pass this savings on to our customers and partners. Additionally, as a small business with extensive government experience and expertise, we help DoD and large integrators fulfill their small business requirements. What are some of Cornet Technology’s goals over the next three to five years? Our goals are twofold: The first is to satisfy more of our customer’s requirements in this tight budgetary environment. The second is to be a leading supplier of comprehensive communication solutions and products for the system integration community worldwide.
Recently completed Network Integration Evaluation lays the baseline for the Army’s next set of communications capabilities. By Adam Baddeley, MIT Correspondent
In November the Army completed Network Integration Evaluation (NIE) 13.1, as 3,800 soldiers of the 2nd Heavy Brigade Combat Team, 1st Armored Division tested the Capability Set (CS) 14 Integrated Network Baseline and built upon the CS 13 network architecture. CS 13 is now being fielded, with an expected six brigade combat teams (BCT) to receive the equipment and begin deploying operationally this year. Rather than slowly parcel out equipment across the Army on a piecemeal basis, the CS process equips an entire brigade with a complete networking solution—from the dismounted soldier right up to brigade headquarters—that has first been tested and validated in the NIE’s robust operational environment. The CS process is also iterative, with new capabilities added to the baseline of CS 13 year on year and then issued to other BCTs in successive years. The NIE and CS process are effectively inseparable, both being part of the Agile Process, which is designed to ensure that new equipment is deployed faster and is ready to be integrated within the network. Colonel Rob Carpenter, the new director of the Army’s System of Systems Integration Directorate, part of the Office of the Assistant Col. Robert Carpenter Secretary of the Army, Acquisition, Logistics, Technology, oversees the material aspects of the NIE process, including www.MIT-kmi.com
MIT 17.1 | 21
seeking industry capability to enter the NIE, working industry solutions through laboratory assessments and managing the material integration prior to the systems being fielding to the NIE evaluation brigade. Carpenter recently outlined NIE 13.1’s role in supporting CS 13: “We had some specific programs of record project objectives and either customer tests or limited user tests, but what we were really starting to get at is a look at our next baseline for CS 14. Just as the NIE 12 series established, verified and finalized the architecture and components of CS 13, the NIE 13 series will do the same for CS 14. NIEs have helped the Army solidify its network baseline. As part of CS 13, as industry and government capabilities mature, they will be added into the baseline and fielded as part of the next Capability Set. The Army intends on fielding updated Capability Sets on a yearly basis.” As well as being forward looking, the NIE also provides additional certainty about decisions that have already been made around CS 13. “That is not to say that we haven’t learned more about our CS 13 network during the course of the NIE,” Carpenter said. “We have. We’ve looked at some software baselines that are going to be part of CS 13 and have made some minor improvements which we know we can validate as we get ready to deploy CS 13. It is a continuous process.” The Army is taking NIE lessons learned, such as how network systems are installed onto a vehicle, which training approach is most effective, the role and management of field service representatives that support the systems, and applying those to CS 13 fielding, which began last October with two brigades from the 10th Mountain Division. The final test element for CS 13 is network validation and verification in January at Fort Dix, N.J., which will take a representative slice of capability from throughout the brigade, test it and then make any final configuration changes before it is deployed to theater.
Mid-Tier Focus One of the key outputs from the NIE, among a number of other objectives, involves looking at mid-tier capabilities, Carpenter said. “Within them we wanted to look at the mid tier. If it worked and if we didn’t have it, how would we work the network in its absence?” The mid tier is far broader than the Mid-Tier Networking Vehicular Radio (MNVR) program, which is now being acquired, with the competitive bids for that program of record not participating in NIE 13.1. For the purposes of the test, the mid-tier capability was the Soldier Network extension, the component of the Warfighter Information Network-Tactical (WIN-T) that reaches down to company level. “In this case we didn’t have that [MNVR] solution, but we looked at other ways to fill that capability gap. We moved things within the architecture and then did some very specific tests by turning off the satellite and seeing if we could get the lower tactical Internet to connect to the SINCGARS upper tactical Internet or some surrogate radios that we introduced to the architecture, and to see how fast that would happen, the latency and if it could heal itself. It also showed us what is our dependency is in certain areas,” Carpenter said. In the absence of satellite links, he explained, the issue was, “Can we use something in an air tier that isn’t satellite? That could be a payload in a persistent threat detection system balloon, or in 22 | MIT 17.1
an aircraft with a SRW investigating if you could move the signal through to extend the range in order to get to that next node. We were looking at those types of capabilities to fill in the gap in order to provide that capability.” Other key work on NIE 13.1 focused on the efficacy of the Common Operating Environment (COE), which would allow the convergence of capabilities into single tactical viewer as part of what is called the ops-intel convergence. With experience from Army intelligence, Carpenter said he understands how compartmentalized that information can be and in many cases has to be. The Army is using NIE to see if the stovepiped element of information today can be reviewed. “We are learning more about that, as we start to develop COEs, and the Army had some very promising success in doing that, including in NIE 13.1,” he said. “I have one box and one view versus multiple boxes and multiple views that the soldier has to look at to gather his information. If I can make what was formerly a box into an application in a COE, then I have eliminated size, weight and power and reduced the overall footprint. “We started bidding this during 13.1, and it shows a lot of promise in where we are going in our future as we start to continue to converge our ops and intel. It’s about looking at all these different types of applications and being able to converge those into one common operating picture and one environment,” he said.
Ops-Intel Convergence This progress does not mean, however, that the ops-intel convergence will be realized in CS 14, Carpenter said. “In CS 14 I cannot point to one thing that is a dramatic shift in ops-intel convergence that I want to wave the flag over. But we are moving in a very positive direction with our COEs. We still have the centerpieces of our networks, which in intel is the Distributed Common Ground System, and in the operational piece is Command Post of the Future. We will be continuously working over the next couple of years, however, as those two communities work to a framework to create widgets that do some of those intel and operational things in one environment.” Carpenter also addressed the criticisms of the NIE process that have been voiced by some industry representatives. They have noted that there is considerable effort and investment by them in terms of financing their engineers over an extended period of time in the field. Industry would like to see the new Agile Acquisition process deliver direct procurements from the NIE. “One thing that everybody would like is for something to come into NIE and then we just buy it,” Carpenter observed. “In a perfect world, that would be great, but we really can’t. There are certain laws, statues and regulations that say you have to have competition, and you have to have certain levels of testing. The federal acquisition regulations and our Department of Defense policies really drive a lot of that. “We are trying to look forward to streamline that process, and much of the time it really depends on three things: resources, requirement and the ability to acquire that through some type of contract mechanism. We are working on that.” Carpenter continued: “When we do NIE 14.1, you will see a request for proposals [RFP] coming out for certain capabilities that we determined from the NIE 12.1/12.2 series. That will take us through an RFP process based on lessons learned and capabilities learned from these earlier NIEs that we have now determined www.MIT-kmi.com
between 130 and 150 SideHats will participate in 13.2, in which they will also support SIPRNet. Also operating at speed in the New Mexico desert for NIE 13.1 was the company’s Global Network On-The-Move Active Distribution (GNOMAD), a SATCOM-on-the-move solution integrated on a number of vehicles, including an M1068 command and control vehicle. Exelis currently has a new version of the GNOMAD with a more compact antenna for use on armored vehicles under test at Good News for WIN-T the Army Battle lab at Fort Gordon, Ga., ready for inclusion in 13.1. “In terms of SRW Appliqué and SideHat, the techThe latest evaluation brought good news for nology has matured,” said Ken Flowers, director of WIN-T, both for the program of record itself and for business development for network communications. wider industry. “WIN-T is really at the heart of every“We have successfully completed all security tests and thing we’re doing there, and it is the backbone for expect certification in first quarter 2013. We feel very our Capability Set; it is the big pipe. It went through confident about where we are with GNOMAD in fillinitial operational testing and evaluation during 13.1, ing capability gaps, particularly in WIN-T. and we are going to bring it back in 13.2 for its follow“The Army has acquired a number of our systems, on testing and evaluation [FOT&E].” and we plan to introduce a smaller antenna during Carpenter sees the FOT&E as an opportunity both 13.2. That’s why we are going through the testing at for the Army and industry. With the baseline in place, Fort Gordon in the Army Battle lab,” he continued. additional capabilities can be added to the mix with a Ken Flowers “Also, we will test with Project Manager Heavy Briclear metric against which the benefit of the capabilgade Combat Team, which will test our GNOMAD on ity can be assessed. Then a decision can be made on a Bradley at Aberdeen Proving Ground, Md., and shoot the gun. We inclusion within the next Capability Set. will get some real shock and vibe feedback for the antenna. “When industry comes in with a new faster, lighter aperture or “NIE is not just about the new. Exelis’ ubiquitous SINCGARS antenna, we can test that against the [baseline] and know what its has also been a key participant in NIE events by providing posibenefits are. Then we can turn to that program of record and say you tion location information to the Joint Battle Command-Platform,” need to adopt this either as an engineering change proposal or as a Flowers said. “SINCGARS is certainly an integral component to the pre-planned product improvement. That is what we are going to see in modernization process.” our future NIEs. Once through the FOT&E, WIN-T will possibly adopt Generals Dynamics C4 Systems is also providing key enablers some of these industry improvements that will benefit the network,” for CS 13, notably WIN-T, the heart of the network. Other elehe said. ments for CS 13 include the two-channel Manpack PRC-155, In NIE 13.1, industry brought a number of systems under evaluwhich runs on the new Mobile User Objective System cellular UHF ation that relate to WIN-T. They include an engineering change proSATCOM waveform. posal that embedded a communications vehicle within an Abrams “Game-changing networking capabilities comprise Capability unit that would receive the WIN-T information and then share that Set 13 equipment, including WIN-T Increment 2, the wirelessly to other vehicles, thus eliminating the need HMS AN/PRC-154 Rifleman and PRC-155 Manpack for equipment on individual tanks. Another looked at radios, as well as Nett Warrior radios and additional integrating an on-the-move capability on the Bradley, essential software components such as Command also with the goal of reducing size, weight and power Post of the Future,” said Chris Marzilli, president requirements. of General Dynamics C4 Systems. “These General “We are always challenged with space, including Dynamics-built technologies work together to ensure when you get to the top of the vehicle. We have had every soldier has real-time two-way battlefield inforsome vendors come in with that as well as the program mation as part of the first integrated group of netof record WIN-T, and some of the other COTS prowork technologies for Army Brigade Combat teams grams are looking at how they can better work some that begin fielding this quarter.” antennas and apertures in order to integrate on these Chris Marzilli For Raytheon, the focus at the NIEs has been on vehicles,” Carpenter said. the MAINGATE radio it developed for the Defense Advanced Research Projects Agency, said Scott Whatmough, vice Industry Plans president and general manager, integrated communication systems. The company has supplied 200 units, which are currently deployed Exelis has been a constant attendee at the NIE series since its in theater running the Next Generation Mobile Ad Hoc Networking inception. Capabilities shown by the company early on in the proWaveform, a wideband design that is being offered royalty-free and cess have now been baselined for CS 13, notably the SRW Appliqué, has been added the Joint Tactical Radio System library. O industry proposals for which were delivered to the Army in November. A number of companies are competing for the program. At NIE 13.1, the company’s SideHat solution, related to its SRW appliqué bid, demonstrated ranges up to 30 kilometers. The Army For more information, contact MIT Editor Harrison Donnelly at firstname.lastname@example.org or search our online archives has been field testing Sidehat in NIE events since 2011 and has for related stories at www.mit-kmi.com. bought more than 150 to date. Company officials are expecting that to have the potential to fill a gap. We will put an RFP on the street asking for these capabilities, do an assessment in a lab, bring that hardware to an NIE, and then be able to make a decision out of that. “What we are looking at from a procurement standpoint is what capabilities industry brings, and how that shapes our requirements for future procurement,” he added.
MIT 17.1 | 23
By leveraging secure mobile file sharing technology, military IT decision-makers can streamline processes and cut costs. Watching the bring-your-owndevice (BYOD) revolution take place around them, many military and other government employees are interested in adopting some form of BYOD mobility in their own organizations. These users recognize the productivity and agility benefits made possible by consumer devices like iPhones and iPads, and understand the convenience of cloud-based storage and rapid data synchronization across devices For military organizations, the primary obstacle to adopting a BYOD model is security. Corporate IT managers might consider their security measures strict, but they are usually not strict enough to meet the rigorous security standards of government agencies in general and military organizations in particular. When corporate employees go mobile, productivity rises, but so does the frequency of data breaches. 24 | MIT 17.1
Military organizations and other government agencies cannot afford to risk data security, even for improved operational agility and productivity. In the military, all data must be secured in accordance with DoD security policies and guidance. The question for military IT decision-makers is how to leverage recent developments in consumer mobile devices and cloud services without jeopardizing data security. Some early success cases are demonstrating that with proper planning and execution, it is possible for military organizations to adopt consumer devices such as iPads in controlled environments, improving efficiency and productivity without jeopardizing security. To understand the potential of BYOD-style computing for military organizations, it helps to recognize that mobile computing devices like iPads are not just alternatives to
By Yorgen Edholm desktop PCs. They are, just as often, alternatives to paper and traditional, slow-moving, expensive paper-based processes. Flight manuals, for example, can be replaced with iPads. The Air Force has created an Electronic Flight Bag initiative that replaces heavy paper documentation with iPads storing over 8 gigabytes of flight data. In addition to making flight manuals more portable and accessible around the clock, the program is delivering substantial benefits in productivity and cost savings. Distributing manuals and training material on mobile devices has other benefits as well. Updates can be delivered instantly, and data access can be monitored. It is possible to distribute new material and then to confirm that the distributed files have been downloaded and opened. www.MIT-kmi.com
The Electronic Flight Bag program demonstrates the dramatic improvements in productivity and cost savings that can be achieved through a well-planned provisioning of consumer mobile devices. It provides military IT decision-makers with an example of what can be achieved with consumer technology if questions about security and control are adequately addressed.
Facilitating Collaboration In addition to replacing paper documentation, secure mobility offers another important benefit for military organizations. Mobile computing facilitates collaboration among team members, including senior staff, functional teams, project teams and committees, who are now accessible at any location. It enables team members to exchange large filesâ€”even files that exceed the traditional 10 MB limit of emailâ€”relatively quickly and easily. It also enables remote team members to securely access files stored in enterprise content management (ECM) systems such as Microsoft SharePoint. Many organizations have standardized on SharePoint or similar ECM platforms for file storage, with a SharePoint server or similar repository holding most of the files with which a team might be working. Until recently, those files were inaccessible to mobile users. Now, by taking advantage of recent secure file sharing solutions, users can access ECM data through smartphones and tablets without sacrificing the data security or data integrity. Mobile solutions can provide collaborative workspaces with threaded discussions, so that mobile users have access not only to files, but also to discussions about those files. This enables them to understand the context of the files and to stay informed about important issues related to file contents. When organizations consider mobile security, they often focus on mobile device management (MDM) platforms, which allow IT administrators to provision devices and enforce basic access controls. Through an MDM platform, administrators can restrict which devices can access a local network. If a device is lost, or if an employee leaves an organization, administrators can use the MDM platform to block the device from accessing the network. www.MIT-kmi.com
In some cases, they may be able to delete sensitive data from the device the next time it connects to the Internet. MDMs provide an essential foundation for mobile security, but military organizations require a more comprehensive solution that provides greater control over data itself. By integrating a secure mobile file sharing solution with an MDM solution, organizations get the comprehensive security they need for managing both devices and data. The most rigorous secure mobile file sharing solutions implement secure containers on mobile devices, including mobile devices such as iPhones that were designed for consumer use. A secure container is a protected area on a mobile device where trusted applications can execute and where confidential files can be stored and managed. Secure containers protect applications and data from malware infections and tampering. They can be monitored and managed remotely by IT administrators, who can lock down file access when devices are lost or when user roles change. Secure containers provide mobile devices with many of the rigorous security measures associated with desktop PCs, enabling organizations to trust consumer devices like Android phones with confidential data. Data security is paramount for mobile users in military organizations, whether files are being distributed to a team, transferred securely to trusted external users, copied to multiple devices by an authorized user or simply stored on a mobile device. A secure mobile file sharing solution should use FIPS 140-2-certified encryption to protect data whether in transit or at rest.
Access Controls The solution should give administrators fine-grained controls over access rights on a per-folder and per-file basis. SharePoint files, for example, might be viewable but not editable, while other files on an NFS server might be editable by authorized users. Administrators should be able to monitor file access activity, log that activity and take immediate action when they discover questionable behavior. To promote productivity as well as security, a secure mobile file sharing solution should provide the file-access
capabilities discussed earlier. For example, it should integrate with SharePoint or whatever ECM systems an organization has deployed, so mobile users have secure access to the files they need for their everyday work. It should also integrate with communication services such as Microsoft Outlook and Microsoft Lync, so that secure file transfer capabilities are always just a click or a tap away. When secure file sharing is readily accessible, users are less likely to seek dangerous work-arounds such as public cloud file sharing services like Dropbox. By providing collaborative workspaces and threaded discussion tools, a file sharing solution can ensure that mobile users always have access to the context of data, increasing understanding and aiding decision-making. The solution should support whatever mix of mobile devices an organization is using, including Apple iOS, Android, BlackBerry and Windows Phone devices. By supporting multiple platforms, the solution enables organizations and users to take advantage of whatever devices best fit the needs of a particular project or team. Organizations do not have to replace security technology to accommodate a particular use case or limit device selection to meet security requirements. A secure mobile file sharing solution should support deployment in private cloud environments, so that organizations can enjoy the benefits of scalable, convenient file storage without incurring the substantial security risks of consumer cloud solutions. Internal, private cloud solutions that enforce encryption and fine-grained access controls can satisfy organizational requirements for security while also meeting project requirements for scalability and performance. By leveraging consumer devices and secure mobile file sharing technology, military IT decision-makers can create new solutions that streamline processes, cut costs and improve productivity. O Yorgen H. Edholm is president and chief executive officer of Accellion.
For more information, contact MIT Editor Harrison Donnelly at email@example.com or search our online archives for related stories at www.mit-kmi.com.
MIT 17.1 | 25
Commercial Off-the-Shelf Technology
Integration Offers Multiple Options for Cloud Backup Quantum Corp., a provider of data protection and big data management, has announced the integration of Q-Cloud with Symantec OpenStorage (OST) technology, providing NetBackup and Backup Exec customers with multiple options for leveraging Q-Cloud’s business-class cloud backup. These customers can now directly access Quantum’s Q-Cloud backup and disaster recovery services. Q-Cloud now directly supports NetBackup and Backup Exec software, enabling both backup applications to stay completely aware of all copies of data backed up to a Q-Cloud DXi appliance. OST offers backup control across distributed sites and tiers of storage, providing application-aware replication for both NetBackup and Backup Exec. That capability can also leverage the deduplication-powered replication of OST-certified DXi appliances to move data between sites. DXi Accent deduplicates the data on the backup server and sends only new unique data to Q-Cloud. This approach eliminates the cost of on-premise hardware at remote locations, minimizes WAN costs, provides visibility from the backup application to the backup in the cloud and enables backups to be stored securely and reliably in the cloud.
Appliances Provide Visibility into Web Applications Blue Coat Systems has introduced new updates for Blue Coat PacketShaper appliances that enable businesses to fully embrace Web, cloud and mixeduse recreational applications on the corporate network while providing a high-quality user experience for maximum employee productivity. The newest advances for PacketShaper appliances provide visibility into Web applications and operations as well as the group and user-level policies that allow organizations to gain control over the shadow IT infrastructures that arise from the introduction of applications onto the network without the IT department’s knowledge. Increasingly, employees look to Web- and cloud-based applications to increase their productivity, yet IT typically cannot see or control these applications. As a result, they can consume a disproportionate amount of corporate bandwidth and impact the performance of other missioncritical applications. With the new PacketShaper enhancements, businesses can embrace new Web and cloud applications that their employees require to be efficient in their jobs without ceding control of the network. The granular application and operation controls, combined with the ability to set quality of service policies at the user level, allow enterprises to guarantee bandwidth for IT-mandated Web- and cloud-based applications and operations.
26 | MIT 17.1
Compiled by KMI Media Group staff
Enterprise-Grade Tablets Designed With Security in Mind Panasonic has expanded its Toughpad line of enterprisegrade tablets with the introduction of the Toughpad FZ-G1, a 10-inch tablet featuring Windows 8 Pro, and the availability of the Toughpad JT-B1, a 7-inch Androidpowered unit. Toughpad tablets are designed for mission-critical and highly mobile workers in fields such as the military, construction, health care and public safety. Toughpad tablets are MIL-STD-810G-tested for drops, fluid ingress and temperature, to assure they deliver reliable performance under circumstances that render typical tablets non-operational. Devices feature daylight viewable screens, user-replaceable or serviceable batteries, a stylus for signature capture and handwriting (on the FZ-G1 and FZ-A1 with third-party
apps) and multiple options for peripheral connectivity. Enterprise-class mobile computing requires an enhanced level of device security, and the Toughpad family is designed with this in mind. Security features like encryption, IPsec VPN, trusted boot, root protection and FIPS compliance are available in various configurations of the Toughpad FZ-A1 and Toughpad JT-B1.
Ultra High-Density Fiber Optic Cables Introduced Optical Cable Corp. (OCC) has introduced a new family of ultra high-density fiber optic cables. The new HC-Series cables feature unique tight-buffered 12-fiber units, combining the ruggedness of OCC’s tight-buffer technology with high-fiber density. With the HC-Series, OCC now offers cables that have an outer diameter much smaller than that of conventional cables using loose tube construction.
Vulnerability Management Service Protects the Cloud Dell SecureWorks has announced a new vulnerability management service (VMS) and web application scanning service (WAS) for the cloud. In addition to the vulnerability management services, Dell SecureWorks is also offering cloud customers its Global Threat Intelligence Service, which offers expert analysis of millions of security data points related to new vulnerabilities, emerging threats and new adversary activity. These security offerings are the first of a series of security solutions Dell SecureWorks will be launching to cloud customers in the
coming months. As part of the VMS for Cloud service, Dell SecureWorks security personnel will conduct regularly scheduled or on-demand vulnerability scans of a customer’s cloud services and applications. Meanwhile, the WAS for Cloud service focuses on an organization’s cloudbased web applications. It will provide regularly scheduled and on-demand vulnerability scans of a customer’s Web applications. If security vulnerabilities are found during the scanning process, the customer will immediately receive recommendations on how to fix them. www.MIT-kmi.com
The advertisers index is provided as a service to our readers. KMI cannot be held responsible for discrepancies due to last-minute changes or alterations.
MIT RESOURCE CENTER Advertisers Index AccessData. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 www.accessdata.com Adobe/Carahsoft. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C4 http://events.carahsoft.com/event-detail/2131/mit Aptima . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 www.aptima.com Capitol College. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 www.capitol-college.edu/mit Cornet Technology Inc. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 www.cornet.com/ipgate-whitepaper LogRhythm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C2 www.logrhythm.com/federal McAfee. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 www.mcafee.com University of Maryland University College . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C3 http://military.umuc.edu/servesyou
Calendar February 20-22, 2013 AUSA Winter Symposium Fort Lauderdale, Fla. www.ausa.org
March 18-21, 2013 Satellite 2013 Washington, D.C. www.satellitetoday.com
February 25-March 1, 2013 RSA Conference San Francisco, Calif. www.rsaconference.com
April 2-3, 2013 Belvoir Industry Days National Harbor, Md. www.afceabelvoir.org/industryday.aspx
March 4-7, 2013 Joint Interoperability Conference Tucson, Ariz. www.afcea-southaz.org
To learn more about Aptima, see article on page 15:
Governmentwide Contract Offers Wide Range of IT Services Human-Centered Engineering
Boston ▪ DC ▪ Dayton ▪ Orlando | www.aptima.com
A LEADER IN CYBERSECURITY EDUCATION SINCE 2001
Capitol College offers affordable, live, online master’s and doctorate programs in information assurance.
April 8-10, 2013 Sea-Air-Space Expo National Harbor, Md. www.seaairspace.org
The Voice of Military Communications and Computing
March 2013 Vol. 17, Issue 2
Cover and In-Depth Interview with:
Douglas K. Wiltsie
Program Executive Officer Enterprise Information Systems U.S. Army
» Enterprise Email » Optical Networking » Low Cost SATCOM Bonus Distribution: • Satellite 2013
» Biometrics » Data Center Consolidation
• Belvoir Industry Day
Insertion Order Deadline: February 22, 2013 • Ad Materials Deadline: March 1, 2013 www.MIT-kmi.com
MIT 17.1 | 27
Military Information Technology
Ken Kartsen Vice President Federal McAfee Q: What types of products and services are you offering to military and other government customers? A: McAfee offers the Department of Defense the industry’s widest portfolio of security products, from endpoint protection of PC, mobile and embedded systems to network intrusion prevention and next generation firewall systems, and to security incident event management systems. In terms of services, we assist the military in deploying, integrating and operating these products in a wide variety of settings, from office locations all the way to the tactical edge. Q: What unique benefits does your company provide its customers in comparison with other companies in your field? A: McAfee has three key differentiators. First, our solutions all connect together, providing customers with better protection, increased cybersituational awareness and lower operating costs. Our solutions also integrate with other companies’ solutions, allowing the military to further leverage investments in McAfee and other firms. Second, our solutions are infused with global threat intelligence, which allows customers to instantaneously take advantage of our worldwide sensor grid and the talents of our McAfee Labs threat researchers. The final differentiator is assurance: We are the world’s largest dedicated cybersecurity firm and are backed by the extensive financial and technical resources of Intel, our parent corporation. No one has the experience tackling tough technical challenges like we do. Q: What are some of the most significant programs your company is currently working on with the military? A: McAfee’s federal organization has been in place for well over a decade. As a result, we are deeply involved in a large number 28 | MIT 17.1
defense industrial base. Our GTI sensor grid and McAfee Labs researchers do a great job staying ahead of the former. Our experienced and cleared federal team puts us in a very unique position to help with the latter. Awareness gathered in both areas allows us to accelerate innovation of individual solutions and automation between all our solutions. We also realize the responsibility we have to protect DoD systems. As a result, we take very seriously subjects like quality assurance, technical support and supply chain integrity. of well-known programs such as the Navy’s Navy-Marine Corps Intranet and Consolidated Afloat Network and Enterprise Services, the Army’s Warfighter Information Network-Tactical, and the Air Force’s Distributed Common Ground System and AFNET. Perhaps our best-known program, however, is the Defense Information Systems Agency-led Host Based Security System [HBSS] program. Under HBSS, for the past seven years we have been helping to secure every single server and endpoint across all levels of DoD networks. McAfee also has tight relationships helping to secure the networks of large cleared defense contractors and the platforms they provide to DoD and allied nations. Both DoD and cleared defense contractors have asked for McAfee’s expert input as they move towards greater use of mobility and cloud solutions, and as they consolidate infrastructures under the Joint Information Enterprise initiative. We enjoy a close working relationship with all elements of DoD, including its senior leadership. Q: How are you working to strengthen the security of your solutions? A: For security solutions to keep up with emerging and evolving threats requires a number of things. The first is awareness of the worldwide threat landscape as well as unique threats encountered by organizations such as DoD and the
Q: Are you currently developing new products and services relevant to military and government customers that you hope to bring to the market in the future? A: One of the things we do very well is help customers adapt our solutions to their unique circumstances. For example, operating IT systems on a ship at sea or in a forward operating base is quite different than operating them in an office building in Silicon Valley or Washington, D.C. The military appreciates that we understand the difference and can help support their critical missions. Their feedback is regularly incorporated into future product design as well as future corporate acquisitions. Q: Is there anything else you’d like to add? A: I have spent much of my time talking about our technical solutions. But equally if not more important to McAfee’s capability and success is our people. I have worked many places in the IT industry over my career, and I can honestly say that the people who make up the McAfee federal team are the absolute best you ever will find. And you know something, our DoD customers deserve nothing less in these times of increasing cyberthreats, high operational tempo and budgetary constraints. O www.MIT-kmi.com
36,000 Active-duty students. on bAse. on-site. online.
Wherever your mission takes you, anywhere in the world, you’ll find University of Maryland University College (UMUC). We offer courses on base or on-site in more than 25 countries—and over 90 undergraduate and graduate programs entirely online. That’s our mission, because since 1947, UMUC has been educating America’s armed forces.
At your service since 1947
University of Maryland University College is the nation’s largest public university.
Learn more • 877-275-UMUC • military.umuc.edu/servesyou
DCO FOR VIRTUAL CONFERENCES Can't conduct a conference or travel to one? Learn how to use DCO for virtual conferences. Current travel budgets and DoD level guidance limit physical conferences. Join us for a complimentary webinar that will explain how to run a conference virtually, covering promotion and marketing, to community of interest formation & pre-learning, to live events, to continuous learning and follow-up.
Attend this FREE one-hour webinar on February 14 at 2:00pm ET! REGISTER NOW: http://events.carahsoft.com/ event-detail/2131/MIT/
DON’T KNOW WHAT YOU’RE MISSING? Attend a free onehour training on February 7th at 2:00pm ET to learn what DCO is and how it can make your collaboration more effective. REGISTER NOW: events.carahsoft.com/event-detail/2131/MIT/ /DefenseConnectOnline
Adobe, the Adobe logo, and Connect are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. All other trademarks are the property of their respective owners. © 2012 Adobe Systems Incorporated. All rights reserved.