The Voice of Military Communications and Computing
Cyberspace Defender Lt. Gen. Keith B. Alexander Director National Security Agency
C4ISR June 2009 Volume 13, Issue 5
Chief Central Security Service
PRSRT STD U.S. POSTAGE PAID ROCKVILLE, MD PERMIT # 2669
Network COP ✯ Solid State Drives ✯ JSIC ✯ Inauguration Collaboration Multiple Independent Levels of Security ✯ DSTS-G
MILITARY INFORMATION TECHNOLOGY
JUNE 2009 VOLUME 13 • ISSUE 5
COVER / Q&A Guide for the Joint C2 Consumer
Marine Corps Colonel Medio Monti, commander of the Joint Systems Integration Center at U.S. Joint Forces Command, likes to describe his organization as the Consumer Reports of the joint services for command and control systems. By Tom Marlowe
Looking to the future of Satellite Bandwidth Procurement
MIT Magazine recently reached out to executives from several companies that participate directly or indirectly in the Defense Information Systems Network Satellite Transmission Services-Global contract, which expires in 2011.
25 Cybersecurity: Beyond “Hack and Defend”
Cyberoperations Enhanced Network and Training Simulators expose network and security administrators to the crippling realities they could face in day-to-day operations. By Marla Dial
Lieutenant General Keith B. Alexander Director, National Security Agency Chief, Central Security Service
DEPARTMENTS The Solid State Alternative
While solid state drives have had a niche in data storage applications in high-end military systems for some time now, usage is expected to expand greatly as prices continue to fall. By Peter A. Buxbaum
2 Editor’s Perspective 4 Program Notes 5 People 20 JTRS Update
Information-sharing technology played a key role in coordinating the many military organizations involved in the 2009 Presidential Inauguration. By Colonel Herbert H. Wesselman and Lieutenant Colonel George T. Rivers
22 Data Bytes 40 Tough Enough 42 COTSacopia 43 Calendar, Directory
COP Tool Boosts Network Awareness
A Navy network common operating picture tool automates the process of sharing information about the network and ensures that all users understand how they will be affected by what goes on in the network. By Harrison Donnelly
Multiple Degrees of Separation
A highly secure information architecture called Multiple Independent Levels of Security/Safety is gaining ground among defense and aerospace users. By Adam Baddeley
44 Harry Gatanas Senior Vice President Defense and Intelligence Group Serco
MILITARY INFORMATION TECHNOLOGY VOLUME 13, ISSUE 5
The Voice of Military Communications and Computing EDITORIAL Managing Editor Harrison Donnelly firstname.lastname@example.org Copy Editors Regina Kerrigan email@example.com Diana McGonigle firstname.lastname@example.org Correspondents Adam Baddeley • Peter Buxbaum • Scott Gourley Tom Marlowe
ART & DESIGN Art Director Anna Druzcz email@example.com Graphic Designers Scott Morris firstname.lastname@example.org Anthony Pender email@example.com Jittima Saiwongnuan firstname.lastname@example.org Production Assistant Eve Parker email@example.com
ADVERTISING Account Executives Tabitha Naylor firstname.lastname@example.org Dean Sprague email@example.com Ted Ventresca firstname.lastname@example.org
KMI MEDIA GROUP President and CEO Jack Kerrigan email@example.com Executive Vice President David Leaf firstname.lastname@example.org Vice President of Sales and Marketing Kirk Brown email@example.com Editor-In-Chief Jeff McKaughan firstname.lastname@example.org
A recently closed request for information by the Defense Information Systems Agency (DISA) is underscoring the military need for a defensible barrier against e-mail attacks from the Internet. In the request, the agency was seeking information from industry, academia and government on the availability and functionality of a NIPRNet e-mail security gateway. The ultimate goal is to create a defensible border against e-mail borne threats based on automatic defense as well as configurable quick-reaction capabilities. The solution envisioned will scan every e-mail entering the Department of Defense via the Internet/NIPRNet gateways. It will be the logical first e-mail hop into the network and must integrate with existing individual enclave e-mail systems. The solution must include sensor technologies that detect attacks, characterize the type of attack, and offer mitigating responses to the attack. The task will be a huge one. The solution must provide the capability to support an estimated 5 million users with some 700 NIPRNet e-mail domains, handling an estimated 50 million messages per day. The information request also made clear how formidable the task will be. At a minimum, for inbound e-mail security protection, the solution should provide anti-virus, anti-spam, anti-phishing and content filtering capabilities. The system will also have to provide complete monitoring, with centralized logging, alerting and reporting capabilities. It must also provide for message quarantining, which will require substantial storage capacity given the expected message volume; for processing outbound e-mail; and for integrating with the DoD public key infrastructure. Clearly, the border between NIPRNet and the Internet is one of those critical points that will determine the outcome of the battle against cyberthreats. The DISA request doesn’t specify what Harrison Donnelly the agency has in mind, but I’m guessing that there will be a host email@example.com of companies eager to offer their services for increased security. (301) 670-5700
Controller Gigi Castro firstname.lastname@example.org Publisher’s Assistant Carol Ann Barnes email@example.com
KMI MEDIA GROUP FAMILY OF MAGAZINES AND WEBSITES
OPERATIONS, CIRCULATION & PRODUCTION Circulation Specialists Beatrice Brannon firstname.lastname@example.org Dena Granderson email@example.com Davette Posten firstname.lastname@example.org
Military Medical/ CBRN Technology
Geospatial Intelligence Forum
Military Logistics Forum
Military Space & Missile Forum
Special Operations Technology
Military Information Technology
Military Training Technology
Military Advanced Education
MARKETING & ONLINE Marketing & Online Director Amy Stark email@example.com Trade Show Coordinator Holly Foster firstname.lastname@example.org
A PROUD MEMBER OF SUBSCRIPTION INFORMATION
SS m ra og Pr s M ate CO d O Up
All Rights Reserved. Reproduction without permission is strictly forbidden. © Copyright 2009. Military Information Technology is free to members of the U.S. military, employees of the U.S. government and non-U.S. foreign service based in the U.S. All others: $65 per year. Foreign: $149 per year. Corporate Offices KMI Media Group 15800 Crabbs Branch Way, Suite 300 Rockville, MD 20855-2604 USA Telephone: (301) 670-5700 Fax: (301) 670-5701 Web: www.MIT-kmi.com
World’s Largest Distributed Special Ops Magazine
Military Information Technology ISSN 1097-1041 is published 11 times a year by KMI Media Group.
SOF Leader Admiral Eric T. Olson
May 2008 Volume 6, Issue 4
Body Armor 2Image Analysis 2Weapon Suppressors Wearable Power 2CSAR with a Twist 2PEO Soldier
Compiled by KMI Media Group staff
Restructuring Boosts Air Force Combat Information Transport The Combat Information Transport System (CITS) is a highpriority item for Air Force officials who seek to create, manage and defend a truly enterprisewide Internet. During a recent Electronic Systems Center program prioritization effort, CITS was listed as number two out of more than 300 total programs. Since it is a high priority, CITS will receive a bevy of additional resources, including organic and contracted-support personnel. CITS is composed of three systems: transport, network defense and network management. Transport is everything that relates to the physical pathways that information passes through, network defense is the security, and network management is the control. All of these assets combine to provide connectivity throughout the Air Force to link command and control and combat support systems to the Defense Information System Network using NIPRNET or SIPRNET connectivity. “There’s a clear recognition now that CITS requires a tremendous amount of effort and an equivalent amount of support,” said Col. Russ Fellers, program manager for the Air Force Combat Information Transport System, provides a road Colonel Russ Fellers, CITS program manager. “Our team is working map for the multifaceted program at a recent industry day at Hanscom Air Force Base, Mass. a lot of long hours, but we’re really seeing the fruits of prioritization [Photo courtesy of U.S. Air Force/Mark Wyatt] now, with resources being matched to the tasks at hand.” With a total portfolio value of $6.4 billion and projected new annual Officials also plan to consolidate operations to minimize the number of expenditures of $500 million, CITS also is garnering a lot of interest from the threat entry points, reducing the Air Force’s independent NIPRNET conneccivilian industry. That interest was evident during a recent CITS industry day, tions to the Internet down to 16 and eliminating major command-centric when industry representatives packed the base theater to listen to Fellers and domains. The latter will allow Air Force members and employees access to numerous others share details about the program’s recent restructuring and one central Air Force domain. This central domain will achieve, among other the way ahead. things, the “e-mail for life” designation that negates the need to change The CITS program, prior to restructuring, had been managed as one very addresses with every intra-service move. large but amorphous Acquisition Category I (ACAT-I) program. Officials also hope consolidation efforts will help offset the personnel In its new form, which has been approved at all levels of the Air Force and losses suffered by the communications career field as a result of personnel Department of Defense acquisition hierarchy, it is composed and managed in cuts. segments. One segment, Information Transport Systems, includes all of the fiber, “They were probably hit as hard, or harder, than anyone,” Fellers said. copper and wireless components used to move vital information around the “By reducing the number of locations where all of our core [information and globe. Another segment is the Air Force Network, which includes all efforts to technology] services are provided, we can hopefully provide a high level of build, manage and defend the consolidated network. A third segment handles a service even with the reduced staffing.” batch of smaller acquisition efforts that can be managed as ACAT-III programs In the near term, CITS program managers will also work to upgrade and in turn is free from the high-reaching ACAT-I oversight requirements. information and technology infrastructure at Air National Guard bases, so The restructure, according to Fellers, not only presents a more efficient that they will parallel the capability of active duty bases. They also will recomconstruct, but more accurately reflects the CITS mission. plete a large segment of a second-generation wireless upgrade designed to “We’re providing all the capability to operate a secure, manageable enter- significantly enhance security. prise network that achieves the reliability, consistency and security objectives Program managers also will continue work on other major security of the Air Force,” he said. “This new structure allows us to manage the total initiatives such as the Vulnerability Lifecycle Management System, aimed portfolio according to those separate though related needs.” at increasing desktop security, and the data-at-rest initiative, which protects Network defense is high on priority lists, and CITS managers have a multi- information stored on laptops and other portable media. pronged effort planned. “The stand-up of 24th Air Force and move of cyber-operations to Air Force “Network threats can come from a lot of different places, and from both Space Command indicate how important it has become to manage and defend outside and inside the network, so we have to look at a layered approach,” the Air Force network,” said Fellers. “Just like we need air superiority and space Fellers said. The layered defense scheme envisioned includes defense “rings” at superiority, it has become clear that the Air Force needs cyber-superiority to the strategic, theater, tactical and unit levels. perform its mission.” 4 | MIT 13.5
p eop le Compiled by KMI Media Group staff
Army Brigadier General Mark S. Bowman, director, J-6, Central Command, has been assigned as director of architecture, operations, networks and space, Army Office of the Chief Information Officer/G-6. Maj. Gen. Michael J. Basla
Air Force Major General Michael J. Basla, who has been serving as vice director, command, control, communications and computer systems, J-6, Joint Staff, has been assigned as vice commander, Air Force Space Command, Peterson Air Force Base, Colo.
Maj. Gen. William T. Lord
Brig. Gen. Brett T. Williams
Air Force Brigadier General Brett T. Williams, commander, 18th Wing, Pacific Air Forces, Kadena Air Base, Japan, has been named as director, Command, Control, Communications and Computer Systems, J-6, Headquarters U.S. Pacific Command, Camp H.M. Smith, Hawaii.
CommunicationsElectronics Life Cycle Management Command and Fort Monmouth, N.J., has been nominated for appointment to the rank of lieutenant general and assignment as director for command, control, communications and computer systems, J-6, Joint Staff.
Air Force Lieutenant General William L. Shelton, who has been serving as chief of war fighting integration and chief information officer, Office of the Secretary of the Air Force, has been assigned as vice chief of staff and director, Air Staff, Air Force.
Gen. Peter Pace (Ret.)
Air Force Major General William T. Lord has been nominated for appointment to the rank of lieutenant general with assignment as chief, war fighting integration and chief information officer, Office of the Secretary of the Air Force. Lord has been serving as commander, Air Force Cyber Command (Provisional), Barksdale AFB, La.
Maj. Gen. Dennis L. Via
Army Major General Dennis L. Via, who has been serving as commanding general of the Army
Marine Corps General Peter Pace (Ret.), who served as chairman of the Joint Chiefs of Staff from 2005 to 2007, has joined BGR Group as senior adviser. Pace will assist clients with developing and executing strategies associated with defense and national security issues as well as foreign and domestic corporate strategy and governance.
He also has particular interests in cybersecurity, transactions impacted by the Committee on Foreign Investment in the United States, and geo-political issues.
Shugg, commander, Joint Unmanned Aircraft Systems Center of Excellence, U.S. Joint Forces Command, Creech AFB, Nev., has been assigned as vice commander, Air Force Cyber Command (Provisional), Barksdale AFB, La.
Robert D. Hirt
Robert D. Hirt has been named senior vice president and deputy manager of Alion’s Engineering and Information Technology Sector, which provides engineering, technical, operational and analytical support to the Department of Defense, various government agencies and commercial and civilian customers.
Army Major General Randolph P. Strong, director of architecture, operations, networks and space, Army Office of the Chief Information Officer/G-6, has been appointed commanding general, Army CommunicationsElectronics Life Cycle Management Command and Fort Monmouth, N.J.
Air Force Brigadier General Charles K.
Ted Ventresca has joined the Military Information Technology sales team, where he will focus on the Air Force. A career marketing/sales and media executive with a winning track record as a global senior vice president and managing director of digital media consulting and satellite radio/data companies, he is considered a digital media pioneer with international sales/ marketing experience including digital radio, print, event and seminar development in the Middle East, South Africa, United States, Europe and Asia. He developed the “Tune Into Home” campaign, marketing satellite radio to U.S. and British servicemembers in Iraq and Afghanistan.
MIT 13.5 | 5
INTEGRATION CENTER COMBINES USER REPORTS AND EXPERT EVALUATIONS TO DETERMINE B T M , MIT C IF SYSTEMS ARE MEETING WARFIGHTER NEEDS. Y OM
Marine Corps Colonel Medio Monti, The publication sends surveys to the commander of the Joint Systems Integracustomers and solicits feedback on their tion Center (JSIC) at U.S. Joint Forces cars, while a team of experts evaluates the Command (USJFCOM), likes to describe cars in many different areas. Combining his organization as the Conthe information provides sumer Reports of the joint an extremely useful report, services for command and Monti observed. control systems. “I kind of see us in the “I’m always struck by the same vein,” Monti remarked. fact that if you buy the Con“We look at command and sumer Reports automotive control systems after the issue, the fact that Consumer fact, once they are fielded. Reports doesn’t take adverWe actually go out to the tising always adds a differcustomers and ask them ent spin to their analysis,” through surveys whether or Monti said of the well-known not the command and conCol. Medio Monti product-review magazine trol systems that have been published by the Consumers fielded are meeting their Union. “Another part that is very interestneeds. We report back to the customer. ing to me is that much of the data that they “We report on whether or not the warfproduce and publish is actually from the ighter thinks their system is meeting their customers themselves.” needs. Because I am institutionally funded, 6 | MIT 13.5
I see us as being able to act as the honest broker in looking at whether these fielded systems are meeting the warfighter’s needs after the fact,” he said. Customers of JSIC can include program managers, military services or combatant commands. They turn to the center to evaluate the effectiveness and interoperability of their C2 systems to assess whether or not they will work well together. For example, JSIC recently took a look at the Command Post of the Future (CPOF), a COTS-based system in use by the Army to provide a decision support environment where commanders can make use of collaborative information to determine an appropriate course of action. On a trip to Afghanistan, Marine Corps General James Mattis, commander of USJFCOM, noted that the CPOF had been in use with joint task forces (JTF), which were also using a collaboration tool called Adobe www.MIT-kmi.com
Connect. On returning to headquarters in Norfolk, Va., he asked if those systems would work together in a joint environment. “We grabbed those systems and brought them into the laboratory,” Monti recalled. “We looked for any kind of conflict that may exist. We also asked the warfighters what they thought of the systems and whether or not they had any issues working with these two systems together in the JTF environment.”
ally meeting the needs of the warfighter, while the interoperability assessment determines how well the capability operates and interacts with other systems in a JTF environment. JSIC pays for the costs of all demonstration cases, thereby eliminating any appearance of influence within its test results, Monti asserted.
JSIC also is responsible for the Joint Systems Baseline Assessment (JSBA), a series of interoperability assessments focused on improving communications and dataflow between C2 and intelligence systems. The Joint Intelligence Interoperability Board (JIIB), which is co-chaired by the joint staff J2 and the USJFCOM Intelligence Directorates J2, serves as the primary sponsor of JSBA.
The JSIC has four primary mission areas: interoperability assessments and demonstrations, warfighter utility assessments, technology assessment and integration, and joint capability portfolio analysis and assessment, the newest of its missions. “JSIC provides the unique laboratory environment where program managers and engineers are brought together with operators and analysts to identify and in some cases fix C2 interoperability issues,” Monti said. JSIC makes use of its rapidly configurable laboratory facilities to replicate core JTF architectures. Its researchers use highly repeatable scientific methodology to identify problems and then to develop solutions. JSIC doesn’t certify systems, however, but rather identifies interoperability discrepancies using operational scenarios and operators. The results of JSIC assessments may be used to support certifications from the Joint Interoperability Test Command. “Missions are put into an operational context using joint mission threads that reflect the reality of today’s JTF operations,” Monti described. “We also have the capability to line up and evaluate one C2 system with another. In an architecture world, many times these systems are created by the services, and the program managers deliver them, but they have never been placed in a common JTF environment before. In some cases, you don’t know what the impact of one system will be on another.” The acquisition community gains a great deal of value from evaluations by JSIC, which generally conducts interoperability and capability assessments between Milestone B and Milestone C in the acquisition process. The capability assessment examines whether a new capability is actuwww.MIT-kmi.com
mation systems typically deployed at the combatant commands. The JIIB charter included JSIC as an associate member to perform interoperability and functional testing of the identified intelligence systems. JSIC has set the sharing of information and data between ISR and C2 systems of record primarily at the JTF level. Each of the JSBA reports, which date back to 1999, includes the results, estimated impact and recommendations of the assessment. “For JSBA ‘08, our efforts found that system interoperability between C2 and intelligence improved, but pointed out that more work is necessary. It makes sense because our efforts follow developments on the battlefield, which are dynamic,” Monti noted. Each JSBA produces a report that addresses five areas of interest between the battlespace awareness and the C2 commu-
Marine Corps Col. Medio Monti, the director of U.S. Joint Forces Command’s Joint Systems Integration Command, discusses his agency’s roles and responsibilities to the DoD. [Photo courtesy of DoD]
“Each JSBA tackles interoperability issues that combatant commanders such as U.S. Central Command have brought to the joint staff, some of which are the province of the JIIB,” Monti stated. “JSBA will find causes of the JIIB’s prioritized interoperability problems and pass those to the system owners, who can then address the system problems and field the fixes for the warfighter.” The joint staff established the JIIB in 1997 to promote cooperation and interoperability among the joint and service infor-
nities: joint targeting, distributed common ground systems, C2 collection management, cross-domain services and geospatial Web services. JSBA 2008 included those five objectives. “In the joint targeting objective, we collected data in a major theater war exercise and found that targeting automation was improved, but that different and sometimes incompatible systems were needed for joint forces commanders to conduct both deliberate and dynamic targeting,” Monti recalled. MIT 13.5 | 7
“In the C2-to-intel objective, operators were able to get the data they wanted from intel databases of multiple services— including the Marines Corps, Army and Air Force. But considerable additional work was needed to get that data displayed to people on an op center watch floor,” he continued. “What happens then is that findings are passed to the program management and joint program offices that develop and maintain these systems, and then the warfighters will benefit as the fixes are applied and fielded.” JSIC systems engineering teams analyze interoperability issues to isolate the causes of technical, software or procedural deficiencies, Monti reported. JSBA 2008 used the National Geospatial-Intelligence Agency’s Empire Challenge 2008 exercise as the operational context for one of the interoperability assessments. Two of the systems offices that participated in the exercise were the Distributed Common Ground Systems and Global Command and Control System. JSIC delivered its findings and recommendations directly to the program offices as direct feedback for improvements to their interoperability issues. For joint targeting, JSIC discovered that some of the joint targeting systems, although very accurate when used in conventional war fighting, were not accurate when tracking irregular targets. “Another objective was to assess the interoperability between collection management systems services and joint C2 system databases. We were able to help improve some of the Web services between PRISM, which is a collection management system, and the Joint Targeting Toolbox,” Monti said. The military components usually do not respond to JSBA findings, Monti added, although combatant commands or JTFs will contact JSIC to see where potential improvements lie. “It’s up to the system program offices to take action on our findings and work with JSIC to resolve interoperability gaps that come out of our JSBA exercise,” he noted.
U.S. Atlantic Command, which ultimately evolved into USJFCOM. In September 2004, the JFCOM commander redesignated the JBC as JSIC. The goal of the new name was to capture the essence of what the organization does while appropriately identifying it as a command. “We are focused on improving the warfighter’s ability to plan and execute operations by driving resolution of C2 interoperability problems and providing unbiased evaluations of current and emerging C2 systems. In other words, we can help solve C2 problems that hamper our soldiers, sailors, airmen and Marines while they are operating in the field,” Monti stated. The services put forward candidates to serve as the JSIC commander. The Marines nominated Monti in 2006, and he became the first from his service to command it. JSIC falls under the USJFCOM Joint Capability Development Directorate (J8), currently headed by Air Force Major General Kevin Kennedy. The center comprises about 15 active duty servicemembers, 30 government civilians and a contractor work force. “We are very aggressive about maintaining our relationships with the combatant commands in trying to uncover any issues they might have,” Monti commented. “The formal process starts inside of JSIC,” he said. “Once we are made aware of some problem, I bring my team together and we analyze the problem to see if we are the right agency to help solve the problem. If we are not, then I’ll try to pass it along to someone who can help. I’m a small organization— very powerful for a small organization—so I have to make sure that if I’m looking at something that it’s within the scope of what I can really do.” JSIC talks constantly with CENTCOM as well as U.S. Northern Command. It also has a unique relationship with Joint Special Operations Command, which it is helping look at emerging technologies that can assist irregular warfare fighters in the field. JSIC also is assisting the Defense Information Systems Agency in examining new generations of the Global Broadcast System.
The story of JSIC really began in October 1996, with the chartering of the original Joint Battle Center (JBC) by the chairman of the Joint Chiefs of Staff, who controlled the JBC directly. A year later, the chairman assigned the JBC to the commander of
JSIC’s mission is changing with the needs of the military. “We are actually extending much of the analysis that we do not just in the area of short-term interoperability, but also in looking at what the JTF architecture will look like in 2012 or 2014,”
8 | MIT 13.5
Monti revealed. “We are involved in what is called an Operational Capability Mix Study right now, which involves JFCOM, the joint staff, and the folks at [the Office of the Assistant Secretary of Defense (Networks and Information Integration)]. That’s going to be part of the work that we do.” In addition, about half of the JSIC staff supported the Coalition Warrior Interoperability Demonstration 2009 exercise, sponsored by the Joint Chiefs of Staff. In the near-term future, JSIC will look at collaborative tools presently used in the current theater. For example, it will explore the use of the Internet relay chat (IRC) architecture and the potential of using new technologies that are more secure and safe, such as the extensible messaging and presence protocol (XMPP). As time passes, Monti anticipates JSIC will look more and more at the technologies of other nations involved in military coalitions with U.S. forces. “We see the future of JSIC heading toward the multinational and interagency environment. We have learned over the years that we are never going to go it alone. My boss has said many times that in the next conflict, we are always going to be fighting with coalition partners and interagency. And there has not been much work done on C2 interoperability in that environment. We see that as the future,” Monti said. The multinational coalition and interagency environments present an entirely new set of challenges that must be addressed as U.S. forces continue to work closely with multinational forces, he observed. Last year, Monti traveled to the NATO Consultation Command and Control Agency to engage NATO partners in interoperability discussions. “We are exploring the potential for an organizational partnership to conduct interoperability assessments between U.S. and NATO systems that support time-sensitive targeting. This potential future collaboration effort may prove to be particularly beneficial in finding and implementing multinational interoperability solutions,” Monti reflected. “I see that as just the start. There are many areas that we can look at with our coalition partners to improve C2 interoperability.” ✯ Contact Editor Harrison Donnelly at email@example.com. For more information related to this subject, search our archives at www.MIT-kmi.com.
Looking to the Future of Bandwidth Procurement SATELLITE INDUSTRY EXECUTIVES DEBATE THE SUCCESSOR TO THE DISN SATELLITE TRANSMISSION SERVICES-GLOBAL CONTRACT. (Editorâ€™s note: MIT magazine recently reached out to executives from several companies that participate directly or indirectly in the Defense Information Systems Network Satellite Transmission Services-Global (DSTS-G) contract, a major vehicle for military procurement of commercial satellite communications bandwidth, which expires in 2011. Following are the responses from some of those companies.)
MIT 13.5 | 9
CapRock Meeting Next Generation Government SATCOM Needs with a New Breed of Provider BY DAVID MYERS There has been dramatic change since the government first expanded its access to commercial satellite communications through a new contract vehicle in 2001, known as Defense Information Systems Network Satellite Transmission ServicesGlobal (DSTS-G). In addition to increased reliance on commercial satellite communications, the government has become significantly more sophisticated in its application of commercial satellite services. Driven by higher throughput, communications on the move (COTM) missions and new technologies, the government is no longer simply interested in satellite capacity, but rather advanced, cost-effective communications solutions. In the face of this changing dynamic, the next generation of SATCOM solutions and their procurement model will need to evolve. Satellite fleet-centric thinking and bandwidth intermediaries will no longer suffice. Meeting the government’s emerging requirements for satellite communications will require a more complete value-added service provider, capable of not just procuring components, but also of designing, implementing, owning and operating sophisticated end-to-end managed network solutions. Today’s missions require high-performance converged communications to support multi-line voice, encrypted broadband data and two-way video applications. Historically, commercial satellite fleet operators have promoted buying satellite capacity in Megahertz (MHz) or in fractions of satellite transponders, as these are the common units of measure tracked by their shareholders. But in-theater personnel think in terms of their mission applications, which run on megabits per second (Mbps) rather than MHz. Like their government clients, managed satellite service providers, who own and operate satellite networks, are driven by the constant desire to improve application performance, while simultaneously lowering the “cost per bit.” In recent years, the tightening supply and increasing prices of commercial space segment have required service providers to become experts in network optimization and application acceleration. The goal is to deliver the same bandwidth, data throughput and quality of service, using less satellite capacity. Along with maximizing the “bits per hertz” ratio, providing value-added solutions to government and commercial clients alike has required mastering the application environment. Ensuring that Voice over Internet Protocol telephone services perform without dropped calls or lost packets, or that data is kept secure and meets information assurance standards, has exceeded the “raw bandwidth” requirement as the most important aspect of providing SATCOM-enabled communications. Multi-theater missions also require government SATCOM solutions to be multi-band in nature, capable of moving from C to Ku to X to Ka and back again without loss of performance. For 10 | MIT 13.5
managed satellite service providers, offering this kind of seamless portable communications, moving across regions or even across different satellite fleets, is second nature. Commercial managed service providers have been offering bandwidth portability and satellite fleet diversity for clients in the offshore energy and transoceanic shipping markets for nearly 30 years. It is this expertise in delivering true end-to-end satellite solutions, down to the application layer, that the government will need to leverage in providing the next generation of satellite-based communications solutions.
MANAGED SERVICES Complex military deployments, such as UAVs and man-packable micro terminals, have created huge demand for bandwidth not initially forecast by industry or government. One standard practice in commercial industry is providing a fully managed service rather than procuring raw satellite capacity or components. Managed services often include providing every aspect of a solution from end to end, including satellite bandwidth, teleport services, terrestrial interconnects, on-site antenna systems, and even LAN components like IP phones, PCs and video conferencing equipment. The scale advantage of managed services over one-off networks drives more efficient use of limited space segment, improving the “bits per hertz” ratio. It also ensures a fully integrated solution, where all the individual components are designed to work in concert. Adapting managed services for government results in a true “win-win” scenario. The key to realizing the benefits of these performance-enhancing and cost-saving services is the quality and operation of the network. In recent years, there has been a shift within the military to rely increasingly on contractors to operate many of its missioncritical systems. However, most contractors have elected to forego investment in their own infrastructure, instead outsourcing the services that they provide to multiple third parties. These “virtual network operators” often face serious qualitycontrol issues due to the hands-off approach and lack of visibility into the daily operations of the network. Virtual network operators generally cannot implement the latest bandwidth optimization tools because they don’t own or control the infrastructure. Many lack the in-house expertise to configure or manage sophisticated remote terminal equipment, like maritime or COTM antennas. And since virtual operators are often several layers removed from the actual network, they are challenged to provide consistent levels of responsive customer service. Overcoming these challenges requires only that the client select an end-to-end satellite service provider who is facilities based—a provider already invested in and operating its own global infrastructure. By partnering with a systems integrator that owns and operates the network service (including multiple 24 x 7 teleports, network operations centers, in-theater support centers, a global terrestrial backbone, and cleared in-field personnel), the www.MIT-kmi.com
Department of Defense ensures better command, control and communications support for its missions. In addition to offering a purpose-built network infrastructure, the more established managed satellite service providers can also offer the latest in specialized government-only commercial space segment, such as X band and military Ka band. These specialized frequencies have little or no commercial application, so the major satellite fleet operators have shied away from investing in these payloads. Commercial X and Ka offer a number of advantages over traditional C and Ku bands. For one, they are both still relatively available, unlike severely constrained C and Ku. Secondly, with commercial satellite fleets operating above their original design parameters (often at 95 percent or higher utilization), mission-impacting interference has become an increasing problem. As specialized governmentonly frequencies, X and military Ka are far less susceptible to such interference issues. Given these advantages and the inherent benefit of a “mirror” commercial capability to the WGS fleet, CapRock believes that the next generation of commercial SATCOM solutions will be more driven by government-specific rather than adapted commercial technologies. To that end, the company has significantly expanded its existing global infrastructure to support X and military Ka teleport equipment and satellite capacity. CapRock Government Solutions currently has more experience than any other service provider in commercial X band SATCOM services to the U.S. government, with more than 200 MHz in operation.
NEW FULFILLMENT MODEL The original DSTS-G vehicle was designed as a small business contract, awarded to three prime contractors—Arrowhead Global Solutions (now CapRock Government Solutions), Artel and Spacelink (now DRS). At that time, nearly 10 years ago, the vast supply of commercial satellite capacity available and the need to ensure competitive pricing enabled the government to benefit from a “broker” model. Under this approach, the prime contractors served as intermediaries to design the satellite
capacity solution to meet specific task order requirements and procure the capacity from across various satellite fleet operators. In addition to design and procurement, the original DSTS-G primes often found ways to lower the government’s operational costs by designing solutions that would consume less satellite power, while delivering the same throughput. In today’s new climate, with extremely tight capacity and skyrocketing satellite fleet operator prices, CapRock Government Solutions began to see a need for a more comprehensive approach to providing SATCOM services for DoD. Advanced bandwidth management concepts, including bandwidth portability and satellite fleet diversity, were developed to help ensure worldwide deployable capacity, and to mitigate the operational risks associated with having a government network dependent upon any one single satellite fleet operator or spacecraft type. Over time, close interaction with government customers and end-users became essential components of commercial SATCOM success. CapRock worked diligently to track customer bandwidth utilization, trends and inventory, and to develop network optimization tools. This has enabled the company to make informed decisions about the build-out of its network infrastructure, launch of new products and services, and acquisition of government-specific satellite frequencies (X and Ka). All of this investment has been designed to pre-position services on behalf of government clients, so they will be available when needed. The key for the government to reap both the lessons learned from the DSTS-G experience, and the latest in commercial satellite solutions, will be selecting the right type of service providers. The government will want to look to end-to-end managed satellite service providers that have the same incentives for success as their customers. Like its government clients, CapRock Government Solutions has evolved and invested toward one goal—ensuring mission success, while simultaneously improving operational capabilities and cost effectiveness.
David Myers is executive vice president and general manager for CapRock Government Solutions.
Americom Acquiring Commercial Satellite Communications to Meet DoD’s Requirements BY TIP OSTERTHALER As the U.S. government considers how it will acquire future capacity on commercial satellites, it is clear that the stakes are high for both the government and the satellite communications industry. Unfortunately, much of the public discussion to date has centered on the competing views of the satellite operators and the resellerintegrators. There has been far too little objective examination of 12 | MIT 13.5
what commercial capacity the U.S. government is likely to need in the future and how that capacity can best be acquired at acceptable levels of risk and at reasonable cost. The reality today is that the U.S. government is a large user of commercial capacity, and that situation is unlikely to change over the next several years. However, the degree to which the commercial operators will be able to meet the needs of the government beyond 2010 will be heavily influenced by the acquisition strategy the government pursues. It is likely that the scope of the government’s needs will include both raw bandwidth to support existing and planned applications and a wide range of services such as network design, traffic management, and equipment procurement and integration. www.MIT-kmi.com
Given such a broad set of requirements, it would seem that the government would benefit from an acquisition approach that provides for easy access to both operators and integrators. Having said that, the question remains regarding the degree to which the operators will be postured to provide the needed capacity. One of the challenges for the commercial satellite owner-operators in today’s procurement environment is the lack of a direct business dialogue with government end users. For those in the satellite operating companies who focus on satisfying the needs of the U.S. government, this poses a daunting challenge. In the absence of an open dialogue with the government and the ability to establish a direct contractual relationship, government needs do not get the attention they deserve in corporate boardrooms where customer priorities are set and resources are allocated. If this situation is allowed to persist, the likely result is that the needs of commercial users will continue to drive investment decisions. If it turns out that commercial customer needs are consistent with the government’s requirements and the owner-operators misjudge the market and launch excess capacity, the U.S. government might get lucky and still find adequate capacity at a reasonable price. However, this would seem to be an unnecessarily risky approach. If, on the other hand, the government adopts an acquisition strategy that includes the ability to purchase directly from the owner-operators as well as from integrator-resellers, depending on the requirements, the government will probably find that the owneroperators are much more willing to respond to their specific requirements when they make investment decisions. The availability of commercial capacity is simply too important to be left to chance. While the U.S. government is a very important customer for the satellite operators, it still only consumes a small percentage of total global commercial bandwidth, so the key to ensuring access in the future is to engage the owner-operators directly and to ensure that they have a complete understanding of the government’s needs as well as incentives to invest on its behalf, as they now do with their large commercial customers. Let’s get this discussion back to how industry can best support government users and away from what is best for the individual private sector players. In the end, the scope of the government’s requirements
Americom Government Services, which operates this teleport in Betzdorf, Luxembourg, is a major provider of satellite bandwidth through the DSTS-G program. [Photo courtesy of Americom Government Services]
are such that there is room for both integrators and operators to be successful, and the government should pursue a strategy that ensures they get the best efforts of both.
Tip Osterthaler is president and chief executive officer of SES Americom Government Services.
Artel Commercial SATCOM Acquisition BY ABDUL RANA U.S. military use of satellite communications has grown exponentially over the past decade, through both the extended utilization of military satellites and an unprecedented expansion in the use of commercial satellite capacity. The Department of Defense has been able to capitalize on a period of low utilization of commercial systems, so that currently, 80 percent of the satellite capacity used by DoD is leased from commercial systems. The main reason the department has been able to acquire the reasonably priced bandwidth is the effectiveness of the Defense Information Systems Network (DISN) Satellite Transmission Services-Global (DSTSG) contract. The DSTS-G contract vehicle efficiently provides the military with bandwidth capacity on commercial communications satellites. www.MIT-kmi.com
DoD in 2001 competitively awarded three 10-year delivery order contracts with a $2.1 billion ceiling to qualified small businesses: Artel, Spacelink International (now DRS Technologies), and Arrowhead Space & Telecommunications (now CapRock Communications). A key feature of this arrangement is that for each delivery task order, these three primes compete work among satellite carriers, and then compete against each other, resulting in more than 32 percent savings in program budget to date and enhanced service delivery. DSTS-G provides a contractual vehicle for DoD, federal agencies and other users authorized by DoD to obtain global fixed satellite service (FSS) bandwidth and related satellite-based services and applications. The list of services includes satellite bandwidth, service manMIT 13.5 | 13
agement, earth terminal services, leased earth terminal operation, and maintenance services, commercial teleport services and all necessary U.S. and foreign bandwidth and terminal licenses and approvals. The list also includes optional terrestrial interconnection services, optional host nation agreement negotiating support and optional systems engineering support. In addition, DSTS-G provides a contractual vehicle for the government to optionally acquire terminals on an ownership basis. The contract services support fixed, transportable and mobile user terminals. DISA manages the DSTS-G contract and coordinates the space segment acquisition for DoD. The contract has been extremely effective in reducing the cost and enhancing the delivery of services to DoD through a two-tiered competition strategy. Three DSTS-G contractors first allow satellite operators to compete for the lowest cost, best solution possible. Then the contractors compete among themselves to win the business. A 2006 Government Accountability Office report concluded that the DSTS-G contract was working well and provided DoD satellite capacity at a cost roughly 30 percent below other approaches, such as the prior contract or DoD agencies purchasing bandwidth directly from satellite operators.
ENHANCEMENTS Several enhancements were added to the contract in 2007, which made the contract vehicle even more useful, to the extent that it is now one of DISAâ€™s most successful contract vehicles. Major enhancements included: Timeliness. The improvement in processes has shortened taskorder response times from approximately four weeks to an average of three days, and has cut service delivery from an average of six weeks to an average of three days. In times of extreme need, the primes have been able to establish a signal in a matter of hours. NetOps. Several enhancements were added to improve NetOps and situational awareness. Signal parameters are monitored in real time and reported, on an as-changed basis, the planned and actual signal parameter values for each provisioned service. The out-of-tolerance alarm conditions are reported to the Global Netops Center when spectral measurements no longer fall within the nominal range assigned to predicted signal values, and also reported when each out-of-tolerance alarm has been cleared. There is also requirement for EMI/RFI identification, characterization, and geo-location for services procured under DSTS-G. Such services include the ability to identify and characterize sub-carrier EMI/RFI being transmitted underneath an authorized carrier, and the ability to geo-locate the source of any and all EMI/RFI. The existence of EMI/RFI is immediately reported to the Global SATCOM Support Center and other stake holders for each task order. Additionally, best efforts are made to geo-locate the source of the interference and report findings in accordance with USSTRATCOM guidance. Information Assurance. Commercial satellite communications services are vital critical infrastructure that must be protected from intentional or accidental attacks. DoD issued guidelines in the spring of 2008 to accompany each task order response by a statement that identifies the security measures in place. The measures are categorized by a Mission Assurance Category or MAC level, rated from 1, most restrictive, to 3, least restrictive. These MAC levels are applied to the four main components of the information signal train, which are the remote station, network, 14 | MIT 13.5
teleport, and satellite command and control system. DISA has promulgated minimum MAC level requirements for service offerings on the DSTS-G contract, consistent with DoD Directive 8500.1 and DoD Instruction 8500.2.
SERVING THE WARFIGHTER Prior to September 11, 2001, there was an overabundance of commercial satellite bandwidth availability. Since that time, however, capacity has been stressed by the global war on terror, requirements from global news and media outlets, and the growth of digital television transmission. For example, commercial bandwidth has become increasingly scarce in Southwest Asia, and there are also extreme shortages of satellite capacity in both the Middle East and North Africa. While the availability of commercial satellite bandwidth is decreasing, the militaryâ€™s need for affordable bandwidth continues to grow. New warfighter initiatives are constantly being identified, and there is more widespread use of UAVs, which consume vast amounts of bandwidth. The shortage of bandwidth and other challenges continues to enhance the role of systems integrators, like the DSTS-G primes. The use of commercial bandwidth for military applications requires real-time monitoring, interference detection and geo-location, and information assurance to ensure the availability of interference-free bandwidth for mission-critical applications. DSTS-G primes are performing these functions with the use of cleared, experienced personnel. Over the last few years, the satellite industry has been pushed out to foreign ownership. The anonymity and security of DoD operations are critical to mission success. Integrators mitigate this risk by inserting themselves between the satellite operators and the government. The integrators are satellite agnostic and able to provide end-to-end services as defined by service level agreements. The integrators seek capacity and other resources such as teleport services and backhauls from multiple U.S. and foreign companies, and provide trusted services to the government. There is an argument that DoD needs to be able to make longer term commitments for satellite usage, and that the year-to-year requirement forces the industry to charge higher rates than would be the case if they could order for a longer period. However, an integrator will be able to provide services to DoD under the current paradigm by absorbing the risk of acquiring services for longer term. This is equivalent to offering multi-year pricing without long-term commitment by the government, which can buy what it needs, where it needs it, and when it needs it without multi-year commitments. Congress inserted language into the 2008 defense authorization bill specifically requesting that DoD re-investigate the issue of utilizing commercial satellite bandwidth for military purposes, and report back to Congress no later than February 2010. As lawmakers await the report, the DSTS-G contract is serving the warfighters well. The systems integrators continue to provide a valuable role by allowing: â€˘
Flexibility: Through the DSTS-G contract, the primes have been able to provide commercial satellite bandwidth, bandwidth and service management, terminal services, terminal operation and maintenance services (including health-andstatus monitoring), commercial teleport services, licensing and approvals, host-nation agreements, and related services. www.MIT-kmi.com
Innovation: Systems integrators have provided solutions that the government was not even aware of prior to the proposals. These have included preferential pricing and terms and conditions from satellite operators, and moving satellites where they were needed. Cost Reduction: Systems integrators have no interest in promoting a specific space segment and/or modulation/ coding scheme, and are able to recommend the best design and most suitable space and ground segments.
As DoD’s requirements have evolved from bandwidth to services, Artel has invested heavily and enhanced its capabilities as an end-to-end solutions integrator with three NOCs, and monitoring and connectivity infrastructure in 22 locations worldwide. Artel has organically grown through excellent performance and is anticipating 2009 revenues of $270 million. With strong competencies in managed network services, information assurance and IT solutions, Artel is well prepared to meet the future needs of the warfighter.
Abdul Rana is vice president of strategic operations for Artel.
Intelsat The Evolution of Satellite Bandwidth Procurement BY KAY SEARS It seemed like a good idea at the time. Almost a decade ago, the Department of Defense wanted to streamline the procurement process for commercial satellite bandwidth used by sea, air and land forces worldwide. Rather than continue to shop for needed satellite capacity from a variety of suppliers, the Pentagon decided to consolidate its requirements in a contract granted to three small businesses. These small businesses would act as middlemen, assembling packages of bandwidth and services as required by military forces and reducing the procurement burden on the services. In addition, this approach would significantly contribute to DoD small business goals. So why not kill two birds with one stone? Thus was born the Defense Information Systems Network Satellite Transmission Services-Global (DSTS-G) contract vehicle. The DSTS-G small business model worked well enough initially, and probably saved the government money during a period where there was a significant oversupply of bandwidth. The Internet bubble burst shortly before the DSTS-G contract was granted, so in the early years, it was a buyer’s market. The three small DSTS-G companies were able to make price the discriminator as they shopped among operators and suppliers to meet military bandwidth requests. As the global economy revived, however, video transmissions migrated to the more bandwidth-hungry HD format, and militaries began to use satellite communications more aggressively in their operations. As a result, the available pool of satellite capacity diminished and the prices began to rise. Because the government chose to rely on one-year contracts, it was uniquely exposed to this normal fluctuation of supply and demand. Had the government chosen to plan in advance and to use its existing contract authority to employ long-term contracts, it could have significantly reduced the cost of its required bandwidth. In addition, the use of long-term contracts would have encouraged the priwww.MIT-kmi.com
vate sector to plan additional capacity in key regions and to tailor this capacity to the unique needs of the military. The DSTS-G contract, designed initially as a way to manage an unruly marketplace, ended up inhibiting the normal ability of the market to respond to changes in supply and demand. The world has changed dramatically since the DSTS-G process began in 2001. The economies of Africa and the Middle East have grown aggressively and are making substantial demands on commercial satellite capacity. At the same time, the American military is engaged in large, ongoing operations in Iraq and Afghanistan, resulting in a tremendous increase in bandwidth demand in the Indian Ocean Region. In addition, militaries around the world are turning to new bandwidth-hungry tools, such as UAVs, and new mobile communication platforms to meet new operational requirements. Finally, the line between commercial and military demand has blurred as militaries increasingly turn to novel approaches such as hosting military payloads on commercial satellites. The DSTS-G contracting process is up for renewal in 2011, and it is time for another evolution in how the military buys the commercial bandwidth it needs. What is needed now is a combination of a DSTS-G-like arrangement for selected integrated services and a separate contract process for multi-year bandwidth capacity where the military integrates its worldwide strategy and satellite architecture requirements with longterm planning and line-item budgeting. This would save the military money in the long run, introduce new flexibility into operations, and allow commercial operators to plan and design payloads suited to meet DoD requirements. The recent move by the Australian Defence Forces (ADF) to contract for a UHF hosted payload on an upcoming Intelsat satellite is an example of how this process could work for the U.S. military. The ADF signed a 15-year contract for a portion of the UHF payload that will be launched on the Intelsat 22 satellite in 2012. Not only does this guarantee that the ADF will have the communications capacity it needs in the Indian Ocean region through 2027, but it also allows Intelsat to design and build capacity in advance of when it MIT 13.5 | 15
is needed. ADF officials estimate that signing a 15-year contract, rather than buying bandwidth on an as-needed basis, will save Australian taxpayers more than $100 million in coming years. Secretary of Defense Robert Gates has recently made it clear that the Pentagon needs to shift its focus to weapons systems and communications capabilities that are more flexible and adaptable. Now, the question before the secretary and his staff hinges on supply and demand. If they anticipate dramatic commercial satellite bandwidth oversupply and assume that their needs will continue to be identical to those of the commercial marketplace, the answer might be to stick with the current contract model. But if they see a tightening trend on commercial bandwidth supply, and a growth in DoD-unique requirements for capacity and/or security, then they need a contract vehicle that provides a direct dialogue with the satellite owner/opera-
tors. Based on current and projected supply numbers for commercial satellite bandwidth, this would appear to be an easy decision. The government has been and will continue to be a major user of commercial satellite bandwidth. DoD needs to develop a forwardlooking contract vehicle that takes advantage of the fact that it is a “preferred” commercial customer. Such a vehicle would remove unnecessary layers of bureaucracy, reduce the cost of commercial satellite services, and provide special access to advanced services such as hosted payload opportunities. The first step toward enjoying those benefits will be achieved by dealing directly with satellite operators on the next contract.
Kay Sears is president of Intelsat General Corp.
Segovia Beyond Bandwidth: SATCOM’s Next Generation is in your Pocket BY PETER JONES Albert Einstein is reported to have said, “The definition of insanity is doing the same thing over and over again and expecting different results.” Applying this thought to the next generation of commercial satellite communications can be instructive: Are we insightful or mistaken? First, let’s give credit where credit is due. Two near-simultaneous events—the breaking of the COMSAT Corp./Intelsat “monopoly” of U.S. satellite communications in the late 1990s/early 2000s, and the rise of the indefinite delivery, indefinite quantity contract vehicle as a recognized and respected acquisition methodology—led to DISA’s evolution of the DSTS-G contract. DSTS-G brought real competition to the DISA COMSATCOM market and took a major leap of faith: allowing small companies to manage the complexity, responsibility and financial challenge of providing global space segment for the warfighter. The DSTS-G contractors met the challenges, cutting costs, improving services and reducing space segment acquisition times to a point undreamed of during the days of the COMSAT/Intelsat monopoly. The DSTS-G contract was a watershed event, not only for COMSATCOM acquisitions, but also for government acquisitions in general. Small businesses showed that their agility, speed and flexibility, coupled with a government willingness to partner with relatively small players instead of relying on the traditional large corporations, could pay significant dividends. We’ve seen DISA’s success in DSTS-G replicated time and time again in other major government procurements, such as Networx, Alliant, NETCENTS, ITES-2 and Millenia Lite. Now, nearly 10 years later, we are looking at how COMSATCOM acquisition must evolve for 2011 and beyond. To say that the world has changed since 2001 is an understatement. But some view it as a binary choice: Either we return to the “safe” way of doing business, 16 | MIT 13.5
by returning control to the leviathan satellite system operators, or we leave the DSTS-G construct intact, unchanged and unsullied. Einstein would probably find either solution to be unacceptable. At Segovia, we believe there is a third way. To understand it, you need look no further than your pocket or purse.
CELL PHONE MODEL To understand the next generation of COMSATCOM, think back to 1982. One of the seminal events that year was the agreement by AT&T to divest itself of its regional operating entities into independent companies. This deregulation led to the evolution of the new telephone companies, like Verizon, Sprint and Cingular, and a new business model. Many of us remember the time when the phone inside your house was not your property—it belonged to the phone company, and you paid a monthly fee for both the phone and the wiring in your walls. Service was expensive, and you got it on the phone company’s terms, not yours. A decade later, things had changed immeasurably. You owned the phone, the wiring and everything down to the box on the side of your house. If your daughter wanted a pink phone, you just got one. As cordless phones proliferated, the need for wall jacks and lots of installed wiring went away. Answering machines? No problem. Dial phones? Antiques. And, most importantly, the ubiquitous cell phone became a reality, finally freeing the user from the tyranny of the wire. The cell phone brought with it a fundamental change in the way we live. Now we have communications that travel with us; are always on; register themselves into a pre-existing network; provide “one number” access to an individual, no matter where he or she is in the world; and offer the economies of scale that are possible when users share a network—even globally. Now, as we near the second decade of the 21st century, the cell phone has become the model, not only for our culture, but also for how DISA must change COMSATCOM. www.MIT-kmi.com
The price for bandwidth has been reduced by DSTS-G to a point where further significant reductions are unlikely. The space segment cost reductions that we’ve seen over the last 10 years will remain, but additional significant cuts in cost simply won’t happen, due to supply and demand. There is a finite amount of satellite space segment, and the costs of launching a new satellite are significant. Intelsat, SES, Eutelsat and others simply aren’t going to dilute their margins by launching an overcapacity of bandwidth. The dollars-per-megahertz number will not change materially. The next generation of COMSATCOM price efficiencies will come not from forcing ever-slimmer margins on the space segment broker, but instead from technological innovation and operational changes. As DoD moves to lighter, faster, expeditionary missions, the DoD COMSATCOM service will morph to a ubiquitous, “always on” model, which ensures the user gets the end-to-end bandwidth needed, where it’s needed, when it’s needed. Finally, it will be the Holy Grail of telecommunications—connectivity that is abundant, assured, secure and global, at an affordable price.
KEYS TO THE NETWORK The keys to the next-generation COMSATCOM network will be threefold. It will be IP-based, global and truly be a part of the Global Information Grid. First, Internet Protocol. If we are to achieve additional cost savings, IP networks are the only real choice for leveraging shared bandwidth access technology such as Time Division Multiple Access. IP networks allow a large number of users to share the same bandwidth and still provide communications that meet the users’ operational needs. The use of IP modems on COMSATCOM (including current force modems and the Joint IP Modem for DoD) will provide the means for breaking the inefficiency of legacy circuit-based provisioning. Instead, multiple users will cooperatively access the same bandwidth—further reducing user costs while maintaining service levels that equal or exceed the legacy model. Compare this to the evolution of your cell phone. Circuit-based connectivity is equivalent to one copper wire in the wall, which you pay for whether you use it or not. Always-on IP SATCOM is like your cell phone. You decide how much service you want: Just voice? Web surfing and e-mail on your phone? How about maps? Or directions? Or satellite imagery? Then you use it as you see fit. And when you’re not using the network, chances are that someone else will, and this reduces your out-of-pocket costs. DISA’s next-generation COMSATCOM acquisition must make networked IP services a core requirement to ensure the most costeffective prices prevail. Second, global. DoD has unique requirements, but also global requirements. A combat unit can be in Iraq, Afghanistan or California literally within days. The special operator may need to move over continents in hours. The warfighter shouldn’t have to get different equipment, access codes and lineup instructions to move from the Europe to the Pacific, or from the training range to garrison. Again, compare it to your cell phone. The plane from Washington lands in Los Angeles, and we turn on our phones. Literally within seconds, the phone finds the local network, registers into it, finds our voice mail, downloads our e-mail, and puts us back in business before the plane has parked at the gate. There is no reason that COMSATCOM can’t be just like that: a ubiquitous, always-on, pre-positioned network, which the warfighter’s www.MIT-kmi.com
SATCOM terminal locates by GPS, automatically finds the proper satellite, registers securely into the DoD network, and begins moving knowledge. And it can happen, anywhere and anytime, securely and nearly automatically. In 2005, the GIG Bandwidth Expansion program proved that a high-capacity, prearranged global network could meet and exceed the vast majority of DoD’s requirements without having to build unique, costly, duplicative data services for multiple users. DISA’s next-generation COMSATCOM acquisition must focus not on unique networks that duplicate services for different users, but on a common, global network that provides access to net-centric services with standards-based terminal equipment and telecommunications protocols. Third, COMSATCOM must truly become part of the Global Information Grid. To many people, COMSATCOM is “a way of getting to the GIG”—a separate and distinct transport tool that “is not part of the GIG.” The COMSATCOM community has fostered that separation, and not integrated itself well into the larger GIG. Separate management tools, requirements databases and status reporting mean that real end-to-end system management is not possible, and the concept of a seamless, integrated global network is stymied. We need a mental shift, not only from industry but also from DoD’s users and managers: copper, fiber, COMSATCOM, MILSATCOM, wireless, and technologies not yet invented. All are part and parcel of the GIG, managed as an integrated whole, operated seamlessly. DISA’s next-generation COMSATCOM acquisition must provide true, global, end-to-end system management, and be managed as an integral part of the GIG.
BACK TO THE FUTURE? There are myriad forces that will try to forestall the natural evolution of COMSATCOM. Satellite system operators want to protect the lucrative, inefficient single-channel-per-carrier transmission model, which maximizes bandwidth usage and revenue while limiting the number of simultaneous users. The legacy bandwidth brokers and resellers view bandwidth, not services, as the core business model. Acquisition “experts” decry the risks of buying multi-year SATCOM contracts, or of buying service at all, as opposed to simply buying bandwidth. And COMSATCOM enthusiasts believe that COMSATCOM is special, and cannot be managed as efficiently as an integral part of the DISN. Instead, compare today with 1982. In less than 30 years we have completely changed the global telecommunications infrastructure from a group of inefficient, centrally planned telecommunications companies to a vibrant, interconnected, “always on,” self-registering, self-adapting, loosely coupled set of networks, based on common standards, protocols, security services and rules. DISA’s next-generation COMSATCOM program needs to match this level of sophistication, by implementing a global, “always on,” ubiquitous network to support any warfighter, any time, any place. Let the warfighter determine how much and what kind of services he or she wants, and let advanced technologies and economies of scale drive costs down to levels that are beyond the reach of DSTS-G. Make COMSATCOM as ubiquitous and easy to use as the cell phone. We can do it; the technologies exist today. All we need is the kind of vision and leadership that DISA showed in 2001.
Peter Jones is senior director for business development at Segovia. MIT 13.5 | 17
Cybersecurity: Beyond “Hack and Defend” SIMULATION CENTER TRAINS NETWORK ADMINISTRATORS BY PLACING THEM IN VIVID ATTACK SCENARIOS. BY MARLA DIAL
Cyberoperations Enhanced Network and Training Simulators expose network and security administrators to the crippling realities they could face in day-to-day operations. [Photo courtesy of EADS North America Defense Security and Systems Solutions]
In recent months, concern about the vulnerability federal government’s history of underfunding inforof U.S. defense programs and infrastructure to cybermation assurance initiatives—a trend that industry attacks has reached new heights. National media have watchers expect to change under President Obama, reported information security breaches concerning the who has made cybersecurity a priority for his adminisJoint Strike Fighter program and the apparent mapping tration in the technology arena. Another is the rapidity of the U.S. electrical grid by foreign entities gathering of duty rotations for military personnel, which makes intelligence for a potential future attack. it hard for the services to keep experienced network These breaches into critical defense and infrastrucadministrators in key technology positions. ture programs came to light as White House staff memA third challenge comes from the often rapid bers were preparing recommendations to strengthen evolution of cyberthreats. Breaches, once experienced national cybersecurity policies. as relatively obvious anomalies, are becoming more Johnnie Hernandez For America’s warfighters, costs can be measured in sophisticated. Some can linger in systems for days or terms of lives as well as dollars. The recent infiltrations weeks before being detected—if ever. suggest that commonly used “defense in depth” security models are DS3 works on cybersecurity products, training and services that not always sufficient to withstand rapidly evolving cyberthreats. are designed to tackle that problem, however. “The real and potential security gaps are the soft underbelly of GETTING AHEAD OF THREATS government and military operations,” said Johnnie Hernandez, chief executive officer of EADS North America Defense Security and Systems For the past 11 years, the company has led training programs to Solutions. Known as DS3, the company is a subsidiary of EADS North help federal and military experts get ahead of cyberthreats—work that America, a division of the world’s second-largest defense contractor. eventually prompted the company to develop a suite of sophisticated Factors contributing to the dilemma, Hernandez said, include the 18 | MIT 13.5
network simulators, known as Cyberoperations Enhanced Network and Training Simulators, or CENTS. The product line borrows the concept of flight simulators used to train pilots. Network and security administrators, training in a riskfree environment, are exposed to the crippling realities they could face in day-to-day operations. The modules in the training courses using CENTS don’t feel like practice sessions, however. The courses are designed for administrators with at least five years of experience, and the simulators mimic actual communication networks, complete with servers, security appliances, switches, routers, applications and network traffic generation. DS3’s proprietary software application, Sentinel Legion Autobuild Myrmidon-Reconstitution (SLAM-R), manages each scenario and even launches actual attacks—along with diversionary side activities—that mimic the toughest new threats emerging in cyberspace. The attacks must be detected, analyzed and blocked. The operational tempo is intense: more like computerized war games than typical training seminars. “We are training people to do more than just knowing how to protect a network,” said Chet Ratcliffe, executive vice president and chief technology officer for DS3. “It’s all about knowing your network, thinking outside the box and using critical indicators to sense when something is wrong, so you can react quickly. “Most companies throw a technical solution at the problem and then act surprised when their data is stolen,” Ratcliffe said.
“Technology alone does not work. You must have a comprehensive program that includes well-defined policy and processes with persistent training, and exercise in a live-fire environment.” The joint community knows that well. For the past six years, DS3 simulators and their engineers have been playing a key role in cyberexercises such as Bulwark Defender, Cyberstorm II, Global Lightning and Black Demon. During these exercises, which typically run for one to two weeks each year, military and federal personnel experience the newest, cutting-edge evolutions of cyber-attacks. The CENTS system, which dovetails with DS3’s advanced cybernetwork defense training course, is designed to go beyond the more familiar “hack and defend” model, Hernandez said. Because the CENTS environment is easily base-lined and reconfigurable, it can be used to test and validate new hardware, software and configuration changes for an enterprise before purchases are made or products are deployed, helping to shave costs and safeguard the network’s integrity. The CENTS line initially evolved from a contract with the Air Force Communications Agency. More than 2,000 operators from U.S. government agencies and DoD have been trained with DS3-designed simulators since 2003. ✯ Contact Editor Harrison Donnelly at firstname.lastname@example.org. For more information related to this subject, search our archives at www.MIT-kmi.com.
MIT 13.5 | 19
Software Metrics OBJECTIVE MEASURES OF DEVELOPMENT ARE CENTRAL TO ENSURING THAT JTRS CAPABILITY IS DELIVERED TO THE WARFIGHTER.
BY GEORGIA GRIFFITHS AND SUSAN WELLERSDIECK
Editor’s Note: This is another in a regular series of updates on the Joint Tactical Radio System (JTRS), as provided by the program’s Joint Program Executive Office (JPEO).
The Joint Tactical Radio System (JTRS) enables networkcentric warfare through the use of advanced, mobile, ad hoc, network-capable JTR devices, and true networking and joint interoperability among all four Department of Defense services across the entire battlespace. Facilitating this interoperable network is a software-defined architecture to permit the porting (or loading) and reuse of a standard suite of software products— including the waveforms used to transmit the data—on a wider variety of hardware configurations. Employing mature, software-defined radio technologies, the JTRS program is developing more than 10 million lines of code across five ACAT 1D major defense acquisition programs as part of its Increment 1 baseline. This article shares lessons learned, the software metrics framework being used, and a program executive viewpoint of the stability, development progress and quality of JTRS software products. 20 | MIT 13.5
First and foremost, observations throughout the JTRS development life cycle reveal that all DoD programs, including but not limited to software development, can greatly benefit by requiring systematic product development progress tracking, and quality metrics trended over time. Based on objective measures, these metrics have been required on all JTRS contracts and have proved central to the program management and Joint Program Executive Office (JPEO) tool set, especially at the level of strategic planning, to ensure that capability is delivered to the warfighter. Early in the JTRS program standup, the JPEO instituted an enterprise software metrics requirements effort. The result of this effort established a baseline of software metrics defined and approved by both the legal and contracts departments. Subsequently, these metrics were added onto each JTRS contract involving software development. www.MIT-kmi.com
The intention of this set of metrics is to quantify the quality and progress of the software productâ€™s development over time, based on objective measures consistent with the requirements and contained within the contract. The status and trends gathered from these metrics have been essential to determining the step-by-step program status frequently and recurrently, and have provided strategic data to determine adequate tradeoffs to ensure successful completion. This approach to software metrics will work for any type of software development methodology, including incremental, spiral or waterfall. These objective measures must be defined early in the program. For instance, during the requirements and design phase, the number of requirements and the number of use cases required for design must be estimated. Then, the completion rate of the cases can be viewed The charts above and below demonstrate the valuable information consistently available through the use of an incremental, and analyzed for trendsâ€”actual vs. scheduled. objectively measured approach to software development. [Images courtesy of JPEO JTRS] If the number of estimated use cases rises dramatically, it is an indication of either an initial lack of understanding of the requirements or requirements creep. During the coding phase, the software lines of code (SLOC) count can be used to determine progress. And finally, during integration and test, the execution of test cases can be monitored. This process has consistently demonstrated that if objective measures are planned early in the development life cycle, are well understood at the outset of the development phase, and then regularly monitored for progress over time, product completion can be estimated at any stage of the development. During the integration and test phase, the other piece of the status puzzle may be found in trouble reports. The IEEE Standard of Anomaly Priorities was used so that across the enterprise, there is uniform agreement to the quality requirements of each software component. onstrates the testability of the code, and is an important criterion Many papers have been written on the estimation of the numfor software certification. These criteria will be discussed further ber of problems expected during the software life cycle. By analyzin subsequent articles. ing the number of test cases successfully executed, the number of The examples in the accompanying charts demonstrate the SLOC available for test, and the number of open and closed error valuable information consistently available through the use of reports, the health of the product can be monitored. this incremental, objectively measured approach to software The number of open and closed error reports should start development. Notice the concurrency of design, code, and inteto converge when the test cases are starting to complete. At the gration activity and progress. beginning of testing, a large number of errors can be a good sign In conclusion, the visibility and ability to anticipate and that thorough testing is being executed. If enough planning is identify problems early, to make informed decisions and stratenot defined, a product can end up with a status of 99 percent gies, and to develop contingency plans and mitigate risks during complete yet with very little insight into the work necessary to the product development cycle more than compensates for the satisfy all requirements. extra effort invested in defining the objective measures, planning Other product metrics that are collected include software progress over time and monitoring progress over time against complexity and productivity numbers. Software complexity demthe plan. âœŻ www.MIT-kmi.com
MIT 13.5 | 21
Compiled by KMI Media Group staff
Encryption Products Certified for Secure Interoperability L-3 Communication Systems-East has announced that two of its RedEagle network encryption products have received National Security Agency certification to the HAIPE Interoperability Specification (IS) v3.0.2. These new network encryptors, which are the first to receive this certification, are now available to customers through two previously awarded Department of Defense indefinite-delivery/indefinite-quantity contracts. Both the RedEagle KG-240A, a ruggedized 100 Mbps In-line Network Encryptor (INE) and the RedEagle KG-245A, a tactical 1 Gbps INE, were certified. HAIPE IS v3.0.2 is a critical technology used to secure strategic and warfighter networks, support crypto modernization and Internet Protocol transitioning. This secure protocol provides increased interoperability for secure data sharing across DoD and select U.S. government agency networks. In addition to the HAIPE certification, both of these solutions includee the foreign interoperability (FI) extensions to the HAIPE specification. With W these additional FI features, L-3 provides customers secure interoperable opperable networking capabilities to support multinational coalition ioon partner and homeland security operations. Both RedEagle glle encryptors include backward interoperability too all fielded HAIPE IS v1.3.5 solutions. Bob Coia: email@example.com
Certification Clears Sales of Broadband Manpack Terminal ViaSat has received certification from the National Security Agency for the ruggedized AN/PSC-14(C) Broadband Global Area Network (BGAN) integrated manpack terminal. This is the first small terminal of its kind to combine an Inmarsat BGAN satcom terminal in a rugged, tactical package with embedded Type 1 security for classified communications. The AN/PSC-14(C) enables access speeds of up to 422 kbps almost anywhere in the world. The embedded security and rugged package provide rapid setup and simplified operation under the most adverse conditions. With this new certification, ViaSat can begin fulfilling orders for AN/PSC-14(C) terminals from a wide user community, including defense and homeland security customers, and authorized international governments. The AN/PSC-14(C) full-mesh network encryption also supports multinational operations through its ability to switch between U.S. and multinational (Type 1 Suite A/B) modes through simplified key management features. In addition, the AN/PSC-14(C) is based on ViaSat’s programmable security device, which can reduce support costs and enables upgrade to foreign interoperability features in the field. Justin Luczyk: firstname.lastname@example.org
Army Seeks Mortar Fire Control Systems Integration Elbit Systems of America has received a contract from the Army for the mortar fire control systems integration program. The contract provides for orders up to $197.5 million amount over a five-year period. The initial order under the contract is valued at approximately $22 million and is expected shortly. Under the contract, Elbit will perform systems integration, development, production, fielding and support of the Army’s mortar ballistic computer and various types of mortar fire control systems. Dalia Rosen: email@example.com
Air Force Shifts Policy on Protected Distribution Systems The Air Force has issued a new update to the policy for protected distribution systems (PDS)—including a major change in the way alarmed PDS can be installed—that significantly reduces deployment cost and complexity. As an alternative to traditional hardened carrier systems (such as EMT or commercial secure raceway), generic interlocking armored cable alarmed by the Interceptor Optical Network Security System from Network Integrity Systems can now be used for securing SIPRNet and JWICS networks. According to an emission security policy issued by the Air Force CTTA, flexible armored cable used in conjunction with Interceptor is an approved PDS solution for CONUS Air Force, Air National Guard and Air Force Reserve bases, as well as off-base government locations operating at Secret and below and Top Secret/SPECAT 22 | MIT 13.5
classification levels. The solution is also approved for OCONUS air bases and facilities operating at Secret and below classification levels. The flexible interlocking armor in the cable provides the robust physical protection formerly provided by the hardened PDS, and the continuous monitoring performed by Interceptor replaces the daily visual inspections. This permits the cables to be deployed in traditional cable raceways installed above ceilings or below raised floors, eliminating the need to build a complex, hardened PDS system from EMT or commercial products and the lengthy, disruptive construction projects associated with it. Furthermore, when the network configuration changes, or personnel move between offices or buildings, Interceptor can quickly and easily be redeployed. www.MIT-kmi.com
Multithreat Security Platform Integrates New Functionalities Fortinet, a provider of network security and unified threat management solutions, has announced the release of a carrier-grade version of its FortiGate multithreat security platform. The new FortiCarrier family integrates many new functionalities to help carriers, service providers, managed security service providers and enterprises better protect their own networks as well as the networks of their customers through cloud-based security delivered as a service. Fortinet’s FortiCarrier platform includes all the capabilities of the FortiGate line plus a specialized “superset” of carrier-class features: securing Voice-over-IP infrastructures and mobile operator content, and enabling automated provisioning and management of security policies on a per-user basis. In addition,
Transponders Separate Friends From Foes BAE Systems received a $13 million contract modification from the Naval Air Systems Command to provide 500 identification friend or foe (IFF) digital transponders and spares to the Navy and Army. The AN/APX-118 common transponder identifies aircraft and ships as friendly forces by responding to interrogations from ground-based or airborne IFF systems. The transponders, installed on aircraft and naval vessels, positively establish the identity of friendly forces. Those that do not identify themselves as friendly are considered threats. The Navy and Army use the common transponder on submarines, surface ships, fixed-wing aircraft and helicopters. The AN/APX-118 replaces outdated IFF transponders with digital technology, improving the reliability and maintainability of aging systems. BAE Systems has delivered more than 4,000 AN/APX-118 common transponders to the Navy and Army under the NAVAIR contract since 1999. Maria Felix: firstname.lastname@example.org
FortiCarrier provides the intelligent infrastructure to help service providers more easily deliver security as a service to their customers through, among other things, the industry’s only fully virtualized offering to support nine consolidated security features. The new FortiCarrier features are driven by three key trends: the convergence of content types including data, voice, video and mobile content onto a single network; the proliferation of mobile threats; and the growing popularity of the security-as-a-service business model. The security implications of these trends are addressed through new enhancements to the FortiOS Carrier 4.0 operating system and supported by the FortiCarrier-3810A and -5001A-DW hardware platforms.
Platform Selected for Fort Bragg Infrastructure Modernization Fujitsu Network Communications, a supplier of optical and wireless networking solutions, has announced a contract with Black Box Network Services to upgrade an integral part of the communications network architecture at Fort Bragg, N.C. The project is in support of the Program Executive Office, Enterprise Information Systems (PEO EIS) Installation Information Infrastructure Modernization Program (I3MP) to improve communications at military bases and installations worldwide, and was awarded under the Army’s Infrastructure Modernization (IMOD) contract. The Fujitsu Flashwave 7500 Reconfigurable Optical Add/Drop Multiplexer (ROADM) will be used to transport information throughout the base’s data network backbone. The Flashwave VE 7500 ROADM platform is an ideal solution for demanding network applications, incorporating advanced, field-proven optical technologies and a flexible, modular architecture that supports reliable, cost-effective service. The platform enables a broad spectrum of new, high-bandwidth applications such as broadband Internet transport, high-density video distribution, and advanced IP and Ethernet services. Jeana Cunnigham: email@example.com
Tactical SIGINT System Included in Mine Protected Vehicles A team led by General Dynamics C4 Systems has received a new, $3 million delivery order from the Army to integrate the Prophet Enhanced tactical signals intelligence system into medium mine protected vehicles (MMPV). The order is in support of a Department of Defense requirement that is providing additional intelligence, surveillance and reconnaissance capabilities to the U.S. military. MMPVs equipped with the Prophet Enhanced system will be delivered to the Army in October 2009. This order was executed under a six-year, indefinite-delivery/indefinite-quantity contract that the Army awarded to the General Dynamics-led team in February. It has an estimated total potential value of $866 million if all options are exercised. www.MIT-kmi.com
In addition to the $3 million order, an initial delivery order valued at $71 million was awarded in February. Integrated into up-armored MMPVs and HMMWVs, the system enables tactical commanders to securely and accurately detect, identify, locate and deter a wide range of signal emissions on the battlefield. To reduce the overall cost of future system upgrades and enhancements, the Prophet Enhanced design incorporates pre-planned upgrades and technology insertions. The contract also calls for standardized training. General Dynamics C4 Systems is the prime contractor for the Prophet Enhanced program. Team members include L-3 Communications and Northrop Grumman Information Technology. MIT 13.5 | 23
Securing National Security Information Systems
Lieutenant General Keith B. Alexander Director, National Security Agency Chief, Central Security Service Army Lieutenant General Keith B. Alexander is the director, National Security Agency (NSA), and chief, Central Security Service (CSS). As the director of NSA and chief of CSS, he is responsible for a combat support agency of the Department of Defense with military and civilian personnel stationed worldwide. Alexander’s previous assignments include the deputy chief of staff, Headquarters, Department of the Army; commanding general of the Army Intelligence and Security Command; director of intelligence, U.S. Central Command; and deputy director for requirements, capabilities, assessments and doctrine, J-2, for the Joint Chiefs of Staff. He has also served in a variety of command assignments in Germany and the United States, including tours as commander of Border Field Office, 511th MI Battalion, 66th MI Group; 336th Army Security Agency Company, 525th MI Group; 204th MI Battalion; and 525th MI Brigade. Additionally, Alexander held key staff assignments as deputy director and operations officer, Army Intelligence Master Plan, for the deputy chief of staff for intelligence; S-3 and executive officer, 522nd MI Battalion, 2nd Armored Division; G-2 for the 1st Armored Division both in Germany and Operation Desert Shield/Desert Storm in Saudi Arabia. Alexander holds a Bachelor of Science from the U.S. Military Academy and a Master of Science in business administration from Boston University. He holds a Master of Science in systems technology (electronic warfare) and a Master of Science in physics from the Naval Post Graduate School, as well as a Master of Science in national security strategy from the National Defense University. Alexander was interviewed by MIT Editor Harrison Donnelly. Q: You recently said, “We do not want to run cybersecurity for the United States government.” By contrast, how would you describe what NSA does want to do in this area? A: Achieving the goal of cybersecurity will require the collective efforts of many across the government and private sector. NSA has a distinctive but necessary role in national cybersecurity and is pleased to be on that team and in a position to make a unique contribution. The natural evolution of our work in communications intelligence has given us a deep perspective in understanding digital communications and the dangers therein. That’s important to remember when considering NSA’s www.MIT-kmi.com
role. Cybersecurity is about securing information, and we have been one of the government’s primary agents for securing our national security information systems since our inception. The secretary of defense is the government’s executive agent for the defense of U.S. national security systems, and I am his national manager charged with carrying out these responsibilities. NSA’s primary role in cybersecurity is to help protect national security information assets, which essentially are classified government and military communications. Also within the 000 structure are the critical contributions of STRATCOM component commands—the Joint Functional Component Command for Network Warfare [JFCC-NW] and Joint Task ForceGlobal Network Operations [JTF-GNO]. As commander, JFCC-NW, I exercise operational control of JTF-GNO in order to plan, coordinate and conduct offensive and defensive cyberspace operations. The Department of Homeland Security [DHS] has a similar charge to defend U.S. government unclassified systems and partner with private industry. FBI, CIA, Treasury and others also have key roles in cybersecurity, and the private sector is responsible for protecting the systems it operates. All of these networks of government—classified, unclassified and private sector—are not only interconnected but are often the same networks. So the nation’s approach to cybersecurity must be synchronized. MIT 13.5 | 25
The bottom line is this: NSA’s role is to continue our defensive work as well as to contribute to the work of other responsible parties by offering our expertise to assist them in their part of the cybersecurity effort. Q: How would you characterize the overall cyberthreat environment, as it applies to the United States in general, the federal government and the military? A: Simply stated, it’s real. This is no contrived or overstated alarm. In just a very short time, cyber-based devices and tools have been incorporated into our work and personal lives in ways most of us barely imagined 20 years ago. They are widely available, relatively inexpensive to acquire, portable, easy to use and extremely popular. But convenience and security seldom go hand in hand, and in some cases convenience adds to the vulnerability if users aren’t From its base at Fort Meade, Md., the National Security Agency carries out defensive work on its own, and also offers its expertise to other mindful of potential risks, agencies to help in cybersecurity effots. [Photo courtesy of the National Security Agency] thereby taking appropriate steps to protect information and information systems of every the shutting down of communications. Think about how much kind. of our daily activities are “digitized.” Just in the drive to work, We’re all aware of the growing epidemic of identity theft. many of us are on cell phones, use GPS navigators, depend on That’s just one aspect of the overall cyberthreat to the nation. computerized traffic signals, and listen to HD radio. Every day The tactics used to steal someone’s identity for criminal profit purchases are made or recorded across the information grid. are much the same as those for stealing state secrets, sensitive Add to all of this social networking and a growing use—almost information or government records. And, in many cases, it’s the dependency—on wireless communications. same type of person or group doing it—organized criminal eleNow, put these circumstances together. The military has ments, for instance. done a remarkable job of leveraging new technology in order But, as damaging as information theft is, we also face the to revolutionize the way it communicates. But this technology added danger of data manipulation. This is how our infrastrucalso brings new risks. Soldiers in the field carry cell phones ture, including energy, transportation and utilities, could be and PDAs. Communications from military installations and most affected. hostile zones are always at risk of interception by adversaries, Almost two years ago, Estonia was hit by a highly coordibut personal devices are now added into the mix. Inadvertent nated, well-supported, Russian-based cyber-attack. The entire disclosures of sensitive information can have devastating conEstonian cyber-infrastructure was brought to a standstill. sequences. Terrorists are using the Internet to study emergency telephone systems, electrical generation and transmission, water Q: In your address at the RSA Conference 2009, you emphaand storage distribution, nuclear power plants and gas facilisized the importance of teamwork in information security. ties. Specifically, aI Qaida is known to frequent Internet sites How are you working to strengthen teaming within DoD and that offer software and programming instructions for digital the intelligence community? switches that run our power, water, transportation and communications grids. A: It’s not so much about what I’m doing, as it is what the variAnother threat facing us is denial of service, which is to say ous government agencies are doing. The severity and immediacy 26 | MIT 13.5
of the global cyberthreat is bringing forces together much as the Axis threat did in World War II. Every government entity with a stake in protecting our government information security has stepped up and is working to help each other as needed, as well as bolstering their own respective work forces. Although the cybersecurity business is still relatively new, some of NSA’s business areas, like Red and Blue Teaming, are fairly mature. We make a tremendous effort to team with the entire community. We host events to share lessons learned, set up ways to share tools, share our training and methods, and develop standards so that data can be integrated. I’ll also re-emphasize the collaborative work of JFCC-NW, JTF-GNO, the Defense Information Systems Agency [DISA] and NSA/CSS. This is a formidable group that leverages a range of skills, accesses and experiences under the STRATCOM mission to ensure U.S. freedom of action in cyberspace. It’s working, and it will continue to improve. Q: What new forms of information technology do you see as creating the most significant vulnerabilities for the military and intelligence communities? A: As I mentioned, cell phones and PDAs, while not new technologies, have become an integral part of our communications environment, but they also make us vulnerable in new ways. Thumb drives with multi-gigabyte capacity are cheap and easily
available. GPS units can also be exploited. While none of these devices are unique to the military or government, new and creative methods to exploit them are constantly being developed. Essentially, if it’s digital and online, it should be considered vulnerable. Q: As they go about their daily business, what would you most like for people in DoD and the intelligence community to do or be more aware of in order to help improve information security? A: I’d like people to be aware of the impact that every individual has on security of the entire enterprise and their resulting responsibility. In a world where everyone is connected, we say that a risk assumed by one, even unknowingly, is a risk shared by all. Communications security or information assurance is as much individual responsibility as it is technology. Go back to my reference to identity theft. What information would you not want others to see? It’s not always “after the fact” security that needs to be observed. By that I mean there is more than shredding sensitive papers or cutting up old credit cards. Information assurance must be practiced on the go. As useful and necessary as it is, don’t depend on technology as the sole means of securing data. Commonsense caution combined with encryption, firewalls, passwords and other technical means is how we will improve our security.
MIT 13.5 | 27
Q: What can be done to improve network situational awareness and to pass information about malicious software or malware at network speed? A: As is often the case, education is the first line of defense. NSA has a long history as a leader in operational and communications security, so those sensitivities are ingrained in our operations. Still, malware and spyware developers are very clever, and their tradecraft has become less expensive and easier to practice. They also have a target-rich environment in that they can reach out and “touch” any and every aspect of modern society with a few keyboard strokes and a good connection to the Internet. Everyone—individuals, companies and governments—needs to understand that and appreciate the potential damages. For our part, those of us with network security responsibilities need to work harder to be in front of these malicious developments as much as possible. Once malware is introduced, for the victims it’s too late. But this is yet another example of the advantage we have with the resident expertise and resources of intelligence, military and homeland security assets. We’ll discover—as a collective—and share with and learn from industry and academia. I don’t know that we can eliminate malware, but I’m confident that this coalition will cut into its proliferation and severely diminish its effectiveness.
Q: What do you see as the most effective approaches for increasing cooperation with industry and academia? A: Everyone in the private sector needs to understand that neither NSA nor the U.S. government has the responsibility for directly securing private sector information and networks. That responsibility lies with those who built and maintain those systems. And when considering that we all rely heavily on commercially built networks, we realize that if the telecommunications industry is not part of the security strategy, then nothing anyone else does will matter. The academic community is equally critical, as it is from that population we are getting not only excellently trained network specialists, but also some very good research as well. We also hope that part of the educational development is training on information management ethics. NSA is very involved in helping government, industry and academia set open standards for security. For example, we support the National Institute of Standards and Technology [NIST] in evaluating candidates for the new Cryptographic Hash standard, we’ve developed a new Cryptographic Interoperability Standard that we call “Suite B” to help drive the commercial industry, and we play a major role with partners like NIST, DISA and numerous commercial partners to define standards for automated configuration management and patching. The interconnection of government, industry and academia is happening. There is quite a bit of interaction among the three, and we’re sharing ideas, techniques and, occasionally, resources in a true team approach. I think that relationship will only get stronger. Q: How do you view the future for network defense? A: The bad guys only have to find one way in to be successful, while the cyberdefender has to protect against all avenues of approach. Currently, cybersecurity is essentially looking for things in the network we know how to recognize and reporting about them after the fact. So, when an incident occurs, the logical question then is, “Why didn’t you do something about it?” To prevent disease, doctors must study victims of it and, from that study, determine courses of action to be taken to inoculate the population from future outbreaks. We have to carefully and quickly study cyber-incidents and determine what vulnerabilities exist, how they were exploited and what can be done to prevent future attacks. NSA today provides guidance that is making it harder for the cyber-adversary to be successful, and we provide our guidance to other government agencies, including DHS and others that work with the commercial sector to help promote protection. Simply put, we want to perform fewer autopsies and practice more prevention. With the superb cooperation we’re already seeing among the government, academic and commercial sectors, I believe defense of all information networks will improve exponentially each year. I doubt we’ll ever be 100 percent secure, but with continued cooperation and aggressive education for the public, I do believe there will be fewer incidents of mass consequence. If nothing else, adversaries will have to work a lot harder and longer and expend many more resources for fewer results. ✯
28 | MIT 13.5
AS PRICES FALL AND CAPACITIES INCREASE, SOLID STATE DRIVES ARE MAKING MORE INROADS INTO MILITARY DATA STORAGE APPLICATIONS. BY PETER A. BUXBAUM, MIT CORRESPONDENT When a U.S. Navy aerial surveillance aircraft encountered Chinese jet fighters and was forced to land on a Chinese-held island in 2001, the crew found it necessary, in light of the hostile nature of the incident, to destroy the data stored on the aircraftâ€™s onboard systems. Logically, such an operation ought to be accomplished with the push of a button or by entering a simple command. Instead, the crew was forced to use axes against the systems in order to prevent their Chinese captors from gaining access to sensitive data. The crew had to physically destroy the storage media because most of the data gathering systems on the aircraft in question employ hard disk drives like those found in most home and office computers. It is nearly impossible to completely erase a hard disk, and any erasure would take too long in an emergency situation. Thatâ€™s why the axes came out. These days, growing numbers of military computing systems, and some comwww.MIT-kmi.com
mercial ones as well, are employing solid state drives (SSDs) as an alternative to the hard drives familiar to anyone who owns a personal computer. While SSDs have had a niche in high-end military systems for some time now, usage is expected to expand greatly as prices continue to fall. Data decimation may seem an unusual place to start a consideration of data storage media, but the need to destroy sensitive data in emergency situations is a real-life security consideration for which the U.S. military has regulations and procedures. If the naval aviators had had SSDs on board their aircraft, they could have completely erased their data with the push of a button. That is only one aspect by which solid state drives are distinguished from their older, hard-drive counterparts. At the physical level, SSDs contain no moving parts and employ flash memory, a nonvolatile medium that stores data on chips and requires no power to maintain. Hard drives, by contrast, consist of a spinning disk and a moving arm with a read/write head.
The lack of moving parts means that SSDs are a more stable medium than hard drives, consume less power, emit little if any heat, and provide quicker access to data. They have other advantages as well.
EXTREME ADVANTAGES The military often must sustain operations in extreme environments, where SSDs are far more reliable. They excel at high altitudes and when exposed to humidity, temperature, sand, dust and vibration. Ordinary hard drives, by contrast, must be specially ruggedized and protected to meet military criteria. SSDs also increasingly incorporate leading-edge data security features that comply with rigorous military security standards and are very small in size. U.S. military systems have incorporated solid state storage subsystems in applications such as aircraft data recorders, image exploitation computers, navigation systems and on vehicle-mounted computers. MIT 13.5 | 29
Falling prices and higher storage densities could push SSDs out to applications carried by small units of dismounted soldiers, such as wearable PCs. “Solid state storage is a disk drive that has no moving parts,” said Gary Drossel, director of product planning at the solid state storage business unit of Western Digital Corp. “No moving parts means the medium itself is not volatile, and makes it more reliable when exposed to shock, vibration, high temperatures and other environment factors. Other than that, they look just like other disk drives and use standard interfaces.” “SSDs are 100 percent solid state, providing a minimum of 1,000 G shock resistance,” said Troy Winslow, director of product marketing at Intel Corp.’s flash memory products group. “With no Troy Winslow moving parts, Intel’s SSDs provide more than 900 percent performance improvement over standard hard drives, meaning that the systems boot faster, open and close applications faster, consume less power, and can be operated on the go regardless of the environment, which is critical for military applications.” And as far as the erasure capability goes, “It is built into the conAmos Deacon trol system of the drive,” explained Roydn Jones, vice president for firstname.lastname@example.org advanced products at Trident Space & Defense, a provider of solid state drives and other products. “It is like pushing a panic button. The computer will erase all of the data in tens of seconds. Other memories erase more slowly, and there is inevitably some remnant of the data left on the drive.” The key factors preventing every military computer, or home Francisco Fronda or office computer for that matter, from being equipped with SSDs have been price and density. “The costs of solid state drives are still significantly higher,” said Amos Deacon, president of Phoenix International Systems, a manufacturer of storage systems. “You can buy a single hard drive with 2 terabytes of capacity for $500. For flash memory, you will have to add a couple of zeros.” There is also the problem of capacity. “The highest density flash memory chips are in the 4-GB area, with 8 GB coming on line,” said Jones. Price has been a function, not just of the lack of critical mass in the marketplace, but of the physics of the device, noted Drossel. “This makes them much more expensive to manufacture relative to magnetic media disk drives,” he said. 30 | MIT 13.5
CONSUMER-DRIVEN SAVINGS The good news is that prices have been coming down, which has increased the opportunities for deploying SSDs to greater numbers of military computing applications. Price reductions were driven by the consumer market, according to Drossel. When flash memory made its appearance in digital cameras and MP3 players, companies made a mad dash to grab a piece of the action. As a result, the price of a gigabyte of SSD capacity has fallen an average of 15–20 percent per year in recent years, and that trend is likely to continue for some time, Drossel said. “The continued decrease of prices for higher capacity solid state storage has made it all the more appropriate medium for military applications,” said Francisco Fronda, assistant vice president for product management at Bitmicro Networks, a maker of solid state storage media. “Coupled with the advantages of ruggedness and lower power consumption that it has over other storage technology solutions, such as magnetic hard drives, these will strengthen the rationale for its use in the military market and should pave the way for even wider adoption. We can see numerous manufacturers today joining the SSD bandwagon as new players emerge from stealth mode, all developing new products that will address the growing needs of the military and industrial applications segments of the market.” “SSDs are primarily used in military grade notebooks and tablets that are used by field personnel as well as installed in military vehicles,” added Winslow. “As the costs for these systems decrease, the breadth of the military deployment will increase.” Solid state drives are already providing significant opportunities for military equipment manufacturers to decrease costs and increase the performance and reliability of their products, according to Winslow. “Intel had one military OEM customer tell us they are saving around $1,000 per notebook PC and tablet by not having to shock-proof their existing hard disk drive bay,” he said. Earlier this year, Phoenix International Systems introduced a data storage plug-in blade in which one or two SSDs are used. The VS1-250-SSD Serial Attached SCSI (SAS)/Serial ATA (SATA) based Solid State Disk VME, which houses one or two 2.5-inch SAS or SATA SSDs and up to 256 GB of storage per device, is designed as a drop-in replacement for a traditional hard disk drive that is configurable for the environment in which it is to be operating, according to Deacon. SAS and SATA refer to available serial disk drive interfaces. SAS is considered to be the more sophisticated of the two, since it provides multiple paths to data, thus mitigating the possibility of failure. The VS1-250 has an operating temperature range from -40 to 85 degrees C and functions at altitudes of 80,000 feet and higher. The VS1-250-SSD also complies with current Department of Defense security standards providing multiple levels of secure erase techniques. The device offers significantly lower power consumption, according to Deacon, and eliminates seek time, latency and other electro-mechanical delays commonly associated with conventional rotating media. “What our product does allow you to do is pick the type of environment the application is going to work in and then configure product with the characteristics, whether that be protection against temperature, shock, vibration or altitude, tailored for that particular application,” said Deacon. www.MIT-kmi.com
SPECIALIZED FEATURES Price was never the key factor in employing SSDs in missioncritical military systems that required the ultimate in reliability and/ or needed to withstand extreme environmental conditions, according to Drossel. “Now that prices have come down for SSD capacity, that technology is now a lot more attractive for applications such as mapping, high-end graphics, and data radio traffic. As SSDs with capacities of 120 GB have been introduced, and with a 250-GB drive coming soon, you will see them appear where they were never considered before, in applications like notebook computers and notebooks that provide portable computing in the field.”
“You can have a Global Hawk at 80,000 feet that sees a threat to the ground troops in the area. That threat can be communicated via a satellite data link directly to these frontline troops so that they get that intelligence in real time. To allow that to happen, you need to provide some capacity for data storage on those man-held systems. “A lot of these devices allow the storage of communications, imagery and intelligence data that can be very sensitive,” Deacon continued. “They include encryption routines that encode the information, but even with encryption it is possible to break codes. Incorporating flash SSDs into the applications infantry troops carried out to the front line makes the data more secure because the data can be destroyed if the devices fall into enemy hands.”
ADVANCED MATERIALS Fronda has also seen SSD devices being fashioned from more advanced materials. “In terms of reliability, we are seeing the development of new enclosures made from new materials that are more rugged to protect the drive from harsh physical environments,” he said. “For the components, we see the development of radiationhardened components and alternative memory components that are less prone to data integrity problems.” Deacon predicted that continued increases in capacity and falling prices will allow SSDs to “take over more and more business from traditional rotating media.” “If we could get the cost of SSDs down to the price of rotating media, we would replace all of As a replacement for a traditional hard disk drive, the solid state drives offer significantly lower power consumption and eliminate seek time, latency and other electro-mechanical delays commonly associated with conventional rotating media. them,” said Jones. [Image courtesy of Phoenix International] “We are now doubling the density of SSDs in less than 18 months,” Drossel added. “I don’t For Fronda, the traditional use cases will continue to be the drivknow if we will ever reach density of magnetic drives at an applicable ing force in military applications such as satellites and UAVs. “With cost, but it is clear that we are making great strides in that direction. SSDs becoming less expensive these days,” he said, “UAV data acquisiThe marketplace, and especially the military market, is not driven tion applications will stand to benefit from lower flight times and costs only by dollars per gigabyte.” to perform the same mission because of higher SSD capacities.” “The military market, being a traditional one for rugged storage, In view of continuous price reductions and stiffer competition, will continue to provide a solid base of revenue for the SSD market,” specialized makers of SSDs are differentiating themselves from the said Fronda. “It leverages the advantages inherent in SSDs that are competition by developing and shipping products with specialized not normally provided by other storage technology solutions.” features, including the introduction of full-disk encrypted SSDs. But the enterprise market for SSDs is growing and is much more “Through the use of encryption, users who do not have the encryption price sensitive than the military market. Therein lies a potential keys will not be able to access data on the SSD,” Fronda explained. pitfall for the military, according to Jones. “Other features that are being developed are antivirus and antimal“As prices continue to fall, the enterprise market will be taking ware agents being incorporated in the SSD. This adds another layer off,” he said. “Larger companies are buying out smaller in order to of security preventing the corruption of data.” get into the enterprise market, and the end result will be that a lot of SSD-makers are also including mechanisms that allow for very military suppliers of SSDs will be chasing enterprise customers. rapid and secure erasure of data. “These devices can erase all of the “The enterprise market is not as demanding in its requirements data residing on every memory chip in one simultaneous action,” said for solid state media as is the military, in terms of endurance, secuFronda. “SSD-makers are also consistently developing algorithms to rity, small geometrics and increased capacities,” Jones said. “The nondestructively erase the data at the fastest possible time.” downside of this is that performance of flash drives might degrade Adding additional security to disks opens them up to a host of as a result, and that doesn’t help the military.” ✯ new applications. Jones sees custom SSDs making their way to GPS applications, with their many security requirements. Contact Editor Harrison Donnelly at “In the future, especially as the size of these devices gets smaller, email@example.com. For more information related to this subject, SSDs are going to be used, not only on large weapons systems such as search our archives at www.MIT-kmi.com. aircraft, but by frontline troops using man-held devices,” said Deacon. www.MIT-kmi.com
MIT 13.5 | 31
INFORMATION-SHARING TECHNOLOGY PLAYED A KEY ROLE IN COORDINATING THE MANY MILITARY ORGANIZATIONS INVOLVED IN THE 2009 PRESIDENTIAL INAUGURATION. BY COLONEL HERBERT H. WESSELMAN AND LIEUTENANT COLONEL GEORGE T. RIVERS Amid all the public and media excitement surrounding the 56th Presidential Inauguration, the Joint Force Headquarters National Capital Region (JFHQ-NCR) with its Armed Forces Inaugural Committee (AFIC) was charged with providing Department of Defense support for the inauguration. As January 20, 2009, approached, JFHQ-NCR transitioned into Joint Task Force-National Capital Region (JTFNCR), executing a three-pronged mission 32 | MIT 13.5
to provide ceremonial support to honor the commander in chief; provide DoD capabilities to support approved requests from civil authorities; and “be prepared to” support the lead federal agency in response to any consequence management requirement. Mission execution on Inauguration Day depended on the ability to coordinate actions by multiple active, Guard and Reserve units, as well as numerous local, state and federal interagency partners.
Communicators and IT professionals working behind the scenes, and the use of collaborative tools at all levels to coordinate the diverse actions were key enablers for mission success on Inauguration Day. Fortunately, this operation occurred in the National Capital Region, where the communications infrastructure is dense. This density enabled communications planners to use existing infrastructure, and extensions to temporary facilities www.MIT-kmi.com
located throughout the Washington, D.C., area, to provide a diverse communications architecture to support the mission. The architecture included wired and wireless phones, land-mobile and tactical radios, and NIPRNet connections. On January 20, the AFIC had one fixed and 11 temporary facilities performing command and control functions, public affairs interaction, vehicle dispatch, and law-enforcement coordination. JTF-NCR had units deployed to Capitol Hill, the parade route and various interagency command nodes throughout the NCR. Joint Task Force-Capital Medical was similarly deployed throughout the NCR. Additionally, the National Guard deployed elements from the D.C. National Guard (JTF-DC) to coordinate National Guard support throughout the NCR. Finally, the Virginia National Guard (JTF29) was prepared to support consequence management using Fort Belvoir, Va., as a staging base.
INFORMATION EXCHANGE The use of the Defense Information Systems Agency applications Defense Connect Online (DCO) and Jabber Chat facilitated the exchange of information, coordination of actions and execution status tracking. There were multiple collaborative sessions established in support of the inauguration. Functional communities established rooms to facilitate actions within that community of interest. For example, the AFIC communications teams assigned to each field location used a collaborative session to provide status updates to the Communications Coordination Cell (CCC) in the AFIC Ceremonial Information Center (CIC). The AFIC CIC in turn had its own collaborative session with participants from all functional areas to track completion of items on the master events list. Taken in total, the use of collaborative tools provided shared situational awareness, enabling each organization to succeed in its assigned mission. The National Guard employed its Joint Incident Site Communications Capability (JISCC), which included 15 systems throughout the NCR supporting JTF-DC, and four systems at strategic locations in Maryland and Virginia in support of JTF29. The JISCC is a multifunctional comwww.MIT-kmi.com
munications platform that provides the National Guard with its onsite communications, collaborative tools platforms (networking, video teleconference and satellite reachback), and interoperable radio communications with local/civilian first responders supporting the incident scene. Following the tenets of the “USNORTHCOM-National Guard Bureau Joint CONUS Communications Support Environment (JCCSE) Concept for Joint C4,” National Guard communications for C4 response were coordinated by the Joint C4 Coordination Center (JCCC). The JCCC is the key element for effective C4 response and has consistently proved itself since inception during the Hurricane Katrina response in 2005. Information sharing and event management (request for information or assistance) were accomplished for the National Guard Bureau using the Joint Information Exchange Environment (JIEE), a Webbased tool accessed by all 54 state and territory National Guard joint force headquarters (JFHQs), as well as USNORTHCOM, to ensure key/timely information flow and situational awareness. The JIEE effectively allowed the National Guard to coordinate the capabilities from state to national level—ensuring mission success on Inauguration Day. Collaborative sessions facilitated much more than execution of the ceremony. For instance, JTF-NCR J6, service component-6s, NGB J6 (JCCC), JTF-DC J6 and JTF-29 J6 had communications capabilities supporting the ceremony, and others in a “be prepared to” status that could respond in a consequence-management mode. The JTF-NCR Joint Network Control Center (JNCC) hosted a DCO session with participation from each of these organizations. Although they were not full-time participants, the communications staff from the District of Columbia Homeland Security Emergency Management Agency was also able to participate in the session. Thankfully, the consequence-management functions of this session were not called upon during the inauguration. Had an event occurred, however, this collaborative session was established to facilitate the identification of units and capabilities that could respond in accordance with the JTF-NCR commander’s authorities under the Stafford Act, as well as orchestrate responses to approved
mission assignments from the lead federal agency.
WEB-ENABLED PLATFORM One other collaborative capability, Web Emergency Operations Center (WebEOC), utilized daily in the NCR, supported the interagency effort on Inauguration Day. The WebEOC capability provides a Web-enabled platform to share incident information among emergency response agencies. While there are local instances of WebEOC for many jurisdictions, within the NCR the state and local emergency management agencies—D.C. Homeland Security Emergency Management Agency, Maryland Emergency Management Agency, and Virginia Department of Emergency Management—agreed to use a common WebEOC for National Special Security Events. This agreement enables over 140 federal, state and local command nodes in the area to share information and coordinate actions. Leading up to the inauguration, communicators and IT professionals practiced and exercised the communications and collaborative tools necessary to support the mission. Integration of collaborative tools at all levels of the operation ensured that every ceremonial detail, logistics movement and law-enforcement link up was executed to the standard required to properly recognize the new commander in chief. Collaborative tools enabled multiple units and organizations to deliver approved DoD capabilities to venues across the NCR to support civil authorities. In addition, exercises including the use of collaborative tools assured units and organizations were prepared to respond in any consequence management event. Finally, the team of active, Guard and Reserve communicators supporting the inauguration was proud to have represented all military communicators on this historic event. ✯
Colonel Herbert H. Wesselman is with the Air Force, and Lieutenant Colonel George T. Rivers is with the Army National Guard. Contact Editor Harrison Donnelly at firstname.lastname@example.org. For more information related to this subject, search our archives at www.MIT-kmi.com.
MIT 13.5 | 33
COP Tool Boosts Network Awareness BY HARRISON DONNELLY, MIT EDITOR Setting out on a road trip from, say, Washington, D.C., to Norfolk, Va., the contemporary traveler goes to a favorite Website to learn if there are any recent accidents or construction projects, and plans the route to avoid unnecessary delays. Even if the trip is not until next week, the traveler at least can determine if any construction work is planned that could disrupt the journey. For those planning a network-dependent military operation—or scheduling needed network maintenance or responding to an unexpected outage—however, the communication of needed information has not been so easy. It may take a blizzard of e-mails and phone calls to ensure that everyone is up to date on the status of the network and its impact on vital missions. To make that kind of essential information sharing more efficient, EDS, an HP company, which operates the Navy Marine Corps Intranet (NMCI), recently developed a Navy network common operating picture (COP) tool to automate the process, protect the most vital missions and ensure that all users understand how they will be affected by what goes on in the network. “About eight months ago, a large problem was identified in that, although we were operating and executing changes well from an enterprise perspective, the individual commands and users had issues where they were unable to understand their operational impact from a given outage or a scheduled change,” said EDS network engineer Lance Arnold. “For example, if we were planning to take down a particular piece of network infrastructure, a large group of users serviced by the device would have even gotten the notification that something was happening. But they were unable to translate the outage from an infrastructure level to what that meant to the individual commands and users. “What the COP is designed to do at a high level, and what we’re piloting here, is providing information about those outages and changes, specifically tying them
34 | MIT 13.5
back to where there could be an operational impact, and allowing commands and users to react directly to that,” he said. The key, Arnold continued, is to be able to translate the impact of network operations—routine maintenance or responding to an information assurance vulnerability The Naval Network Warfare Command Maritime Operations Center monitors the network alert, for example— on a round-the-clock basis. [Photo courtesy of U.S. Navy] into terms that are a scrutiny above what the normal permeaningful to users. son would see. So they define who those “Say there’s a new vulnerability that people are—maybe by position, or perhaps has been identified, and we need to push a a specific person. patch to individual computers to respond “In the past, it was very difficult for to that vulnerability,” he said. “We’re us to provide the oversight that would requesting to do it at a particular time, and say that this particular maintenance was we go through the process and get everygoing to affect a particular person at this one’s approval. Then at the last minute time. But with the COP tool and the UDOP, they realize that the operational impact when we say that maintenance is going to of being without their e-mail during this happen on a specific switch or e-mail time is critical, and they can’t afford to be server, the algorithms and databases that without it, so we need to reschedule it or EDS has, and what they programmed into come up with a mitigation plan if it can’t the COP tool, will say that it’s going to be rescheduled. affect a certain person,” Hayes said. OVERSIGHT AID “That makes it easier for the command to make an educated operational decision While it has been in operation for on whether or not that outage can occur only a few months, the network COP has to that person at that time,” he continued. already produced marked improvements “Also, it makes it easier for us to say to in the eyes of Commander Everett Hayes, EDS that, in order for us to do this mainthe Navy Global Network Operations Centenance, we’re going to have to mitigate ter officer responsible for oversight of the it by moving that particular person to Navy portion of the NMCI. another e-mail server so they won’t experi“The COP tool starts with what we call ence an outage during that time period. a user-defined operational picture [UDOP], “From my perspective, the biggest which is where a command can specify utility that we get from the COP tool is who their high-value users are,” Hayes that we can see at a moment’s notice who said. “For instance, in a command like the command has determined to be the Pacific Fleet, there are hundreds or thoumost important users, and we can see sands of users in the environment. But the impact of a planned or unplanned they may have 50 people or seats that have outage in any element of the network,” an operational requirement that requires Hayes said. ✯
WITH ITS PROMISE OF ENHANCED SECURITY, MILS INFORMATION ARCHITECTURE GAINS GROUND AMONG DEFENSE USERS. BY ADAM BADDELEY, MIT CORRESPONDENT
A highly secure information architecture called Multiple Independent Levels of Security/Safety (MILS) is gaining ground among defense and aerospace users. The advance of MILS, developed by a coalition of government agencies, contractors and software vendors in recent years, reflects the convergence in the MILS world of separation and virtualization technology, which gives the user multiple secure operating system environments on the same computer. MILS is all about separation. The MILS architectural approach is a way of isolatwww.MIT-kmi.com
ing critical pieces of processes, functionality, domains and data. Quite simply, MILS takes the software that you really have to trust, separates it from everything else and then applies very advanced techniques to scrutinize that trusted software. The Open Group, an industry consortium that has been advocating MILS, defines the technology and its benefits this way: â€œThe MILS architecture partitions application programs, data and communications in distributed systems and enables development of systems where multiple levels of security
domains exist on a single processor, making it possible to replace several traditional, federated computers. By using the MILS architecture, high assurance systems development, certification, accreditation, purchase, deployment and operation are more efficient, more affordable and lower risk.â€? The spread of MILS is evident in a number of developments. At the MILCOM conference last fall, for example, a number of companies staged demonstrations of how MILS could be implemented to protect highly sensitive military and intelligence MIT 13.5 | 35
communications networks, showing its use in scenarios involving a suppression of enemy air defenses/destruction of enemy air defenses mission; offensive counter-air mission, time-sensitive targeting mission; and combat search and rescue mission. In addition, key companies continue to develop and certify MILS products and programs. Following are updates for some of the major players in the field.
GHOST IN THE MACHINE General Dynamics calls its MILS product portfolio for trusted computing products General Dynamics High Assurance Open Scalable Technology (GHOST). An “ingredient brand,” the Trusted Virtual Environment (TVE) is one of the latest additions. “With GHOST, we build in the security mechanism and the security features in a transparent fashion, such that it does not deteriorate or impact negatively operational considerations,” said Bill Ross, business director, information assurance systems and programs for General Dynamics C4 Systems. “TVE is just one of the products in the GHOST suite; the others are Trusted Network Environment, and the third is Trusted Embedded Environment.” The fundamental premise behind TVE is that it doesn’t violate the life cycle cost advantages of COTS solutions. Ross said, “What we have done is taken some of the most mainstream COTS capabilities, hardened them and effectively implemented a trusted computing solution that allows you to host multiple security classifications on a single commercial desktop computer with a minimal government off-the-shelf footprint.” For TVE, General Dynamics C4 Systems has partnered with a number of the big DoD suppliers of commercial computing technology, including Dell, Intel and VMware. With the latter, TVE takes VMware’s virtualization capabilities and “bakes in” security requirements into their virtual desktop product to pass the MILS certification process on a Dell computer, right off the factory floor. “Before TVE, to protect the core computer you had to write a significant chunk of security critical code that needed to be assured and analyzed and that was both difficult to assess and difficult to evaluate to a high level of assurance. Trusted embedded platforms had also always required a very custom embedded operating system that really did not have broad application and 36 | MIT 13.5
a fully fledged concept, according to David was very focused on a specific embedded Kleidermacher, chief technology officer at requirement and did not have general broad the company. mainstream commercial support. One of the “In the mid-1990s, our company realized key elements to consider is how your MILS that there was a major technology gap in the solution intersects with your existing enteroperating systems that controlled devices,” prise infrastructure. Nobody wants to come he said. “People were using old technology in with forklift and rip out your enterprise that wasn’t designed to partition software infrastructure,” Ross said. and keep it more reliable. That is why we “We are certified, we have been accredcame up with Integrity, our flagship realited by the National Security Agency, we are time operating system, to control systems currently coming out with new releases,” which demanded the highest levels of reliexplained Ross. “You can buy it right off the ability, availability and secuDell Website.” rity. Integrity’s first project Users include DoD and was the Boeing B-1B in 1997. intelligence community cusThat gives you an idea of how tomers, with Ross describwe designed it to meet the ing U.S. Special Operations highest levels of safety and Command as the initial pilot. security from day one.” “They were one of the chief Integrity quickly became proponents and key users successful across a variety of that have adopted TVE, and industries, including medithey are the furthest along cal devices, industrial control in terms of their utilization systems and telecommunicaand deployment of this techDavid Kleidermacher tions. Under the F-35 Joint nology.” Strike Fighter (JSF) program, Other customers are the Integrity technology began an evaluation assessing how this new technology and capaunder Common Criteria Evaluated Assurbility will fit within their overall business ance Level (EAL) 6+, which was completed process. Ross estimates that as many as a late last year. dozen agencies are at various stages of pilot“EAL 6+ high robustness is defined as ing trials or initial deployment today. Release the security level required to protect high 2 for TVE, which implements improved value information against even the most manageability, information assurance and sophisticated of hackers. No software on the performance capabilities, is scheduled for planet has ever been certified above EAL 5,” late this year. Kleidermacher noted. The value proposition for MILS is posIn 2004, NSA called on Green Hills to sibly greatest in armored vehicles seeking explore the application of Integrity’s softto reduce their computing infrastructure. ware separation kernel for desktop PCs. Ross said, “The Future Combat System “They had a big problem, not just within program is considering use of derivative NSA, but in the intelligence community and capabilities and technology for the weight across DoD, of requiring multiple desktops, and power constrained environment at the attached to different networks, for each user, tactical far edge.” which was a nightmare in terms of mainRoss sees TVE as a continuously improvtenance and usability,” he recalled. “They ing system. “We continue to invest in ways wanted us to run multiple instances of Winto make it easier to integrate into existing dows on top of Integrity, partitioning them enterprises, and we are always moving up using the MILS concept. While NSA’s High the assurance scale. We are taking advanAssurance Platform program has a vision of tage of some of the new security features eventually deploying high-assurance soluthat some of the chip set manufacturtions, we proved that solution exists today ers are making. As opportunities arise to with Integrity.” take advantage of hardware improvements, Kleidermacher explained how this was we continue to look for opportunities to done. “We developed virtualization techenhance performance.” nology that allows us to run any ‘guest’ ROBUST SECURITY operating system—whether Linux, Windows or anything else—in such a way that Green Hills Software’s work on MILS the visualization component doesn’t violate actually predates the latter’s emergence as the security policies enforced by Integrity. www.MIT-kmi.com
Thus, the mathematically proven separation, required as part of our EAL 6+ certification, is still intact even though we are running Windows.” The base model for Integrity is that information simply cannot be transferred between environments unless the system security policy explicitly allows it. The Integrity kernel is not providing any encryption, just resource management of the computer. What the system needs on top of that, such as middleware with its A high-assurance guard such as Turnstile is a network appliance used to mediate the flow of information between security domains. own client-server communication policy, [Image courtesy of Rockwell Collins] is above the kernel. try customers selected their MILS-DDS What is arguably as important as the to save CENTCOM $2.7 billion over the solution, and the two companies recently operating system certification itself, howcourse of a 23-year life cycle—a 96 percent announced their first defense user in that ever, is the affirmation of the company’s savings over the current architecture.” category, Boeing. high assurance software MILS is not just a tech“MILS separation kernels partition development process, which nical or hardware issue; applications on the same machine, allowing has now been applied to a human factors are coming interaction in only controlled ways. Runnumber of additional MILS increasingly into play as the ning DDS in a secure partition with other components—including solution proliferates across applications under the VxWorks MILS kerfile systems, Web servers users. This is obliging pronel brings many benefits,” explained Joe and window managers— viders to better understand Schlesselman, director of market developthat live above the operatpeople’s usage patterns, ment for military/aerospace at Real-Time ing system kernel. which will help drive MILS’s Innovations. “Let’s say you want to evolutionary path. “DoD has mandated the use of DDS, so implement a policy to trans“Users don’t like change. many existing programs and applications fer, maybe in one direction What if the world is not Joe Schlesselman already use it and many new programs but not the other,” Kleiderwilling to have two Winare adopting it. As these programs evolve macher said. “Now you have dows environments? How higher security or information assurance another application that do we provide them somerequirements, VxWorks MILS products lives on top of the Integrity thing that is as usable as can add security. There are very large kernel that must be develpossible yet still provides development efforts and millions of dollars oped using our high assura high-assurance separainvested in distributed applications using ance MILS process.” tion and control of sensitive DDS. This technology gives those applicaOthers have been getinformation? For example, tions a path to better security.” ting their hands on Integwe have some people who Alex Wilson, senior program manager rity as well. The software don’t want a PC on their at Wind River, explained that VxWorks has been included as part desk; they want their deskMILS Platform’s other recent news was its of the Coalition Warrior tops managed in the data Alex WIlson listing on the National Information AssurInteroperability Demoncenter and a thin or semiance Partnership CCEVS “Products in stration, deployed at a numthin client on their desk. We Evaluation” Website. Completion of evaluber of military and intelligence sites, and have adapted to support this configuration ation is scheduled for December 2011, and accepted as a Joint Capability Technology as well,” said Kleidermacher. if successful, the VxWorks MILS solution Demonstration (JCTD) for U.S. Central DATA DISTRIBUTION SERVICE will achieve certification to Common CriCommand. The JCTD is called OB1, which teria EAL 6+. stands for “one box, one wire.” The Real-Time Innovations (RTI)This VxWorks MILS has been built to “The goal is to collapse the differWind River MILS solution combines Wind conform to the Separation Kernel Protecent networks and computers down to River’s top-performing MILS kernel with tion Profile (SKPP), which defines the one computer and one network,” KleiderRTI’s messaging middleware. The combisecurity requirements of a separation macher said. “CENTCOM has commanders nation complies with the Object Managekernel in environments requiring high who must manage numerous different ment Group’s Data Distribution Service robustness. Wilson said, “The SKPP guides networks with separate computers for (DDS) for Real Time Systems standard, vendors in development of a COTS MILS each one. This technology gives them the which is rapidly gaining acceptance in the operating system, on which you in turn ability to reduce size, weight, power and military and beyond. can build a multilevel secure system.” maintenance costs. In fact, a recent study RTI and Wind River are long-term Wilson was talking immediately after of the JCTD by the Naval Postgraduate partners. Several government and industhe Open Group, which promotes open School reports that OB1 has the potential www.MIT-kmi.com
MIT 13.5 | 37
standards, held a conference this spring for a range of low power, deeply embedded on the future of MILS. “One of the big disuses. A variant of the AAMP for example, is cussions is how you can use MILS to build installed in handheld DAGR GPS devices. defenses against some of the cybersecuIn contrast, other software separation rity threats. The current infrastructure kernels, such as that of Green Hills and is either proprietary or built around WinVXworks, are software, designed to run dows or Linux. The security techniques on variety of COTS platforms, both portused to build these types of systems are ing their separation products to different now woefully inadequate for the kind of platforms. things they are being asked to do.” “AAMP7 was a building block—a hardWilson cited a recent cybersecurity ware-based separation kernel. We have breach in the JSF program as evidence of since embedded that in two products this. “Several terabytes of data related to so far, the JANUS crypto engine and a design and electronics systems of JSF was high assurance guard called Turnstile,” downloaded from Pentagon IT systems. said Ray Richards, principal engineering This was a breach not of the aircraft itself, manager in the Information Assurance nor its systems. It is nonetheless ironic Section of Rockwell Collins Advanced that while the aircraft itself is incredibly Technology Center. well protected, the systems A guard such as Turnthat build it are not.” stile is a network appliance “MILS gives people a used to mediate the flow natural path, in some cases, of information between using the same hardware security domains. If they family, to add a layer of prohave a trusted network tection,” added Schlesseland an untrusted network, man. “At this point, that users would put a guard isn’t really widely known or between them to check the understood, but it has great traffic going through in potential going forward. a very deep way to make Ray Richards MILS will impact not only sure that the information embedded and real-time flow respected the security systems like the combat polices. management systems, and “The benefit that the military avionics, but also warfighter gets from day-to-day infrastructure a device like that is it like telecommunications, increases the ability to medical devices and public share information, even utilities. when the information “By separating potenshared is on networks of tially interacting parts, the different classifications,” MILS concept will enable said Nancy Schroeder of designers to put together the Information Assurance Nancy Schroeder software components rapidly Division at Rockwell Colwithout being overwhelmed lins Government Systems. by the whole complex system,” Schlessel“For example, they are able to have access man continued. to information sharing, between a network that is top secret and one that is secret or NETWORK TURNSTILE unclassified. Normally information on the top secret network could not flow down The first device ever to be certified as and be shared on the secret or unclassified a MILS device was the Rockwell Collins side. However, if you insert one of these AAMP7G microprocessor, which was validevices, a cross-domain solution like the dated in 2005 by NSA as a device capable Turnstile guard, into the architecture, it of processing unclassified through Top is trusted to make the decision on what Secret codewords simultaneously. information can flow down or flow up Originally designed for safety critical between those two different networks.” use, to meet the FAA’s DO-178B avionIn addition to work on its own, Rockics standard for software safety developwell Collins has teamed with LynuxWorks ment, the AAMP7 processor is targeted and other companies in regards to MILS. 38 | MIT 13.5
Richards explained what was involved: “We use a very advanced copy of the Linux work separation kernel, and we did some R&D work to develop a thin client to display different data from different security domains on one display.” Demonstrated at the MILCOM conference last fall, this internally funded project solution has yet to be formally launched. Rockwell Collins worked with Green Hills on their separation kernel for JSF and formally analyzed it to EAL 6+ level, using a discipline of analysis called formal methods. This involves applying very strict mathematical analysis to digital systems to build high-fidelity models in a mathematical language of the systems under evaluation. Security certification includes the target hardware that the software is hosting, typically but necessarily limiting the speed at which the same software can be moved to additional differing hardware platforms. In the JSF certification, the company has made a decisive move toward a more generic solution, Richards said. “The initial certification of Green Hills was done on a Rockwell Collins processor card. However, our marching order was to make the analysis independent of the target platform as much as possible. We did the formal analysis above the hardware abstraction layer analyzing the targetindependent portions of the kernel.” There are two new separation kernels and another kernel in evaluation, and a number of companies are building other MILS products. Rockwell Collins believes this is necessary before the MILS marketplace can take off, as it will enable a broad base of developers to certify MILS components that can be layered on top of each other and interoperate. “There are a lot of companies developing MILS building blocks,” Schroeder said. “In short, we want to see more people developing MILS architectures. As a systems integrator, Rockwell Collins wants industry to create these building blocks, so we can utilize them to create systems that will increase information sharing for the warfighter on the tactical edge.” ✯ Contact Editor Harrison Donnelly at email@example.com. For more information related to this subject, search our archives at www.MIT-kmi.com.
Ruggedized Hardware Update Compiled by KMI Media Group staff
In-vehicle Router Based on Mobile Access Technology The DuraMAR 3230 from Parvus is an in-vehicle rugged router subsystem based around Cisco Systems’ 3230 mobile access router technology and Parvus’ Gigabit Ethernet switch hardware in an ultra-rugged chassis optimized for harsh military and civil vehicle/aircraft installations. Underscoring its application for IP-based situational awareness, the DuraMAR 3230 boasts the highest Ethernet switch port density of any known Cisco 3200 series-based COTS product. The unit’s sealed MIL-C-38999 connectors bring out a Cisco IOS-managed 10/100 WAN port, three IOS-managed 10/100 switch ports, and 13 10/100/1000 Gigabit Ethernet switch ports, as well as two multiprotocol serial ports and an RS-232 management console port. The unit is also equipped with a data zeroization button for enhanced security and a conductively cooled chassis with near cable-less internal design for solid reliability under high mechanical stress. By integra integrating Cisco’s mobile router together with Parvus’ modular PPC/104+ Gigabit Ethernet switch cards, the DuraMAR 3230 significantly expands LAN port count and bandwidth, while consolidating switch and router functions into a single hardened subsystem designed to MIL-STD-810F and MIL-STD-461E environmental conditions. This IPv6compliant switch/router is designed for prime defense c contractors and civil agencies to achieve mobile communications on the move and a wide range of new in-vehicle networking applications in even the harshest shock, vibration, thermal, ingress and EMI environments. Mike Southworth: firstname.lastname@example.org
System Designed for Small-sized Embedded Applications The Relio R9 from Sealevel Systems delivers RISC computing power in a compact, rugged package. Packed with a wealth of I/O features and using the latest embedded software environment, the system is based on the Atmel AT91SAM9263 processor boasting a 32-bit ARM instruction set for maximum performance. The Relio R9 is the perfect platform for embedded applications requiring small size, wide operating temperature range, and flexible I/O connectivity. Available with up to 256 MB RAM and 256 MB Flash memory, the unmatched I/O features of the Relio R9 extend the possible uses beyond traditional ARM applications. Standard I/O includes Ethernet, serial, USB, CAN Bus, digital and analog interface. For local or remote I/O expansion, the Relio R9 connects to Sealevel SeaI/O modules via the dedicated RS-485 expansion port and communicates via RS-485 Modbus RTU. The Relio R9 is housed in a rugged, ed, small enclosure suitable for mounting almost anywhere and nd is rated for a full -40 to +85 degreess Celsius operating temperature range. Sarah O’Hanlan Beasley: email@example.com
40 | MIT 13.5
Rugged Technology Included in Ground Soldier Ensemble Elbit Systems of America has been selected as part of an industry team led by Rockwell Collins for the system integration and prototype phase of the Ground Soldier Ensemble program for the Army. Elbit Systems of America and Rockwell Collins together formed “Team Spartan,” which was selected, as one of three teams, in a competition among several U.S. companies to develop the next-generation soldier-worn computer system. The system will provide situational awareness to soldiers during intense operations in a configuration that optimizes size, weight and power and can be customized for different missions. Elbit Systems of America will leverage its global soldier systems experience and lessons learned in rugged military computing technologies, including the battle-proven, soldier-worn Dominator computing system, to bring required computing capability to the program. Elbit Systems of America’s computing platforms support mission planning, situational awareness, target handling and device connectivity, as well as video and map displays. Dalia Rosen: firstname.lastname@example.org
Notebook Features Shock Mounted Removable Hard Drive The fully rugged Durabook R13S from GammaTech meets the military standard 810F specification for drop, shock and spill resistance and is rated IP54 for liquid and dust protection. The R13S comes fully incased in magnesium alloy and has protection doors for all the IO ports and connectors. The notebook comes with a sunlight-readable 13.3-inch WXGA convertible touch screen LCD that can also be used for tablet applications. The system’s standard security features include a shock-mounted removable hard drive, TPM module and fingerprint recognition. Paul Kim: email@example.com
Compiled KMI Media Group staff Compiled by by KMI Media Group staff
Mobile Thin Client Provides Enhanced Security
Application Aids Earned Value Management Reporting To help the Department of Defense and its contractors streamline compliance with earned value management (EVM) reporting requirements, Microsoft has announced a Project 2007 application tailored for Defense Contract Management Agency (DCMA) standards. As the agency responsible for tracking EVM figures for DoD contracts, DCMA requires the use of the UN Centre for the Facilitation of the Administration, Commerce and Transport (CEFACT) standard, a worldwide standard for cost and schedule project information. An application available free of charge on Microsoft’s open source hosting site guides users through the export of Microsoft Project 2007 data required by DCMA and translates the earned value output into the required UN CEFACT XML protocol. The application will provide significant cost savings for both DoD agencies and contractors by reducing the time and resources required to gather, analyze and format the data. Microsoft’s EVM tools provide a proven, objective way to measure the value of work completed based on the budget applied to that work. This application, co-developed with EVM partner QuantumPM, offers the tools to track this data in a format that follows specific DCMA requirements. Jared Adams: firstname.lastname@example.org
Kiosk Solution Attacks USB Security Threat
The newly designed HP 4410t Mobile Thin Client provides enhanced security access to server-based computing and reduces IT workloads while still providing the mobility of a reliable notebook. Since data is never stored locally, the HP 4410t Mobile Thin Client eliminates the risk of sensitive information getting into the wrong hands if the device is lost or stolen. Additionally, Microsoft’s latest embedded operating system, Windows Embedded Standard with Remote Desktop Protocol 6.1, enables devices to take advantage of the latest security and enterprise management technologies from Windows Server 2008. HP is the only vendor offering a choice of File Based Write Filter (FBWF) or Enhanced Write Filter (EWF), both of which are preloaded on the HP 4410t Mobile Thin Client. These features provide IT managers more options for enhanced security and increased productivity. FBWF adds flexibility by providing the same data protection benefits of EWF, while allowing administrators to save ve specific files, folders and configuration guration settings. Melissa Zieger: email@example.com
Tresys Technology, a provider of technology and services for customers with high security requirements, has developed a security solution for the recent threat to critical government information systems posed by “dirty” USB devices. A ruggedized, laptop-based kiosk appliance built on open source software is intended to mitigate that threat and make USB devices safe for use, even in very sensitive applications and locations. The USB cleansing appliance was built on Red Hat’s RHEL 5 platform, combining GOTS software with Tresys’ advanced, secure virtualization technology to effectively eliminate the dirty device threat. The formula of combining proven open source security technologies like SELinux with other customizable software allowed Tresys to address the security threat in real time. Danica Low: firstname.lastname@example.org
Rack-mount Platform Designed for Security and Network Services The PL-10450 from Win Enterprises is a 2U rack-mount platform designed for IDS/IPS, firewall, VPN gateway, load balancing, UTM applications, and other network services. The unit features modular I/O capabilities and can expand from a basic level of 8 x GbE to 26 x GbE. Customers can configure the I/O they require with copper and fiber LAN expansion modules. The unit features the Intel 3010 express chipset and ICH7R I/O controller, which support an Intel Core 2 Duo/ Pentium Dual Core LGA775 processor with 533/800/1066MHz FSB. Support is provided fo for ECC and non-ECC high speed DDRII me memory with up to 8 GB. One removable 3.5 inch SATA HDD bay and CompactFlash socket are available for system storage. John Hill: email@example.com
42 | MIT 13.5
Security Co-processors Speed Operations SafeNet, a provider of information security now affiliated with Aladdin Knowledge, has announced the availability of the SafeXcel-1742 and SafeXcel-1746, the next generation of the company’s proven security co-processors, and the SafeXcel-3120 and SafeXcel-3141 high-performance system on a chip processors. Each family of chips provides customers with flexible price and performance options when selecting a security solution for accelerating IPsec, SSL/TLS/DTLS, SRTP, MACsec and public key operations. The SafeXcel-1742 and SafeXcel-1746 security co-processors allow host processors to offload packet processing and crypto computations, providing acceleration of IPsec, TLS/ SSL/DTLS, SRTP and MACsec security protocol functions, as well as acceleration of the latest cipher and hash cryptographic algorithms, including Suite B. The SafeXcel-1746 contains the highest performance PKA in its class and meets requirements for very high session setup rates. Annie Smith: firstname.lastname@example.org
The advertisers index is provided as a service to our readers. KMI cannot be held responsible for discrepancies due to last-minute changes or alterations.
MI T CALEND A R & DI REC TO RY ADVERTISERS INDEX CapRock Government Solutions. . . . . . . . . . . . . . 11 www.caprock.com Cases2Go . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 www.cases2go.com Fujitsu Network . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 us.fujitsu.com/telecom General Dynamics C4 Systems-Needham . . . . . . . C2 www.gdc4systems.com/secureproducts General Dynamics C4 Systems-Taunton . . . . . . . 24 www.gdc4s.com
July 2009 Volume 13, Issue 6
L-3 East . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C4 www.l-3com.com McLane Advanced Technologies . . . . . . . . . . . . . . 19 www.mclaneat.com Network Integrity Systems . . . . . . . . . . . . . . . . . . 27 www.sipr-easy.com SafeNet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C3 www.safenet-inc.com/government TechNet Mid-America . . . . . . . . . . . . . . . . . . . . . . 28 www.technetmidamerica.org
Cover and In-Depth Interview with:
Lt Gen. Lt. G Jeffreyy A. Sorenson Chief Information Officer/G-6 Department of the Army
Special Report: Army Global Network Enterprise Construct
July 28-29, 2009 TechNet Mid-America Collinsville, Ill. www.technetmidamerica.org
August 7, 2009 DISA Forecast to Industry Arlington, Va. www.disa.mil/conferences August 18-20, 2009 LandWarNet 2009 Fort Lauderdale, Fla. www.afcea.org August 24-27, 2009 Air Force Information Technology Conference 2009 Montgomery, Ala. http://aďŹ tc.gunter.af.mil www.MIT-kmi.com
September 9, 2009 ComDef 2009 Washington, D.C. www.ideea.com/comdef09/ September 14-16, 2009 Air and Space Conference National Harbor, Md. www.afa.org
The new generation of X-band commercial satellites, with their higher power, faster data rates and greater expansion opportunities, are adding much-needed capacity for defense and intelligence communications.
Cutting-edge Sensing The Defense Advanced Research Projects Agency is backing research into a wide range of futuristic sensing technologies.
Host-based Security The Host Based Security System is a flexible, COTS-based application that monitors, detects and counters against known cyberthreats.
IA Aid STIG Compliance
September 29-October 1, 2009 Modern Day Marine Quantico, Va. www.marinemilitaryexpos.com
Securing VoIP As military use of Voice over Internet Protocol grows, concerns over the potential vulnerability of the technology are also increasing.
An array of products and services is available to help defense organizations comply with the Defense Information Systems Agencyâ€™s Security Technical Implementation Guides (STIGs), which seek to decrease the vulnerability of sensitive information.
The Information Assurance Technology Analysis Center is a central point of access for scientific and technical information regarding IA technologies, system vulnerabilities and analyses to support the development and implementation of effective defenses against information warfare attacks.
MIT 13.5 | 43
MILITARY INFORMATION TECHNOLOGY
Harry Gatanas Senior Vice President Defense and Intelligence Group Serco
Q: What is the Serco Cyber Center of Excellence?
A: The Serco Cyber Center of Excellence [CCOE] brings together our proven engineering process and tools with our extensive experience in the areas of communications systems and information technology applications, acquisition and program management, and learning and human capital management. As a virtual center of excellence, Serco’s CCOE combines state-of-the-art collaboration centers specializing in the Joint Capabilities Integration and Development System [JCIDS], Unified Modeling Language [UML] enterprise architecture, and comprehensive network operations to deliver a cyberfocused, integrated support infrastructure. It provides a means for federal civil and Department of Defense agencies to develop sovereign cyberspace options such as control and integrated global effects, maintain threat definition necessary for defensive and offensive countermeasures, evolve competency and capability definition required for education, training and career force development, and manage requirements for force enhancement such as global situational awareness and command and control. Q: What is unique about Serco’s approach to cybersecurity? A: Securing the cyberspace requires a holistic approach capable of responding to a wide array of potential challenges and to the unique requirements of the environment, as well as adapting to the mission and resources of the organization in question. The mission of Serco’s CCOE is to define and develop a superior set of capabilities and services, using an approach that offers organizations a baseline for decisions regarding the investment, operation and protection of their cyber-infrastructure and supported missions. Serco is uniquely positioned to address today’s cybersecurity challenge by employing a repeatable, proven process to develop requirements understanding, integrate the cyber-enterprise, and develop a cyberportfolio to manage the changing cyberthreat. Our architecture approach provides a means to develop a solutions road map from a frag44 | MIT 13.5
As with every project we undertake, our approach is informed by a deep understanding of the customer’s mission. Serco’s cyberpractitioners are subject matter experts who understand the differing requirements in the civilian and military environments. Q: What projects are being worked on, and for which customers?
mented cyber-operational picture to an integrated cybercapability. We train architects to think in object-oriented [OO] terms, have superior collaboration skills, and identify knowledge management needs. We provide decades of federal and DoD institutional knowledge necessary for cybercapabilitiesbased planning. Our approach answers operational capability questions, deals with complex organizational relationships, defines roles and responsibilities, identifies gaps and overlaps, responds to changes in threats, defends budgets and provides portfolio management. Q: What are the capabilities offered by the CCOE? A: The CCOE combines Serco’s strengths in engineering, IT and communications, program management and human capital management, and leverages our corporate-wide expertise across networked communications and infrastructure solutions, enterprise-level architecture development, security certification and accreditation, risk assessments and vulnerability analyses, applications development, and learning and training solutions. Serco’s CCOE offers services such as object-oriented analysis and design [OOAD] UML requirements management, strategic cyber-enterprise modeling founded on the Lean Six Sigma value chain, streamlined JCIDS document delivery, modern collaboration information technology, and expert cyber-enterprise architects and requirements management experts.
A: Serco is the provider of OO/UML cyberarchitecture services for the Air Force Communications Agency [AFCA]. We assist AFCA in their role as Air Force cyber-architects in evolving AFCA’s brittle architecting techniques to new, 21st-century architecting methodologies. Serco has a reputation as a thought leader in the development of DoD architectures, and we have demonstrated success in employing architecting tools and techniques in developing JCIDS and PPBE products tailored to DoD customer needs. Due to our architecting method, we were able to reuse elements of previous DoD architectures to jump-start the AFCA architecture—saving time and money. We also provide comprehensive planning, operations, information operations, information assurance and information technology services to U.S. Air Forces Central [USAFCENT] in direct support of Combined Air Operations Center [CAOC] operations. Serco uses its comprehensive knowledge of USAFCENT operations and weapons systems technology to monitor and analyze the operational effectiveness of the command and control systems/subsystems of the CAOC weapons system. Other ongoing efforts include design, construction, and preliminary testing and evaluation of a prototype cyber-operations center for the Air Force Research Laboratory. We designed, engineered, installed and sustained the Air Force Space Command Network Operations and Security Center [NOSC] and its continuity of operations site for Air Force Space Command. This NOSC was selected as one of the two Air Force integrated NOSCs that will manage the entire Air Force enterprise—both fixed and expeditionary operations services. We have also developed and managed information assurance services that are benchmarked practices exceeding DoD requirements. ✯ www.MIT-kmi.com