March 9, 2012

Cyberweapons move a step forward


An interesting article on Aviation Week illustrates how cyber and network weapons could be used in the near future to execute air-to-air attacks. Electronic warfare specialists and senior U.S. service officials are saying that U.S. Air Force is developing network weapons to attack aircrafts, but at the same time also Chinese Armed Forces are already fielding advanced cyberweapons to attack high-value aircrafts used for early warning, electronic surveillance, command & control, and intelligence.

As reported on the article. Lt. Gen. Herbert Carlisle, the deputy chief of staff for operations, recently said that “the Russians and the Chinese have designed specific electronic warfare platforms to go after all our high-value assets. Electronic attack can be the method of penetrating a system to implant viruses. You’ve got to find a way into the workings of that target system, and generally that’s through some sort of emitted signal. The Chinese have electronic attack means — both ground-based and aircraft-mounted — specifically designed to attack E-3 AWACS, E-8 Joint Stars and P-8 maritime patrol aircraft".

In such a context, Northrop Grumman (that was recently awarded of two important contracts in the domain of Cyber Security) has just issued a 136-page report to the US-China Economic and Security Review Commission, suggesting China is adamant in creating diverse and technically advanced cyberspace abilities, and specifying that Chinese military also has close relationships with large Chinese telecommunications firms, creating a path for China to penetrate supply networks for commodities used by the U.S. government, military and the private sector.

China’s cyber capabilities appear advanced enough to disrupt U.S. military operations in case of a conflict. “A few weeks before a potential conflict over Taiwan, the People’s Liberation Army of China may mount a computer network attack on systems operated by the U.S. Pacific Command and Transportation Command to confuse the U.S. command and control picture,” the report from the U.S.-China Economic and Security Review Commission found.

According to the report, "computer network operations (attack, defense, and exploitation) have become fundamental to the People’s Liberation Army’s strategic campaign goals for seizing information dominance early and using it to enable and support other PLA operations throughout a conflict. During peacetime, computer network exploitation has likely become a cornerstone of PLA and civilian intelligence collection operations supporting national military and civilian strategic goals"

"Military operations have benefitted from the unlimited range and precision of network based weapons and intelligence collection opportunities. Holding an adversary’s logistics and communications capabilities at risk previously required kinetic options (accurate missiles, quiet submarines, special operations forces, or advanced maritime strike aircraft) to physically target key communications nodes. PLA leaders understand now that tactical level employment of computer network attack tools used with sufficient precision can achieve dramatic strategic outcomes with the potential to alter a campaign"

Reference: Aviation Week (1), TheNewNewInternet (2), China Defense Mashup (3), USCC.gov (4)

March 7, 2012

Contract Award: Northrop Grumman to implement Cyber Protection for U.S. DoD


News Report

Just a few days after being awarded the NATO NCIRC contract in partnership with Finmeccanica, Northrop Grumman announced the acquisition of a cybersecurity task order by the U.S. Defense Information Systems Agency (DISA) to strengthen cybersecurity protections across all Department of Defense (DoD) and Intelligence Community networks by implementing the Host Based Security System (HBSS) as part of the U.S. DoD Information Assurance and Computer Network Defense contract.

The task order was competitively awarded under the Encore 2 contract vehicle and is valued at $189 million over a three-year base period with two one-year options. As prime integrator, Northrop Grumman will provide software license maintenance support, training, help desk and architectural infrastructure support personnel.

Under the terms of the contract, Northrop Grumman will provide support in architecting, engineering, maintaining, deploying and implementing the HBSS solution. This includes but is not limited to the Combatant Commanders, Services, Field Activities and Agencies and the intelligence community's networks and associated host platforms.

The Technology

HBSS is the U.S. DoD's commercial-off-the-shelf suite of automated and standardized software used to provide enhanced host based security – security on desktops and laptops versus at the boundary such as routers and switches – against both inside and external threats.

HBSS monitors, detects, and counters against known cyber-threats to U.S. DoD Enterprise. Under the sponsorship of the Enterprise-wide Information Assurance and computer Network Defense Solutions Steering Group (ESSG), the HBSS solution will be attached to each host (server, desktop, and laptop) in DoD. The system will be managed by local administrators and configured to address known exploit traffic using an Intrusion Prevention System (IPS) and host firewall. DISA PEO-MA is providing the program management and supporting the deployment of this solution.

Comments

 "Cybersecurity is one of Northrop Grumman's four core businesses due to its vital role in our nation's defense," said Karen Williams, vice president of Northrop Grumman's Defense Technologies Division. "The HBSS award reinforces Northrop Grumman's position as a top provider of defense-in-depth cybersecurity solutions across the DoD and intelligence domains."

"Our Northrop Grumman team brings a wealth of cybersecurity integration experience and capabilities to help ensure that all five million end-points are protected across the DoD and intelligence community," said Sam Abbate, vice president of defense enterprise solutions for Northrop Grumman. "We look forward to working with DISA to continue our support to these communities in this critical cybersecurity function."

The Context

The U.S. Defense Information Systems Agency (DISA), at the request of the United States Strategic Command (USSTRATCOM) and in support of National Security goals established by the President; started the acquisition from industry of a capability that will develop and deploy an automated Host-Based Security System (HBSS) solution, that will provide network administrators and security personnel with mechanisms to prevent, detect, track, report, and remediate malicious computer-related activities and incidents across all U.S. DoD networks and information systems.

In October 2007, U.S. DoD mandated HBSS for eventual installation on all unclassified and classified networks. Full implementation of HBSS is critical to defending government networks from an increasing number of sophisticated cyber attacks. HBSS provides system administrators significant improvements in situational awareness and drastically reduces or eliminates the effectiveness of cyber attacks, ensuring vital network capabilities are available to warfighters.

Back in 2010, Mark Orndorff, director of PEO MA/NetOps, wrote that DISA was attempting to transform HBSS into a tool for continuous monitoring of DOD networks. “We’re building out an enterprise architecture to take what was originally designed to improve the security of end-points but then pull information from a system and correlate it to a DOD enterprise level so that commanders operating and defending the network will know the status of their security posture, giving us a readiness report card that’s machine-generated. It will give us the ability to collect and correlate alarms as attacks propagate around the network — essentially letting us know what’s on the network. It will also give us the ability to look for what we call rogue systems.

Northrop Grumman has been working on the deployment of HBSS since 2008. The company recently completed deployment of HBSS 3.0 across 263 active duty U.S. Air Force bases and Air National Guard sites around the world.

Currently, DISA is looking beyond HBSS for ways to more closely monitor DOD networks. One solution involves network appliances that perform deep packet inspection on data that crosses DISA’s networks. That capability allows DISA to move toward its goal of full situational awareness for traffic traveling along the Global Information Grid.

References: Northrop Grumman (1), DISA (2), DefenseSystems (3)

Contract Award: General Dynamics to enhance U.S. Air Force Cyber Network Defense

News Report

As announced in a recent press release, General Dynamics Advanced Information Systems was awarded a contract to continue its cyber network defense, operations and exploitation support of the U.S. Air Force’s 35th Intelligence Squadron (35IS) Cyberspace Operations program Sensor Shadow.

The contract has a maximum value of $5 million over three years if all options are exercised. Through this contract General Dynamics’ analysts and engineers help to collect, analyze, produce and disseminate vital cyber intelligence to ensure the warfighter maintains information dominance in the cyber domain. This includes supporting the U.S. Cyber Command and other Department of Defense customers.

The Context

The 31st Intelligence Squadron is the United States Air Force component of the National Security Agency/Central Security Service-Georgia field site and subordinate to the Air Force Intelligence, Surveillance and Reconnaissance Agency. It conducts both national and tactical intelligence operations in support of combat operations, plans and forces for three joint combatant commands. The unit also conducts intelligence operations in support of the air component commanders, air forces and Airmen of those combatant commands.

The Sensor Shadow program team conducts in-depth analysis of network intrusions, threat profiling, all source intelligence analysis and long-term analysis of stored network connection data and supports operations across the globe.

Comments

The Sensor Shadow program is representative of our cyber security heritage. For two decades General Dynamics has been providing leading-edge cyber intelligence support to the Air Force through Sensor Shadow, dating back to Operation Desert Storm,” said John Jolly, vice president and general manager of General Dynamics Advanced Information Systems’ Cyber Systems division. “Our close partnership with the 35IS allows us to effectively apply our mission understanding and in-depth expertise in the cyber domain to bring more capability to the cyber analyst toolset for more effective and timely analysis.

References: General Dynamics (1), Gordon.Army (2)

European Defence Agency validates a new SW tool for Crisis Response Planning


As illustrated in a recent news report, a new planning tool is going to be used in the support of European Crisis Response planning. The tool, named Intra-theatre Mobility Capability (ITMC), is a decision-support tool at Political-Military level (Ministries of Defence, European External Action Service, for instance) to evaluate deployment options and produce timelines, cost and other management information that could help inform to formulate a course of action for either military operation or civilian mission.

The ITMC tool, that was developed through EDA’s operational budget, went recently through a validation session to assess its capacity and suitability in the support of EU decision-making process. The session was attended by the representatives from EU Military Staff (EUMS) and Member States, and chaired by the EDA. Different deployment options and scenarios were run throughout the validation session (with fictitious areas of deployment) so as to thoroughly exploit the capacity of the tool and analyse the results.

Compatibility with the NATO's LOGFAS tool was tested by exporting data from and importing it into the ITMC tool. The interaction between ITMC and LOGFAS tool was successfully completed. ITMC is complementary to NATO’s LOGFAS tool as both are playing roles at different stage of the planning process. The ITMC comes to advise on which resources (financial, transportation assets, infrastructure) are needed to deploy the troops to a certain area, whereas LOGFAS software is designated to create detail deployment plan and to deconflict the deployment with Troop Contributing Nations.

References: European Defence Agency (1)

Australian Defence Forces evolve their Command and Control system for Joint Operations


News Report

As illustrated in a recent official media release from Australian DoD, Australian Defence Forces (ADF) have undertaken a $60 million modernization program aiming at increasing the ability of the Headquarters Joint Operations Command (HQJOC) in Bungendore to plan and execute complex operations.

Whithin this program, two contracts have been awarded to Lockheed Martin Australia and Computer Sciences Corporation Australia as part of Joint Project 2030 Phase 8 (JP2030 Phase 8), Joint Command Support Environment (JCSE). Specifically, Computer Sciences Corporation has secured the JCSE System Integrator contract and Lockheed Martin Australia was awarded the JCSE Development Organisation contract.

The Context

The Joint Command Support Environment is evolving from the development and integration of several new and existing command support systems including the Joint Command Support System, Maritime Command Support System, Air Command Support System, Special Operations Command Support System and the Battlefield Command Support System (part of Project LAND 75). Previous Phases 1 to 6 (concluded) delivered a ‘core’ command support system to support the planning and conduct of joint operations. This system was delivered to strategic, operational and tactical level headquarters as well as selected ADF units. Phase 7 (in progress) is providing further roll-out and enhancement of the Joint and Air Command Support Systems.

JP2030 Phase 8 takes forward the cohesive and integrated Joint Command Support Environment (JCSE) at HQJOC, which coordinates major Defence operations on land, air and sea. The program is being implemented in three separate sub-phases called Evolutions that will incrementally deliver capability elements.

Evolution 1 was approved by Australian Government in June 2009 and provided for the accelerated acquisition of the Joint Planning Suite (JPS) and Joint Operations Portal (JOP) capability.

Evolution 2 was approved by Australian Government in September 2011 and will enhance the JPS and JOP capabilities implemented in Evolution 1 and add additional capability elements to the Joint Command Support Environment. These additional capabilities are in the areas of Situational Awareness-Common Operating Picture, Preparedness and a Special Operations Combat Net Radio Interface. Contracts for Evolution 2 have been signed on early March 2012.

Evolution 3 is being planned for Government Approval in late 2014.

Comments

Australian Minister for Defence Materiel, Senator Kim Carr, said acquiring this cutting-edge technology would significantly improve the ADF’s ability to plan and conduct joint operations. “This new technology will make planning operations more efficient and effective and increase the speed of decision making,” Senator Carr said. “I am pleased that these companies were judged best to further develop the command and control system. This demonstrates the capability of the Australian Defence industry,” Senator Carr said. “I am committed to working with industry to build and sustain these capabilities, which are so important for our national security.

References: Australian Department of Defence (1,2)

March 6, 2012

Contract Award: Raytheon to demonstrate innovative battlefield jamming tecnology

News Report

As announced in a recent press release, Raytheon was awarded a $3.8 million contract from the Defense Advanced Research Projects Agency (DARPA) to allow armed forces to conduct jamming operations with minimal communication and control interference to friendly forces.

The High-Power Efficient Rf Digital-to-Analog Converter (HiPERDAC) program seeks to enable tactical platforms, such as maritime craft, ground vehicles, tactical aircraft and unmanned aerial vehicles (UAVs), as well as individual soldiers, to conduct battlefield jamming operations while minimizing frequency interference with friendly forces.

Under the two-year contract, Raytheon aims to produce a technology demonstration showcasing the ability to efficiently generate high-power, rapidly tunable, linear microwave signals across a broad range of frequencies.

The Technology

By generating signals that are both linear (that is, the ability of a signal to remain within a certain frequency) and efficient, HiPERDAC allows jamming across the frequency spectrum while providing precise gaps for communication frequencies used by friendly forces. Achieving signal linearity and efficiency has traditionally been very difficult, particularly at high power levels.

Comments

"Being able to maintain combat effectiveness while simultaneously disrupting enemy sensors and communication systems represents one of the greatest challenges in asymmetric warfare," said Joe Biondi, vice president of Advanced Technology for Raytheon's Integrated Defense Systems business. "With extensive experience and expertise developing defense systems across the entire frequency spectrum, Raytheon is uniquely qualified to take on this challenge."

References: Raytheon (1)

March 2, 2012

Contract Award: Finmeccanica and Northrop Grumman to enhance NATO Computer Incident Response Capability (NCIRC)

News Report

As announced in a recent press relase, Finmeccanica, through its controlled operating companies SELEX Elsag and SELEX Sistemi Integrati's VEGA, together with its partner Northrop Grumman, has been awarded a contract by the NATO Consultation, Command and Control (NATO C3) Agency to develop, implement and support the NATO Computer Incident Response Capability (NCIRC) - Full Operating Capability (FOC).

The contract, worth around EUR 50 million, is for an extensive managed service which will provide information assurance to around 50 NATO sites and headquarters throughout 28 countries worldwide. The NCIRC will provide the capability to detect and respond to cyber security threats and vulnerabilities rapidly and effectively. The project is intended to meet the level of ambition of NATO Head of States as set out during the Lisbon Summit in November 2010.

This award is result of a competitive selection process for which NATO collected bids from more than 300 companies across its 28 member nations. The list of the bidders included some of the world's top defense companies, such as Lockheed Martin, IBM and SAIC.

The Context

Today, the NCIRC - Initial Operating Capability (IOC) already provides NATO’s Cyber Defence capability to respond to computer security threats and vulnerabilities rapidly and effectively. It provides the means for handling and reporting incidents as well as disseminating important incident-related information to system and security management. It concentrates incident handling into one centralised and co-ordinated effort, thereby eliminating duplication of effort. However, it does not yet protect all the networks within NATO.

The upcoming NCIRC - Full Operating Capability (FOC) aims not only at a technology refresh of the existing NCIRC IOC capability but will also introduce new technologies to improve cyber defence situational awareness and enhance NATO’s ability to respond to evolving cyber-threats.This upgraded capability, which will be implemented by the end of 2012, will lay out a strong foundation for cyber defence information sharing in a federated environment.

Later increments of the NCIRC FOC project will provide NATO with the means to further develop cyber defence situational awareness by dynamically assessing and managing the level of risk in its CIS thus providing the Alliance greater flexibility in its conduct of network centric warfare.

Comments

This outcome clearly demonstrates the ability of Finmeccanica to draw on leading capabilities across its group to provide leading-edge Cyber Solutions to such an important international organisation. We are delighted that this strong partnership, combining the capabilities, resources and expertise of both organisations spanning the UK, US and Italy has been selected to offer what we believe is the superior solution best meeting the requirements of this key NATO Programme which Finmeccanica is fully committed to delivering successfully” said Giuseppe Orsi, Chairman and CEO of Finmeccanica.

We are pleased to be part of the team selected for this strategically important NATO programme,” said Mike Papay, Vice President Cyber Initiatives of Northrop Grumman Information Systems. “Northrop Grumman looks forward to bringing its talent, resources and decades-long expertise in building and operating national-level cyber security management centres, both in the U.S and U.K., to this programme to help protect NATO’s networks from advanced cyber threats.

References: Finmeccanica (1), C4I Technology News (2)

February 29, 2012

Defeating enemy Electronic Warfare through Tactical Data Links and Network Integration


News Report

An interesting article on DefenseNews illustrates how Tactical Data Links and network integration are expected to play a key role in defeating enemy electronic warfare efforts during future conflicts. Data-link networks allow aircraft and other systems to cross-check their information and allow war fighters to filter out bad information being transmitted by hostile electronic warfare systems.

One of the counters to some of the adversary electronic warfare capability is that network integration,” said recently Lt. Gen. Herbert Carlisle, the U.S. Air Force’s deputy chief for operations, plans and requirements. “Even active electronically scanned array radars can be attacked, but it takes a dedicated effort to jam those systems. A combination of sensor fusion and networking could overcome such attacks however”.

The Technology

Tactical Data Links (TDLs) involve transmissions of bit-oriented digital information which are exchanged via message formats used in support of joint and combined operations. They can provides real-time, jam-resistant secure transfer of combat data, voice and relative navigation information between widely dispersed battle elements. Participants gain situational awareness by exchanging digital data over a common communication link that is continuously and automatically updated in real time, reducing the chance of fratricide, duplicate assignments or missed targets. Each participant in the communication link is able to electronically see the battle space, including assigned targets or threats.

In the recent years, several programs have been established (particularly in the U.S.) to transform conventional Tactical Data Links (e.g. Link 16, Link 22, and Variable Message Format) to comply with a modern net-centric vision. Within these programs, TDLs are being expanded to assess and transform joint data link communications to the net centric standards, and to ensure interoperability and seamless integration with Joint communication systems. The implementation of these network capabilities into the data link environment is expected to enhance the decision cycle between sensor-to-shooter; providing information-superiority, shared environment that enhances combat power by increasing speed of command, higher tempo of operations, greater lethality, increased survivability, and self synchronization. This transformation must balance the needs of the warfighters with the requirements for net centric operations.

In the U.S., an Advanced Tactical Data Link (ATDL) study was started in 2008 to evaluate various data link alternatives for contested and anti access airspace scenarios. This activity, that culminated in a public solicitation from the U.S. Navy, responds to a critical requirement for increased connectivity and capacity between the tactical and airborne domain to exploit complementary C2, ISR and targeting for greater mission effectiveness. Current tactical communication capabilities have limited throughput and scalability, insufficient AJ (anti-jam) and LPE (low probability of exploitation) capability, and high latency and network join times. Link-16, the most widely used airborne tactical data link, provides C2, SA, weapons coordination, electronic warfare, and other capabilities, but does not meet emerging throughput, scalability, and latency requirements, especially in high electronic attack environments. In this context, the ATDL aims at complementing existing links to support integrated sensing and weapons coordination and control across air, maritime and ground domains for both manned and unmanned platforms.

U.S. Navy is particularly interested in advanced tactical data link capability for the E-2D Hawkeye carrier-based maritime surveillance aircraft, the F/A-18G Growler electronic warfare jet, the F-35 joint strike fighter, and unmanned aerial vehicles (UAVs).

References: DefenseNews (1), C4I Technology News (2), FBO.GOV (3), Military&Aerospace (4)