12 minute read
Deployable CIS saves lives
32
NATO relies on DCIS to support rapidly deployable, high-readiness requirements
(PHOTO: NCI AGENCY)
Major General Frank Schlösser, Commander NATO CIS Group, explains how NATO’s Deployable Communications and Information System (DCIS) connects static Headquarters (HQs) and deployed forces enabling the sharing of critical data digitally to improve decisionmaking and increase interoperability
Q
What capabilities does the DCIS system-of-systems offer NATO?
A NATO DCIS provides a Deployable Communications and Information System (DCIS) capability for NATO deployed forces in support of operations, missions and exercises. It ensures that military personnel in the field have voice and data communications and are able to share critical information as quickly and efficiently as possible with higher headquarters and other components. The DCIS supports command and control (C2) services for NATO-led missions and enables collaboration between static and deployed users operating in support of Major Joint Operations or Small Joint Operations.
The DCIS ensures that military personnel in the field have voice communications with the rest of the Alliance and are able to share critical information digitally.
NATO DCIS provides a secure, modular, scalable, deployable and sustainable capability, which will deliver communication services between deployed C2 elements, reach-back connectivity to strategic networks, information services (IS) and integrated informationsharing with IS services across the static and deployed environments that could be deployed within or outside of NATO’s Area of Responsibility. The DCIS must:
– support large numbers of exercises; – handle simultaneous operation start-ups; and – match VJTF (Very High Readiness Joint Task Forces) activation times for early entry.
The DCIS, as a whole, consists of deployable components, wide-area transport and static components; together providing deployable services to, and in support of, deployed users. It provides a full range of communication, information and C4ISR (command, control, communications, computers, intelligence, surveillance and reconnaissance) services in support of the deployed user.
Q
Why does NATO need such a system?
A Unbroken, flexible C2 remains the fundamental prerequisite for the full spectrum of Alliance operations, missions and exercises – continuously and at all scales of effort. The aim of DCIS is to provide communication services, core enterprise services and community-of-interest services by allowing collaboration between static and deployed arenas in support of deployed forces. NATO relies on DCIS to support rapidly deployable, high-readiness, scalable, flexible, interoperable and limited selfsustainment requirements.
Additionally, NATO DCIS is necessary to ensure that commanders’ orders and reports are passed quickly and accurately between the NATO Command Structure (NCS) and the NATO Force Structure (NFS) HQs, and to enable coordinated and synchronized operations to be executed as directed. The political and strategic direction makes the NCS more static-focused, maintaining a smaller deployable capability with reliance on deployability from the NFS, nations, and Memorandum of Understanding (MOU) organizations.
NATO and its Allies rely on the use of DCIS to share information and conduct C2 in a constantly changing, complex environment, with DCIS extending static NATO CIS networks and CIS services to deployed users. DCIS needs to support these functional military capabilities and will provide, support and maintain all C2 services required to conduct NATO operations.
DCIS capabilities have been organized into a number of capabilities that specify the desired ability of NATO to provide CIS in both static and deployed arenas in support of deployed forces. These capabilities link back to the high-level concepts of the NATO deployed forces as derived from the military requirements.
Q How does the system leverage commercial best practice and private cloud concepts?
A What DCIS does, of course, is to extend relevant services from the static into the deployed environment. And this means that in reviewing the extent to which NATO uses commercial best practice we cannot isolate our purview to DCIS alone – we must take some account of the wider enterprise.
One of the key commercial best-practice standards that we employ in NATO CIS is the IT Infrastructure Library (ITIL) framework for IT service management. Designed to provide a handrail for organizations that provide services to a business, it is also effective in the NATO context of the service management of the ICT capabilities that enable effective military C2 for all types of operations, missions and exercises. And, it provides an essential ‘common language’ for service management. This is crucial when the force is large, multinational and when the overall aim is to operate seamlessly across the NATO Federation.
Enabled by (among others) ITIL, and key to this seamless operation, is the Federated Mission Networking (FMN) framework – a well-governed structure to provide the processes, plans, templates and enterprise architectures needed to plan, prepare and deploy in support of the Alliance in a dynamic, federated environment. The framework is a permanent ongoing foundation to ensure mission networks are established and managed effectively and efficiently for the purpose of operations, exercises and interoperability verifications. NATO, NATO nations and non-NATO entities retain control of their own capabilities. The FMN affiliates conduct their mission by effective management, enabling information-sharing between communities of interest.
Another area where commercial best practice is observed is cyber security, with, for example, the delivery of controls, security audit and cyber hygiene. In particular, the SANS Critical Security Controls for Effective Cyber Defense offer guidelines for inventory and delivery 33
34 controls, continuous vulnerability assessments, data recovery capabilities, system hardening, and data protection, as well as incident response and management. The combination of the commercial best practices with current doctrine allows NATO to maintain awareness of the latest threats and ensure confidentiality, integrity and availability for its network.
As far as ‘private cloud’ is concerned, the situation is more complex and it is difficult to explain in a short answer. In the DCIS context, the private cloud model is followed – mainly for security reasons, but also because it provides more flexibility, scalability and control to meet NATO military requirements. The DCIS space is particular as we are constrained to some extent, firstly, by survivability and, secondly, by low-bandwidth and high-latency communications links that could lead to a C2D2 (contested, congested, degraded or disconnected) environment, and where there is a consistent and sustained requirement to continue to function autonomously.
Interoperability is vital to ensure the information exchange among nations involved in a mission
(PHOTO: NCI AGENCY)
This requirement implies a distributed IT architecture where NATO DCIS Detachments (NDD) are deployed to locally provide the necessary services in a timely, reliable, secure and interoperable manner, so that the Mission Commander’s ability to exercise C2 is preserved. Interoperability is vital to ensure the information exchange among the different nations deployed to a mission. To this end, services provided through the NDD meet FMN specifications, which are derived from official standards and industry best practices.
Nonetheless, the future may enable us to better exploit private cloud technology. Along with the introduction of Firefly (a mobile communications system), we expect to see the introduction of DCIS Cube architecture, which promises to be a deployable software-defined, virtualized and orchestrated DCIS infrastructure that can function under military operational conditions. Whether these prospective benefits are deliverable and suitable for the C2D2 DCIS environment will need to be established during the procurement process.
Q How will the recent Firefly award support the NATO Response Force’s communications needs?
A The NATO DCIS Firefly capabilities to be delivered will enable the extension of connectivity and services provided by the NATO General Communication System (NGCS) to the NRF Deployed Joint Force Headquarters (HQ) and their subordinate Component Commands (CCs) HQs in the NATO Area of Responsibility.
Firefly is to provide the DCIS infrastructure and technical services for the small NRF HQ. Each deployable point of presence (DPOP) consists of a set of DCIS nodes that will be integrated into the existing DCIS infrastructure and services. Additionally, it introduces automation capabilities for the provision and deployment of Information Services.
Firefly consists of the assembly, connection, integration and configuration of COTS (commercial off-the-shelf) components, into bespoke systems that are fit for purpose and used in support of NATO operations and exercises. It is based on Cube Technology Architecture, which is a software-defined, virtualized deployable Infrastructure as a Service (IaaS) providing multimedia and IT services. The DCIS DPOPs will be able to increase capacity and resilience by clustering multiple DCIS cubes to perform a single DCIS building block’s function.
The DCIS Cube architecture is to support the Readiness Action Plan and enable the enhanced NATO Response Force (NRF) and Very High Readiness Joint Task Force (VJTF) to execute their mission. Although different DCIS Cube hardware and software solutions may exist between NATO and national inventories, each individual implementation is based on this DCIS Cube definition. That implies that national and NATO implementations will be interoperable at the service level, including protocols across interoperability interfaces (through FMN), workload hosting and orchestration.
The NCI Agency awarded the Firefly contract to Thales in December 2020. Find out more through the QR code to the right
Click or scan here
INDUSTRY PERSPECTIVE
Marc Darmon
Executive VP, Secure Communications and Information Systems, Thales
How did Thales meet NATO’s need to deploy command posts in a few hours, instead of several days?
Thales recently won a NATO competition to supply the DCIS Firefly solution that will provide the NATO Response Force (NRF) with eight deployable points of presence (DPOP) for small and medium command posts. The NRF is a joint and combined force designed to provide a rapid answer for collective defence and crisis operations. With Firefly it will see a real change in theatre, since it will be able to achieve mission-readiness in just a few hours, compared to the days, or even weeks, currently required.
The solution relies on a key component of Thales’s Defence Cloud solution: the military operations orchestrator. With the orchestrator, users can prepare pre-deployment patterns (also called ‘blueprints’) during cold phases of an operation, so that, during hot phases of action, the orchestrator automatically removes or adds the right components and configurations on the theatre infrastructure to articulate the network, IT and security manoeuvres. It may seem obvious, but in practice in a military environment, this is not so simple.
Upon which parts of NATO’s infrastructure will Thales’s Defence Cloud be deployed?
The Firefly project will deploy Thales’s solution on small and medium NATO command posts, but the solution is designed to serve any high-readiness force and can be scaled to larger formats.
The solution will be deployed, on the one side, in NATO’s software factory – to prepare deployments with the orchestrator – and, on the other side, in command posts with ruggedized ‘programmable data centres’ that can be configured either locally or remotely to ensure mission-readiness. On top of these data centres, we will be delivering all the ancillaries: network, tents and cases to simplify logistics and ensure that entry into a new theatre can be achieved much more quickly than it is today.
Is cloud really the right technology for harsh, low-connectivity military operations?
That’s a good question. Joint forces might understandably feel that a centralized cloud is not for them. After all, a cloud is operated from obscure data centres that could trigger changes in material they need to be able to rely on 100%. Imagine forces unable to act at a decisive moment because the system they are using needs to do a software upgrade. That’s simply not an option.
That’s why we designed the Thales Defence Cloud by adapting cloud technology to the uniqueness of the military environment. We did this by selecting the civil cloud components that bring undisputed and real benefits: a standard environment to enable faster applications upgrades, data sharing, simple tools and high availability.
However, we know that civil cloud technology is not fit for purpose in operational theatres. Infrastructure needs to be easily deployable and is not endlessly scalable. Bandwidth is not infinite. The concept of flat network structures is simply not compatible with security regulations that govern processing and the sharing of classified data. And, more than anywhere else, everything must be able to operate in standalone mode. Generally speaking, we leveraged our dual experience, not only as an industry, but also as a service player: our teams are involved in several theatres in support of NATO and other international organizations.
So, we developed additional components and complied with specific military standards to reverse the cloud ‘adaptable infrastructure’ paradigm and enable applications to make the most of existing powerful, but limited, infrastructure. The resulting ruggedized solution is secure and accreditable, as well as easy for soldiers to operate. After all, their job is to prepare and execute missions, not to be CIS specialists.
Major cloud actors provide powerful solutions, but lack interoperability. However, military operations require strong cooperation between allies. How do you fill this gap?
One word comes to mind – standardization. What’s not easy, though, is finding the right combination of standards that will enable smooth interoperability and deliver the associated benefits, rather than creating an interoperability headache.
Thankfully, NATO plays a strong thought-leadership role as we strive to attain this standardization goal. As a major industry player we are active not only in defining standards, but also in interacting with providers, so that their products are truly military-grade solutions. In the case of the deployable defence cloud, NATO selected three major standards that are likely to set the precedent for future infrastructure: TOSCA for network and applications deployment orchestration; FMN (Federated Mission Networking) to ensure coalition interoperability, and DCIS Cube architecture to ensure security and scalability.
Is now the right time for NATO forces to move to the cloud?
Absolutely. The time is right to deploy a defence-grade cloud infrastructure not only in theatre, but also in headquarters. Joint forces need to engage in their digital transformation now to maintain their information supremacy and cooperate with allies.
Based on our experience supporting military forces and organisations in their digital transformation, we have identified four triggers: – Infrastructure obsolescence, as in the case of the NATO Firefly project; – Network bandwidth increase in theatre, with additional commercial satellite connectivity and tactical 4/5G cells. Although these connectivity resources must be cyber-protected and are definitely not suitable in disputed and jammed environments, they do bring additional key resources
in cold phases for maintenance and automatization – Big Data: the explosion of data from multiple sources requires a high level of automatization to verify, register, normalize, process, deconflict, synthetize and mobilize
AI algorithms; – Application readiness: our customers are deploying software factories and agile processes.
However, for these incremental upgrades to reach operations in days instead of years, military organizations need a future-proof
Defence Cloud infrastructure.
Thales is committed to providing its customers and their partners with best-of-breed, military-grade solutions to efficiently leverage ‘data in theatre’ as a strategic resource. With our leading position in the defence space, as well as our expertise in the key technologies that will shape tomorrow’s world (cyber, Internet of Things, Big Data, cloud and artificial intelligence), we are well-equipped to do so.
