The Voice of Military Communications and Computing
Cyber Guardian Gen. Keith B. Alexander Commander, USCYBERCOM Director, NSA Chief, CSS
www.MIT-kmi.com
C4
November 2012
Volume 16, Issue 10
Network Monitoring O Data Backup O COMSATCOM Update Insider Threat O Mid-Tier Networking Vehicular Radio
Military Information Technology
November 2012 Volume 16 • Issue 10
Features
Cover / Q&A Eyes on the Network
IT managers more than ever need tools to monitor the systems that provide mission-critical information to analysts, commanders and warfighters. By Peter Buxbaum
5 Technology Counters Insider Threat
As a new report highlights the harm to information security caused by employees and others taking advantage of their network access, military and government agencies are stepping up their efforts to combat the insider threat. By Harrison Donnelly
8 Speeding Data Recovery
Practices such as de-duplication and virtualization software are becoming a necessity in managing the relentless mushrooming of data today for defense organizations such as the Army Information Technology Agency. By Cheryl Gerber
10 Mid-Tier Tussle
Following the recent release by the Army of plans for a mid-tier networking vehicular radio, major communications companies are rolling out products for a contract competition. By Harrison Donnelly
20
16 General Keith B. Alexander Commander, U.S. Cyber Command Director, National Security Agency Chief, Central Security Service
Departments 2
Editor’s Perspective
4
Program Notes/People
14
Data Bytes
26
COTSacopia
27
Resource Center
COMSATCOM Center Update
An update on the latest news from the Defense Information Systems Agency’s Commercial Satellite Communications Center.
Industry Interview 23
28 Michael Smith Senior Vice President of Enterprise Technology Kratos Defense & Security Solutions
Military Information Technology Volume 16, Issue 10 • November 2012
The Voice of Military Communications and Computing Editorial Managing Editor Harrison Donnelly harrisond@kmimediagroup.com Online Editorial Manager Laura Davis laurad@kmimediagroup.com Correspondents Adam Baddeley • Peter Buxbaum Cheryl Gerber • Karen E. Thuermer
Art & Design Art Director Jennifer Owers jennifero@kmimediagroup.com Senior Graphic Designer Jittima Saiwongnuan jittimas@kmimediagroup.com Graphic Designers Amanda Kirsch amandak@kmimediagroup.com Scott Morris scottm@kmimediagroup.com Eden Papineau edenp@kmimediagroup.com Kailey Waring kaileyw@kmimediagroup.com
Advertising Account Executive Cheri Anderson cheria@kmimediagroup.com Dustin Roath dustinr@kmimediagroup.com
KMI Media Group Publisher Kirk Brown kirkb@kmimediagroup.com Chief Executive Officer Jack Kerrigan jack@kmimediagroup.com Chief Financial Officer Constance Kerrigan connik@kmimediagroup.com Executive Vice President David Leaf davidl@kmimediagroup.com Editor-In-Chief Jeff McKaughan jeffm@kmimediagroup.com Controller Gigi Castro gcastro@kmimediagroup.com Marketing & Communications Manager Holly Winzler hwinzler@kmimediagroup.com Operations Assistant Casandra Jones casandraj@kmimediagroup.com Trade Show Coordinator Holly Foster hollyf@kmimediagroup.com
EDITOR’S PERSPECTIVE Amid the thousands of IT professionals working within the U.S. military’s vast information infrastructure, it’s often easy to lose sight of individual contributions. But the recent Department of Defense Chief Information Officer Awards have shone a spotlight on how much of a difference just one person can make. First place in the individual category went to Miyi Chung, deputy commander and technical director of the Defense Information System Agency Pacific Korea Field Office. The awards are selected on the basis of nominees’ information delivery and dissemination, management efficiency and effectiveness, cost avoidance Harrison Donnelly Editor and savings, a broad user base, processes, net-centricity, and mission. Chung coordinated the first-ever IA professional development effort in a sub-unified command, sponsoring more than 80 IA training classes for 1,500 students and resulting in a savings of more than $4.5 million in temporary duty funding in the Western Pacific region. She established the U.S. Forces Korea (USFK) Infrastructure Working Group to address theater operation infrastructure-related issues, winning recognition from the USFK J-6 as the most effective senior communicator forum focused on transport and Defense Information Systems Network services. Pioneering new capabilities in the Western Pacific region, Chung also served as a catalyst to gain support for implementation of a number of enterprise and net-centric solutions, including DoD enterprise email. In the group competition, second place went to the White House Communications Agency Cyber Operations Team. Its accomplishments included becoming the first DoD unit to develop and field a new, near-real-time mobile device intrusion detection system, which enabled the White House Military Office to instantly detect questionable activity on BlackBerry devices. By eliminating manual scans with active monitoring, the system saved more than 3,200 employee hours of work per trip. The winner of the team competition was the Directorate of Communications, Office of the Defense Representative, Pakistan.
Operations, Circulation & Production Circulation & Marketing Administrator Duane Ebanks duanee@kmimediagroup.com Data Specialists Tuesday Johnson tuesdayj@kmimediagroup.com Summer Walker summerw@kmimediagroup.com Raymer Villanueva raymerv@kmimediagroup.com Donisha Winston donishaw@kmimediagroup.com
KMI Media Group Leadership Magazines and Websites Border & CBRNE Defense
Ground Combat Technology
Geospatial Intelligence Forum
Military Advanced Education
Military Information Technology
www.GCT-kmi.com
www.GIF-kmi.com
www.MAE-kmi.com
www.MIT-kmi.com
Border Threat Prevention and CBRNE Response
SPECIAL SECTION:
Integrated Fixed Towers
A Proud Member of Border Protector
Subscription Information Military Information Technology
ISSN 1097-1041 is published 11 times a year by KMI Media Group. All Rights Reserved. Reproduction without permission is strictly forbidden. © Copyright 2012. Military Information Technology is free to qualified members of the U.S. military, employees of the U.S. government and non-U.S. foreign service based in the U.S. All others: $65 per year. Foreign: $149 per year.
www.BCD-kmi.com
Michael J. Fisher Chief U.S. Border Patrol U.S. Customs and Border Protection
June 2012 Volume 1, Issue 1
Leadership Insight: Robert S. Bray Assistant Administrator for Law Enforcement/Director of the Federal Air Marshal Service
Wide Area Aerial Surveillance O Hazmat Disaster Response Tactical Communications O P-3 Program
www.BCD-kmi.com
Medical Military Training Military Logistics Military & Veterans Technology Forum Affairs Forum
Special Operations Technology
Tactical ISR Technology
U.S. Coast Guard Forum
www.SOTECH-kmi.com
www.TISR-kmi.com
www.USCGF-kmi.com
Corporate Offices KMI Media Group 15800 Crabbs Branch Way, Suite 300 Rockville, MD 20855-2604 USA Telephone: (301) 670-5700 Fax: (301) 670-5701 Web: www.MIT-kmi.com
www.MLF-kmi.com
www.M2VA-kmi.com
www.MT2-kmi.com
PROGRAM NOTES
Compiled by KMI Media Group staff
Twelve Picked for Army Software Support
New Service Offers Simplified Streaming The Defense Information Systems Agency’s Global Content Delivery Service (GCDS) now offers a simplified high definition (HD) streaming-from-desktop solution that can be leveraged for ad-hoc streaming events, such as commanders’ briefings. This service is available at no cost to Department of Defense users. Commanders have the ability to stay at their desks and brief their globally dispersed warfighters using NIPRNet or SIPRNet. The solution enables mission partners to reach worldwide audiences through the use of streaming video, without building out a delivery infrastructure or website. The quick-start service builds upon GCDS’ existing HD streaming solution and web delivery platform. GCDS HD streaming is a high-performance, scalable enterprise solution that eases the burdens associated with streaming Flash video. The GCDS HD platform combines the power of GCDS’s adaptive bit rate streaming capabilities for Adobe Flash with the performance and reach of the GCDS edge servers, so that content flows over a single network that delivers HD video with the fastest throughput rate. To use the simplified GCDS HD streaming from desktop service, commanders need only a webcam, Adobe’s Flash Media Live Encoder software, which can be downloaded and installed for free, and a network connection to the GCDS entry. As the meeting host, commanders will coordinate with the GCDS team in advance to add their brief to the calendar of GCDS-supported broadcasts.
A dozen prime contractors have been selected to support software upgrades and prototyping for the Army Communications-Electronics Command’s Software and Systems Engineering Services Next Generation (SSES NexGen) program, which has a ceiling of $7 billion. This five-year (two base, one two-year option, and one option year) indefinite delivery/indefinite quantity contract supports the Army’s Software Engineering Center. The companies are Science Applications International Corp., BAE Systems Information Solutions, Sotera Defense Solutions, Lockheed Martin Integrated Systems, ManTech Sensor Technologies, L-3 Services, Booz Allen Hamilton, Adams Communication and Engineering Technology, Northrop Grumman Systems, CACI Technologies, CGI Federal and Computer Sciences Corp. The SSES NexGen program will support Army systems and software across the entire lifecycle, from development through fielding and operational support. The contract concentrates on providing software-related support in three primary mission areas involving in-theater U.S. forces, a wide array of business systems, and enterprisewide components.
PEOPLE Brian P. Burns has been assigned as principal director for the deputy chief information officer for information enterprise, Office of the Chief Information Officer, Pentagon. Burns previously served as deputy director, warfighter systems integration, Office of Information Dominance and Chief Information Officer, Office of the Secretary of the Air Force. Frederick J. Moorefield Jr. has been appointed to the Senior Executive Service and is assigned as director, spectrum, policy and programs, Office of the Chief Information Officer, Pentagon. Moorefield previously served as technical director/director of strategic plans, Air Force Spectrum Management Office.
4 | MIT 16.10
Compiled by KMI Media Group staff
Mark J. Morrison has been appointed to the Senior Executive Service and is assigned as principal director for the deputy chief information officer for cybersecurity, Office of the Chief Information Officer, Pentagon. Morrison previously served as defense intelligence officer for cyber issues, Defense Intelligence Agency.
senior vice president of the National Systems sector of the company’s Mission and Information Solutions operational unit. In this role, Feldman will manage technology development and service delivery for contracts supporting the Department of Defense and intelligence community. Prior to joining QNA, Feldman spent 13 years at GCI, a subsidiary of General Dynamics Information Technology. Earlier, QinetiQ North America announced the appointment of Scott Kaine as president of its wholly owned subsidiary, Cyveillance, a provider of cyber intelligence solutions.
Bruce Feldman
Science Applications International Corporation has hired Army Major General David Lacquement (Ret.) as program
QinetiQ North America (QNA) has appointed Bruce Feldman as
development director and senior vice president in the company’s Cybersecurity Business Unit. Lacquement most recently served as director of operations for U.S. Cyber Command. TASC has promoted Bruce Phillips to senior vice president of the Civil and Infrastructure Security Group; Rick Wagner to senior vice president of the Defense Group; and Tom Kilcline to vice president of the Defense Business Unit. Phillips moves from his role of vice president of the Infrastructure Protection and Security Business Unit. Wagner most recently served as vice president of the Defense Business Unit. Kilcline, a retired Navy vice admiral, joined TASC in 2011 as vice president of Navy programs.
www.MIT-kmi.com
Managers need monitoring tools to measure network characteristics such as the availability of bandwidth and user loads. “There are a wide variToday’s military networks ety of transport mechanisms are increasingly complex, that are used on military netmaking use of a variety of works,” said Michael Smith, transport modes, and connect senior vice president of to a myriad of computing enterprise technology at and storage devices. Some Kratos Defense & Security military networks remain Solutions. “The network core stovepipe systems, but as time transport is owned by DISA, goes on more are migrating and the armed services are toward Defense Informaleveraging that core much as tion Systems Agency (DISA) Michael Smith telecommunications company enterprise offerings. As a result, IT managers mike.smith@kratosgsi.com services are used in the commercial sector. As you move more than ever need tools to toward the edge, satellite monitor the systems that procommunications are increasvide mission-critical informaingly used. So, for example, tion to analysts, commanders running a teleconference and warfighters. Monitoring from a forward-deployed unit tools measure network charto a general based in the U.S. acteristics such as the availmonitoring the situation will ability of bandwidth and the require data to transit sevability of network elements to eral different kinds of systems, carry user loads. such as asynchronous transMeanwhile, another key Sanjay Castelino fer mode (ATM), Ethernet and trend, the increasing use of satellite.” cloud environments, is adding an additional “The question is less the level at which challenge to those seeking information on you monitor than what do you monitor,” said the status of their networks. Sanjay Castelino, vice president and market One key issue concerns the level or levels leader at SolarWinds. “At the global level, at which networks should be monitored. you’re not going to monitor every switch. At Managers and administrators want to develop that level, you can’t fix anything anyway—you awareness at a high level, while commanders have to go back to the field level to do that. and warfighters want information on network But you may want to know where you have status as it pertains to the missions they are exposure or diminished capacity in a particuexecuting. One of the challenges associated lar area. You can monitor the availability of with network monitoring is the ability to sites or the capacity of a specific local area provide a coherent status picture across hetnetwork that may be critical for certain opererogeneous networks—those that make use ations. Then you can decide how to deploy of a variety of transport pipes. www.MIT-kmi.com
By Peter Buxbaum, MIT Correspondent resources to fix any problems as quickly as possible.” Smith agreed that network monitoring tools must be able to provide an enterprise picture as well as the ability to measure capacity at the local level. “You need to be able to reach further down the line to user communities,” he said. “As the services being offered continue to expand, and as new technologies come on line, all require better network monitoring across all of those areas.”
Heterogeneous Networks The various transport pipes within military networks make them difficult to monitor at an enterprise level. At the same time, the method of transporting data across heterogeneous networks is, and should be, irrelevant to users. “If I make a cellphone call, I don’t care what the back-end transport network looks like,” said Smith. “I just want to talk to the person on the other end. Network monitoring needs to provide that abstraction to users that the service will work. Although the technologies may be unique to different parts of the network, there needs to be a way to monitor it all.” Complicating the situation is the fact that agencies can use as many as 60 different tools to monitor the various elements of their networks. “There is a heavy price to pay in terms of the IT resources required to support those tools,” said Smith. “Over the last couple of years, a need has emerged to consolidate networks, to limit the numbers of stovepipe tools, and to provide a common way to have network situational MIT 16.10 | 5
awareness across heterogeneous transport modes.” The bottom line is to make sure there is sufficient capacity on the network to provide the services that are required. “They may go from cell networks to IP line-haul and backhaul communications and satellite tactical service deployments,” said Smith. “You have to make sure that the entire stream of network services is able to support services at levels that are required by users.” SolarWinds has taken the approach that users know best what is good for their networks, and has developed a business model that markets its network monitoring tools directly to them. “Users try our tools online and then buy them,” said Castelino. “Users have a grasp of the need for performance management. Some executives will ask users to research products, but users are looking for tools all the time that make their jobs easier. When solutions are pushed from the top down and users are only tangentially involved, practical concerns like how the tools are deployed and implemented day to day sometimes are not thought through. When users pick technology, they know what will work and how it will scale up.” Employing Solar Wind tools, users at an individual military base can monitor a LAN and measure the network and its related services for availability on that base. “They can see whether the security position of the network is up to standard,” said Castelino, “and analyze traffic to measure how heavily the network is being used, who is using the network and where the users are located. They can identify devices that are doing something you don’t want them to do—an indication they may be infected with a virus. You can figure out where the device is located and whether it is connected conventionally or wirelessly.” “The tools take an hour to install and actually see value,” Castelino added. “They scale up well and are well used widely in the commercial world and in government, including the Department of Defense, intelligence agencies and civilian departments. Focusing on users also allows us to build a groundswell within organizations and expand from a point of success.” “We start by looking at the core transport mechanism and spread out from there,” said Smith. “Some of that is going to be IP, some is still ATM, and some is typical telecommunications fiber-optics. One of the challenges is that at the end of the day, you have to determine if you have the bandwidth to handle these types 6 | MIT 16.10
of transports, whether it is a phone call, a teleconference, or for forward activities such as scouting and calling for fire. These may be routed through a teleport station, where they will transition to the Ethernet routing protocol and then switch to go over satellite links or radio frequencies to get to forward deployed places. “This is the level of situational awareness from the NOC to the network’s edge provided by NeuralStar, Kratos’ enterprise network management product,” he added.
Bandwidth Picture The challenge to providing a status picture for such a disparate set of connections is that bandwidth is measured differently on the various transport mechanisms. “Satellite and IP measure bandwidth in different ways, so there is a need to take that and translate it into a common language,” said Smith. “We came up with a common way of providing dashboards and pictures without using the unique measurements and language of particular transport technologies.” Kratos’ NeuralStar product provides a business layer that transforms technologyspecific components into a general picture of bandwidth and latency on the network as a whole. “We use subject-matter experts to define what measurements and monitoring pieces are required, and translate those into general language so that an administrator can monitor the overall service. We bring this all together so can that you can manage and control network resources at the edge and manage it at the enterprise level. The bottom line is that if you don’t have the bandwidth to use the network at the times it is needed, then the network is not going to be there to meet the needs of its users.” DISA has been a customer for some time, Smith said, adding, “We provide a picture of overall network availability for the core network manager for the Global Information Grid.” Several of Solar Wind’s products have been used for several years by the Army’s Warfighter Information Network-Tactical program, which incorporates several SolarWinds products, including a set of tools that monitor network performance and assist in troubleshooting. “They are receiving information on the availability and performance of the network,” said Castelino. “The tools give users the ability to set specific criteria and testing at the switch or port level to figure out what may be going wrong.”
The increasing use of cloud computing represents an additional wrinkle to providing information on the status of networks. “In the case of cloud computing, the monitoring is done on behalf of the service provider,” said Smith. “The Army recently gave up providing email services, and no longer has to run and manage exchange servers and the rest of the infrastructure associated with email. DISA is the cloud provider for the Army email service, and has the responsibility as the cloud provider to provide a level of reliability, availability and security, as well as the veracity of the data. They have taken ownership of those processes.” “Cloud has a significant impact,” said Castelino. “In the case of public clouds, the most important element is the fabric through which you get access to cloud resources. If there are availability issues, if you don’t manage the bandwidth well, you will see a degradation of performance of applications. Five or 10 years ago, availability in the LAN was the thing people most cared about. Now it is a question of performance. How is the capacity being used? What is the traffic going over the network and how is it prioritized? “You may want access to a cloud infrastructure to unify communications services over the Internet,” he continued. “This requires traffic analysis tools that picture very cleanly what traffic is going over the network and what are the sources and destinations of that traffic. Then you can set up prioritization rules, and you can see within each of the priority buckets whether those resources are being effectively used.” Private clouds exhibit these and other problems. “The network is now responsible for moving data from computing, storage and end points, and you have to manage these shared resources,” said Castelino. “We have tools that show how storage is being used, and whether and where there are any hot spots. If the system is trying to write to the same physical destination, you will not be getting great performance out of the storage resources. There is a tool that we have to do capacity planning.”
Load Testing Another product in this area is LoadStorm from CustomerCentrix, which has been delivering software as a service since 1999. It was developed to address an internal company need, but has since then been made available to customers. www.MIT-kmi.com
“The problem of meltdown occurred to CustomerCentrix applications when sudden large increases in the user base overwhelmed the system’s ability to respond,” said Scott Price, the company’s vice president. “We concluded that we needed a good load testing tool, but the traditional tools were too expensive.” What CustomerCentrix required was a load testing tool that allowed the company to simulate tens of thousands to hundreds of thousands of concurrent users in order to measure the performance of the web application. “There are a lot of factors that go into how web applications respond with good performance,” said Price. “The network is one of them. Data bases can also be a bottleneck. The older programs, besides being too expensive, couldn’t scale well and required proprietary scripting of programming.” LoadStorm was introduced in 2007 following the release of the Amazon Elastic Compute Cloud. “The cloud is LoadStorm’s enabling technology,” said Price. LoadStorm measures performance from the users’ point of view. “So if you want to see how your web application will perform with 10,000 concurrent users, LoadStorm will simulate what they are seeing as response time and whether they will be getting error messages,” Price explained. “What we measure is the kind of information being returned from the target application to the user.” LoadStorm’s customers use this feedback in the process of performance engineering. “Development teams will run tests and identify where their system breaks,” said Price. “Then they can make performance optimizations, which can include coding change, hardware upgrades, changes in database and web server configurations, and load balancing changes. This process will typically take many cycles of tests and changes.” The advent of heterogeneous network transports has also affected LoadStorm’s product development. “We’re seeing a lot of customers that are utilizing more advanced technologies such as advanced web services and mobile devices, and that is driving our product road map,” said Price. “Connecting greater numbers of mobile devices on the network has its effect on capacity and bandwidth. We’re able to simulate the effect of different kinds of mobile devices on the network, and we’re working to make the tool better to simulate different kinds of devices.” LoadStorm is evolving to include more features, better functionality and much larger www.MIT-kmi.com
scalability of testing, according to Price. “We believe we can hit 500,000 concurrent users by the end of the year. Our goal is to hit 2 million within the next 12 months.” SolarWinds recently introduced a new product that analyzes the firewall rules and determines whether they are effective and compliant with security policies. “This tool allows users to ascertain whether firewall rules have created vulnerabilities and whether they let traffic you want to get in through the firewalls. It automates a process that might be possible to do manually but probably not in the DoD,” said Castelino, adding that SolarWinds is currently discussing the product with a potential DoD customer.
Given the anticipated defense budget cuts, Smith sees an increased push for the use of end-to-end network monitoring tools. “DoD is going to want a reduced cost and footprint for these types of activities,” he said. “They can’t keep using 50 tools from a training or a footprint perspective. We are looking to enable network situational awareness across heterogeneous transports from end to end and at a reduced cost.” O
For more information, contact MIT Editor Harrison Donnelly at harrisond@kmimediagroup.com or search our online archives for related stories at www.mit-kmi.com.
Situational Awareness from the NOC to the Network’s Edge Network Operations Center (NOC)
End-to-End Monitoring
Warfighter
Real-Time End-to-End Monitoring in a Single Solution Overcome stovepipes and reduce costs. Kratos’ NeuralStar COTS product provides commanders and operators with a Common Operational Picture (COP) of network operations for enhanced situational awareness. • Role-based, user-definable dashboards for a ConOps, mission or command level • Visibility into NetOps, security, and overall mission readiness • End-to-end monitoring across terrestrial and satellite networks For more information call 703.668.1003, email KratosTTS@kratosdefense.com or visit www.KratosDefense.com/SA
MIT 16.10 | 7
Technology Counters Insider Threat The key to success is to adopt a comprehensive approach based on an enterprisewide perspective. By Harrison Donnelly, MIT Editor
approach that includes the ability to judge employee trustworthiAs a new report highlights the harm to information security ness, right size network permissions and conduct effective auditing caused by employees and others taking advantage of their network of user behavior.” access, military and government agencies are stepping up their The centerpiece of Raytheon’s insider-threat capabilities is efforts to combat the insider threat. Raytheon SureView, an appliance-based solution that monitors and A front-and-center issue for the military since the WikiLeaks enforces policies across all endpoints and channels of communicaincident, dealing with the insider threat has also been mandate for tion. Data collection is triggered when a violation occurs, and it is all federal agencies for the past year, following the release by the stored for further investigation. Obama administration of a rule requiring offices to adopt insiderThe solution has already been implemented by threat detection and prevention programs. a large number of government agencies, Hawkins A recent study by Verizon of data breaches found said, with several hundred thousand seats covered. that while insider threat cases represent a relatively Raytheon also continues to develop and release small percentage of all network security incidents, new products in this area, including SureView they account for nearly half of events that culmiActive Malware Protection (AMP), which detects nated in the loss of intellectual property. malware that evades traditional anti-virus solutions. In response, the security industry in recent AMP leverages SureView to identify malware behavyears has put forward a wide range of technologies iors rather than instances of known malware, thus for combatting the problem, including data loss enabling it to detect malware before signatures, prevention (DLP) systems, network analysis and definitions and other indicators have been provided. visibility tools, security information and event manSteven K. Hawkins Another noteworthy initiative in this area is agement (SIEM) packages, and endpoint encryption. The key to success, however, is to adopt a steve_k_hawkins@raytheon.com between Raytheon and the Defense Advanced Research Projects Agency (DARPA), which have been working together for more comprehensive approach based on an enterprisewide perspective, than a year on the Anomaly Detection at Multiple Scales (ADAMS) according to Steven K. Hawkins, vice president, information secuprogram. Using data collected by SureView, ADAMS researchers rity solutions for Raytheon Intelligence and Information Systems. are working on ways is to detect anomalous behaviors shortly after “In the past there was a belief that the insider threat was data a trusted insider “turns” and begins committing malicious acts. exfiltration and that DLP solutions were the magic bullet for Other security firms have also been stepping up their efforts to addressing insider threats,” Hawkins said. “We have seen many provide effective tools for insider threat prevention and mitigation. recent examples—WikiLeaks being the biggest—that DLP, a conActive companies include: tent-centric approach to data protection, is only one component of an effective, layered enterprise data protection and cyber-audit • LogRhythm, provider of the SIEM 2.0 platform. Through strategy. the use of extended metadata fields that capture such data as “The threat requires a comprehensive program for cyber-audit quantities, amounts, session, bytes-in/bytes-out, file size, and that also looks at human behaviors and collects technical observthe ability to collect and analyze database and application-level ables from computer endpoints that may indicate precursor activity, log data, anomalies that previously would have gone undetected enabling security professionals to proactively mitigate threats to can provide the foundation for an early warning system. When sensitive data before leaks occur,” he continued. “An insider who is metadata is correlated with contextual information, real-time a privileged user can abuse that privilege to create back doors and identification and alerting of anomalies can occur. other means of access to your network. DLP normally watches data • Verdasys, a developer of enterprise information protection movement and access, but insiders can do much more than just solutions. It recently launched Digital Guardian 6.1, which leak information. Therefore, to effectively protect mission-critical integrates compliance and both insider-threat and cyber-threat information systems and the data they contain, human interaction prevention. with those systems must be audited.” • Arbor Networks, which has introduced Pravail Network Raytheon’s approach is to ensure that “cyber-resiliency” is built Security Intelligence. The system monitors network traffic data into architectures, systems and products, helping organizations to and delivers situational awareness to identify advanced threats, anticipate and withstand inevitable attacks with mission continuity, internal network misuse or abuse, and infected mobile devices recover from them, and evolve to minimize adverse impacts from connected to the network. O future cyber-attacks, Hawkins explained. Risk management is another key concept in insider-threat protection. “Organizations cannot address the risk of insider threats For more information, contact MIT Editor Harrison Donnelly with technology alone,” Hawkins said. “To manage this risk, our at harrisond@kmimediagroup.com or search our online archives for related stories at www.mit-kmi.com. experience has shown that organizations must have a multi-faceted 8 | MIT 16.10
www.MIT-kmi.com
CYBER RESILIENCY
ANTICIPATE WITHSTAND
RECOVER
EVOLVE
RAYTHEON MEANS
RESILIENCE.
Raytheon delivers the talent, technology and partnership organizations need to ensure continued operations in the face of persistent threats. Our layered Cyber Resiliency strategy leverages over three decades of expertise to help you anticipate, withstand and recover from cyber attack — and to evolve as new threats emerge. Raytheon. Be ready. Be resilient.
They can attack you but they can’t stop you. See how Raytheon enables mission continuity. Raytheon.com | Keyword: Cyber Resiliency Follow us on: © 2012 Raytheon Company. All rights reserved. “Customer Success Is Our Mission” is a registered trademark of Raytheon Company.
Pentagon IT agency uses de-duplication and virtualization to reduce the cost of backing up critical information. To achieve best practices in data backup and recovery, IT organizations now de-duplicate, or remove redundant data, as they back up their information. They use virtualization software to reduce the cost and space requirements of housing and cooling big data in hardware. In recent years, they have also accelerated backup and recovery times across networks. Such practices are becoming a necessity in managing the relentless mushrooming of data today in defense organizations such as the Army Information Technology Agency (ITA), the primary IT provider to the Pentagon and satellite offices in the national capital region. ITA offers an enterprise backup and recovery service that provides a reliable tiered backup solution for hosted applications and client servers. This environment provides customers protection of their data from failures and other errors by storing backup, archive, as well as compliance and disaster-recovery data in a hierarchy of near-line and offline storage. “The Army ITA expects the amount of data de-duplication and virtualization for backup and recovery to continue to increase significantly. The data continues to grow but the Pentagon hasn’t gotten any bigger. So we have to be intelligent about how we 10 | MIT 16.10
By Cheryl Gerber MIT Correspondent
use the technology to manage the data given the constraints of physical space, power and cooling. That’s why virtual technologies for backup and recovery are a huge advantage for us,” said Maria Levesque, ITA director of operations. Exact configurations depend on customers’ various service level agreements (SLA), requiring manifold solutions. “We use multiple data backup and recovery systems with a variety of disk-based data de-duplication and tape-based storage media configurations to support our customers’ diverse SLA requirements,” said Levesque. Although the Army ITA continuously monitors trends in cloud computing, the agency does not depend on it for backup and recovery. “At the moment, questions on both security and— equally as important—performance are preventing the use of the cloud as a standalone backup and recovery service,” she said. The rising use of cloud computing, software as a service (SaaS) or virtualization carries persistent questions about application latency and security. This includes the time spent making connections to a remotely-located cloud which is hosting the target application and the number of round trips on the network when using cloud-based applications. www.MIT-kmi.com
The dependence on networks calls into question whether data in transit is secure. As SaaS grows, so will these questions. However, in recent years, companies providing backup and recovery have begun addressing these questions in their product offerings. High levels of security are a top priority for the Pentagon, and thus the diverse approach of the Army ITA represents best practices. “The Pentagon is in a defensive posture against constant attempts at infiltration and cyber-warfare. Separation, non-repudiation and security of data, processing and storage are paramount to us. Data at rest and data in transit are encrypted in compliance with DoD and Army directives,” she said. The Army ITA institutes data integrity in its backup and recovery methodology by assuring the accuracy and consistency of data Sgt. Daniel Thurman, 332nd Expeditionary Communications Squadron network administrator, maintains a server at Joint Base Balad, Iraq. over its entire life cycle. “Backup/ Staff Thurman is responsible for deleting and creating accounts on the server and managing organizational files. He is deployed here from Royal Air Force recovery customers can have Alconbury, England, and is a native of St. Louis. [Photo courtesy of U.S. Air Force/By Senior Airman Elizabeth Rissmiller] high confidence that their data has not been modified by the backup/recovery system,” said Quantum acquired Pancetera Software last year to gain Levesque. technology for managing data in virtual server environments. Although the ideal rate of recovery is real time, estimated Pancetera products were already compatible with Quantum’s recovery times vary based on the nature of the mission and the disk backup and de-duplication products at the time of the acquiSLA. “Customers’ SLAs dictate the mission requirements for data sition. As a result, integration into Quantum’s high performance restoration. Some are mission critical and need real time and file sharing and data archive offerings instantly extended the others are less critical,” she said. company’s offerings. Quantum’s DXi de-duplication technology works with Pancetera’s virtual appliance technology to find redunBackup Menus dant data within virtual machines (VMs), thereby reducing the storage and network resources required for local and To accommodate a range of SLA requirements, major playremote backup. The Pancetera technology provides intelligence ers in the field such as Dell, EMC, Quantum and others have about VM files and a file system view of the customer’s virtual acquired companies and added capability in recent years in order environment that allows backup to occur during office hours and to offer extensive, a la carte menus of data backup and recovery minimizes the proliferation of backup agents throughout the options today. virtual infrastructure. Dell acquired Ocarina Networks for its de-duplication and “Pancetera’s backup application, vmPRO, is designed specompression technology to help customers reduce data managecifically for virtual environments in native VMWare format, so it ment costs and streamline operations. As unstructured data from works well with our de-duplication appliances,” said Eric Bassier, the Internet, email and imagery continues to proliferate, causing director, Quantum product marketing. data retention requirements to increase, Ocarina’s content-aware The vmPRO utilities operate inside the virtual environment, optimization technology helps to alleviate the problem by prosupport third-party backup applications and automatically creviding a reduction in storage space requirements and redundant ate native-format VM copies on secondary disks. The software data. allows for fast de-duplication—up to 11 TB/hour—and fast VM Expanding on its legacy as a big-data, heterogeneous storage recovery rates. provider, EMC established a stronger foothold in backup and “Owing to consolidation in recent years, military customrecovery when it acquired Avamar Technologies for enterprise ers most often use the Quantum DXi 8500 enterprise appliance de-duplication software to facilitate the shift from tape-based for data center deployment or the smaller DXi 6700 mid-sized to disk-based backup. EMC Avamar 6.1 is now tightly inteappliance,” he said. “They’re using de-duplication for near-term grated with EMC’s enterprise-level Data Domain de-duplication restoration and disaster recovery and tape for long-term retensoftware. Both EMC products interoperate with many types of tion of backup data.” storage technology. www.MIT-kmi.com
MIT 16.10 | 11
Expanding Encryption
various speeds. Consolidating backup and archive data on Data Domain can reduce cost and storage disk requirements for onsite retention and increase the efficiency of network-based Quantum is in the process of adding encryption of data at replication to disaster recovery sites. rest to its entire product line. “DXi products support encryption Inline de-duplication reduces the amount of redundant in transit between one DXi product and another. The DXi 8500 data in an application as well as the capacity needed for backup also supports encryption of data at rest. Quantum will introduce disks. However, inline de-duplication devices can slow down encryption of data at rest to other DXi products later this year,” the data backup process if speed is not addressed, since the said Bassier. devices are in the data path between servers and the backup disk Quantum provides encryption for data-at-rest via 3 TB selfsystems. Post-processing de-duplication backs up data after it encrypting drives and full disk encryption drives, protecting has been written to the backup disk system, rather than in the against a data breach resulting from physically removing a drive data path. from the DXi 8500. The EMC Data Domain has 10 options, from the Data Doman On top of expanding data encryption, Quantum’s de-duplica160 at the low end up to the Global De-duplication Array at tion technology reduces the amount of data, allowing for more the high end. Addressing both speed and capacity, the Data backup data on disk. “Our de-duplication algorithm shrinks data Domain 160 has a 1.1 TB of aggregate throughput and 195 down to the bit level. We use the 256-bit encryption algorithm TB of logical storage with 99 percent bandwidth reduction for on top of the de-duplication algorithm which the customer can network-efficient replication. The Global De-duplication Array turn on or off,” Bassier said. provides up to 26 4TB/hour of aggregate throughput and 10 The DXi 8500 series comes with a set of management tools, 7TB/hour of single stream throughput with up to 28.5 PB of called Vision, for a global backup infrastructure, including tape, logical storage. disk and virtual appliances. Vision Mobile provides administraAfter Data Domain, the second most widely deployed EMC tors with access for iPhone/iPad and Android applications. technology in the military is Avamar Version 6.1, which now The native VMWare format design of Pancetera’s technology provides multi-streaming integration with Data Domain. For speeds de-duplication and restoration rates. “You can restore a global, client-side de-duplication, backup times and network virtual machine in seconds from a disaster recovery site combandwidth have been reduced by 90 percent in this version. Data pared to restoring the data through a proprietary system,” said is encrypted in transit and at rest, new technology was added to Bassier. “We got better data de-duplication rates when we used provide high availability with daily verification, and data recovDXi 8500 with vmPRO.” ery occurs immediately without the need to restore the last Quantum’s highest tier offering, the DXi 8500 Enterprise, backup. Leading operating systems and database applications contains DXi Accent software, which allows backup servare supported. ers to collaborate in the de-duplication process to increase EMC uses nearline storage, de-duplication and WAN optimibackup speeds and ease bandwidth constraints. The Accent softzation to optimize backup and recovery. Nearline is a contracware encrypts data-in-transit using an AES 256-bit encryption tion of “near online” used to describe a compromise between algorithm. online data storage—with regular, high speed access to data— Accent provides direct tape creation over Fibre Chanand offline data used for backup or archiving with irregular nel for long-term data retention. Fibre Channel is a high access to the data. A nearline storage system speed network technology (now up to 16-gigabit knows where data resides and requests a robot to speeds) primarily used in storage networking or retrieve it from its physical location (often a tape for point-to-point connectivity when two devices library) and place it in a tape drive to enable access are connected directly to each other. It is based on by bringing the data it contains online in a matter American National Standards Institute standards. of seconds. The 8500 offers direct path-to-tape on all mod“De-duplication provides 80 percent less utiels for integration of short-term backup and reslization on a disk than on magnetic tape. When toration. The feature writes backup data directly you subject tape to heat and other environmental from the DXi appliance to an attached tape library factors, it increases the rate of degradation,” said over 8Gb FC links, thus preventing the need to Rich Campbell, EMC chief technologist, federal. send data back through a media server. Direct tape Rich Campbell “Nearline disk-based storage for disaster recovery creation therefore reduces the load on media servrich.campbell@emc.com is simply easier and more efficient.” ers by making tape creation an automated process that happens outside the backup window. It is integrated with leading third-party backup applications and gives users a single WAN Acceleration point of control that tracks data across disk and tape layers. The direct path-to-tape is compatible with DXi Accent software. Fast replacing compression as the most efficient data reduction technique, de-duplication is now part of most WAN acceleration products. “It’s now a prevalent technology with more Inline De-Duplication than 50 percent of customers and all WAN accelerators using de-duplication, not compression,” said Campbell. The most widely used EMC data backup and recovery prodWAN optimization, or acceleration, used for increasing data uct in the military is Data Domain, which provides disk backup, transfer efficiencies across WANs, now offer virtualization or archiving and disaster recovery with inline de-duplication at 12 | MIT 16.10
www.MIT-kmi.com
software-only versions. Silver Peak last year added Virtual Acceleration Open Architecture (VAOA) software to its hardwarebased WAN acceleration, and partnered with EMC to accelerate private cloud adoption with integrated WAN optimization and virtual storage. Speed of recovery and bandwidth are leading factors in backup and recovery systems. “It all boils down to recovery time,” said Campbell. An EMC add-on called RecoverPoint provides networkbased data protection with multiple recovery points to restore applications to a specific point in time. Applications are protected using bi-directional synchronous and asynchronous replication and DVR-like recovery. RecoverPoint provides continuous data protection, continuous remote replication or concurrent local and remote data protection for operational and disaster recovery of applications in physical, virtual and cloud infrastructures. RecoverPoint minimizes network utilization by using bandwidth compression and de-duplication, reducing replicated data over the network. Administrators can provide streamlined disaster recovery testing of the application environment while production replication continues unaffected. “Bandwidth is a major challenge in data backup and recovery. The military is still not using enough bandwidth, so the window to backup and recover is narrow. And it’s hard to say ‘I need more bandwidth for backup’ when they are already at their bandwidth limit,” he said. “Bigger pipes over a longer distance carrying more and more data take longer to get from point A to point B. The bigger the pipe, the more latency it has and that has a direct impact on backup,” he noted. The Army ITA has observed the same. “Basically, we are supporting petabytes of data in the backup infrastructure. We back up terabytes of data every night. We anticipate this load to double within the next few years. That amount of data would overwhelm any dedicated circuit, so the data is delivered directly to our backup storage environment,” said Levesque.
backup technology. “No longer does data have to be contiguous. It is now broken up in bits and bites and moved around. The CAS data assures that data backup is efficiently implemented,” said Trickey. CAS provides fast access to fixed content, by allocating a specific place on a disk so that the data cannot be duplicated or modified during a specified retention time. CAS data is stored on disk, not on tape, to streamline the process of searching for stored backup objects. Dell’s acquisition of Ocarina captured various data reduction software technologies and workflows for integrating the Ocarina technology into different storage systems, including embedded systems that run directly on the server as well as standalone offerings that work with heterogeneous storage systems. The data reduction technologies include advanced de-duplication algorithms and both custom and generic compression solutions that work with more than 2,000 different file types. Dell uses the Ocarina technology to offer end-toend optimization for backup, replication, migration and data tiering. O
For more information, contact MIT Editor Harrison Donnelly at harrisond@kmimediagroup.com or search our online archives for related stories at www.mit-kmi.com.
Recovery Point Objectives Many industry providers, including Dell, are tackling the bandwidth and big data problem with WAN optimization technology. Silver Peak announced a global reseller partnership with Dell this year, allowing customers to purchase Silver Peak’s enterprise WAN optimization hardware and software solutions, including VAOA, through Dell in more than 30 countries. The Silver Peak VAOA software was tested and qualified with Dell EqualLogic replication technology. The joint lab testing showed performance gains for replication throughput and WAN bandwidth reduction. By replicating faster over existing networks, customers can achieve or exceed recovery point objectives. Dell’s acquisition of Ocarina boosted the company’s backup, recovery and storage offerings. “When Dell acquired Ocarina two years ago, we embedded the company’s data de-duplication technology in all our storage products. The technology tiers data and de-duplicates it,” said Joe Trickey, rugged mobility market manager, Dell Federal. The Ocarina content addressable storage (CAS) capability—also known as content aware storage—enhanced Dell’s data www.MIT-kmi.com
MIT 16.10 | 13
DATA BYTES Headset Offers Hands-Free Mobile Computing Motorola Solutions has unveiled the HC1 headset computer, the first in a new class of hands-free enterprise mobile computers that leverages advanced voice recognition, head gestures and video streaming to navigate applications that access and view businesscritical documents and schematics. The HC1 can be used in harsh environments and most remote locations, where access to complex graphical data or text is needed and using a laptop or handheld device is impractical without obstructing vision. Designed for field services and the defense, utilities, telecommunications,
aerospace and aviation markets, the HC1 can be used for maintenance, repair, operations/overhaul and training and simulation applications that improve inspection time and accuracy, reduce labor rates and increase safety. For example, field technicians responsible for the maintenance and repair of complex machines and vehicles can receive expert assistance almost instantly on-site, while defense forces, special public safety teams and commercial customers can practice simulated events and crisis scenarios and also perform live training with real-time trainer feedback and mission- or business-critical guidance.
JTRS Enterprise Network Manager Approved for Use The Joint Tactical Networking Center ( JTNC) has announced that the Joint Tactical Radio System ( JTRS) Enterprise Network Manager ( JENM), developed under the guidance of the Program Manager Joint Tactical Networks, has been assessed as operationally suitable and effective with a recommendation for service introduction. The JENM operational test agency evaluation report was released in September by the commander, Operational Test and Evaluation Force. The initial operational test and evaluation of
JENM was conducted in conjunction with JTRS Manpack and Rifleman radios testing during the Army’s Network Integration Evaluation (NIE) 12.2 this spring at White Sands Missile Range, N.M. JENM plans, configures and monitors JTRS radio networks that use the Soldier Radio Waveform (SRW) and the Wideband Networking Waveform. These waveforms have the ability to transmit both voice and data, including video, photographs and graphic images over a secure wireless network managed by JENM.
Army Seeks SINCGARS Amplifiers and Adapters The Army has awarded ITT Exelis an order valued at $56 million to provide power amplifiers and vehicular adapters for use with existing radios operated by the Army and National Guard. The vehicular amplifier adapter serves as an interface between the SINCGARS radio and the vehicular power source; the radio frequency power amplifiers amplifies a lower-power radio signal to extend the range of the signal. SINCGARS provides secure VHF voice and data communications capability to tactical units across the Army. With more than 570,000 radios delivered to date to the U.S. and many of its 14 | MIT 16.10
allies, SINCGARS is the most prolific tactical radio system in the world. Exelis has developed, manufactured and supported six generations of continually improved SINCGARS radios since the first radio was delivered in 1988. The latest technology upgrade for the radio is the development of SideHat, an attachable appliqué designed to host the Exelis-developed Soldier Radio Waveform (SRW) on a second channel. Coupling SideHat with the installed base of SINCGARS provides an efficient and cost-effective mechanism for distributing SRW across the battlefield.
Furthermore, JENM provides the ability for JTRS based radios developed by commercial vendors to interoperate together and form a cohesive network. JENM is the network manager employed for all SRW networks supported by Manpack and Rifleman radios and four non-developmental radio systems currently participating in NIE 13.1. It is also a critical tool supporting SRW-capable radios that are currently being integrated into the Army NETOPS systems as part of the Army’s Capability Set 13 fielding plan.
Broadband Services to Support En Route Military Aircraft ViaSat has received a multimillion dollar award from the U.S. government for broadband satellite services to support en route military aircraft. The all-IP service plan is designed to enable access to NIPRNet, SIPRNet and commercial Internet, as well as VoIP and VTC sessions during transcontinental or transoceanic flights. The initial one-year agreement is renewable for multiple years and includes options to add other aircraft, additional missions and supplemental service. For senior leadership, VIP and other broadband requirements, ViaSat is providing tiered service plans with a range of networking and performance levels. Most plans include worldwide roaming access as a complement to higher priority regional service. Terminals for the aircraft and on the ground will be based on ViaSat ArcLight technology, already on over 300 government aircraft with more than 500,000 flight hours. U.S. Special Operations Command was the first military organization to use patented ArcLight technology in a high-speed Ku-band network on its C-130 aircraft. ArcLight terminals have enabled these and other aircraft to conduct advanced ISR missions using ultra-small antennas with apertures under 12 inches in diameter. www.MIT-kmi.com
Compiled by KMI Media Group staff
Laptop Certified for Secret Network Communications General Dynamics C4 Systems has introduced the new TACLANE-MultiBook laptop, now certified by the National Security Agency to secure network communications to the Secret level and below. Government, agency and state and local law enforcement and related organizations may now use the TACLANE-MultiBook. The MultiBook can operate simultaneously on unclassified and classified networks and securely on the public Internet. It also protects information stored in the computer’s solidstate drive using the proven ProtecD@R technology. Before the TACLANE-MultiBook, multiple computers were needed to provide full separation of classified and unclassified information or connect to the commercial Internet and secure military and government networks. The TACLANE-MultiBook helps to ensure that sensitive information is not compromised if the computer is lost or stolen. Considered a cryptographic high valued product, the MultiBook has less stringent handling requirements than a controlled cryptographic item, and enables secure interoperability with U.S. government and military networks.
Tri-Band SATCOM Antenna Designed for Quick Reaction Harris and Tampa Microwave have jointly developed a tri-band satellite communications antenna that offers the highest level of performance available today in a single-case unit small enough to be checked as airline baggage. The 1.3-meter Seeker is a very small aperture terminal that supports X-, Ku-, and Ka-band communications and is designed for use in rugged, tactical environments supporting military operations and other quick-react missions. A center-fed antenna enables simple frequency and feed swap, and offers superior wind stability and satellite tracking performance. It offers low power consumption and operates quietly without fans. In addition to its high gain and extreme portability, Seeker can be set up or torn down by a single person without tools in less than 10 minutes. It leverages the Tampa Microwave RF electronics and modem units used on the .45-meter and .65-meter manpack products, providing increased
commonality across a full range of terminal sizes. Seeker can be bundled with satellite bandwidth and associated services provided by Harris CapRock Communications, to provide a complete, end-to-end satellite communications capability.
Security Information Platform Receives Security Validation
Protest Decision Clears GIG Management Contract
The LogRhythm 6 Security Information and Event Management (SIEM) platform has been awarded Federal Information Processing Standard (FIPS) 140-2 validation by the National Institute of Standards and Technology. As a result, defense and other government agencies with stringent compliance requirements can now choose LogRhythm to detect, defend against and respond to increasingly sophisticated cyber threats. FIPS 140-2 is an internationally recognized standard that provides a common framework for government agencies and corporations to evaluate the cryptographic security capabilities of information technology products. LogRhythm received validation following rigorous testing, inspection and government review. It is the only next generation SIEM solution with FIPS 140-2 validation and a certificate of networthiness from the Army. LogRhythm’s SIEM platform combines log and event management, file integrity monitoring and host activity monitoring into a single integrated solution. It enables organizations to improve the visibility, response and security of critical environments, while remaining compliant with strict military standards.
Following Government Accountability Office (GAO) rejection of an award protest made by the incumbent contractor, Lockheed Martin has begun managing the transformation of the Global Information Grid (GIG). The determination on this Defense Information Systems Agency (DISA) contract was made by GAO after a protest by Science Applications International Corp. With a total program value of $4.6 billion over a seven-year period, this Global Systems Management Operations (GSM-O) contract includes a three-year base contract period and includes two 2-year options to extend it to a total of seven years. GSM-O, originally awarded in June, is the largest of three DISA Global Systems Management contracts. It provides programmatic, operations, and engineering services; material; equipment; and facilities to support the lifecycle management of the network. Lockheed Martin teammates include AT&T, ACS, Serco, BAE Systems, ManTech and other specialized and small businesses.
www.MIT-kmi.com
MIT 16.10 | 15
Cyber Guardian
Q& A
Collaborating to Advance U.S. Interests in Cyberspace
General Keith B. Alexander Commander, U.S. Cyber Command Director, National Security Agency Chief, Central Security Service Army General Keith B. Alexander is the commander, U.S. Cyber Command (USCYBERCOM) and director, National Security Agency/chief, Central Security Service (NSA/CSS). As commander, USCYBERCOM, he is responsible for the operations and defense of Department of Defense computer networks. As director, NSA/chief, CSS, he is also responsible for providing national foreign intelligence, combat support, and U.S. national security information system protection. Alexander holds a B.S. from the U.S. Military Academy, an M.S. in physics from the Naval Post Graduate School, and an M.S. in National Security Strategy from the National Defense University. Q: Sir, thank you for agreeing to speak with us again. Since we last spoke in November 2010, you have served almost two more years as the commander of USCYBERCOM and director of NSA. Given your unique responsibilities and perspective, what do you see as the major opportunities and risks facing the United States in cyberspace today? A: In terms of opportunities, all we have to do is take a look around us. The possibilities are endless. We have cameras able to take 24 megapixel pictures, embed the GPS location in the photo for future reference, and take phenomenal pictures in low lighting. We have automobiles that monitor tire pressure, tell us when we need service, and notify us if something enters our blind spot. It seems like there is an “app” for everything. Think about how many new inventions you have seen in the last 10 years—even the last two. The number will amaze you. This pace of change means we must create and sustain an innovation advantage, which is both a challenge and an opportunity. A great example of this is the cutting-edge work NSA has done with cloud technology. Leveraging investments that began five years ago, NSA has established that it is possible to have both big data and strong security. The source code underlying this innovation has been released back to the open source community, fostering mutually beneficial relationships across the public and private sectors. Unfortunately, rapidly changing technology also creates vulnerabilities that are made even more significant by the rate at which cyber-threats have evolved. For example, as the popularity of smartphones has risen, we have also seen an increase in the 16 | MIT 16.10
number of smartphone vulnerabilities. According to Symantec, malware authors are repackaging existing tools to work on mobile devices, as well as inventing new malware to exploit the mobile platform. As a result, mobile vulnerabilities jumped 93 percent the last year alone. In addition to their evolution with changes in technology, the threats we face in cyberspace continue to grow in seriousness. Many actors, some very sophisticated, are aggressively stealing U.S. intellectual property. These activities put the competitive edge of U.S. businesses at risk. The list of companies that have experienced intrusions is staggering, and includes major corporations in the telecommunications, information technology, defense and energy sectors. As a result, the United States is on the losing side of the greatest transfer of wealth and treasure in history. Beyond exploitation, disruptive and destructive attacks pose additional risks. In fact, it is increasingly the destructive attacks that keep me up at night. I am sure you have read the media reports about occurrences this year—in April, “wiper” destroyed computers in Iran, and in August, “Shamoon” destroyed the data on 30,000 workstations of Saudi ARAMCO and attacked Qatar’s Ras Gas. The volume and scope of these attacks are unprecedented. Given that U.S. critical infrastructure systems are often www.MIT-kmi.com
targeted by U.S. adversaries, there is substantial reason for concern. The United States has become dependent on cyberspace to make and store wealth, deliver essential services, and perform critical national security functions. We must protect it accordingly. Q: It is clear from your answer that the private sector is under assault. What steps do we need to take to stem the transfer of wealth from the United States? A: Information sharing is critical. We need to make it easier for the government to share threat information with the private sector so companies are better prepared. We also need to make it easier for the government, if asked, to help companies prevent and recover from attacks. At the same time, entities in the pri- U.S. Navy Petty Officer 1st Class Joel Melendez, Naval Network Warfare Command information systems analysis, U.S. Air Staff Sgt. Rogerick Montgomery, U.S. Cyber Command network analysis, and U.S. Army Staff Sgt. Jacob Harding, 780th vate sector also have unique insights into Force Military Intelligence Brigade cyber systems analysis, analyze an exercise scenario during Cyber Flag 13-1, at Nellis Air Force malicious cyber-activities. We need to make Base, Nev. Cyber Flag strategically focuses on exercising the command’s mission of operating and defending the Department of Defense networks across the full spectrum of operations against a realistic adversary in a virtual environment. it easier for companies to share data with the [Photo courtesy of U.S. Air Force/By Senior Airman Matthew Lancaster] government when they are attacked. The twoincredibly talented people who serve in both organizations. NSA way sharing of cyber-threat indicators and countermeasures continues to protect U.S. national security systems through must occur in near-real time to enable prevention as well as information assurance and produces foreign signals intelligence response. information. USCYBERCOM defends DoD networks as its top priority and—in a crisis—supports DoD’s inherent mission to Q: Beyond the theft of intellectual property, you mentioned defend the nation. The co-location of NSA and USCYBERCOM adversary probes of U.S. critical infrastructure. If the United facilitates intense collaboration and an integrated capability States faced a serious cyber-attack on its critical infrastructure greater than the sum of the individual parts. today, how would we do? A second important partnership reaches across the U.S. government, and includes three key players that are continuing A: While some segments of the government and critical infrato improve their ability to complement one another and to colstructure—for example, DoD, telecommunications firms and laborate in this domain. The first is the Department of Homeland the financial sector—have considerable expertise and have Security [DHS]. DHS is the lead for coordinating the overall implemented robust protections, I am still very concerned U.S. effort to enhance the cybersecurity of critical infrastructure, and critical infrastructure could suffer a destructive cyber-attack. for ensuring protection of civilian federal [.gov] networks and We may not have advance warning of an attack or be able to see systems. The second is the FBI, which is responsible for detecit as it occurs, and the networks of many critical infrastructure tion, investigation, prevention and response within the domestic providers are insufficiently hardened. Our preparation for an arena under its authorities for law enforcement, domestic intelattack by the most dangerous threat actors, which are foreign ligence, counterintelligence and counterterrorism. The third is states, is almost nonexistent. We must address these threats DoD, including NSA and USCYBERCOM. These organizations as a team by sharing the unique insights that both the governare responsible for detection, prevention and defense in foreign ment and the private sector have about the cyber-threat, and space, foreign cyber-threat intelligence and attribution, security by hardening our critical infrastructure and making it more of national security and military systems, securing freedom resilient. of action in cyberspace for the United States and our allies and, when necessary, defending the country in the event of a Q: In your comments above, and in your recent public cyber-attack. engagements, you have repeatedly emphasized the need for A third critical set of partnerships exists between the U.S. collaborative efforts to improve cybersecurity. What are the government and the private sector. As mentioned above, in most important partnerships in this area, and how have they order to improve the country’s cybersecurity, these partnerprogressed? ships must involve the real-time sharing of threat information. We have demonstrated a model for rapid, regular information A: A first critical partnership is between USCYBERCOM and sharing through the Defense Industrial Base Enhanced CyberseNSA—two distinct organizations, with distinct missions, derived curity Services Program. This is a voluntary program in which from different sources of authorities, with separate and distinct DHS, in partnership with DoD, shares classified information chains of command. I am the common link in these chains of with qualified internet service providers to counter malicious command, and have been honored to lead the dedicated and www.MIT-kmi.com
MIT 16.10 | 17
activity and protect sensitive but unclassified DoD information residing on private sector networks. It has enabled us to establish we can share malware signatures with industry without infringing on privacy and civil liberties. We must also leverage these partnerships to build a more defensible architecture going forward. Q: What are your current priorities for USCYBERCOM and NSA? A: Given the combination of U.S. dependence on digital networks, pervasive vulnerabilities and increasingly dangerous threats, USCYBERCOM and NSA will continue to work to build the most effective, versatile and powerful cyber exploit, defend and attack capabilities possible. To that end, USCYBERCOM and NSA are aligning people, capabilities and operations to build capacity in three key areas: workforce development, tools and technologies, and operational planning and execution. Shared situational awareness is also vital. Above all, we operate on the foundational principles of trust, transparency, teamwork, collaboration, cooperation and integration. Q: What is your way ahead for developing and implementing these capabilities? A: We have five major focus areas that we believe are essential: a defensible architecture; trained and ready cyber forces; concepts for operations and for command and control; global situational awareness to enable action; and authorities, policies and rules of engagement to defend the nation in cyberspace. The first of these is building a defensible architecture. We need to collapse the thousands of DoD networks into a much more manageable number to improve our ability to defend them. We need to leverage automation to reduce the manpower currently required to operate networks and perform information assurance functions, and vector that manpower into a more active defense role. Another major focus area is trained and ready cyber forces. We are working to establish one common joint training standard for our cyber forces. Combatant commanders need to know that when they ask for a cyber capability, it doesn’t matter whether the Army, Navy, Air Force or Marine Corps responds—they will get the capability that they require. I believe we need cyber forces that are detailed to our combatant commanders and focused on their critical requirements, 24/7. Individual training is necessary but not sufficient to create a trained and ready cyber force. We must also establish training and certification standards for teams to be capable of operating, defending and attacking in cyberspace. We need to continue to refine our operational concepts and set up clear command and control for cyber. Because a cyber exploit or attack often crosses many geographical boundaries or areas of responsibility [AORs], the traditional model of a geographic combatant commander taking responsibility for activities within a particular AOR doesn’t always work. USCYBERCOM provides cyber support elements [CSEs] to every combatant command, as well as an expeditionary CSE in Afghanistan. Fourth, we need shared situational awareness, which enables operators and decision-makers to understand their environment, 18 | MIT 16.10
recognize early indications of an attack, and act on that information. Defenders cannot defend against what they cannot see. Last, while needed authorities may exist within the executive branch, DoD currently lacks the delegated, implemented authority to perform all of the activities necessary to defend the nation in cyberspace. We are working to assist the government in establishing clear roles and responsibilities across departments and agencies to enable timely, coordinated action. Clear rules of engagement must also be established so operators can act quickly within their authorities to neutralize an adversary attack. Q: Of the five major focus areas, which do you consider the most important? A: Though all of the five focus areas are important, at this time I would emphasize the criticality of having trained and ready forces with the ability to conduct our missions now. We must train all of our operators to the same high standards. More importantly, we must train and certify teams. We must continue to build capacity so we can address the threats we face every day, as well as the future and potential threats posed by multiple adversaries, and have those trained and ready forces available in the numbers needed to support our service and combatant commander demands. We have used two recent exercises—Cyber Flag and Cyber Guard—to accelerate our progress in these areas. Q: I’ve heard of Red Flag, but what is Cyber Flag? A: Cyber Flag is a joint cyberspace training exercise, primarily conducted at the Air Force Red Flag Facility at Nellis Air Force Base, Nev. In November 2011, it brought together approximately 300 cyber and IT professionals for a week to hone their cyber skills in a tactical, virtual environment against a realistic adversary. Cyber Flag allowed USCYBERCOM to exercise and institutionalize processes and procedures and informed our future operational imperatives. The exercise also helped us to improve mission integration among USCYBERCOM, the cyber service components [Army, Navy, Air Force and Marines], the combatant commands, and other DoD agencies. The importance of collaboration was a key take-away. Q: Now that you have told us about Cyber Flag, what is Cyber Guard? A: Focused on cyber-defense of the homeland, USCYBERCOM conducted the first-ever Cyber Guard exercise this year with subject matter experts from across the NSA, National Guard, DHS and FBI. Of the 500 participants in this week-long exercise conducted at Fort Meade, Md., approximately 100 were members of National Guard units from 12 states. The exercise provided realistic training during which players exercised fully coordinated defensive response actions and mitigation measures in support of a homeland security scenario. The exercise was conducted in a tactical, virtual environment on a closed cyberrange. Again, a key take away was the importance of collaboration when defending the homeland. www.MIT-kmi.com
Q: Speaking of collaboration, it appears you sought to extend this in an unusual direction by speaking this year at DEFCON— one of the world’s largest annual hacker conventions. Can you tell us why you decided to accept this invitation and what your experience was like?
outside the box, and proactively solving problems. These are the talents we need in the field of cybersecurity.
A: DEFCON has an important place in cybersecurity because it taps into talent outside government and the security industry, involving people with a tremendous diversity of experiences and the expertise to solve tough problems. Attendees include computer security professionals, journalists, lawyers, federal government employees, security researchers and others with a general interest in anything that can be “hacked.” This year there were over 12,000 participants. People view hackers and DoD as two vastly different communities; however, we have more in common than most people realize. We actually share several core principles. For example, we see the Internet as an immensely positive force; we believe information increases in value through sharing; we respect protection of privacy and civil liberties; we believe in oversight that fosters innovation; and we both believe malicious and criminal behavior are unacceptable. Graciously hosted by Jeff Moss, the founder of DEFCON and current ICANN chief security officer, I found speaking at this event to be a great experience. Hacking at its best is about transcending limitations, taking on the toughest technical challenges, thinking
A: I would emphasize we all have a role to play in practicing cyber-hygiene to protect our systems and ensuring we are more resilient in the face of cyber-threats. Companies can spend millions of dollars beefing up their security, but if individual users persist in using the same old simple passwords, hackers will continue to crack them. Education is also critical. The basics of hacking and penetration testing are not difficult to grasp. Good tools and classes on how to employ them are readily available online and for free. I have been learning how to use one particular collection of tools—BackTrack—by teaching myself from a book: Ethical Hacking and Penetration Testing Made Easy, by Patrick Engebretson. While these tools are good, they are not the sophisticated capabilities nation-states are developing and employing. But they do enable those who understand them to imagine the potential gap that exists between a novice with access to free tools and the capabilities of U.S. adversaries. In order for the country to protect itself, it must have a sufficient number of highly trained cybersecurity experts who understand malicious cyber actors and their tools, and who can leverage this expertise for defensive purposes. O
www.MIT-kmi.com
Q: What advice would you leave our readers pertaining to their roles in helping to ensure we have a free and secure cyberspace?
MIT 16.10 | 19
Army seeks vehicular radio capable of handling the increasing reliance by field forces on imagery and video. By Harrison Donnelly MIT Editor Launched in the wake of the demise of the Joint Tactical Radio System (JTRS), the Army’s search for a vehicle-based radio to serve as the linchpin of soldier-to-headquarters communications is drawing intensive industry interest. Known as the Mid-Tier Networking Vehicular Radio (MNVR), the contract currently under competition is relatively small, with a maximum of $140.7 million in business over two years. Nevertheless, a half dozen major manufacturers are competing to fill the gap left by cancellation 20 | MIT 16.10
of the JTRS Ground Mobile Radio (GMR) program. Following the Army’s release of a request for proposals this summer, five companies—General Dynamics, Harris, BAE Systems and a team comprising ITT Exelis and Northrop Grumman Information Systems—submitted proposals for the contract. Testing is already under way, with the award slated to be announced next spring. In addition, Raytheon is touting the ability of its networking technology to fill the Army’s needs in this area, although it
is targeting a different procurement vehicle for sales. Analysts point to several reasons for the high degree of interest in MNVR. One is that the end of the GMR program left a void in the overall communications architecture for land forces. While other JTRS components such as the Rifleman radio are bringing valuable capabilities to the dismounted warfighter, they still have a need for a more powerful unit that can connect them to upper echelons and the Warfighter Information Network-Tactical (WIN-T). www.MIT-kmi.com
The requirement for a fixed vehicular radio capable of managing the two main JTRS waveforms—the Wideband Networking Waveform (WNW) and Soldier Radio Waveform (SRW)—is especially pressing in light of the increasing reliance by field forces on imagery and video. A major goal of GMR and MNVR is to provide the massive bandwidth needed to transmit video between warfighters and commanders. “The gap originally was intended for the GMR,” explained Christopher Ager, director, network communications systems and electronic systems-communications and control solutions for BAE Systems. “This replaces that requirement, but what it really does is connect soldiers with higher headquarters through using the SRW and WNW to create nodes all across the battlefield, so that everyone can be connected with both voice and data. An individual soldier, using any radio that runs SRW, can be ported through this radio up to higher headquarters.” The MNVR is also significant in that it represents an important shift in procurement and development approaches by the military, which has seen progress on JTRS and other key programs of record (POR) languish in comparison with the rapid development of commercial information technology. Instead of coming to life as a traditional POR, with the government funding development and initial production, MNVR is a non-developmental item (NDI) program, in which manufacturers pay development of products that they then sell to the government. The benefit of the NDI model, industry observers point out, is that it reduces the risk for the government of the types of cost overruns and schedule delays seen in JTRS and other programs. “It’s all about risk,” said Christopher Aebli, vice president, U.S. Department of Defense sales for Harris RF Communications. “DoD has evolved its approach to open tactical radios to competition. What they want to do now is to procure something they feel good about, at a good price, from someone they are confident will deliver when needed. They want something that’s low risk.” The risk-reduction approach is evident in the manufacturers’ proposals as well, with each submitting a modified version of an existing system, either developed through JTRS or independently. Along with holding down costs, that strategy also is seen as helping with the ability to quickly www.MIT-kmi.com
ramp up production, which will be a factor in the Army’s decision. Meanwhile, the Army is proceeding with its own risk-reduction strategies, for example with intensive laboratory and field testing of equipment submitted by MNVR competitors before the contract selection. In addition, the latest iteration (13.1) of the Network Integration Evaluation (NIE) exercise—the centerpiece of the Army’s ITacquisition reforms—got underway this fall at White Sands Missile Range, N.M. The test will include at least two of the systems being offered to the Army.
Competitive Advantages Although the MNVR competitors did not release details of their proposals submitted to the Army, interviews with company executives at the recent AUSA conference in Washington, D.C., provided glimpses of key aspects of the various plans. Northrop Grumman/ITT Exelis. This team’s plans are based on the system developed for the now-canceled JTRS Airborne, Maritime, Fixed (AMF) program. Northrop Grumman will lead the team and provide its Freedom 350 multifunction radio system. Exelis will support radio development, manufacturing, vehicle installation and integration, and logistical support services. Northrop Grumman developed the twochannel, full-duplex Freedom 350 radio based on more than 20 years of experience designing integrated communications, navigation and identification radio systems for aircraft. The radio uses a low-cost open architecture designed to have minimal impact in terms of size, weight and power on aircraft and vehicles. “We’ve been doing software-defined radios for more than 20 years,” said Colin Phan, director, capture for Northrop Grumman Information Systems. “Our background derives from Air Force programs, such as the software-defined systems we developed for the F-22 and F-35. We’re taking substantial technology from those programs and bringing it down to the ground at an affordable price.” ITT Exelis, meanwhile, brings its extensive experience with Army radios to the team, according to David Prater, vice president of network communications. “We debated going this alone,” Prater explained. “Our company knows SINCGARS, which we manufacture, and SRW, which we run very well. But the transit networking
Rifleman Moves Ahead Even as it searches for a new system to replace the Ground Mobile Radio program, the Army is moving ahead with another piece of the JTRS puzzle, the Rifleman Radio for dismounted soldiers. In October, the Army posted a request for information seeking industry comments and feedback to issuing a full rate production (FRP) solicitation, expected later this year. To date, the Army has been authorized to purchase 19,327 Rifleman Radios through low rate initial production orders from General Dynamics, the program of record vendor. Through full and open competition, the FRP phase of the program will be open to current and new industry partners. The FRP competition will include technical and field tests of the offerers’ technologies. “We encourage all industry partners to submit candidate systems and demonstrate their capabilities,” said Colonel Russ Wygal, the Army’s project manager for tactical radios. “Our strategy is intended to increase competition, decrease costs and provide the most effective communications solutions to the soldier.” The Rifleman Radio, part of the Handheld, Manpack, Small Form Fit program, is carried by platoon, squad and team-level soldiers. It provides voice communications, and can also connect with external devices to transmit text messages, GPS locations and other data. The SRW allows the radios to form a network that connects lower echelon soldiers to one another and back to their leaders at the company level so they can rapidly exchange information.
MIT 16.10 | 21
waveform has grown substantially, and is relatively immature. So we shied away from it because it wasn’t really ready. We had to assess our ability to get this waveform on our equipment, versus teaming with a partner that has experience with it. “We bring extensive knowledge of the Army’s fielded equipment, as well as vehicle installations and logistics support, while NGC brings a really good radio. We have a great partner with a powerful radio design based on their work with air platforms. What we bring to the table is a history of Army integration, manufacturing and support,” Prater said. Harris. Harris is offering a solution based on its AN/ PRC-117G vehicular adapter, nomenclatured the AN/VRC114, for the MVNR. The company has a leg up, executives U.S. Air Force joint terminal attack controller prepares the radios in a mine-resistant ambush protected all terrain vehicle before a mission. JTACs embed and provide Army ground maneuver units expertise in planning and controlling combat air resources. On this mission, the JTAC will provide ground say, because its products are with commanders with direct communications to intelligence, surveillance and reconnaissance and combat close air support aircraft. [Photo courtesy of DoD] already certified and used situational awareness, and the distribution with space for installation of up to two extensively in the field. of vital information to commanders in legacy SINCGARS radios; and a unit with Indeed, the VRC-114 is standing in for any environment. The waveform, which four programmable channels. the MNVR as the Army rolls out its tactical powers the Mobile Ad hoc Interoperability BAE executives stress the fact that capability set (CS) packages. Network GATEway (MAINGATE) radio systheir system doesn’t use proprietary wave“There is a gap between the end of the tem, was developed in conjunction with forms, but only those taken from the GMR program and when MNVR radios the Defense Advanced Research Projects JTRS Information Repository. In addition, become available for CS 15. In the meanAgency over the last 12 years and is used they point to the inclusion of an anti-jam time, however, the Army needs to go ahead in the MAINGATE family of high-performode, which helps in the presence of with CS 13 and 14,” said Aebli. “What they mance radios. interference both from one’s own equipdecided was to go with the VRC-114, operMAINGATE, with the NMW waveform, ment and from an adversary. ating the Adaptive Networking Wideband has been in operational use by a classified “You have to be able to demonstrate Waveform, which is the Harris networking customer for more than two years, with a the maturity of your radio in running the waveform, as the interim solution. This is few hundred units in the field, according waveforms,” said Ager. “We run the full the bridge networking radio that they have to Jeff Miller, director of tactical commuSRW and WNW out of the repository, as chosen through the NIEs to be the gapnication systems for Raytheon’s Network asked for. In addition, we feel very strongly filler between GMR and MNVR. Centric Systems business. It has also been that the anti-jam mode is a key discrimi“We’re basing it on a platform that is deployed in the NIEs, where it reportedly nator, because in the presence of jamming, already certified by the National Security has provided significantly higher capacity either self or threat, you can’t afford to Agency, Joint Interoperability Test Comthan other radios. have your network shut down. We develmand and others. It’s got all of the items The system should soon be available oped this waveform and know exactly how required for a radio to be deployed. This for purchase through a General Services it runs, and it runs very well on our radio.” platform is already in full production, and Administration vehicle, Miller added. O Raytheon. While not a competitor for if it’s all about meeting delivery schedule MNVR, Raytheon is pushing a solution and cost, we’re the clear choice,” he added. for Army needs based on its Next GeneraBAE Systems. BAE’s proposal is based tion Mobile Ad hoc Networking Waveform on a system developed for the GMR, but (NMW). repackaged as the new Phoenix family of For more information, contact MIT Editor Harrison Donnelly at harrisond@kmimediagroup.com NMW enables high-speed applicaradios. The Phoenix line includes a twoor search our online archives for related stories at tions, such as multiple simultaneous live programmable-channel model running www.mit-kmi.com. streaming video from drones, real-time WNW and/or SRW; a two-channel model 22 | MIT 16.10
www.MIT-kmi.com
(Editor’s Note: Following is an update on the latest news from the Defense Information Systems Agency’s Commercial Satellite Communications (COMSATCOM) Center, based on the center’s newsletter, “COMSATCOM Scoop,” available at: www.disa.mil/services/satcom/ comsatcom-services/scoop-newsletter).
Inmarsat: Transition Update The 10-year Inmarsat indefinite delivery/indefinite quantity (IDIQ) contract, which expired on June 5, provided Department of Defense and federal agencies with ubiquitous worldwide coverage in support of conflicts, crises, humanitarian relief and other situations. In order to provide continuity of service and allow sufficient time to transition the 7,000 communications service authorizations (CSAs), the Defense Information Systems Agency (DISA) awarded a new Inmarsat Bridge contract with a two-year period of performance—one base year and two six-month options. With a contract vehicle in place to maintain Inmarsat service, DISA began the process to transition all services from Inmarsat Bridge to the new General Services Administration (GSA) Information Technology Schedule 70 SIN 132-55—Commercial Satellite Communications (COMSATCOM) Subscription Services. The approved acquisition strategy required the COMSATCOM Center to develop eight separate blanket purchase agreements (BPAs) to support military department and function communities. Four of the eight BPAs have been awarded, and transition has begun on two BPAs. The transition of 7,000 CSAs from the Inmarsat Bridge to each of the BPAs is a lengthy process and requires close coordination with many organizations. DISA’s goal is to ensure that warfighters maintain 100 percent connectivity with no loss of service. The DISA mobile satellite services (MSS) support staff is extremely sensitive of and responsive to customer needs and able to provide coordination support for all transition activities. The transition completion suspense coincides with the expiration of the Inmarsat Bridge on June 5, 2013. One of the important considerations in the transition process is the expiration of Inmarsat legacy services, such as Inmarsat B, C, Land Mini-M and M4, and whether to transition these to the new contract. Inmarsat identified a number of legacy services that will expire as early as December 2014. Services need to begin the budget and planning process to acquire new equipment and services if they continue to have a need for MSS. The Army Inmarsat Broadband Global Area Network (BGAN) BPA was the first to be awarded, on November 25, 2011. With the Army BPA in place and the Army service manager looking to make the transition, the following detailed transition process will be beneficial for Army Inmarsat BGAN customers transitioning to the Army BPA: Validate Service Request. This crucial process requires the military department to review and update information that could be as old as 10 years. Over the course of this time, points of contact, shipping address and funding information has changed. In order to transition this service to the new contract, all information must be current in DISA Direct Order Entry (DDOE). Service Activation Plan (SAP). Each BPA contractor is required to develop an SAP. This details the contractor’s approach to transition the customer’s services as well as identify their risk mitigation strategy to transition active services from the incumbent contractors under the www.MIT-kmi.com
expiring bridge contract. This is a coordinated contractor and DISA SAP. Validation Template. This template encompasses all CSAs that will fall within a BPA. The CSA list is disseminated to the service representatives, and they flow the information to the end-users to fill out specific CSA information. Filling out this template is the only way to transition your CSAs. The template required information includes: • • • • •
Contract line item numbers to be exercised SATCOM database number Service point and shipping addresses Points of contact in the DDOE central address directory Special instructions.
Dashboard Training. Each vendor has its own online account management tool, also known as a dashboard, and training occurs on the winning vendor’s dashboard within approximately 60 days post award. This training, which covers navigation, reports or data query generation, and management of user permissions, is conducted either by telecon, VTC, or in person. Generate Telecommunication Requests (TRs). As users fill out the previously mentioned validation template, the COMSATCOM Center submits weekly TRs through DDOE. Service managers are notified of the upload, which CSAs are transitioning, and which CSAs are remaining within the queue. The TR routing and approval process remains the same; TRs will flow through their DDOE routing matrix for approval. Once orders are approved, the new vendor receives the order and the transition to the new contract will take place. The method for this transition is on a BPA-by-BPA basis and is subject to change based on technology capability and service representative preference. Submit Discontinue Order. Once users transition to the new BPA, it is imperative they submit discontinues for their legacy service. Due to the risk of discontinuing a user’s service before they get a new Subscriber Identification Module card, the COMSATCOM Center is not responsible for discontinue actions. To prevent double billing when new service is activated, users need to perform a discontinue order immediately before the end of each billing cycle.
DISA Helps Air Force Bring Home the BACN In August, the COMSATCOM Center completed an acquisition of Inmarsat BGAN and Swift Broadband services for the Air Force Battlefield Airborne Communications Node-Joint Urgent Operational Need (BACN-JUON) program. BACN provides relay and bridging between disparate tactical radios, enabling different tactical radio systems to communicate seamlessly. Inmarsat BGAN and Swift Broadband are used to provide a payload control link between the BACN payload control element terminals and the BACN payloads. The payloads were developed for and deployed on Global Hawk UAVs, with seven aircraft planned by the end of 2012. MIT 16.10 | 23
The BACN-JUON requirement contract was previously awarded directly from the GSA schedule with minimum competition. BACN requirements were moved onto the Future COMSATCOM Services Acquisitions (FCSA) contract, with more than 22 vendors capable of providing services. Increased competition among FCSA vendors resulted in greater price discounts and cost savings to the Air Force— an estimated overall reduction of $2.5 million in annual costs.
Fiscal Year 2010 COMSATCOM Annual Usage Report Released The DoD COMSATCOM annual usage report is widely regarded as the authoritative source for information on DoD COMSATCOM expenditures and bandwidth usage. U.S. Strategic Command (USSTRATCOM) partners with DISA on an annual basis to report on the DoD’s COMSATCOM prior year usage and expenditures, pursuant to Chairman Joint Chiefs of Staff Instruction 6250.1D. The fourth and latest of these annual reports, which covers DoD COMSATCOM usage and expenditures over the period FY 2000 through FY 2010, and was released to the DoD stakeholders in August. The annual report provides a detailed account of DoD’s annual COMSATCOM bandwidth usage and expenditures, both in aggregate and segmented by various service profiles such as combatant commands, services and DoD agencies (CC/S/A), frequency band and coverage region. The report also analyzes DoD cost effectiveness in relation to general market prices of COMSATCOM bandwidth.
In FY10, DoD expended $972.1 million on COMSATCOM services ($655.3 million for fixed satellite services [FSS], $12.7 million in Ultra High Frequency satellite communications, and $304.2 million in MSS). Over the course of FY10, DoD FSS expenditures and associated usage increased 3.8 percent and 6.4 percent, respectively. The Army, Navy and Air Force accounted for 75.8 percent of all reported FSS expenditures among all CC/S/As in FY10. The legacy Defense Information Systems Network (DISN) Satellite Transmission Services-Global (DSTS-G) contract provided satellite bandwidth and services to meet the majority of DoD FSS requirements. The DSTS-G FY10 average prices for COMSATCOM bandwidth exhibited superior performance compared with other DoD COMSATCOM contracts. However, the FY10 report marks the first time the average DSTS-G price for leased bandwidth exceeded the relative global industry average. The report concludes this was likely due more to the fact that continued bandwidth supply constraints are in regions where DoD most relies on COMSATCOM—the Middle East/Africa, Europe and North America. Within-region comparisons demonstrate DSTS-G offered more cost-effective solutions in relation to market averages. MSS FY10 expenditures totaled approximately $304.2 million, increasing by 14.9 percent from FY09. DISA’s Inmarsat and Enhanced Mobile Satellite Services (EMSS) contracts were the predominant contracting vehicles among DoD components, accounting for 80.9 percent of DoD MSS expenditures. BGAN accounted for 33.0 percent of total Inmarsat expenditures in FY10. From FY09 to FY10, EMSS expenditures grew 4.1 percent, from $78.6 million to $81.9 million. In FY10, a total of 70 million MSS airtime minutes were used, 8 million minutes for Inmarsat services and 62 million minutes for Iridium services. Army, Navy and Air Force accounted for 88.2 percent of all reported MSS expenditures among all CC/S/As in FY10. Efforts are underway at USSTRATCOM and DISA on the FY11 annual report. We are actively working on updating the format of the FY11 annual report to reflect changes in market and contracting realities, such as FCSA. The majority of ongoing DSTS-G requirements began transitioning to FCSA vehicles in February 2011. In the coming weeks, each CC/S/A will receive the data validation packages from USSTRATCOM/DISA. Please send any questions regarding this initiative to disa.meade.ns.mbx.comsatcom-scoop@mail.mil.
Automated EMSS Ordering Creates Efficiencies DISA’s Network Services (NS) Directorate has recently automated the ordering process for EMSS. Automated ordering improves service delivery efficiency to the customer by decreasing ordering time for EMSS capabilities by an average of 21 days, while not increasing cost for the customer. EMSS provides warfighters and partnering agencies with global, secure commercial MSS. EMSS customers previously ordered service through a two-part process. The customer first placed a telecommunications request order for a MSS device via DISA DDOE, DISA’s online suite of tools for order of telecommunications services and capabilities. The customer then engaged in the lengthier of the two phases, by placing a TR in DDOE to activate service for the device. The previous process required DISA to manually create a telecommunications service order (TSO), by submitting a TSR. During this process, the TSR generated an automated application requiring the user to input service-related identifiers, as well as other pertinent details such as, user location and unit information. Upon application 24 | MIT 16.10
www.MIT-kmi.com
approval, the request was moved into the World Wide Online System (WWOLS), where the requirement was converted to a TSO to active service. At this step, the order was reviewed for accuracy and completion by a government employee, who would then update the application to reflect information that may have been omitted from the customer’s original TR. Once complete, the TSO was transmitted to the Defense Information Technology Contracting Organization for the agency’s Procurement Directorate contracting officer to place onto a contract. With the new automated process, WWOLS is now able to electronically access and utilize data from the customer’s original TR in DDOE. This change eliminated the time-consuming task of a government employee manually moving data from one system to another and updating or including “filler data” in order for the system validation step to occur. Additionally, NS standardized the data fields between DDOE and WWOLS by eliminating fields that had no relevance to EMSS. This has allowed the two systems to seamlessly marry data, allowing it to be entered only once for the order. The standard delivery time of creating a TSO from a TSR was 15 business days and involved many layers of manual input and personnel involvement, which also contributed to adding an average of six days to place service on contract. To streamline this process and minimize ordering time, NS automated many of the previous functions, allowing systems to interface, share data and alter EMSS applications to contain only program-relevant data fields. Automating this process eliminated the need for manual entry and enables a quick turn-around of the TSO for activating services. The new ordering process streamlines customer order entry requirements, reduces TSO processing time, and improves customer wait times for activation of service. EMSS was instrumental in driving process improvement by coordinating the automation of the TSO process for activating services via the DDOE system. NS plans to use this model for Classified Voice Video over Internet Protocol, as well as other Unified Capabilities. Legacy services such as NIPRNet and SIPRNet will be shifted to the new order process last, given their complexity and reach. To learn more about EMSS ordering, contact the DISN Global Support Center via phone at: DSN: 510-376-3222 or 312-850-4790; CML: 800-554-3476 or 614-692-4790; or via email at: dgsc@csd.disa. mil; dgsc@cols.csd.disa.smil.mil. To order EMSS devices, accessories and services, visit the DDOE website at: www.disadirect.disa.mil. The 24/7 EMSS help desk is available to answer all customer questions about the full suite of EMSS devices, services, features and accessories.
solution seeks a prescribed performance outcome which, taken as a whole, is beyond an inventory of individual elements.
CS2 Size and Complexity Parameters: • • • • • •
Multiple satellites Hundreds of delivery points Multiple transponder equivalents, or over 100 megabits per second committed information rate Multiple terminal types Network management Worldwide coverage capability.
Type of contract: Multiple award, IDIQ. Period of performance: Three-year base, two one-year options; August 29, 2012, through August 28, 2017. Ceiling: $2.6 billion. Type of task order: Fixed price. Security: Included in the contract. O
For more information, visit www.gsa.gov/fcsa.
For more information, contact MIT Editor Harrison Donnelly at harrisond@kmimediagroup.com or search our online archives for related stories at www.mit-kmi.com.
Hot off the Press: CS2 Awarded GSA and the COMSATCOM Center have announced the award of the Custom SATCOM Solutions (CS2) full and open, end-to-end solutions, IDIQ contract to eight large vendors. Customized end-to-end solutions are an integrated solution that incorporates satellite transport (bandwidth), service enabling devices, for example, terminals, and engineering support, for example installation, operations, maintenance. A CS2 end-to-end task is a complex, coordinated effort involving the precise integration of equipment, bandwidth and engineering. End-to-end solutions are distinguished from simpler requirements for only bandwidth and/or equipment. While bandwidth and equipment are acknowledged elements of end-to-end solutions, a fully integrated www.MIT-kmi.com
MIT 16.10 | 25
COTSACOPIA
Commercial Off - the - Shelf Technology
Enhanced Rugged Tablet Offers Turbo Boost Technology Panasonic has announced upgrades to the Panasonic Toughbook 19, its best-selling rugged convertible tablet PC. The updated Toughbook 19 now comes with an Intel Core i5-3320M vPro processor (up to 3.3GHz) with Intel Turbo Boost Te c h n o l o g y. Other enhancements include expanded storage, a more responsive touchpad and an innovative ambient light sensor, allowing automatic backlight shut-off to improve battery life. With these and other upgrades, the reliable Toughbook 19 continues to be the ideal investment for a broad spectrum of demanding work environments, including the military’s front lines, in police and emergency services vehicles, and in the field for use by service workers and utility and maintenance technicians. The Toughbook 19 goes beyond the MIL-STD-810G certification with the ability to withstand a 6-foot drop. The device also features a shock-mounted hard drive, full magnesium alloy case and available explosive atmosphere certification (Class 1 Div 2) for hazardous environments. In addition, the device has a fanless design unlike other convertible tablets, improving reliability by reducing the opportunity for dust or liquid related ingress issues, typical of challenging work environments.
Compiled by KMI Media Group staff
Packet Capture Solution Sets Speed, Scalability Records A key component of any monitoring infrastructure is full packet capture and storage, which enables the enterprise to go back in time, examine network performance or security incidents, and determine what actually occurred. NetApp and nPulse Technologies have teamed to offer a packet capture solution that is setting new records for speed of capture and scalability of storage. Capturing data packets at the highest rates of speed without dropping any of the packets is essential to maintaining security across large, ultrafast networks. NPulse’s Hammerhead Capture appliance captures data at the
highest rates of speed without data packet loss. A powerful storage capability is a key component for large organizations, allowing both network and cybersecurity managers to know what’s going through the data gateways, recording that flow of information, and enabling them to reconstruct everything taking place inside the network—key components of the security needs of any agency or enterprise. With the nPulse and NetApp solution, government and commercial enterprises can have confidence that they can recognize and respond to any attack on their networks with certainty.
Solution Addresses Security and Compliance Challenges SecureVue NGS from eIQnetworks is a security information and event management (SIEM) solution that helps customers easily address complex security and compliance challenges. SecureVue NGS is the industry’s first nextgeneration SIEM solution to provide log management, event management, network behavioral analysis and intelligent security search, all in a simple, easyto-install, cost-effective solution that allows most customers to be fully deployed in one hour. SecureVue NGS reduces the complexity, effort and operational overhead required to manage security and compliance, while reducing root-cause analysis times and reducing total cost of ownership by up to 60 percent. SecureVue NGS helps customers address complex security and compliance challenges such as centralized log management; proactive security monitoring and discovery of current information security threats; real detection of APTs, rogue insiders, zeroday malware and other cyber threats; and intelligent security search, allowing security analysts and information assurance professionals to quickly identify the underlying root causes of incidents and issues.
Uninterruptable System Brings New Level of Power Density The portable Rugged Blade UPS from Acumentrics brings a new level of power density to a wide range of military applications and environments. Acumentrics uses advanced technologies in power conditioning, high performance digital controls and innovative high frequency conversion to create the Rugged Blade UPS. Despite being lightweight, it is packed with technology to provide 1250VA/1000W of AC or DC output power, and is scalable up to 8 kilowatts. The Rugged Blade UPS is approximately 60 percent lighter than the company’s current 1250VA product, at 28 pounds with the optional Li-ion battery pack and 33.5 pounds
26 | MIT 16.10
with the lead acid battery pack. Its small package and lighter weight make it the ideal solution for supporting combat mission communications and surveillance applications.
www.MIT-kmi.com
The advertisers index is provided as a service to our readers. KMI cannot be held responsible for discrepancies due to last-minute changes or alterations.
MIT RESOURCE CENTER Advertisers Index AccessData. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C2 www.accessdata.com/cirt Adobe/Carahsoft. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C4 http://events.carahsoft.com/event-detail/1960/mit CSSS.Net. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 www.csss.net Cyberspace 2013 Symposium. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 www.afceacyberspace.com Kratos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 www.kratosdefense.com/sa
LogRhythm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 www.logrhythm.com/federal Nova Corporation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 www.nova-dine.com Raytheon. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 www.raytheon.com University of Maryland University College . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C3 http://military.umuc.edu/servesyou
Calendar December 4-7, 2012 Alamo ACE San Antonio, Texas www.alamoace.org
January 29-31, 2013 AFCEA West San Diego, Calif. www.afcea.org
February 5-7, 2013 Cyberspace 2013 Colorado Springs, Colo. www.afceacyberspace.com
NEXTISSUE
February 20-22, 2013 AUSA Winter Symposium Fort Lauderdale, Fla. www.ausa.orga
December 2012 Volume 16, Issue 11
Cover and In-Depth Interview with:
Rear Admiral Jerry K. Burroughs Program Executive Officer for Command, Control, Communications, Computers and Intelligence
Features • Managing Security Incidents • Protected MILSATCOM • Smart Radios • Interoperability Command • Rugged Computing Insertion Order Deadline: December 14, 2012 | Ad Materials Deadline: December 21, 2012
www.MIT-kmi.com
MIT 16.10 | 27
INDUSTRY INTERVIEW
Military Information Technology
Michael Smith Senior Vice President of Enterprise Technology Kratos Defense & Security Solutions Michael Smith has been the senior vice president of enterprise technology at Kratos Defense & Security Solutions since 2004. In this position, he is responsible for leading the product development, professional services, business development and operations teams. Prior to joining Kratos, Smith served as the vice president of product development for SYS Technologies and McCabe & Associates. He has more than 22 years of experience in technology businesses, ranging from IT and network services to enterprise management and quality assurance software. Q: What types of products and services are you offering to military and other government customers? A: We provide a wide variety of mission critical products and services, especially in the C5ISR arena in support of national security efforts at Kratos Defense & Security Solutions. The company is growing and has approximately $1 billion in revenue. My group, Kratos Networks, is the enterprise technology unit of the company and delivers IT and network management, device management and control capabilities as well as IT services. We help organizations that have mission critical communication needs assure the availability, reliability and security of their network and communications infrastructure. We specialize in helping organizations manage large-scale, distributed and hybrid environments that require end-to-end monitoring to assure communications success. Q: What products are you most known for? A: Kratos has developed a COTS solution for end-to-end management of the entire network including the satellite and terrestrial network segments. The end-to-end management suite integrates the market leading NeuralStar and Compass solutions to deliver real-time network situational awareness. NeuralStar is the enterprise-class network management product used by some of the most complex and security-conscious military and commercial networks in the world. Compass is used by thousands of 28 | MIT 16.10
Q: What unique benefits does your company provide its customers in comparison with other companies in your field?
organizations for device management and control, especially of RF, microwave and other non-IP equipment. Each product is available as a standalone COTS solution for discrete management tasks, and together they operate as a unified end-to-end monitoring platform for situational awareness and systems control. Q: Who is one of your key customers in the military and what problem are you solving for them? A: One of our key longstanding customers is the Defense Information Systems Agency [DISA]. We help DISA gain situational awareness and real-time IT visibility to assure the availability of their network to support worldwide defense operations. Since 1999, DISA has used NeuralStar as the primary software component to administer its enterprise network, the Defense Information System Network as part of its Integrated Network Management System [INMS]. As part of the INMS, DISA uses NeuralStar to manage both the local and global levels—both operationally within the regional operations centers and as a “manager of managers� to roll up localized data for reliable, strategic situational awareness. One of the key reasons DISA uses NeuralStar is because it can set the management standards behind net-centric warfare and provide a unified platform to manage the depth and breadth of the DISN and its related services. NeuralStar is also used across the Department of Defense, intelligence community, civilian agencies and industry by customers as diverse as the Missile Defense Agency [MDA], Army and intelligence agencies.
A: As part of its end-to-end monitoring capabilities, our integrated solution delivers several key capabilities to the military. Our products provide role-based, user-definable dashboards that enable operators to easily visualize the health and status of all networks within their domain. These dashboards can be created quickly with a drag-and-drop interface to easily deliver situational awareness based on a specific ConOps, mission or command echelon. It also delivers a common operational picture of network health and availability status, security events, and overall mission readiness in a single dashboard. Our end-to-end solution also integrates seamlessly with our other satellite communications assurance products, such as Monics, our industry-leading RF interference monitoring and identification product. Delivering end-to-end situational awareness is critical to the military because it helps eliminate stovepipes and improve service level delivery, increase QoS, and maximize SLAs to increase operational efficiency and reduce costs. Q: What kinds of security features does your product offer that are helpful to the military? A: In the military, having a highly secure management system is of critical importance to protect network infrastructure against real-world cyber threats. NeuralStar supports military-grade security requirements and has documented and proven examples of utilizing IPv6, SNMPv3 with AES-256 for strong access control, encryption and authentication in the Army, MDA and State Department. The enterprise solution also offers additional security features such as CAC and PKI support and a highly secure communications tunnel to speed up the ability to rapidly respond to network conditions without the need to change systems or use additional security tools. O mike.smith@kratosgsi.com www.MIT-kmi.com
36,000 Active-duty students. on bAse. on-site. online.
Wherever your mission takes you, anywhere in the world, you’ll find University of Maryland University College (UMUC). We offer courses on base or on-site in more than 25 countries—and over 90 undergraduate and graduate programs entirely online. That’s our mission, because since 1947, UMUC has been educating America’s armed forces.
At your service since 1947
University of Maryland University College is the nation’s largest public university.
Learn more • 877-275-UMUC • military.umuc.edu/servesyou