The Voice of Military Communications and Computing
Electronics Commander Maj. Gen. Robert S. Ferrell Commanding General Army CECOM
Storage Virtualization O Leave-Behind Comms Real Time Operating Systems O Software Engineering Center
www.MIT-kmi.com
C4
July 2012
Volume 16, Issue 6
36,000 Active-duty students. on bAse. on-site. online.
Wherever your mission takes you, anywhere in the world, you’ll find University of Maryland University College (UMUC). We offer courses on base or on-site in more than 25 countries—and over 100 bachelor’s and master’s programs entirely online. That’s our mission, because since 1947, UMUC has been educating America’s armed forces.
At your service since 1947
University of Maryland University College is the nation’s largest public university.
877-275-UMUC • military.umuc.edu/servesyou • enroll now
Military Information Technology
July 2012 Volume 16 • Issue 6
Features
Cover / Q&A Taming the Storage Jungle
Military organizations are exploring how virtualization can be used to centrally manage and rationalize proliferating storage infrastructures. By Peter Buxbaum
6
Real-Time Operations
10
Embedded real-time operating systems are expanding their military reach with the highest levels of security where there is a need to reduce costs by using virtualization. By Cheryl Gerber
Software Center Fights Cyber-Threats
21
The Army Communications-Electronics Command’s Software Engineering Center specializes in information assurance engineering, certification and accreditation, and provides independent software quality assessments. By Andricka Thomas
After They Are Gone
24
As it continues its pullout from Southwest Asia, the U.S. military is working with industry to select the communications equipment it will provide local forces to support their fight against insurgents and international terror. By Adam Baddeley
16 Major General Robert S. Ferrell Commanding General Army Communications-Electronics Command (CECOM)
Departments 2
Editor’s Perspective
4
Program Notes
5
People
14
Data Bytes
27
Resource Center
Industry Interview
28 Sasi Murthy Senior Director Product Marketing for Security Blue Coat
Military Information Technology Volume 16, Issue 6 • July 2012
The Voice of Military Communications and Computing Editorial Managing Editor Harrison Donnelly harrisond@kmimediagroup.com Online Editorial Manager Laura Davis laurad@kmimediagroup.com Copy Editor Laural Hobbes lauralh@kmimediagroup.com Correspondents Adam Baddeley • Peter Buxbaum Cheryl Gerber • Karen E. Thuermer
Art & Design Art Director Jennifer Owers jennifero@kmimediagroup.com Senior Graphic Designer Jittima Saiwongnuan jittimas@kmimediagroup.com Graphic Designers Amanda Kirsch amandak@kmimediagroup.com Scott Morris scottm@kmimediagroup.com Kailey Waring kaileyw@kmimediagroup.com
Advertising Account Executive Cheri Anderson cheria@kmimediagroup.com
KMI Media Group Publisher Kirk Brown kirkb@kmimediagroup.com Chief Executive Officer Jack Kerrigan jack@kmimediagroup.com Chief Financial Officer Constance Kerrigan connik@kmimediagroup.com Executive Vice President David Leaf davidl@kmimediagroup.com Editor-In-Chief Jeff McKaughan jeffm@kmimediagroup.com Controller Gigi Castro gcastro@kmimediagroup.com Operations Assistant Casandra Jones casandraj@kmimediagroup.com Trade Show Coordinator Holly Foster hollyf@kmimediagroup.com
EDITOR’S PERSPECTIVE It’s been a long journey to get there, but the latest and most complete embodiment of the Army’s vision of networked operations recently had its public debut in the Pentagon courtyard. Army officials in late June unveiled Capability Set 13, which represents the first package of networking equipment to be created under the Network Integration Evaluation (NIE) process. The collection comprises some 15 systems covering a wide range of communications needs down to the level of the individual soldier. Although the NIE tests have been designed to be as realistic as possible, the package will soon its first test in true operational conditions. It will be Harrison Donnelly deployed with two brigade combat teams this fall as they beginning training Editor for deployment in Southwest Asia in 2013. The Army plans to expand that over time to include eight teams. The package addresses a total of 10 operational set needs, with a focus on mission command on the move and connecting the dismounted warfighter. Army leaders emphasized that the new system array represented fundamental changes in the way they conduct the business of development and procurement. Not only will they be shifting to the approach of buying “what we need, when we need it, for those who need it,” rather than the old one-size-fits-all-theArmy approach, but also they will also be sending out equipment that has already been extensively tested and integrated in field conditions. “We’re making sure we’ve got it integrated from a technical perspective, but just as important, we’ve made sure we have the operational integration set,” said Brigadier General John Morrison, director, LandWarNet/Mission Command, Army G3/5/7. “Deploying units are not just getting a box, but an integrated network, and all the tactics, techniques and procedures that have already been learned in an operational setting.” By aligning efforts and forcing integration at the front end, the Army to date has avoided some $6 billion in costs, Morrison said.
Operations, Circulation & Production Circulation & Marketing Administrator Duane Ebanks duanee@kmimediagroup.com Data Specialists Arielle Hill arielleh@kmimediagroup.com Tuesday Johnson tuesdayj@kmimediagroup.com Summer Walker summerw@kmimediagroup.com Raymer Villanueva raymerv@kmimediagroup.com Donisha Winston donishaw@kmimediagroup.com
KMI Media Group Magazines and Websites Border & CBRNE Defense
Ground Combat Technology
Geospatial Intelligence Forum
Military Advanced Education
Military Information Technology
www.GCT-kmi.com
www.GIF-kmi.com
www.MAE-kmi.com
www.MIT-kmi.com
Border Threat Prevention and CBRNE Response
A Proud Member of Subscription Information Military Information Technology
ISSN 1097-1041 is published 11 times a year by KMI Media Group. All Rights Reserved. Reproduction without permission is strictly forbidden. © Copyright 2012. Military Information Technology is free to qualified members of the U.S. military, employees of the U.S. government and non-U.S. foreign service based in the U.S. All others: $65 per year. Foreign: $149 per year.
SPECIAL SECTION:
Integrated Fixed Towers
Border Protector
www.BCD-kmi.com
Michael J. Fisher Chief U.S. Border Patrol U.S. Customs and Border Protection
June 2012 Volume 1, Issue 1
Leadership Insight: Robert S. Bray Assistant Administrator for Law Enforcement/Director of the Federal Air Marshal Service
Wide Area Aerial Surveillance O Hazmat Disaster Response Tactical Communications O P-3 Program
www.BCD-kmi.com
Medical Military Training Military Logistics Military & Veterans Technology Forum Affairs Forum
Special Operations Technology
Tactical ISR Technology
U.S. Coast Guard Forum
www.SOTECH-kmi.com
www.TISR-kmi.com
www.USCGF-kmi.com
Corporate Offices KMI Media Group 15800 Crabbs Branch Way, Suite 300 Rockville, MD 20855-2604 USA Telephone: (301) 670-5700 Fax: (301) 670-5701 Web: www.MIT-kmi.com www.MLF-kmi.com
www.M2VA-kmi.com
www.MT2-kmi.com
Do More With Less
to optimize your IT infrastructure
To read this code, download a free QR reader app on your smartphone and scan.
Business Continuity & Disaster Recovery
GSA offers a full suite of services to help optimize the performance, increase the security, and improve the efficiency of your data center.
Data Center Architecture
Hosting & Warehousing
As the leading source for government solutions, GSA is ready to help you make smart decisions to achieve your cost savings, environmental sustainability, cybersecurity, and consolidation goals. We provide easy access to a customizable suite of commercial IT products and services and end-to-end IT solutions through established contract vehicles and world-class vendors. We also offer customized and scalable assisted acquisition services ranging from small and specific jobs to large, complex, and sensitive projects to help you where and when you need it most. Best of all, we’re here to help you focus on your mission, even during an emergency.
…and much more.
We make it easy. We’re GSA — delivering great government through technology.
Data Center Operations Data Storage
For more information, visit gsa.gov/datacentersad or speak to a GSA customer representative at (888) 377-0070.
PROGRAM NOTES DISA Selects New Network Manager The Defense Information Systems Agency (DISA) has chosen Lockheed Martin to manage the transformation of the Department of Defense’s global data network. The work will take place under an innovative, seven-year Global Systems Management Operations (GSM-O) contract. The contract would run for three years and includes two two-year options, with a total contract ceiling of $4.6 billion. The contract includes a mix of firm-fixed-price, fixed-price with incentive, cost-plus-incentive-fee, cost-plus and fixed-fee pricing plans. GSM-O is headquartered at Fort Meade, Md., with multiple support locations worldwide. “Lockheed Martin is honored to be selected for this critical responsibility, which we regard as a singular opportunity to coordinate with DISA to improve the speed and efficiency of information exchange between our joint warfighters around the world and their commanders and allies,” said Gerry Fasano, president of Lockheed Martin Information Systems & Global Solutions-Defense. GSM-O is the largest of three DISA Global Systems Management contracts. It provides programmatic, operations and engineering services; material; equipment; and facilities to support the life cycle management of the network. Lockheed Martin teammates include AT&T, ACS, Serco, BAE Systems, ManTech, and other specialized and small businesses. “In addition to being committed to managing a smooth transition of GSM-O responsibilities to the Lockheed Martin team, we’re excited to use our team’s commercial best practices to evolve the network into one that supports new communications capabilities and technologies that directly affect warfighters’ ability to achieve mission success,” Fasano said. “As information is produced and consumed at speeds and volumes that were once unimaginable, our warfighters need an enterprise architecture that can be quickly adapted and enhanced for new technologies while effectively managing costs.” The Lockheed Martin team was selected after a competition with SAIC, which previously held the contract.
4 | MIT 16.6
Compiled by KMI Media Group staff
Mobile Device Policy Lays Groundwork for Wireless Future Responding to the explosive growth in the military’s use of smartphones and other mobile devices, the Department of Defense has released policy guidelines designed to encourage new uses of the technology while ensuring that its development follows common rules and standards and makes sense within the department’s broader IT strategy. The policy, released in June by Chief Information Officer Teri M. Takai, lays the groundwork for the three key areas of mobile operations: the wireless infrastructure, the devices themselves, and the applications used on them. The policy when issued applied to an estimated 250,000 commercial mobile devices used by department employees, as well as several thousand Apple and Android operating systems, including pilots. But analysts predict that the numbers will continue to grow as the handy devices work their way into every aspect of the department’s executive, business and tactical operations. Although the proliferation of mobile devices has spurred security concerns, the policy lays more emphasis on their potential benefits than the vulnerabilities they could pose to networks. “The DoD is taking a leadership role in leveraging mobile device technology to improve information sharing, collaboration and efficiencies,” said Takai. “As today’s DoD personnel become increasingly mobile, a wide variety of devices offers unprecedented opportunities to advance the operational effectiveness of the DoD workforce. This strategy will allow mobile activities across the department to converge towards a common vision and approach. “This strategy is not simply about embracing the newest technology—it is about keeping the DoD workforce relevant in an era when information and cyberspace play a critical role in mission success,” she added. In pursuit of its vision of a highly mobile workforce equipped with secure access to information and computing power, the policy statement lays out three goals, along with some of the specific steps needed to bring them about. Advance and evolve the DoD information enterprise infrastructure to support mobile devices. • Evolve spectrum management to accommodate new demands on a finite resource, while also supporting research to maximize use of available spectrum.
• Expand infrastructure to support wireless capabilities, including 4G/LTE and virtual private network technologies. • Establish a mobile device security architecture that protects the interfaces between DoD and commercial networks and makes use of existing security controls at the network, device and application level. Institute mobile device policies and standards. • Guide the secure but rapid adoption of commercial mobile devices that support security and interoperability requirements. Also, continue to explore the risks and benefits of using personally owned mobile devices. • Establish a federated mobile device management service to optimize operations and maintenance and ensure security compliance. • Train users to understand and use appropriate security controls on their devices. Promote the development and use of DoD mobile and web-enabled applications. • Establish a common framework for mobile application development, with developer tools, documentation and automated processes to help build and test mobile apps. • Create a process for certifying applications for enterprise networthiness. • Provide federated and centralized hosting, a certification and approval process, and distribution and management services for mobile apps. • Web-enable current and future IT capabilities to facilitate their use on mobile devices. Looking ahead, the strategy calls for trying out various parts of the strategy in small user populations, in order that “a business case can be developed that may support scaling to an enterprisewide solution.” In addition, it urges development of a communication strategy to address “the acquisition and cultural challenges associated with enterprisewide mobile device adoption and deployment.” The DoD CIO Commercial Mobile Device Working Group will oversee further development and implementation of the policy, while keeping in mind “the notion that tomorrow’s information enterprise may look very different from today’s.” www.MIT-kmi.com
PEOPLE Brigadier General Frederick A. Henry, who has been serving as deputy commanding general, Army Network Enterprise Technology Command, Fort Huachuca, Ariz., has been assigned as chief of staff, Defense Information Systems Agency, Fort Meade, Md.
Maj. Gen. Alan R. Lynn
Major General Alan R. Lynn, who has been serving as commanding general, Signal Center of Excellence and Fort Gordon, Ga., has been assigned as commanding general, Army Network Enterprise Technology Command, Fort Huachuca, Ariz. Brigadier General John B. Morrison Jr., who has been serving as director, LandWarNet/Mission Command, Office of the Deputy Chief of Staff, Army, has been assigned as commanding general, 7th Signal Command (Theater), Fort Gordon, Ga.
www.MIT-kmi.com
Compiled by KMI Media Group staff
Maj. Gen. Jennifer L. Napper
Major General Jennifer L. Napper, who has been serving as commanding general, Army Network Enterprise Technology Command, has been assigned as director of plans and policy, J-5, U.S. Cyber Command, Fort Meade, Md. Rear Admiral (lower half) Diane E. H. Webber will be assigned as deputy commander, Fleet Cyber Command/ deputy commander, Tenth Fleet, Fort Meade, Md. Webber is currently serving as director, communications and networks, N2/N6F1, Office of the Chief of Naval Operations.
Brig. Gen. LaWarren V. Patterson
Brigadier General LaWarren V. Patterson, who
has been serving as commanding general, 7th Signal Command (Theater), has been selected for the rank of major general and assigned as commanding general, Signal Center of Excellence and Fort Gordon, Ga.
as president of the Intelligence and Security sector, succeeding John Gannon, who has retired. Gray spent 13 years at Lockheed Martin, most recently serving as vice president for the company’s enterprise information technology solutions business.
Maj. Gen. Robert E. Wheeler
Air Force Major General Robert E. Wheeler, who has been serving as deputy director, nuclear operations, Headquarters U.S. Strategic Command, has been assigned as military deputy to the Department of Defense chief information officer.
Timothy Coffin
IGate, an integrated technology and operations solutions provider, has spun off its government division as a separate, wholly owned subsidiary, and promoted Timothy Coffin to the post of president of iGate Government Solutions.
officer, responsible for marketing, product management and strategic technology partnerships. ManTech International has appointed Chris Goodrich as senior vice president of the signals intelligence solutions and cyberoperations business unit. Vizada, a provider of global satellite-based mobility services, has appointed Ed Spitler as senior vice president of operations. Spitler previously served as vice president of managed network services for Artel.
Robert Turner
STG has appointed Steven Bouchard as vice president for integrated capture management services. He previously served as director of advanced solutions and integrated capture at Harris’ information technology services unit. DeEtte Gray is joining BAE Systems
Michael D. Paquette
EIQnetworks, a provider of a unified situational awareness solution, has named Michael D. Paquette as chief strategy
MTN Government Services, a subsidiary of MTN Satellite Communications, a provider of communications, connectivity and content services to remote locations around the world, has added Robert Turner as vice president of business development and government contract compliance.
MIT 16.6 | 5
Taming the Storage Jungle Virtualization can be used to centrally manage and rationalize proliferating storage infrastructures. The Army Product Director Acquisition, Logistics and Technology Enterprise Systems and Services (PD ALTESS) manages storage systems utilized by several dozen Department of Defense and Army organizations encompassing nearly 700 petabytes of storage capacity spread across 50 storage subsystems running five different operating systems from at least four storage vendors. The shared ALTESS infrastructures’ formatted capacity has increased over 800 percent in the last four years, and, given trends in the growth of storage capacity, is likely to continue to grow robustly. That’s why ALTESS recently announced that it is looking into storage virtualization technologies. A request for information in April said ALTESS is performing market research for a product that would “help the Army better manage the life cycles of its storage subsystems” and “decrease storage subsystem brand dependency.” “One reason storage virtualization has become important in the last five years is because the cost of storage has been a boat anchor for almost every IT project that has to be deployed. Storage comes in at 55 cents of every dollar being spent on these projects. Does storage provide 55 percent of the value? We think it provides about 23 cents worth,” said Carl Wright, an executive vice president at storage vendor Coraid. “What the Army is trying to do is to look at the big storage picture,” said Augie Gonzalez, director of product marketing at DataCore Software. “There are lots of places where they can combine data center assets, get a better bang for their buck, and manage them more effectively. That is the big effort they have under way.” There is also a similar DoD-wide initiative being considered, according to Gonzalez. Storage virtualization has become an IT buzzword of late, causing confusion because it means different things to different people. 6 | MIT 16.6
By Peter Buxbaum MIT Correspondent
Different virtualization vendors take different approaches to the problem and apply technologies in different ways and at different levels. It is safe to say, however, that all of these approaches have at least one key thing in common, in that they seek to manage the complexity of a proliferating storage infrastructure. The coming trend is to combine storage and server virtualization. Storage capacity within enterprises has tended to grow on an ad hoc basis. Different organizations have acquired differing storage capabilities depending on their individual needs. With storage alone accounting for more than half of the IT spend, virtualization can be used to centrally manage and rationalize an unwieldy storage jungle. “The Army understands the budget constraints that they are about to hit,” said Wright. “Starting next fiscal year, they have to start looking at saving a lot of money. When that type of massive budget decrease is telegraphed, the Army wants to look at its storage requirements over the next five to six years and consolidate acquisition and capabilities. This type of contract is the first step in a journey that puts the Army in the right direction to consolidate acquisitions, data centers and capabilities that they can provide to warfighters and other folks who need it in a more centralized computing framework.” “We have strapped lot of complexity onto the storage array,” said Joe Brown, president of Accelera Solutions. “In many cases, organizations have many different storage vendors as part of their data centers. Virtualization technologies are able to interface to all storage devices and manage storage capacity from a single location.” “Virtualization at a high level is the ability to manage physical things by abstracting them at a logical level,” said Lee Caswell, founder and chief strategy officer at Pivot 3. “Storage is becoming such a big part of things that if you can virtualize storage you can start to manage everything in the data center at scale.” www.MIT-kmi.com
Pooling Resources
separately, and now there is a move afoot to combine storage and servers. We are finding that storage is such a big part of all these systems that if you can virtualize storage, then you can manage everything at scale.” The key technology development that has enabled storage virtualization has been the advent of fast networks. “One thing that has accelerated the adoption of storage virtualization has been the move toward a converged Ethernet network infrastructure,” said Caswell. “This has made it cost-effective to interconnect storage devices and get all of them to talk to each other. Without that fast interconnect, you won’t have very interesting performance.” All of these capabilities are designed to bring “elasticity and fluidity to storage,” said Wright. They should also “reduce administrative costs and wring more capability and capacity out of storage subsystems,” Brown said. Military and intelligence organizations face the same storage issues as those in the commercial sector, according to Castelein. But “defense organizations have massive scales,” he noted. “The bigger the scale, the more an organization can benefit from the efficiencies of virtualization.”
There are actually four aspects to storage virtualization, according to Gaetan Castelein, director of product management at VMWare. “Abstracting is about pooling resources,” he explained. “You’re taking separate physical assets and combining them into one big pool of capacity. Virtualization is also about automating the placement of applications across physical devices. A virtualization solution should put applications on the right physical device. The third aspect is about the mobility of applications between devices, and the last point is load balancing across the physical devices.” Storage virtualization also “creates distance between what consumers of storage require and how it is provided,” said Gonzalez. “Administrators can interchange equipment underneath without impacting applications or users. Users on work stations have no idea of the infrastructure that is working behind the scenes.” Storage virtualization has proceeded through two stages, according to Caswell, and is now on the brink of a third iteration. The first phase was redundant array of independent disks, which combined multiple disk drive components inside a box into a single logical unit so they don’t have to be managed individually. Storage virtualization 2.0 involves “managing disConsolidated Silos Hu Yoshida similar heterogeneous systems from a common interface to manage storage in different boxes together,” said Caswell. Hitachi Data Systems virtualizes storage subsystems through a Storage virtualization 3.0 asks whether “there is a way to pull device called an enterprise control unit. “The control unit attaches to server virtualization and storage virtualization together,” said Casthe storage devices, and this allows storage silos to be consolidated,” well. “Companies are taking storage and integrating virtual storsaid Hu Yoshida, the company’s vice president and chief technology age into the server itself. Storage has historically been managed officer. www.MIT-kmi.com
MIT 16.6 | 7
“The control unit becomes the brains of the operation, and all Multi-Tiered Systems functionality relating to the management of data and capacity are managed through it, so you don’t have to have those functions repSome vendors that offer multi-tiered storage systems feature licated in external storage. In this way we are able to eliminate silos automatic virtualization within that subsystem that assign data to and move data across different platforms that are virtualized behind the appropriate tier—from tape to disks to solid state—depending the control unit,” he added. on the capacity and performance requirements of the data in quesThe Air Force Capabilities Integration Environment (CIE) tion. “Storage manufacturers build in virtualization capabilities into revamped its data center using Hitachi Universal Storage Platform their products,” said Brown, “so that the array itself manages where VM in order to stay ahead of its rapid data storage requirements. CIE the data would reside to optimize end-use applications.” is the Air Force organization that supports software development and These features typically include de-duplication functionality testing. that links users to a single source of stored data instead of having Over the years, CIE’s data storage had rapidly multiplied, leadthe data duplicated and stored on different systems around the ing to performance issues and affecting the ability of the IT team to network. manage the infrastructure. CIE currently has 1,500 systems and 600 Users can expect a number of benefits through the use of storage terabytes under management. virtualization. “It simplifies operations because you don’t have to Hitachi’s Universal Storage Platform VM promotes a unified data deal with as many provisioning applications,” said Castelein. “Storinfrastructure and massive scalability by virtualizing internal and age, like any physical asset, tends to get fragmented. Virtualization external heterogeneous storage into one common pool and integrathelps drive better efficiency in the utilization of storage capacity.” ing thin provisioning for flexible volume expansion. “Storage arrays’ built-in clusters can be operated as one logiThin provisioning refers to the practice of allocating storage cal pool of storage,” said Brown. “Information can be exchanged capacity incrementally based on the actual requirebetween storage components and information can ments of an organization. Storage administrators tend be staged and stored at the most appropriate location to request much more capacity than they currently within the pools.” require, thinking about future growth requirements. Hitachi Data Systems measured the benefits of “As CIE’s infrastructure was growing, they were one of its clients of the specific virtualization feature creating silos of processing and storage from different that automatically assigned data to the correct storvendors,” said Mike Tanner, federal vice president, Hitage tier. According to Castelein, provisioning deciachi Data Systems. “There was excess capacity in one sions were made three times per year per application, silo and not enough in another. They were trying to and each such procedure took an average of 27 minachieve better storage capacity utility rates to meet the utes. Each application also required an additional 25 growing demand without increasing physical capacity. minutes per year of general maintenance, for a total Mike Tanner CIE can perform load balances across systems, and if of 106 minutes per year. there is a need to refresh the technology, data can be “For a customer with a thousand applications, moved from the old storage to the new storage nondisruptively.” not unusual in a military organization, that adds up to 220 days With the Hitachi platform, CIE can source and attach any existing spent on provisioning activity,” said Castelein. “That is the equivastorage systems as needed. Virtualized behind the USP VM are four lent of one year’s annual salary for an administrator.” Hitachi Universal Storage Platforms for Tier 1 storage, used primarily Hitachi’s customer CIE conducted a return on investment for Oracle database files and mission-critical applications. Virtualized analysis on its deployment of USP VM and found that it had indeed behind the USP VM as Tier 2 are numerous Sun StorageTek 6140 saved nearly half a million dollars by using dynamic provisioning arrays. across its data center. “Within one year, the CIE had recouped more Built-in Hitachi software exploits virtualization and management than the purchase price and had expanded its storage environment capabilities across the storage environment. “Dynamic provisioning without incurring any additional software or hardware costs,” said allows allocation of virtual storage as needed without the upfront Tanner. requisite of dedicated physical disk storage,” sometimes referred to as Storage virtualization is also having the effect of allowing nonfat provisioning, said Tanner. experts to manage storage, according to Brown. “Storage arrays are “Dynamic provisioning eliminates the need for over-provisioning becoming highly sophisticated devices that essentially minimize storage, which can quickly become expensive, to directly address the any real requirement to have what I call a ‘certified smart person’ capacity utilization issue of allocated but unused space. Dynamic to operate it,” he said. “They are becoming very point and click and provisioning contributes to a lower total cost of ownership and helps graphic interface driven. A lot of intelligence is being built into the CIE with just-in-time, on-demand provisioning functionality,” these platforms, and this is dramatically reducing the administrative Tanner added. capabilities required to operate them.” Today’s storage virtualization technologies allow users to create One recent trend involves combining storage virtualization with partitions within the virtualized capacity that aid both security and server virtualization. Server virtualization allows multiple applicaprovisioning. “What vendors call secure tenancies create security tions and operating systems to run independently on a single server enclaves on the storage array so that you can carve it out for use by to increase asset utilization. different organizations or users,” said Brown. “There is a lot of integration being performed between virtual “Users can keep the virtual spaces separate so that there is no data servers directly into storage arrays,” said Brown. “This allows for leakage and no denials of service because one user is using far more some very interesting capabilities related to higher availability and than his allocated resources,” said Yoshida. fast recovery.” 8 | MIT 16.6
www.MIT-kmi.com
“There are more virtual servers being sold today than physical servers,” said Caswell. “That is how prevalent server virtualization has become.”
Multiple Management The server virtualization concept posits that today’s servers are fast enough to run multiple operating systems. “If you can multitask on the application level, why not at the operating system level?” asked Caswell. Today virtual servers can run eight or 12 operating systems at the same time. “The next question becomes, ‘Why not run virtual severs and run storage virtualization that aggregates storage across a set of servers?’” said Caswell. “Basically, you’re pulling the physical storage area network into the servers by using storage virtualization on server appliances. That way, you can consolidate and manage storage on the server stack in a very highly available system. You’re running virtual servers in the same appliance supplying the storage.” The benefit of such an approach is to consolidate the management of servers and storage. “Servers are always accessing storage, yet they have been managed as separate entities that have to be separately powered, cooled and protected,” said Caswell. “This way you can bring storage and servers back together. If you take all those virtual servers and bring storage virtualization into the same appliances, you are consolidating infrastructure and saving on power, cooling and rack space. It is a sophisticated concept, because now
you have server fail-over and storage fail-over all within the same element, and you have a very high system level availability product at that point.” Pivot 3 has a customer using the combined storage and server virtualization for a video surveillance application, which is able to save 40 percent on power, cooling and rack space, and 25 percent on costs. “They are using around the same number of disks at the end of the day and using about the same amount of compute power,” said Caswell, “but they are consolidating the power supply and saving there. In the case of military training facility putting in half a petabyte of storage, they can eliminate a complete rack by combining servers and storage.” The future of storage, like much of the rest of IT, is likely to be in a cloud environment. “Storage vendors are developing virtual appliances that can run in the cloud,” said Brown. “They can take advantage of large pools of storage in the cloud and do some interesting things like replicating the content of local storage arrays right up the cloud directly and easily. That is a different type of virtualization, for sure, because you’re virtualizing the operating system of the storage array into the cloud, but it is something that is pretty interesting and exciting.” O
For more information, contact MIT Editor Harrison Donnelly at harrisond@kmimediagroup.com or search our online archives for related stories at www.mit-kmi.com.
With an online Software Engineering Master’s Degree This master’s degree covers the application of engineering principles to the design, development, and production of computer software for all disciplines. Applicants with a degree in computer science, computer engineering, or a related engineering or science area can earn their MSE completely online.
Rinaldo
Distance Engineering Student
ONLINE
EnhancE Your carEEr
Visit www.dce.k-state.edu/engineering or Call 1-800-622-2578 6244
www.MIT-kmi.com
MIT 16.6 | 9
Real-Time Operations Embedded real-time operating systems are expanding their reach with the highest levels of security.
By Cheryl Gerber MIT Correspondent
the network, managed by the Network Enterprise Thriving in dedicated environments, embedded Domain (NED). real-time operating systems (RTOS) are growing more Green Hills’ products and services are the basis for connected and omnipresent as they add functionality the secure, reliable interoperation between networking and the highest levels of security to their range. and legacy waveforms as well as critical radio network From a trusted foundation controlling avionics, management and services. The devices can route and aerospace, industrial process control and telecommuretransmit services between networking and legacy nications, embedded RTOSs are expanding their reach waveforms without interruption or denial of service. with the highest levels of security where there is a need Beyond the battlefield, embedded RTOS manto reduce costs by using virtualization. age safety-critical operations from flight control sysRTOS are the “real deal” when it comes to real tems to nuclear power plants and traffic lights. “An time. “Hard” real-time, safety-critical systems have David Kleidermacher RTOS has to be simultaneous, like anti-lock brakes,” the least latency possible, serving application requests dk@ghs.com noted John Blevins, director, product marketing, and switching tasks in a matter of microseconds. If the LynuxWorks. need for speed is not as great, milliseconds in soft real To meet real-time requirements, embedded RTOS time will suffice. To achieve FAA certification for safetyguarantee consistent performance serving real-time critical flight control systems, hard real-time operatapplication requests. As such, RTOS contain sophising systems must be deterministic, or consistently ticated scheduling algorithms for preemptive priorpredictable. ity. Smaller than general purpose operating systems, “Real-time operating systems support building RTOS are compact and highly efficient. real-time hardware and software with microsecond, not Two crucial design qualities in safe and secure millisecond, deterministic response time. It could be RTOS are the separation kernel and the hypervisor. The fatal if they don’t handle it, so it has to be 100 percent separation kernel, or a similar design called the partiguaranteed,” said David Kleidermacher, chief technoltioning kernel, allocates resources into high assurance ogy officer of Green Hills Software. John Blevins partitions with information flow controls that cannot Embedded RTOS play a vital role on the battlejblevins@lnxw.com be bypassed, meaning no component can use another’s field, providing encrypted information in hard real communication path. This limits the damage that time to joint warfighters. The Joint Tactical Radio could be caused by viruses or bugs. Built-in security monitors check System (JTRS) uses the Integrity RTOS from Green Hills Softeach access point individually. ware as the engine behind many tactical radios at the edge of 10 | MIT 16.6
www.MIT-kmi.com
The MULTI IDE provides third party integration and the ability to generate fast, small code for 32- and 64-bit processors. The program also uses Green Hills’ GateD family of routing, switching and network management solutions. In addition, there is a debugger for multi-core systems to prevent the most common causes of software bugs. The tools are processor and platform-neutral. The Green Hills technology used by the JTRS has achieved POSIX-conformance and much of it is NSA Type 1 certified for military grade cryptography, used to secure classified information. Type 1 certification is not a published standard. Type 2 products endorsed by the NSA deal only with unclassified information. Robert Day “As you build more sophistication into virtualization and RTOS, NSA Type 1 certified cryptography rday@lnxw.com comes into play. Green Hills is a subcontractor to General Dynamics, Rockwell Collins and other major defense contractors. JTRS is also a direct customer of Green Hills,” noted Kleidermacher.
The hypervisor provides multiple virtual machines supporting multiple operating systems on a single processor. However, the operational reality is usually two operating systems. “The technology supports a three-domain system, but it’s usually two domains in the military today,” noted Robert Day, LynuxWorks vice president of marketing. Most real-time operating systems are embedded, but not all embedded systems are real time. As their name suggests, embedded systems are implanted in hardware.
Levels of Security
A case in point is the Navy’s Common Display System (CDS), part of the service’s Open Architecture Computing Environment. The Navy CDS uses the LynuxWorks LynxSecure separation kernel and hypervisor in its display console to provide an environment in which multiple operating systems running at different security levels—from Top Secret to unclassified— execute concurrently. Secure Linux “The Navy CDS is a multi-domain, ship-based console that is tactically deployed and requires multiple, The JTRS program is developing an open archiindependent levels of security,” said Robert Day, Lynuxtecture to allow multiple radio types—including Works vice president of marketing. handheld, ground-mobile, airborne and maritime—to “Safety-critical operating systems in the avionics communicate with each other and link warfighters to Chip Downing world deal with fault conditions in FAA certification. the Global Information Grid. The goal is to produce They are designed to look at errors and faults, but they chip.downing@windriver.com a family of interoperable, modular, software-defined have been physically separate and not connected. Now radios that operate as nodes in a network for secure that more connections like WiFi are being added, one has to worry wireless communication. JTRS includes integrated encryption and about not only safety but security. The convergence of safety and secuwideband networking software to create mobile ad hoc networks. rity hits our sweet spot,” he said. JTRS developments illustrate the growth of the Linux operating The CDS is a configurable, high assurance workstation that prosystem in embedded systems. “JTRS wanted to deploy secure Linux in vides users with access to multiple shipboard applications at once. radio. Green Hills won that with the Integrity 178B operating system LynxSecure supports 64-bit addressing for high-end scalability and for flight safety,” said Kleidermacher. is now undergoing National Security Agency certification evaluation. “The Integrity 178B operating system is the highest safety- and “A military customer is currently conducting a system level security-certified commercial operating system today, as it has been certification and accreditation for SABI/TSABI, as the NSA shifts its certified by the NSA-managed NIAP lab to EAL6+/High Robustness— EAL [Evaluation Assurance Level] program,” said Blevins. TSABI is the highest Common Criteria security level ever achieved for softTop Secret and Below Interoperability while SABI is Secret and Below ware—and the FAA’s highest certification for safety-critical avionics, Interoperability. DO 178b, Level A. No other operating system has achieved both of the LynuxWorks technology is POSIX-compliant. The Portable Operhighest-level safety and security certifications,” said Kleidermacher. ating System Interface (POSIX) is a set of standards specified by the Lockheed Martin is using Green Hill’s Integrity 178B RTOS and Institute of Electrical and Electronics Engineers for compatibility AdaMulti IDE (Ada programming language) to develop safety and between operating systems. security-critical software for the F-35 Joint Strike Fighter. The IntegAnother LynuxWorks embedded-RTOS product that complies with rity 178B is running in multiple airborne, Power Architecture-based the POSIX standard, the LynxOS-178 family, received FAA approval for systems. DO-178b Level A reusable software components. This allows developAs if to highlight the persistent growth of embedded RTOS, in ers to reuse the software across multiple safety-critical systems with2009 Intel Corp. acquired Wind River, a leading embedded RTOS out the need for recertification. provider. Intel’s publicly stated intention was to grow its processor and LynxSecure conforms to the Multiple Independent Levels of Secusoftware presence beyond the PC and server market into embedded rity/Safety (MILS) architecture, adhering to the data isolation, damage systems and mobile handheld devices. Wind River retained the right to limitation and information flow policies identified in MILS. Most of operate with processor-neutrality under the purview of Intel’s Software the high security functions are performed by the separation kernel. and Services Group. The partitions and information flow policies are defined by the kerWind River’s flagship embedded RTOS, VxWorks, is a key technel’s configuration. “The total source code base of LynxSecure is only nology for the X47B in the Navy’s Unmanned Combat Air System 128KB, a tiny dynamic memory footprint,” noted Blevins. Carrier Demonstration (UCAS-D) program. Northrop Grumman To build fast, small RTOS software code, the JTRS program uses chose VxWorks as the safety-critical software platform for the UCAS-D Green Hills MULTI Integrated Development Environment (IDE) tools. while GE Aviation chose VxWorks for the Common Core System, www.MIT-kmi.com
MIT 16.6 | 11
the backbone of the UCAS-D computers, networks and interfacing electronics. The X-47B demonstrated that an unmanned, tailless aircraft could operate refuel in flight. “All systems of this nature, not just the UCAS, assure that the highest priority task or thread that is ready to run in the queue will run. They are designed for interrupt-driven systems responding in deterministic real time. With this foundation, you can build complex systems on top of it,” said Chip Downing, senior director, Wind River aerospace and defense.
Interrupt Driven Interrupt-driven systems are used for scheduling efficient multitasking in real time operating systems. There are both hardware and software interrupt-driven systems, interrupt requests, handlers and masking, to assure the highest degree of reliability and predictability. While interrupts are masked, the current task has exclusive control of the CPU and is protected from any other task or interrupt from taking control. VxWorks MILS is MILS-certified and under evaluation by NSA now for EAL 6+ certification, Downing said. Wind River’s Linux Secure is Common Criteria EAL 4+ certified and FIPS 140-2 certified for secure cryptography. Intel has given Wind River the ability to expand the reach of its technology. “The Intel acquisition allowed us to go into the lowerpower embedded chip market in handheld devices. We are now putting our RTOS on more Intel chips. And as chips get more powerful, they run not just an application but an application environment—like an operating system,” said Downing. As embedded developers use virtualization to run multiple operating systems, to simplify the porting of legacy applications onto new platforms, they can get a little help from Intel’s Virtualization Technology (VT). As part of Intel’s vPro technology, Intel VT provides hardware-assist by performing some virtualization tasks in hardware to reduce the overhead and improve the performance of virtualization software. For example, switching between two operating systems is faster when memory address translation is performed in hardware rather than software. LynuxWorks is eyeing the military mobile and IT enterprise markets to expand its embedded RTOS reach. “We see the equivalent of Intel VT now going into mobile devices, such as an Advanced RISC Machine (ARM) processor with virtualization in the next generation of chips. Since smartphones, including Android phones, are already 90 percent ARM, the addition of virtualization in ARM processors will make mobile devices look more like laptops. So what remains is a matter of security. And there is a huge potential market for secure, mobile Department of Defense applications,” said Day. “The warfighters have to carry about 10 cell phones with them now, but DoD wants to equip them with one device with multiple levels of security. The problem is that the architecture for cell phones is not designed for multiple security domains, so the market has to get to the point where mobile devices have the same hardware and virtualization technology that will enable multi-domain security,” Day said. ARM is a 32-bit reduced instruction set computer (RISC) developed by ARM Holdings. It is now the most widely used processor in mobile phones and other common embedded processors. As if to gear up for the broadening embedded RTOS mobile market, Wind River recently exercised its chip-neutral diversity, adding 12 | MIT 16.6
support for a new ARM system-on-chip (SoC) on its VxWorks RTOS and Wind River Workbench development tools. The Xilinix Zynq-7000 Extensible Processing Platform combines an ARM Cortex-A9 processor based SoC with a field programmable gate array (FPGA), which is designed to be configured by the customer after manufacturing. Wind River is also working with Xilinx on Linux efforts “In the FPGA fabric, we can put extra things in the hardware in a customized chip to support Android on one core and a military communications channel in another core running VxWorks, for a nonsecure side and a secure side respectively,” said Downing. LynuxWorks is moving toward the IT enterprise with its longproven safe, and now highly secure, RTOS. “Our software now runs on Intel dual core and quad core i3, i5 and i7 chips with Intel VTX virtualization support,” said Blevins. “We can move to enterprise IT since it’s the same hardware.” However, much of the installed base in the IT enterprise does not have the same real-time, high security requirements for virtualization as safety-critical embedded RTOS. “It really is in the eye of the beholder where the line between hard and soft real time is drawn. It depends on the application requirements,” said Stephen Balacco, director, embedded software and tools practice, VDC Research Group.
Cloud Security Despite its popularity, cloud computing has received criticism for a lack of security in its virtualization. As a result, VMware, a leading DoD IT enterprise cloud provider, has boosted security in its EXSi virtualization technology with a family of products called vShield. “VMware has made great strides in the security space in the last few years with virtualization-aware security products like the vShield Edge, a virtualized firewall, and vShield App, which protects applications in the virtual data center against network-based threats,” said Rob Randell, principal security and compliance solutions architect at VMware. “VShield Endpoint provides file system protections, such as antivirus, file integrity monitoring, application whitelisting and data loss prevention.” “The enterprise data center does not generally have an embedded or real time requirement. It has historically been driven by a need to reduce costs and consolidate multiple systems onto a single piece of hardware using virtualization technology. However, due to an increase in cyber-crime, network connectivity and multi-tenancy cloud computing, we see the military IT enterprise market evolving towards a requirement for very strict security,” said Blevins. Security remains an obstacle to the growth of the military mobile RTOS market. However, early this year a much-needed boost arrived for Android security when NSA released Security Enhanced (SE) Android, which provides stricter access control policies. Since Android is based on Linux, it made sense when the NSA ported its SE Linux to Android. However, to build SE Android, developers need to download the Open Source Project source code and sync it up. “Fundamentally, you can’t retrofit a high level of security to Android or any other operating system that wasn’t designed for it. But you can retrofit at the system level by inserting software of trust underneath Android. We develop Android in a virtual machine partitioned in its own area. This could be used by a military service asking for a dual persona handheld device with two Androids. One would be used for sensitive information and situational awareness and other for the soldier’s personal quality of life,” said Kleidermacher. www.MIT-kmi.com
Real-Time Sailing
Surface ship and submarine combat systems count on realtime data distribution to assure timely target accuracy. These systems and communications interfaces are continuously upgraded and refined to keep pace with hardware improvements. To integrate technology upgrades rapidly into legacy systems, Real Time Innovations (RTI) deploys its highly flexible, standards-based software called the Connext product family. “RTI Connext is currently deployed in most naval surface combat systems. We are in the SSDS, Aegis and LCS combat systems as well as the LPD ship system network,” said Gordon Hunt, RTI chief applications engineer. The SSDS is Ship Self-Defense Systems, a Raytheon combat management system deployed on carriers and other amphibious flat tops. Aegis, now a Lockheed Martin program, is the combat system on destroyers and cruisers. The LCS is the littoral combat ship and the LPD is the landing platform dock. At the heart of the RTI Connext family is the company’s distributed networking, standards-based DataBus connecting data across systems, networks and devices, whether on embedded real-time platforms or enterprise servers. “These are infrastructure systems of scale that understand the context and the expected behavior of data. With legacy systems, the management of data is built into the application. When you bring new capability to the table, our infrastructure makes sense of, describes and manages data behaviors as part of the infrastructure on the bus and it is all standards-based,” said Hunt. “The binary protocols are rigorously defined as open but are as efficient as proprietary binary protocols.”
“Integrity creates memory and time partitions with memory areas exclusively owned by each application and guaranteed resource availability. In addition, the encryption component always gets what it needs so there is no risk of leaking information. However, not every RTOS does partitioning. The microprocessor must have an MMU to do partitioning, and we have found that the military is most interested in the MMU, he said. “We are also looking at how to use off-the-shelf mobile devices that we tailor to military missions.” MMU is a memory management unit, a hardware component that is responsible for managing access to memory requested by the CPU. Clearly, there is much work underway to render Android militarygrade secure. “There needs to be expert testing of the Android security implementation on the target device. Of course, some testing can be done manually. However, using industry-leading automated test tools such as Wind River Framework for Automated Software Test for Android can deliver significant gains in test efficiency,” said Chris www.MIT-kmi.com
Connext DDS is a distributed real-time bus with an application programming interface that complies with the Object Management Group’s Data Distribution Service (DDS) specification. The high performance product also provides quality of service support for both real-time and enterprise systems. Connext Integrator is a flexible infrastructure for building integration with real-time performance across diverse protocols and legacy applications. “These are peer-to-peer systems with no server or central hub. We leverage every bit of hardware capability we have. Before we send the data, we are aware of what is important to the receiver. It’s about understanding data and its behavior relevant to an application’s use,” said Hunt. The Integrator provides support for various standards, including Java Messaging Service, SQL databases and others. The database service integration includes Oracle, MySQL and other relational databases. There are also tools for visualizing, debugging and managing systems in real time, protocol conversion and an adapter software development kit. In addition, Connext Integrator offers data transformation, content-based routing as well as bridging between local and wide area networks, unsecured and secured networks, and IPv4 and IPv6. The Integrator provides bidirectional integration between a relational database, Connext DDS or another RTI product called Connext Messaging, which is messaging middleware with tools and scalability extensions for developing applications that leverage embedded and enterprise design.
Buerger, a Wind River-employed technology blogger on the company’s website. As embedded, secure RTOS-based mobile devices—such as the Green Hills’ JTRS tactical radios—populate the edge of the cloud, they will continue to pull the cloud out until they have created an embedded cloud. That is already a term in use for a highly reliable, lightweight computing structure with web services and applications dedicated to serving embedded RTOS. “We’re starting to see embedded RTOS mobile devices connected to the cloud on the edge of networks. Because of the types of devices— smartphones, controllers and sensors with small compact RTOS and iPads—we see them going through the cloud back to enterprise systems. And that will take the forefront,” said Balacco. O For more information, contact MIT Editor Harrison Donnelly at harrisond@kmimediagroup.com or search our online archives for related stories at www.mit-kmi.com.
MIT 16.6 | 13
DATA BYTES Tactical System Offers Video Collaboration From Anywhere With Cisco TelePresence VX Tactical, high-definition video collaboration is possible from anywhere. This rugged and lightweight mobile telepresence product features Cisco’s superior codec technology in a portable, briefcase-style form factor. Specifically designed for remote field locations, the VX Tactical is ideal for use by military, emergency response and other field-based industries. It is water, sand, impact, chemical and corrosion resistant to provide portability, durability and functionality, and its 17.5-inch screen is optimized for use in full sunlight. It offers easy provisioning and self-configuration with Cisco Unified Communications Manager, Cisco TelePresence Video Communications Server, or Cisco Callway, as well as the ability to connect secondary microphone, camera and display to create a conference room environment in the field.
Roaming Feature Enhances High-Throughput Radio
ITT Exelis has upgraded its handheld SpearNet radio with enhancements that further extend its capabilities. SpearNet is a high-throughput radio that provides large amounts of voice, data and video communications over a self-forming and self-healing ad hoc network. The first enhancement allows the radio to move around the battlefield in a cellular-like fashion while maintaining communications without reconfiguration or dropped calls. Well-known for its ability to move large amounts of data, Exelis also improved on this already strong SpearNet capability in the second enhancement by greatly increasing its data transfer rate. When compared to fielded dismounted
14 | MIT 16.6
technology, SpearNet—using wideband direct sequence spread spectrum—provides users with two to eight times the amount of voice, data and video that can be moved from the dismounted soldier to the commander. This is more throughput than any other military radio used by dismounted forces today. The new roaming feature will enhance the capabilities of this radio that has already been battle-proven in Afghanistan. It will now be able to perform in a cellular manner for mobility and data rates, but still retains required military characteristics such as resistance to jamming, encryption, and the absence of a single point of failure for the network.
NETCENTS-2 Contracts Awarded to 12 Small Businesses The Air Force’s Network Centric Solutions-2 (NETCENTS-2) team has awarded its application services small business companion contract. This is the first of two application services contracts that will be available for use by the Air Force (the other is a full and open competition still in source selection). The contracts have an aggregate ceiling of $960 million with a three-year base ordering period and four 12-month options, and are expected to be available for ordering in August. The multiple award indefinite delivery/indefinite quantity contracts were awarded to 12 small businesses: ActioNet; Array Information Technology; Datum Software; Digital Management; Diligent Consulting; Diversified Technical Services; DSD Laboratories; Exeter Government Services; Excellus Solutions; IndraSoft; Segue Technologies; and SI Systems Technologies. The NETCENTS-2 application services acquisition provides a vehicle for customers to access a wide range of services such as sustainment, migration, integration, training, help desk support, testing and operational support. Other services include, but are not limited to, exposing data from authoritative data sources to support web-services or service oriented architecture constructs in Air Force enterprise environments. www.MIT-kmi.com
Compiled by KMI Media Group staff
Software Engineering Program Caters to Military Students After conducting some market research, the master of software engineering (MSE) program at Kansas State University has reorganized its curriculum to provide students with more specialized fields and companies with more skilled software engineers. The reorganization divides the program into distinct sequences and broadens students’ options for specializing in specific areas of software engineering, such as bioinformatics, data mining, web-based systems and computer security, among others. Scott DeLoach, professor of computing and information sciences and head of the MSE program, and other MSE program leaders contacted numerous software engineering companies to determine which specialized skills they seek
most in potential employees. They then based the program’s new structure on the skills most desired by those companies. The content for each sequence existed previously, but the structure was confusing for some students. Now, the program’s formalized organization makes it easy for students to plan their course schedules, particularly for students taking classes online. Although the program does contain some on-campus students, the majority of those enrolled are off-campus students who take courses online through K-State’s Division of Continuing Education. The online MSE program’s flexibility caters especially to students in the military, even those on active duty, and some students have taken it while serving in Iraq or Afghanistan.
Encryptor Secures Data on Stolen or Lost Hard Drives The National Security Agency has certified General Dynamics C4 Systems’ new ProtecD@R PC encryptor, which secures data, imagery, video and other information stored on computer hard drives, to protect information classified at the Secret level and below. The new Suite B encryptor prevents unauthorized access to classified information if a computer is lost, stolen, or susceptible to insider threat. About the size of an external hard drive, the ProtecD@R PC encryptor connects to a computer using an industry standard interface. Once connected, the encryptor automatically secures the data as it moves between the computer’s processor and the hard drive, leaving the stored information encrypted and secure without reducing the computer’s processing speed. The ProtecD@R PC encryptor is designated by NSA as a cryptographic high value product, non-controlled cryptographic item. That enables relaxed handling and accounting of the device and makes it ideal for use in environments where there is a high risk of equipment loss.
Tests Back Pod-Based Airborne Communications System
A series of test flights in May have demonstrated the transmission of imagery, video, voice and digital messages using a pod-based airborne communications system. The Northrop Grumman-developed SmartNode Pod is based on the Battlefield Airborne Communications Node technology that allows real-time information to be exchanged among many different military and commercial radios and relays full-motion video. Northrop Grumman’s Firebird aircraft flew the pod during the demonstration effort at Mojave, Calif. Firebird is an optionally piloted aircraft that operates multiple ISR payloads simultaneously. The SmartNode Pod flight tests demonstrated how encrypted digital data and voice connectivity are provided directly to mobile ground units and command centers. It provides critical range extension and gateway capability in a form factor controlled by the lowest level commanders. The SmartNode Pod is designed for use on a variety of aircraft needed to support the Joint Aerial Layer Network, a high-capacity communications network management system planned by the Department of Defense.
New Satellite Platform Offers Broadband Infrastructure The Intelsat Epic satellite platform, a new series of satellites based upon a high performance, open architecture design, will be deployed for wireless and fixed telecommunications, enterprise, mobility, video and government applications requiring broadband infrastructure across the major continents. The Intelsat Epic platform is an innovative approach to satellite and network architecture utilizing multiple frequency bands, wide beams, spot beams and frequency reuse technology. A complementary overlay, Intelsat Epic will be fully integrated with Intelsat’s existing satellite fleet and global IntelsatONE terrestrial network. www.MIT-kmi.com
Combining Intelsat’s spectral rights in the C-, Ku- and Ka-bands with the technical advantages of high throughput technology, the Intelsat Epic platform will be fully open architecture. Intelsat’s customers will be able to use existing hardware and network topologies, and in many cases, define their own service characteristics, enabling them to offer customized solutions to their end users. Benefits include higher performance and lower cost per-bit, wide beams and spot beams to provide the benefits of broadcast and high throughput, and multi-band frequencies aligned to region- and application-specific requirements. MIT 16.6 | 15
Electronics Commander
Q& A
Integrating Life-Cycle Management of C4ISR Systems
Major General Robert S. Ferrell Commanding General Army Communications-Electronics Command Major General Robert S. Ferrell serves as commanding general, Communications-Electronics Command (CECOM). As commander, he leads a worldwide organization of over 11,000 military and civilian personnel responsible for coordinating, integrating and synchronizing the entire life-cycle management of the C4ISR systems for all of the Army’s battlefield mission areas—maneuver control, fire support, air defense, intelligence, combat services support, tactical radios, satellite communications, and the warfighter information network. Prior to assuming command, Ferrell served as director, command and control, communications and computer systems (J6) and chief information officer, U.S. Africa Command, Stuttgart, Germany. A native of Anniston, Ala., Ferrell enlisted in the Army and attained the rank of sergeant. He completed his undergraduate degree at Hampton University and was commissioned in 1983 as an Army Signal Corps officer. He holds a Master of Science degree in administration from Central Michigan University and a Master of Science degree in strategy from the Army War College. Ferrell has served in Army units in the United States, Korea and Europe, and has deployed to Bosnia and Iraq. In addition to the traditional company and field grade level assignments, he has also served as the aide-de-camp to the secretary of the Army; assistant division signal officer, 82nd Airborne Division; battalion executive officer, 82nd Signal Battalion; brigade S3, 7th Signal Brigade, 5th Signal Command; aide-de-camp to the commanding general, V Corps, U.S. Army Europe and Seventh Army; commander, 13th Signal Battalion, 1st Cavalry Division; military assistant to the executive secretary, Office of the Secretary of Defense; and military assistant to the director, Program Management Office at the Coalition Provisional Authority in Baghdad, Iraq. Ferrell commanded the 2d Signal Brigade, 5th Signal Command; served as chief, Programs Division in the Office of the Congressional Legislative Liaison; senior Army fellow on the Council on Foreign Relations; and director, Army modernization, strategic communication, in Arlington, Va. Ferrell was interviewed by MIT Editor Harrison Donnelly. Q: CECOM has shifted its home and responsibilities in recent years. How would you describe its mission today? A: Since I took command this past February, I’ve made it a priority to define, articulate and plan the way ahead for CECOM and its 16 | MIT 16.6
role in the Army of 2020. The Army is in transition. The operational Army has undergone its most significant change in a generation. So, CECOM is preparing for the challenges that lie ahead by revising our command vision and mission. Our new CECOM vision is to be the life cycle provider of choice for supporting joint war fighting superiority through world-class globally networked C4ISR systems. In the current joint, interagency, intergovernmental and multinational environment, we realize that our customers, which include all branches of U.S. armed forces, joint and coalition partners, have a plethora of choices … and we want them to choose CECOM. To reach that end-state, we have also revised our mission statement to align the focus of the command to support warfighters’ needs today and tomorrow. CECOM’s mission is to develop, provide, integrate and sustain the logistics and readiness of C4ISR systems and mission command capabilities for joint, interagency and multinational forces worldwide. Simply put, we provide hardware, software and technical services and capabilities, including embedded field support, to ensure the readiness and support of communications and electronic systems to meet the warfighter’s needs. Our key operating entities supporting that vision and mission are Tobyhanna Army Depot, Pa.; the Software Engineering Center [SEC] at Aberdeen Proving Ground, Md.; the Logistics and Readiness Center [LRC] at Aberdeen Proving Ground; the Information Systems Engineering Center at Fort Huachuca, Ariz.; and the www.MIT-kmi.com
Central Technical Support Facility [CTSF] at Fort Hood, Texas. With these elements working collaboratively, CECOM serves as a one-stop shop providing unique capabilities in software applications, electronics maintenance, sustainment, manufacturing and repair. Q: What goals are you working toward? A: We have developed five strategic goals. First, we are going to identify a single manager of common, joint tactical C4ISR systems. Second, we must provide a responsive industrial base capability to enable that decisive combat edge across a wide spectrum of operations. CECOM has become even more involved in rapid response in software engineering by responding to and creating real-time software solutions to the field. So, ultimately our goal is to develop the next generation of software support and streamline our delivery of field support as we continue our goal to build our strategic partners and relationships. We cannot achieve success on our own. And to reach those goals, we have what I call General Robert S. Ferrell got a first-hand view of a new satellite-based technology during a recent visit to Network a set of “must do” requirements. We must first Major Integration Evaluation 12.2. [Photo courtesy of Army CECOM] and foremost provide continuous top-quality the modernization of our networks before the acquisition process support to the warfighters and our customers. We must enable the begins. This helps lessen the in-the-field integration burden on network from the strategic level to the tactical edge, down to the our operational units, by providing relevant operational environcompany command post. We must acquire and develop the future ments in which to evaluate new technologies and capabilities that workforce. By that I mean we must develop and fully utilize our make up the capability packages and sets prior to fielding the new human capital potential. Our strength and agility comes from the systems to the operational units. synergy of the intellectual capital throughout CECOM and our partCECOM provides a variety of efforts to help ensure successful ner PEOs, contracting center, and R&D center that will bring about execution for NIE. Our principal effort is to provide sustainment game-changing, innovative solutions. We must define and execute support for the equipment utilized by the evaluation brigade. our core mission, an effort we have recently undertaken. We must The LRC and SEC provide field support and technical personnel also divest ourselves of legacy systems that the Army no longer to ensure the sustainment of legacy systems that are indoctrineeds and focus our efforts on sustaining the critical systems our nated into our inventory, maintenance support and software Army needs as resources decline. And finally, we must execute more services, including early integration of systems, upgrades and efficiently across the command. I want us to routinely do routine configurations, and training support. We also provide technithings in an outstanding manner. We will eliminate our organizacal support in the form of safety assessments, system integrational stovepipes and lean forward together to develop new solutions tion support, and Army interoperability accreditation through for our business practices in this constrained fiscal environment. Army Materiel Command and CTSF, the Army’s interoperability certification agent. Q: What role is CECOM playing in developing and implementing CECOM is a necessary and vital part of support to the NIE as the Army’s Network Integration Evaluation (NIE)/Agile software the Army explores new innovative industry technologies for potendevelopment strategy, and how will its results be integrated into tial deployment by our soldiers. While acquiring and integrating acquisition decisions? these new systems is essential, it is just as vital to consider what it will take to sustain and maintain these systems once fielded. I feel A: I see a huge role in the NIE process for CECOM. The NIE is a strongly that CECOM’s engagement throughout the process helps process the Army has committed to for bringing the operational to inform decision-makers on the implication of new technolotest, acquisition and requirements communities together to syngies on field support and sustainment prior to making acquisition chronize, streamline, evaluate and provide feedback on allowing for decisions, and to shape the sustainment strategies once a decision more useable test data and direct user feedback for the acquisition to acquire has been made. If we have the discussion during the and requirements communities. We are looking at new, off-thedevelopment state, CECOM can best position itself to respond to shelf, emerging technology in the C4ISR arena, placing it in the the needs of future soldiers. Agile process, and providing feedback to ensure that we get the right products in the system for our soldiers. The key to the process is Q: What are some of the key activities and accomplishments of that it gives industry a chance to have their products evaluated by your command in supporting overseas operations? the Army and to assess whether the technology may contribute to www.MIT-kmi.com
MIT 16.6 | 17
A: I’d like to look at the supporting commands within CECOM to highlight some of our accomplishments, beginning with the CTSF, which started with the Coalition Interoperability Assessment and Validation lab. Their efforts helped to set new standards to enable Army systems to interoperate and share information with our coalition, interagency and joint partners. The lab continues to add several NATO member nation connections. As we speak, we are looking at that network at Fort Hood, evaluating how we integrate our partners into this environment. It looks for communications interoperability solutions. The CTSF has also certified all networking systems that were deployed in support of Iraq and Afghanistan missions over the past decade, and provides configuration control of automated systems used in theater. The SEC has provided direct support worldwide to soldiers for 35 major exercises, 430 training events, and supported nearly 300 units going through their ARFORGEN cycle in preparation for deployment. SEC deploys field service representatives forward with soldiers and systems, to provide direct, intermediate software support, and ensure systems and mission success for units across Southwest Asia. SEC field support is embedded in deployed units and averages 232 personnel on the ground in harm’s way each day. They also developed and distributed 380 software licenses worldwide, on or ahead of schedule, to provide more than 10,700 new or upgraded capabilities to the field. Out of 380 software releases, 171 were direct fieldings for 25 programs of record, encompassing more than 25,000 individual systems deployed in theater. Among these were 56 critical force protection system releases directly supporting ongoing combat and contingency operations and helping maintain soldiers’ safety. They also distributed 351,230 software products to fielded systems, and responded to 94,856 help desk or call center work order requests. That’s the level of service we provide to our customers, and the sole reason we continue to aim to be the provider of choice for C4ISR systems services. We are there with our customers to help them train, utilize and troubleshoot these systems to ensure readiness and soldiers’ ability to execute the mission on these systems when needed. Their accomplishments continue. They have also ensured responsive, reactive reprogramming for the critical force protection systems protecting warfighters by deployment overseas of the only organic U.S. government capabilities to reprogram the radar signal detection set operational flight program; the user data model for a common missile warning system; and the ability to respond immediately to new emerging threats to aviators worldwide. In addition, systems developed in support of security operations have proven to be incredibly versatile in meeting other needs of the nation. For example, the Joint, Unified Multi-Capable Protection System [JUMPS] for monitoring maritime traffic is now being considered for a possible railroad security solution with the Department of Transportation. Recently, JUMPS was adapted to respond to an oil spill at a refinery in New Jersey. The SEC repositioned a JUMPS remote sensor node from monitoring Delaware River traffic to monitor an emergency containment area holding some approximately 157,000 barrels, or 6.6 million gallons of spilled oil. The JUMPS remote sensor nodes, GPS, weather, automated identification systems and cameras are powered by a windmill and solar panels. This allows for safe positioning close to the containment areas, providing effective monitoring and showing its versatility to respond to various scenarios. So as you can see, the work SEC does not only aids in our 18 | MIT 16.6
military operations, but also has domestic emergency response and homeland security applications as well. Q: What role are the LRC and Tobyhanna Army Depot playing? A: The LRC quickly engaged and took the lead as the C4ISR managerial enterprise for all CECOM product lines in executing responsible drawdown and reset overseas from Iraq and Afghanistan. The LRC provided more than 1,200 field service representatives and 33 locations throughout Southwest Asia, and 74 locations worldwide. These field service representatives are a strategic multiplier for CECOM through their technical assistance operations and repair support to combat forces. In fiscal year 2011, the LRC processed and returned more than 2,064 rolling stock, 40,000 non-rolling stock and 90,934 repairable parts from Southwest Asia to a source of repair in CONUS. To date in FY12, the center has processed more than 2,021 rolling stock, 31,241 non-rolling stock and 53,905 repairable parts. CECOM LRC also serves as a strategic element in providing C4ISR combat capabilities to our coalition partners, to the tune of $857 million in foreign military sales. In addition, they have conducted 341 reset missions in FY11, by resetting 33 BCTs and 62,224 pieces of equipment. Tobyhanna Army Depot executes CECOM’s primary maintenance and depot repair mission. Last September, they reached a milestone of $1 billion in new work orders. The depot finished FY11 with $1.36 billion in new orders, and began the new fiscal year with $600 million in work orders. A new mission for Tobyhanna began in April, with the arrival of the advanced GPS receivers. Technicians have begun to test and upgrade more than 1,000 Defense Advanced Global Positioning Receivers [DAGRs]. Technicians test and inspect the DAGRs, and then upgrade the software. The secure handheld receivers give soldiers very precise GPS position information at military standard accuracy. This pilot program could lead to supporting more than 300,000 of the systems. In addition, they received a Pennsylvania technology award in 2012 for best application of technology, topping 56 competitors in the category for their innovative use of modeling, simulation and mapping technology to transform an available depot mountain ridge into a web of radar test sites. The depot has won seven Shingo medallions, including one gold, two silver, and four bronze. This month, the depot won the Shingo silver medallion for the entire communications systems division. That’s a big deal, because the Shingo awards reflect the efficiency, readiness and excellence that the workforce provides. In FY10, the depot received the Army Chief of Staff’s Combined Logistics Excellence Award, in the depot category for superior performance of duty. They have truly been doing yeoman’s work, providing not just the Army but all of the services with depot management support. Q: According to reports, CECOM networks were hacked this spring. Is that true, and can you talk about your overall response strategy? A: CECOM servers were not hacked. The server in question belonged to a company that used it to store information for competing for a government contract several years ago. The server contained references to CECOM and Fort Monmouth, but the www.MIT-kmi.com
data was old and no longer relevant. Once alerted to the incident, the command quickly implemented its incidence response plan, notifying 7th Signal Command, which serves our network here in CONUS. The command was able to determine that none of our servers had been compromised. As we look at cyber, our first line of defense is 7th Signal Command, which is part of Army Network Command. Our G-6 office works very closely with them in the areas of information assurance and how we’re protecting our network on a daily basis—looking at all of the security boundaries and making sure that if we get any indicators of an attack, we respond automatically to the first line of defense. Q: What initiatives do you have underway to improve contracting and business processes at CECOM? A: We have several initiatives ongoing in the small business area of contracting, and among the most important—our outreach efforts. The Small Business Office is conducting training for small businesses on how to do business with CECOM, where our experts offer advice to businesses on their presentations to program managers. We have found that in the past, information on how to engage and work with our partners was lacking in small companies in industry. As we look at declining dollars and resources, we’re reviewing our internal processes and searching for potential improvements to streamline the contracting process to ensure increased responsiveness as we work with industry partners.
We hope this effort makes it simpler for contractors to respond and for us to award contracts faster. We are also looking at better business practices, including the justification and approval process and market research activities as well as finding ways to track our command’s efficiencies. Another outreach effort is our annual advance planning briefing for industry and small business conference, a venue here at the C4ISR Center of Excellence where we share future program information with industry and small businesses in an effort to facilitate their planning for our needs when they arise. We’re also educating businesses on how to work together to more efficiently identify the requirements the government needs. In another initiative, the SEC’s Army Contracting Business Intelligence System [ACBIS] is an integral and primary business intelligence process for data queries and statistical metrics analysis for all Army contracting data. The ACBIS provides rapid and accurate contracting information by analyzing data in minutes for anything from routine data calls in support of day to day operations to more complex congressional inquiries that would normally take weeks to answer. The SEC was recently recognized for efforts in developing and serving the ACBIS by the DoD e-Business Team Excellence Award. So we’re looking at how to turn information quickly and make sure that the analytical data required is provided on a rapid basis. Q: CECOM is part of the six-organization Army C4ISR Materiel Enterprise. How does that work to ensure coordinated policies?
ARI ZONA . N E W M E X ICO
PEN N SY L VA N I A . M A R Y L A N D
SHAREPOINT • ITIL • CYBER SECURITY • NETWORK OPS • DATA CENTER OPTIMIZATION • MANAGED SERVICES The Navajo Code Talkers of WWII proved communication solutions to be mission critical. Nearly 70 years later, the storied tradition of Navajos providing mission critical solutions to our warfighters lives on through NOVA Corporation, a Navajo Nation Tribally-Owned 8(a) Small Disadvantaged Business. From CENTRIXS ISAF support to DISA DECC and TECC support, NOVA plays just as important a role as our predecessors did many years ago.
Join NOVA at the DISA Mission Partner Conference May 7-10 in Tampa, FL Visit Booth #429 For more information: visit www.nova-dine.com or contact Chris Pereschuk at 717.262.9725 or via email at Chris.Pereschuk@nova-dine.com
www.MIT-kmi.com
• GSA 8(a) STARS II PRIME: GS-06F-1098Z • EXCELLENT CPARS RATINGS • CONUS & OCONUS PAST PERFORMANCE • FINANCIALLY SOLVENT COMPANY • SOLID PRIME CONTRACT EXPERIENCE
Scan to visit our website
www.nova-dine.com
MIT 16.6 | 19
A: I have been blessed with the opportunity to command CECOM and have the privilege to oversee, from a senior leadership perspective, the installation here at APG. I have the opportunity to work with a great team consisting of three program executive offices, the R&D command, and the contracting command to enable the development, acquisition and sustainment of critical C4ISR capabilities. I see myself as enabling, facilitating and communicating—not controlling—the C4ISR activities to both Army and external audiences. This C4ISR team and community were recently relocated to APG from Fort Monmouth, N.J. By the way, I grew up at Fort Monmouth, and my dad worked at CECOM. So I had a chance to see how it worked early in the process. Here at APG we find ourselves in a tight-knit community contained within a dozen facilities, all within walking distance of each other. Not only does this make it easier for C4ISR to collaborate, but this relocation also brought us closer to the testing and acquisition community with which we also now collaborate. Team C4ISR includes six leaders: Mr. Doug Wiltsie, from the Program Executive Office for Enterprise Information Systems at Fort Belvoir, Va.; Mr. Stephen Kreider, acting PEO for Information, Electronic Warfare and Systems; Major General N. Lee S. Price, PEO for command, control, communications-tactical; Mr. Brian Young, who is responsible for the Army Contracting Command functions at APG; Ms. Jill Smith, director of the Army Communications-Electronics Research, Development and Engineering Command; and me, the commander of CECOM. With the advent of the Army’s Agile acquisition process supported by the NIE activities, we have added a seventh member of the team; Brigadier General Dan Hughes, director of ASA[ALT]’s System of System Integration office, who has responsibility for integration of the systems employed at NIE. General Hughes and his team are also collocated with us within the C4ISR campus. The partnership between AMC and ASA[ALT] has allowed us to combine all of those C4ISR portfolios under one umbrella at one location, to facilitate the coordination of multiple layers of C4ISR support to include the targeting aspect, denying spectrum to the enemy, knowing the enemy, enabling net-centric command
Forward thinking. World ready.
and control operations, and protecting the force. We are trying to bring that all together so we can see, hear, disrupt, deny, communicate, protect our force and survive on today’s and tomorrow’s battlefield. Bringing that from Fort Monmouth where it was dispersed to this location has provided incredible synergy. Q: Is there anything else you would like to add? A: As the United States winds down current operations in Afghanistan, our chief, General Odierno, has said in several forums that we’re going to be in a resource-constrained environment. The Army is going to be reduced in size as we pull out of Afghanistan. As we plan for a smaller, more agile and flexible force, we will continue to depend on and expect a reliable, considerable, deployable and secure network to enable the Army’s future mission in a joint, interagency, intergovernmental and multi-national environment. It will take the entire team at APG, to include the R&D, acquisition, contracting, sustainment and test communities, to deliver the emerging technology that we need to integrate to provide the smaller, more capable Army of the future. When you look at our IT environment, the Army and our joint partners will rely on the network that will enable DoD’s mission to meet the expectations of our military and commanders. Every facet of our expeditionary Army’s operations, from home station to the tactical edge, will depend on network connectivity—its functionality, reliability, agility and security. There are some key challenges that must be addressed in order to achieve our desired future IT environment. They include the areas of enhancing joint and coalition interoperability; quickly adapting emerging IT capabilities developed by the commercial marketplace; and reducing the costs of data centers, application development and sustainment. That’s what I see from the CECOM side of the house. In addition, we also need to enable our U.S. military installations to serve as docking stations by modernizing our network across posts, camps and stations. The final challenge we need to address in order to meet our desired future IT environment is to reduce the risk of cyber-threats by ensuring that our networks remain secure. O
Accepts DANTES and CLEP Exams Easy Transferability of Credits Ranked a National Best Buy Recognized for Excellence by the Sloan-C Foundation Partnered with GoArmyEd Troops to Teachers Fully Accredited Yellow Ribbon LOI Institution MyCAA
NOBODY DOES “MILITARY-FRIENDLY” BETTER THAN FHSU. www.fhsu.edu/virtualcollege • 785.628.4291
OVER 34 ONLINE DEGREE PROGRAMS AVAILABLE Apply Online Now • Financial Aid Available 20 | MIT 16.6
www.MIT-kmi.com
Software Center Fights Cyber-Threats Army CECOM Software Engineering Center specializes in
information assurance engineering and certification and accreditation. After more than a decade of conflict, the nature of war in the information age has evolved. No longer does the Army solely rely on fighting battles with the “Big Five” equipment systems (M1 Abrams tank, Bradley fighting vehicle, Apache and Black Hawk helicopters, and Patriot air defense missile systems). The Army is focusing efforts on its capabilities to do battle in cyberspace, the new “front line” of the battle, as Colonel Kirk Johnson, military deputy director for the Army Communications-Electronics Command’s Software Engineering Center (CECOM SEC) described it. Servicing Army and Department of Defense agencies, CECOM SEC specializes in information assurance (IA) engineering and certification and accreditation (C&A), and provides independent software quality assessments in addition to some software and software safety engineering services. Since the White House announced the national defense strategy plan in January, “President Barack Obama has identified www.MIT-kmi.com
cybersecurity as one of the most serious economic and national security challenges we face as a nation today,” as explained in the Comprehensive National Cybersecurity Initiative, which was originally launched by President George W. Bush in 2008. In response to the national focus on defending against these heightened cyberthreats, the CECOM SEC at Aberdeen Proving Ground, Md., has adjusted professional training opportunities for its workforce to derive new and innovative procedures to combat our enemies in the cyber-domain, said Johnson. CECOM SEC is part of the burgeoning nexus of cyber- and homeland security activity going on in the Interstate 95 corridor in Maryland. This includes Army Cyber Command, located at Fort Meade, CECOM, and the Army Test and Evaluation Commands. The decision to make the nation’s military leaner is not an indication of decreased security efforts, but rather an effort to “look ahead to the force that we are going to need
By Andricka Thomas
in the future,” Obama said in the defense strategy review made public in January. Although its military will be leaner, the United States will maintain its military superiority by being agile, flexible and ready for the full range of contingencies and threats, Obama explained. Part of that agility will include response and defense against cyber-threats on the Army’s network, said Johnson. During the war, CECOM and the Army’s C4ISR Materiel Enterprise have played an integral role in supporting the Afghan Mission Network, enabling U.S. and coalition forces to share theater-related information and operational guidance, information and intelligence on a common network, creating an environment of information sharing and increased collaboration capabilities, said Johnson. Since the start of the conflicts in Iraq and Afghanistan, information warfare and C4ISR technologies such as IED jammers and unmanned ground and aerial vehicles have served as yet another line of defense putting distance between the soldier on MIT 16.6 | 21
the ground and evolving threats, Johnson explained. This new cyber-environment calls for adjustments in the nation’s defense strategies, to include making defense against cyber-attacks a higher priority—so much so, as Johnson noted, that new career fields sprung up across the military and universities around the country. Information assurance and cyber-defense engineering positions are among these new fields expected to be at the forefront of the nation’s new defense strategies.
Software Assurance A little more than 10 years ago, CECOM SEC formed the Software Assurance Division as the new focal point of C&A IA services provided to SEC’s customers. Today, SEC’s software assurance capability has grown to be one of the leading DoD IA and C&A service providers, holding more than 20 functional support agreements with program executive offices, program managers and product managers to provide IA engineering and C&A services, according to Frank Mayer, deputy director for the Software Support Services Directorate with CECOM SEC. SEC accredits hundreds of system versions each year. “The threat has grown to be world-class and bold,” said Mayer. “Our adversaries, both nation state and non-nation state, have the means, motivation and opportunity to attack us vigorously,” said Mayer. “SEC is focusing more on software assurance and building security in, rather than overly relying on reactive compliance to meet the challenge.” To be the best-value option, the center has positioned itself for operations within what Johnson calls “the new battlespace”— the cyber-realm. SEC personnel are ready and trained to combat the malicious minds of our nation’s adversaries. “We deliver results,” said Johnson. The SEC, which relocated to Maryland as part of the 2005 BRAC process, has had an influx of younger personnel joining the workforce. “We’re grooming a new generation of engineers with advanced skills who possess software and mission assurance mindsets in order to meet today’s challenges and to provide our soldiers the systems they deserve so they can survive in the cyber battlespace,” said Mayer. 22 | MIT 16.6
These personnel hold specialized degrees and certifications in disciplines that didn’t exist in industry or as fields of study at the university level even just 10-15 years ago, Johnson explained. “We have an optimal mix of experience and innovation on our team, which has helped us think outside the box as we work to defend the network,” said Johnson. The SEC team is staffed with experts in a variety of realms, including Windows, Linux and Apple computing environments, who hold certifications as Certified Information Systems Security Professionals (CISSP), while meeting DoD baseline requirements by having Comp TIA distinction. One team member, Brian Drummond, chief of the Information Assurance Branch of the SEC, is CISSP certified, giving him global recognized distinctions for his expertise in the information security realm, just as many of SEC’s information technology and software assurance professionals are so credentialed. “By being fully certified in-house, SEC can offer a well-rounded team of experts who are capable and ready to validate any operating system to accomplish the certification and accreditation process that DoD requires,” said Mayer. In addition to increased training opportunities within the center, SEC employs some best business practices learned as a result of defending the network against attacks in this new information warfare age, according to Johnson. “Our goal is to be fast, accurate, costeffective and easy to do business with, while providing services and staying true to our values of dedication, integrity, loyalty and respect,” said Johnson. The SEC looks at the Army’s existing applications and assesses its vulnerabilities to improve its security. “We’ve learned to think proactively in a cybersecurity realm that is rapidly changing and evolving,” said Drummond. Part of that security lies in SEC’s “bakedin security” approach to assist Army developers and maintainers in securing their systems from the technology’s inception, as opposed to a reactive response.
Network Modernization The Army operates within six computing operating environments: real-time safety critical systems; sensors; mobile handheld for the dismounted soldier; mounted
systems; command posts; and cloud-based data center technologies, all of which require SEC’s services in some form. “There is nothing that affects our Army more than software; it’s pervasive and ubiquitous,” said Johnson. “If you take a look at picture of any soldier, in any venue, doing anything, I challenge you to identify an element that isn’t impacted, in some way, by software.” “The uniform I’m wearing was designed digitally, on a computer that is run by software; the boots I’m wearing were measured and sized digitally with software,” he continued. “The tanks soldiers drive, manned and unmanned ground and aerial vehicles, and even the meals our soldiers eat, are all planned, managed or operated using software,” he said. SEC leadership realizes the sensitive nature of its specialized business services. Johnson refers to the Army as being a network-centric software-dependent Army. Johnson said SEC’s efforts are driven by a philosophy that software is an important aspect of military power. “If we don’t do our job in IA, and be the best at what we do, then the consequences will be felt Armywide,” said Johnson. “Technology is a force multiplier.” SEC’s IA engineers are working in all aspects of network modernization, from supporting current network development efforts for short-term improvements to work with advanced Defense Advanced Research Projects Agency to tackle network problems that don’t yet exist, but will exist in the fully networked battlefield, according to Mayer. “With the support of Army and DoD policymakers to help restructure our IA methodologies to cope with changing threats, information gathered can become more actionable,” said Mayer. “We not only need to be able to efficiently and effectively take action in real time to handle situations as they arise, we also need advanced techniques to discover and remove defective software and software components from our systems.” Mayer pointed to SEC’s most recent technology development effort with the Natick Soldier Research, Development and Engineering Center, the Wireless Personal Area Network, which will allow soldiers to wear their system components in addition to smartphone technology. “Through our support to Army Natick Soldier Research, Development and Engineering Center, we are helping to bake www.MIT-kmi.com
security into the technology that will ultimately be incorporated into the mobile handheld computing environment,” Mayer said as one example of pre-emptive IA support. Another example is the SEC’s support to the discovery, virtualization and IA of the Army’s network consolidation effort. SEC personnel provides IA engineering to improve the security of systems such as cloud computing, and the three layers of service including software, platforms and infrastructure. SEC has addressed the software application security layer with a multi-layer approach to ultimately reduce the system’s overall life cycle cost and security operations risk reduction. In its early phases, SEC provided discovery services and IA engineering input for Army Data Center Consolidation Plan (ADCCP). The ADCCP mission is to provide enterprise hosting as a managed service, improve the security of Army information assets, and consolidate the Army’s data center inventory by 75 percent, while meeting green IT initiatives and achieving Army efficiencies, explained Mayer.
Baked-in Security SEC faces cyber-threats that are growing more elaborate every day, said Drummond. As a result, the center has made it a priority to build in security for all programs it supports throughout the Army to achieve a strong security posture, explained Drummond. Before this shift in approach, SEC and others used the denial of service (DoS) attack defense strategy, which enabled a failsafe instruction code feature that essentially shut down computers in response to a cyberattack as a defense measure. This DoS vector feature had potential to slow productivity and later became a hindrance, Drummond explained. Now, with SEC’s “baked-in” approach, SEC security codes instruct the computer to adjust security levels with minimal impact on productivity, rather than instituting a system shutdown. SEC instituted a Software Assurance Capability Enterprise that takes tools developed by the Army CommunicationsElectronics Research, Development and Engineering Center’s Space and Terrestrial Communications Directorate, and then transitions them into a set of tools and processes that will help system owners and www.MIT-kmi.com
project managers build security in at the technology’s inception. “One of the biggest issues we’re working is software assurance and focusing on the mission applications themselves, to include malicious code analysis of the mission source code itself, not the simple anti-virus/ malware scans provided by typical tools,” explained Mayer. “We know software assurance isn’t just reactive … and if you’re doing it right, it’s proactive, predictive and intuitive. That’s what we’ve done with educating our workforce to think like our adversaries,” said Johnson. Instead of the traditional periodic “dipstick” testing approach, SEC has shifted focus to a system of constant monitoring, said Mayer. This new methodology will require advanced techniques to discover and remove defective software and components from our systems. SEC’s new operating environment is one of combating and anticipating constant and elaborate cyber-attacks. These elaborate attacks call for a proactive strategy to stay ahead of adversaries, said Johnson. Some rising world powers that are posing cyber-threats consider cyber as an element of national power. “If we ever have to do battle with a superpower, we will likely fight part of that war in cyberspace,” said Johnson. “Information assurance services are vital to successfully defending our network. It’s a matter of national security.” “Our enemies, in some cases, are just as good as we are. But we must be better,” said Drummond, explaining that as the threat changes, so does the software to defend against those threats. “SEC often embarks on revolutionary processes to combat those threats, often in real time. We provide IA security expertise as systems are being developed, not as an afterthought. That’s the value of baked-in security. It’s secure, maintainable and costeffective,” said Drummond. As a pre-emptive strike to combat emerging threats, SEC information assurance professionals can now attend the Certified Ethical Hacker training, conducted by the International Council of Electronic Commerce Consultants. In the past, IA operations were predominately reactive and didn’t take into account the malicious mind at the inception of IA procedure development as they resolved software assurance issues. “But now, our folks are trained to think like the enemy and
devise ways to assess opponents’ capability in the midst of an attempted attack,” said Johnson. “We have personnel who can be trusted to proactively test systems to gain insight in our vulnerability to defend against our enemies,” explained Drummond. “Our personnel are scrutinized during the selection process and have obtained top-level security clearances, allowing for an element of trust that other companies may not offer. We’ve made an investment in their professional development and that is evident in the services we are able to provide to our customers.”
Leveraging Efficiencies In a time of limited resources, finding efficient ways to conduct business is a top organizational priority, said Johnson. In order to reduce repetition and increase productivity, SEC developed a tool known as the DoD Information Assurance Certification and Accreditation Process Generator Tool, which enables the center to expedite package generation time by 36 percent, or 19 business days, compared to the previous timeline of 30 to 45 days, Mayer explained. As a result, SEC has reduced user errors and created a consistent automated product that satisfies the needs of certification and accreditation requirements to meet DoD standards. This system allows SEC to collect and evaluate data; generate a scorecard for the customer and provide results-based guidance, in coordination with the Army Chief Information Office. “We’ve learned to leverage efficiencies through the skill sets our workforce provides the customer,” said Johnson. “We are competitively priced, especially considering the level of expertise, talent and resources made available to our customers.” “I’ve been in this field for 26 years and never have I been part of a team that has this depth and breadth of expertise. SEC’s workforce is truly one comprised of experts in their fields,” said Johnson. O Andricka Thomas is a public affairs specialist with CECOM G3/5, Public and Communications Media Branch. For more information, contact MIT Editor Harrison Donnelly at harrisond@kmimediagroup.com or search our online archives for related stories at www.mit-kmi.com.
MIT 16.6 | 23
After They Are Gone Industry offers a wide range of tactical comms for local security forces as the U.S. conducts Middle East drawdown. While the United States has withdrawn from Iraq and is slated to pull out of Afghanistan in 2014, aid to the modernized militaries in the region will continue to support the fight against insurgents and international terror. Providing the communications and networking technology that local police, army and paramilitary organizations need has required a different mix of systems than simply replicating the current U.S. ground network. Decisions on the origin of these systems are dependent on a range of considerations, including ensuring appropriate technology both in costs and complexity for users with often low levels of education and training, achieving a level of interoperability with U.S. forces to support contingency operations, and providing long-term contractor support. In addition, the U.S. is expected to support similar capabilities in other countries, notably in Africa and Asia, where a large U.S. ground presence is absent but that also require modern communications to pursue common enemies and conduct nation building and peacekeeping. In Afghanistan, U.S. funding has seen Afghan National Security Forces equipped by three main radios suppliers: Datron World Communications with the Afghan National Army, Codan for the Afghan National Police (ANP), and Harris RF Communications. The latter company has supplied special forces and units with particular interoperability requirements, such as the Afghan border security force’s need to communicate with Pakistan counterparts already using Harris radios. 24 | MIT 16.6
By Adam Baddeley MIT Correspondent
Plans are now being made for sustainment of networks including these systems after 2014. Some of the work is done by the Kabul Regional Contracting Center, which is tasked with payroll and infrastructure. All other acquisitions are being undertaken via foreign military sales (FMS) channels, although as the contract vehicles within FMS are varied, the exact details of how future acquisition will take place is unclear. The current focus is firmly on the sustainment of legacy radios. This mixture of radios has lead to interoperability issues that are slowly being addressed, with the big hurdle being effective ground interoperability between the Afghan Army and the Afghan national police. This has been addressed in part through the establishment of Operational Command Centers with representation from both the Army and police.
Installed Radio Base One company active in the region is ITT Exelis, which has delivered more than $300 million in orders of the RT1702 Advanced Tactical Communications System (ATCS), the export version of Single Channel Ground and Airborne Radio System (SINCGARS) VHF radios, to the Iraqi military since 2007, with deliveries and support ongoing. The radios have also been sold widely among U.S. allies in the Gulf. “ITT Exelis has an extensive installed SINCGARS base in Iraq that is uniquely securely interoperable only with Exelis radios. www.MIT-kmi.com
The radio is essentially identical in function and features to the SINCGARS used by U.S. forces, it just has Iraqi crypto. It is the tried and true U.S. gold standard for line-of-sight VHF communications,” said Dave Prater, vice president, networked communications. “We are very conscious of the particular countries we sell to who want to have their own product key, loading capability and key management capability, and that is what we sell them,” he added. The use of Iraqi crypto means that fundamentally, the radios are only interoperable with other units in plain text single channel. Although that means it is not possible to be Harris scored a key win in the Middle East market with a $51 million order from the government of Iraq for Falcon II and Falcon III radios. [Photo courtesy of Harris] interoperable in fully secure mode, the fact that the two radios share the same ancillaries and vehicle mounts “Codan’s key focus is towards the security and peacekeeping side would, for example, allow U.S. forces to drop one of their SINCGARS of the industry in addition to military customers,” said Andrew Shepradio into an existing Iraqi vehicle mount if encrypted interoperability pard, vice-president, Radio Communications Division. “These needs were necessary. are different from a full military radio platform. We have for example “The easier way to do this is to release the two thumbscrews, pull been providing radios for a number of counter-narcotics programs in that ATCS radio out and put a U.S. radio in, then tighten the thumbCentral Asia.” screws and load it up,” Prater explained. “The loading part and the key In the Philippines, Codan have also demonstrated interoperability management part is the hard part, not the equipment, and you can between their radios and the Harris RF5800H-MP and PRC-150(C) install a U.S. radio on top and an Iraqi radio on the bottom of your HF radios using two Codan interoperability devices, the 3590 for voice VRC configuration. All the ancillaries and all the antennas work. It is and RM50E for data. “Basically with those two devices, we can then all the same.” communicate secure voice and secure data using the Harris waveSupporting the installed base in Iraq and elsewhere is done via form to a Codan HF radio and vice versa,” Sheppard said. field service representatives and a regular flow of parts and supplies. Africa is a major focus for the company, with a substantial In Iraq, the company site used to support the radios of U.S. users installed base in the continent which has also led to co-operation with has now been adapted to meet the needs of Iraqi armed forces. That USAFRICOM. To a large degree, this has been focused on a need to approach is not unique to Iraq, however, with the company having buttress weak and failing states, preventing them becoming hubs for permanent installations with personnel on the ground in several al-Qaida and other terrorist groups. USAFRICOM is supporting this countries. through supporting regional peacekeeping and providing enabling That presence, Prater believes, gives ITT Exelis an advantage in capabilities such as networking. supporting a range of other products, including its new SpearNet “There are a lot of countries in Africa where it is difficult to deploy multi-band line of products. “Our key effort there is that we offer a full and support radio systems,” said Sheppard. “That is where Codan suite of communications capabilities that are all interoperable on the comes in. We have proven that our radios work with existing Harris VHF channel side. There are radios beyond ATCS allowing commandHF radios that are deployed in the ground. That shows the customer ers to interoperate across the whole division with different products, that this is a cost-effective radio platform that is simple to use, able to with handheld and multi-band product as well as SINCGARS. It is all be supported on the ground and works with existing deployed Harris interoperable with our installed base. Nobody else can do that. assets.” “In addition to that, we have portable networking products that Sheppard explained that to meet many national requirements we can take in, and we also have extended capabilities like microwave in Africa, there is a demand for absolute simplicity and robustness, and our SpearNet product, which is the best in the world in terms of while the same time reducing the burden of maintenance and operahandheld mobile ad hoc networking. We have shown the SpearNet in tion on the signaler. To meet this need, Codan has supplied its 125W many countries, and its capability exceeds any mobile ad hoc radio,” NGT HF base station and vehicle-mounted radio, which comes with Prater said. an integrated antenna-tuner coupler. It is an efficient, cost-effective A range of other radios for markets such as Afghanistan has also radio that uses a handset that mimics a cell phone for ease of use by been developed by the company in conjunction with a partner. The operators. Bastion product line bridges the gap between complex military radios Codan recently launched its new Envoy radio. A full processorand the less rugged APCO P25 radios. based software-defined radio (SDR), Envoy is targeted at humanitarian security and peacekeeping missions. “It has some very neat features and supports multiple languages, and has a full handset and Demonstrated Interoperability can send full color images. It is Linux-based so we can put applications in the handset and have it operate the same way as a smartCodan radios have been operated by Afghan security forces since phone,” Sheppard said. 2004, primarily the ANP, which has standardized on the design. Codan “It has standard features such as an internal modem for email solutions have also been adopted by other countries for a range of as well as chat modes. It comes with AES encryption, and is fully defense and security roles. www.MIT-kmi.com
MIT 16.6 | 25
upgradeable based on its SDR design and architecture,” he added. “The main focus of the radio is not as a standalone HF radio, but as a system radio that can be embedded within vehicles and headquarterstype scenarios and can intelligently support HF when required.”
Security Levels A key win in this market for Harris has been a $51 million order from the government of Iraq for its Falcon II and Falcon III families, covering the Falcon III RF-7800S wideband Secure Personal Radios, Falcon II RF-5800M-HH multiband handheld radios and RF-5800H high-frequency manpack radios. “The Falcon family of Harris radios will provide Iraqi security forces with field-proven, secure communications for a broad range of challenging missions. Harris offers the most complete portfolio of combat-proven tactical radios and related mission-critical products that address current and emerging needs of forces operating in harsh environments,” Brendan O’Connell, president, international business, Harris RF Communications commented at the time of the deal’s announcement. In February, Harris secured a $26.4 million order for Falcon III tactical vehicular and handheld communication systems from Jordan. Several companies already offer international versions of Type 1 products currently in U.S. service. Thales Communications’ PRC6809 is an offshoot of the original AN/PRC-148 Multiband Inter/Intra Team Radio (MBITR) providing a multi-band option for those countries without access to Type 1, or for those that have access but are seeking to use a radio in a scenario or mission where Type 1 encryption might be unsuitable or unnecessary, such as remote rebroadcast or border patrol. “Countries buy the PRC6809 for a number of reasons, but the fact that it is not a Type 1 radio gives them flexibility in how they use it. Other than in encrypted modes or certain specialist modes, the MBITR and JTRS Enhanced MBITR (JEM) are fully interoperable with the PRC6809. Unlike the JEM, however, we can offer the PRC6809 to most of the world. Another important feature of the PRC6809 is that it also works with all the same ancillary devices like the vehicle adapter, base station and repeater as the JEM and the MBITR,” said Ed Calhoun, director of international business development. The technology roadmap for the radio includes refreshing the RF and upgrading the control board to provide more processing power. In addition to the multi-band PRC6809, VHF- and UHF-only versions are also offered. If required, however, the single frequency radios can be upgraded to multi-band. Encryption on the PRC-6809 is to the commercial AES or DES standards. HAVE QUICK, a frequency hopping program that is subject to U.S. government clearance, is an available waveform on the radio. A software-based ECCM capability that works through the whole V/ UHF band has also been added and is available via software upgrade. “It is an exportable waveform for those countries that can’t use SINCGARS or HAVE QUICK, and it works through the whole V/UHF band,” Calhoun explained. In-country support depends on the requirements of each customer with multiple options available. “Obviously, warranties are taken care of at our home sites, but we do have users that have established in-country maintenance and repair facilities either at the government level or at the private industry level,” he said. “Thales Communications also has some repair facilities in the Middle East, and all our customers who are working beside U.S. forces can utilize 26 | MIT 16.6
the same maintenance sites. We don’t have any other regional depots, but that doesn’t mean we haven’t talked about it with countries that are interested in doing that. Turning a national facility into regional hub would be a fairly simple process.” As a complement to the PRC6809 and other narrowband offerings, Thales recently launched the Wideband Networking Radio, which uses a COTS based waveform from Trellisware to support throughput of 1.4Mbps, sufficient to support features such as full motion video directly from soldiers on patrol. In addition to overseas customers, the radios are also in operation with U.S. forces.
Cost of Ownership Barrett Communications, an HF and VHF radio communications provider, continues to support programs in several Central Asian countries. While their acquisitions were originally U.S.-funded, the nations have subsequently acquired a substantial number, often by local money rather than overseas military aid. In Africa, Barrett has sold more than 25,000 radios to agencies over the past 12 years. Company executive Andrew Burt explained that the peacekeeping and African Union forces have deployed 6,000 Barrett radios in their missions in North East Africa, more than any other radio. In the U.S., Barrett supplies radios to users within the homeland security domain, such as FEMA. It is this market that has been the driver for meeting interoperability standards. The core solutions are the company’s PRC-2090 manpack, 2050 base station, and 2050 Mobile HF radios, which share common software and hardware. “The U.S. military maintains responsibility for all Tier 1 radio products it delivers to coalition partners into the field for life of the deployment. The control and audit trail of these systems is permanent. They have to monitor and know where they are at all times,” Burt said. “One of the key benefits of our FMS product is that it is non-CCI. We have our own crypto systems, some in house and some third party sourced, all with varying levels of export control, including export-license-exempt low-level voice scramblers. “Do you want to give [every military partner or coalition member] Tier 1 level security? Does the perceived threat you are protecting against have the necessary level of sophistication to break sub Tier 1 security systems?” Burt asked. “If the answer is no,” he continued, “the security total cost of ownership to the provider can be reduced. There is also a significant difference in actual cost, which is of particular importance to donors in the current economic climate. Do you want to take a $40,000 radio and give it away when you can do it with a $10,000 radio and maintain the required basic voice communication with interoperable ALE and data networks?” Burt added that further interoperability between different forces and radio networks can be achieved via strategic placement of interoperability switches and tactical voice bridges that are waveform, protocol and encryption agnostic. O
For more information, contact MIT Editor Harrison Donnelly at harrisond@kmimediagroup.com or search our online archives for related stories at www.mit-kmi.com.
www.MIT-kmi.com
The advertisers index is provided as a service to our readers. KMI cannot be held responsible for discrepancies due to last-minute changes or alterations.
MIT RESOURCE CENTER Advertisers Index Blue Coat. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C3 www.bluecoat.com Capitol College. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 www.capitol-college.edu/mit Fort Hays State University Virtual College. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 www.fhsu.edu/virtualcollege GSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 www.gsa.gov/datacentersad ITT Exelis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C4 www.exelisinc.com/gnomad-dom Kansas State University. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 www.dce.k-state.edu/engineering NOVA Corporation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 www.nova-dine.com University of Maryland University College . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C2 http://military.umuc.edu/servesyou
Capitol College offers affordable, live, online master’s and doctorate programs in information assurance.
www.capitol-college.edu/mit
Calendar July 10-12, 2012 TechNet Land Forces—South Tampa, Fla. www.afcea.org
A LEADER IN CYBERSECURITY EDUCATION SINCE 2001
August 14-16, 2012 TechNet Land Forces—East Baltimore, Md. www.afcea.org
NEXTISSUE
August 2012 Volume 16, Issue 7
Cover and In-Depth Interview with:
Lieutenant General Michael J. Basla Chief, Information Dominance Chief Information Officer U.S. Air Force Features • • • •
Airborne Networks Bring Your Own Device Cyber Situational Awareness Network Integration Evaluation
Special Feature:
2012 Air Force Enterprise Services Reference Guide
Insertion Order Deadline: July 24, 2012 | Ad Materials Deadline: July 31, 2012 www.MIT-kmi.com
MIT 16.6 | 27
INDUSTRY INTERVIEW
Military Information Technology
Sasi Murthy Senior Director Product Marketing for Security Blue Coat
Q: What types of products and services does your company offer to military and other government customers? A: Blue Coat has been delivering its web security solutions to military and defense organizations for more than 15 years. The solution delivers protection against web-based threats and acts as a granular point of control for all Internet traffic. This control is crucial because it gives these organizations the ability to consistently enforce content, application and access policies. To give the military intelligence about the web content on their networks, Blue Coat also provides indepth reporting on web usage that allows them to understand how usage patterns are impacting the network or exposing the organization to risk. The reporting also allows government organizations to identify potentially infected systems and gives them the detailed information they need to look more deeply into potential targeted threats. So the Blue Coat solution gives a lot of intelligence as well as protection and control. Q: What unique benefits does your company offer in comparison with others in your field? A: Blue Coat is really at the forefront of delivering the comprehensive protection and granular control that the military and other government agencies require to safely use the Internet. With our Negative Day Defense, we are now blocking attacks before they launch. This 28 | MIT 16.6
really changes the game in how we can protect our customers. With advanced controls, we are able not only to inspect all web traffic, including encrypted traffic, but also to offer robust control. For example, you may choose to set a policy that all encrypted Internet traffic can be intercepted except for the chief of staff. We give you the ability to do that. Other agencies may have different policy requirements, so we give granularity of control. Do you want field agents to have their traffic inspected and protected, but not that of the head of the bureau? That kind of granularity and performance around encryption is very important. We’ve not only been able to offer robust security controls around encrypted traffic, but we’ve also been working over the past few years to maintain that capability for our customers without any performance degradations. When you start dealing with encrypted content, it’s quite complex, so you see dramatic drops in throughput in most other solutions. Through hardwareassisted analysis, Blue Coat uniquely can deliver the same security without compromising performance. We were the first vendor to offer this level of control over encrypted traffic, and that came out of our strategic relationships with the military and large financial companies that are on the forefront of needing cryptographic controls. In addition to the protection and control, the Blue Coat solution also delivers optimization in the same appliance. Some of our government agency cus-
tomers deploy security and optimization together. This means that at a headquarters location, the defense agencies now have web security controls, active intelligence to look at any potential threats, and protection for all of their users. For bases, camps or remote offices, they can now not only extend the security controls and protection, but also ensure fast application performance. That’s unique to Blue Coat, and it matters a lot to the military, where every second is critical. Q: What about social media? A: Also very important is controlling web applications and the operations within those applications, the most popular example of which is social media. The open access to social media that government agencies must now provide creates some security risks. Blue Coat produces a report each year based on research from our security labs. We showed in this year’s report that one in 16 of the malware attacks we saw in 2011 started on a social networking site. We know that social networking today is an imperative. These are not simply recreational users, and for the defense agencies a lot of it revolves around intelligence. The unique capability we offer is robust protection against malicious links, downloads or executables. You can click on anything you want on a social networking site, and a Blue Coat solution will be looking layers deep into that. We look ahead and block any links to malicious sites. O www.MIT-kmi.com
SECURE THE WEB while giving government visibility and control
Accelerate agency networks with WAN OPTIMIZATION
Blue Coat is a leading provider of Web security and WAN optimization solutions. We offer solutions that provide the visibility, acceleration and security required to optimize and secure the flow of information to any user, on any network, anywhere.
ALWAYS ON. ALWAYS FAST. ALWAYS SAFE. WEB: bluecoat.com BLOG: federalblueprint.com
Implement manageable, flexible and mobile CLOUD SERVICES – anywhere in the world
Remote mission. Proven broadband. Cost-effective solution. In the world of satellite communications, GNOMAD stands apart. Combatproven by the U.S. Army in Northern Iraq and Kuwait, GNOMAD equips forces with reliable broadband communications by extending Wi-Fi and 3G/4G cellular networks into harsh environments. Modular by design, GNOMAD delivers affordable networking beyond line-of-sight while on the move. To learn more about GNOMAD’s innovative capabilities, visit www.exelisinc.com/gnomad-dom.
www.exelisinc.com
Exelis and “The Power of Ingenuity” are trademarks of Exelis Inc. ITT is a trademark of ITT Manufacturing Enterprises, LLC., and is used under license. Copyright © 2012 Exelis Inc. All rights reserved. Photo courtesy of the U.S. Army and Sgt. Ken Scar.