The Voice of Military Information Dominance
Network Warfighter Brig. Gen. Kevin Nally Chief Information Officer U.S. Marine Corps
www.MIT-kmi.com
C4
July 2014
Volume 18, Issue 4
Mobile Authentication O 4G Innovations O JIE Digital IF SATCOM O Software-Defined Networking
KMI Media Group offers ADDITIONAL PRODUCTS and SERVICE OPPORTUNITIES Who’s Who Sponsorships Detailed Organization Profiles Command Profile Sponsorships Q&A with Top Level Command Leaders Product Profiles Highlights your product in the military niche market Business Profiles Custom Materials for Custom Audiences Industry Event Reports Designed specifically for your industry-focused event Resource Guides Program Management Updates; Contracts Guides; Products and Services Catalogs; Reference Guides Posters/Poster Sponsorships Agency Timelines; Command/Organization Anniversary Timelines; Message Posters CDs/DVDs Strategically position your promotional CDs or DVDs with a tip in disc carrier
To learn about advertising opportunities, contact Conni Kerrigan at connik@kmimediagroup.com or 301.670.5700 ext. 111
military information technology Features
July 2014 Volume 18, Issue 4
Cover / Q&A Smartphone ID
Networking Catches Up
With its promise of improved efficiency in setting up and controlling networks, software-defined networking (SDN) is bringing fundamental changes to this critical aspect of information technology. While the Department of Defense has so far taken only limited steps in this area, experts predict SDN will soon bring major changes to military networking as well. By Peter Buxbaum
With access to many logical and physical devices, including computers and offices, hinging on Department of Defense workers’ Common Access Cards, military officials are debating how best to keep up with the increased use of smartphones and other digital devices while matching the security levels found on the desktop. By William Murray
14 19
22
Brigadier General Kevin Nally
Chief Information Officer U.S. Marine Corps
5
8
17
AFCEA’s Joint Information Environment Mission Partner Symposium brought together officials from the Defense Information Systems Agency and other government and industry organizations to discuss the current status and future plans for the Department of Defense’s ambitious effort to realign and restructure the construction, operation and defense of its IT networks and systems. By Harrison Donnelly
As the U.S. military, like much of the rest of the world, rushes to take advantage of the huge potential of Fourth Generation Long Term Evolution technology, the explosive popularity of this standard for high speed wireless communication is offering both opportunities and challenges for the Department of Defense. By Karen E. Thuermer
Seeking to reduce costs and enhance control of satellite communications, a multi-service group in the Department of Defense is working to stimulate development of technology that will enable a switch from analog intermediate frequency to digital intermediate format technology for processing transmissions. By Harrison Donnelly
Joint Information Update
Departments 2 Editor’s Perspective 3 program notes/People 12 data bytes C3 COTSacopia
Communications Evolution
SATCOM’s Next Big Thing
“Migrating to a net-centric interoperable network is at the heart of our vision for enabling a knowledgebased force. Achieving this vision requires the development of improved mobile, seamless and secure communications across the information enterprise.” --Brigadier General Kevin Nally
EDITOR’S PERSPECTIVE
Military Information Technology Volume 18, Issue 4 • July 2014
The Voice of Military Information Dominance Editorial Managing Editor
Harrison Donnelly harrisond@kmimediagroup.com Online Editorial Manager
Laura McNulty lauram@kmimediagroup.com Copy Editor
Sean Carmichael seanc@kmimediagroup.com Correspondents
Peter Buxbaum • Cheryl Gerber Karen E. Thuermer • William Murray
Art & Design Art Director
Jennifer Owers jennifero@kmimediagroup.com Ads and Materials Manager
Jittima Saiwongnuan jittimas@kmimediagroup.com Senior Graphic Designer
Scott Morris scottm@kmimediagroup.com Graphic Designers
Andrea Herrera andreah@kmimediagroup.com Amanda Paquette amandak@kmimediagroup.com
Advertising Account Executive
Patrice Lucid patricel@kmimediagroup.com
KMI Media Group Chief Executive Officer
Jack Kerrigan jack@kmimediagroup.com Publisher and Chief Financial Officer
Constance Kerrigan connik@kmimediagroup.com Editor-In-Chief
Jeff McKaughan jeffm@kmimediagroup.com Controller
Gigi Castro gcastro@kmimediagroup.com Trade Show Coordinator
Holly Foster hollyf@kmimediagroup.com
Operations, Circulation & Production Operations Administrator
Bob Lesser bobl@kmimediagroup.com
While the debate over the value of cloud computing in government is pretty much over at this point, the questions of how to get there and the obstacles that need to be overcome are very much a live issue. One of the more interesting and significant cases of cloud migration currently underway involves the Intelligence Community Information Technology Enterprise, which seeks to create a cloudbased common IT infrastructure for the 17 military and civilian intelligence organizations. A recent U.S. Geospatial Intelligence Foundation workshop offered some insights into the challenges of Harrison Donnelly Editor cloud migration from IT leaders in that field. For Janice Glover-Jones, deputy chief information officer for the Defense Intelligence Agency, and Dave Bottom, director of the National Geospatial-Intelligence Agency’s IT Services Directorate, the challenges are not about technology, but rather cultural change and the delicate task of informing people that the ways they have been doing their jobs in the past are not going to work in the future. “When you look at the culture of the cloud, it’s different,” she observed. “When I tell an infrastructure team that they are not going to be running their own infrastructure anymore, the looks that you get ask, ‘Where’s my value?’ The value is how quickly we can retool you as something else—your agility, flexibility and emotional intelligence to be able to make that switch.” “When you come down to it, the issue is not technology, but skill sets,” said Bottom. “How are we as leaders, both in industry and government, leading our folks through change? It’s all about change. Something that is a good idea to one person sends someone else into the grieving cycle. “They start out with denial, then get angry, and then we’ll start to negotiate. You know you have them when you start to negotiate, but it takes time to do that,” he continued. “At NGA, we’ve had leadership training about this, because we know that we need to lead our people through that.” Bottom added: “I don’t think you can underestimate the level of engagement that we have to have in the change aspects of this. I get reminded of that every day.”
Circulation & Marketing Administrator
Duane Ebanks duanee@kmimediagroup.com Circulation
Barbara Gill barbg@kmimediagroup.com Data Specialists
Raymer Villanueva raymerv@kmimediagroup.com Denise woods denisew@kmimediagroup.com
KMI MEDIA GROUP LEADERSHIP MAGAZINES AND WEBSITES Ground Combat & Tactical ISR
Geospatial Intelligence Forum
Military Advanced Education
Military Information Technology
Military Logistics Forum The Publication of Record for the Military Logistics Community
Technology & Intel for the Maneuver Warfighter
A Proud Member of: SPECIAL SECTION: MANNED-UNMANNED TEAMING
SPECIAL PULL-OUT SUPPLEMENT USTRANSCOM
Subscription Information
Military Information Technology ISSN 1097-1041 is published 8 times a year by KMI Media Group. All Rights Reserved. Reproduction without permission is strictly forbidden. © Copyright 2014. Military Information Technology is free to qualified members of the U.S. military, employees of the U.S. government andnon-U.S. foreign service based in the U.S. All others: $75 per year. Foreign: $159 per year.
UAS Leader Col. Tim Baxter
Resource Aligner Vice Adm. William A. “Andy” Brown
www.GCT-kmi.com
May 2014
Volume 5, Issue 3
U.S. Army Project Manager UAS Project Office
Deputy Commander U.S. Transportation Command
www.MLF-kmi.com
November/December 2013 Volume 7, Issue 10
Exclusive Interview with:
GAIL JORGENSON Acquisition Director USTRANSCOM
Rapidly Deployable ISR O Tactical UAS O Enduring REF Army Aviation O Wheeled Vehicles O Ammo
www.GCT-kmi.com
Military Medical & Veterans Affairs Forum
Reverse Auctions O Defense Transportation O Afghanistan Retrograde ILS O Supply Chain Efficiencies O DMSMS O Senior Logisticians
www.GIF-kmi.com
Military Training Technology
www.MAE-kmi.com
www.MIT-kmi.com
www.MLF-kmi.com
Navy Air/Sea PEO Forum
Special Operations Technology
U.S. Coast Guard & Border Security
World’s Largest Distributed Special Ops Magazine
Corporate Offices
2014
SOCOM Program Management Updates
KMI Media Group 15800 Crabbs Branch Way, Suite 300 Rockville, MD 20855-2604 USA Telephone: (301) 670-5700 Fax: (301) 670-5701 Web: www.MIT-kmi.com
SOCOM Leader www.SOTECH-kmi.com
Adm. Bill H. McRaven
May 2014
Volume 12, Issue 4
Commander SOCOM
Diver Gear O 3-D Training O Protective Gear Mulltinational Partnerships
www.M2VA-kmi.com
www.MT2-kmi.com
www.NPEO-kmi.com
www.SOTECH-kmi.com
www.CGF-kmi.com
PROGRAM NOTES
Compiled by KMI Media Group staff
Cloud Approach Urged for Navy Big Data As Navy analysts struggle to keep pace with the growing flood of data collected by ISR sensors, cloud strategies could help overcome barriers to timely, accurate analysis, according to a new RAND Corp. study. “The Navy should pursue a cloud strategy similar to those adopted by Google, the intelligence community and other large organizations grappling with big data’s challenges and opportunities,” said Isaac R. Porche III, lead author of the Navy-requested study and a senior engineer at RAND. “Specifically, the Navy should adopt the intelligence community’s cloud approach, designing its next generation of ISR tools and systems to work with the National Security Agency’s distributed cloud concept.”
Time is of the essence, Porche said. If the Navy continues to field sensors as planned but does not change the way it processes, exploits and disseminates information, it will reach an intelligence gathering “tipping point,” when it will no longer be able to process and utilize all incoming information as fast as desired, as soon as 2016. “Whether captured from drones or other sources, the Navy has a growing demand for intelligence to help Navy vessels avoid collisions, pinpoint targets and perform other vital tasks,” Porche said. “But the amount of data it may collect in the future is more than it can process today.” The study finds that as little as 5 percent of the data collected by ISR platforms actually reaches Navy analysts. Porche attributed a large
part of the problem to slow download times, shared communications pipelines and large chunks of untagged raw data. Using a model of intelligence specialist productivity and a year of operational data, RAND found that one potential solution—dynamically managing analyst workloads across geographic areas—would help improve productivity, but only to a point. To be complete, a solution to the Navy’s challenge must involve changes along four dimensions: people, tools and technology, data and data architectures, and demand and demand management. The report, “Data Flood: Helping the Navy Address the Rising Tide of Sensor Information,” can be found at www.rand.org.
PEOPLE Air Force Brigadier General John D. Bansemer, who has been serving as director of intelligence, Headquarters U.S. European Command, has been assigned as deputy chief, Central Security Service, National Security Agency, Fort Meade, Md.
Brig. Gen. Bruce T. Crawford
Brigadier General Bruce T. Crawford has assumed command at Army CommunicationsElectronics Command at Aberdeen Proving Ground, Md.
www.MIT-kmi.com
Compiled by KMI Media Group staff
Brigadier General Paul M. Nakasone, who has been serving as deputy commanding general (operations), Army Cyber Command, has been assigned as commander, Cyber National Mission Force, U.S. Cyber Command, Fort Meade Air Force Colonel Mark E. Weatherington, selected for the grade of brigadier general, has been assigned as deputy director for command, control, communications and computer/cyber systems, J-6, Joint Staff. Army Major General Gregg C. Potter, who has been serving as deputy chief of staff, intelligence, International Security
Assistance Force, Operation Enduring Freedom, Afghanistan, has been assigned as deputy director, Signals Intelligence Directorate, National Security Agency, Fort Meade. Rear Admiral (lower half) Dwight D. Shepherd has been assigned as director for command control systems, J6, Headquarters North American Aerospace Defense Command and director, architectures and integration, J6, Headquarters U.S. Northern Command, Peterson AFB, Colo. Terry Halvorsen, who has been serving as chief information officer (CIO) for the Department of the Navy,
has been named CIO of the Department of Defense on an acting basis. He replaces Teri Takai, who had served as DoD CIO since November 2010. Air Force Brigadier General Christopher P. Weggeman, deputy director for command, control, communications and computer/ cyber systems, J-6, Joint Staff, has been assigned as deputy director, future operations, U.S. Cyber Command, Fort Meade. Robert Carey, who recently retired as principal deputy chief information officer for DoD, has been named vice president and general manager of CSC
Cybersecurity, where he will lead CSC’s public sector cybersecurity business.
Sally A. Wallace
Finmeccanica North America and DRS Technologies has announced the appointment of Sally A. Wallace as president of the company’s C4ISR business group. Wallace previously was vice president of business operations for the DRS Maritime & Combat Support Systems business group.
MIT 18.4 | 3
PROGRAM NOTES
Compiled by KMI Media Group staff
Battle Command System Tested in Harsh Terrain The Joint Battle Command-Platform ( JBC-P) system this spring completed its multi-service operational test and evaluation with more than a battalion of Marines on hand to test out the capabilities of the system in joint operations with the Army. Test results should be available in the summer, with program managers planning to field the C2 system to the units in the next year or so. “JBC-P is a joint digital, battle command information system that provides enhanced map imagery, integrated command-and-control and situational awareness information to tactical commanders and leaders,” said Major Steve Musick, the program’s project officer at Marine Corps Systems Command (MCSC) at Marine Corps Base Quantico, Va. The platform provides information about the battlefield, including reports on friendly forces, enemy positions and civilian entities, and consolidates it onto a digital display for real-time reference for warfighters. It also provides the ability to pass orders and graphics, which gives the warfighter the capability to visualize the commander’s intent and scheme of maneuver. The JBC-P family of systems falls under the purview of Marine Air-Ground Task Force Command, Control and Communications at MCSC. The JBC-P test was part of the biannual Network Integration Evaluations staged at Fort Bliss, Texas.
JBC-P was one of 12 systems under evaluation during the full range of military operations in the harsh terrain at Fort Bliss.
Army Takes “Marketplace” Approach to Radios The Army has released a draft request for proposals to procure additional Rifleman Radios using a full and open competition approach, under which the Army will award contracts to multiple vendors, creating a “radio marketplace” where vendors will compete for delivery orders as needed, after they achieve technical and operational requirements. The five-year base, plus a five-year option indefinite delivery, indefinite contract, will be awarded to multiple vendors who meet both the technical and service requirements to support the radio. This structure enables the Army to choose from numerous technologies, and to release a new contract if radio technology changes significantly after the initial five-year award. The competitive non-developmental item acquisition strategy is expected to reduce radio procurement costs as the Army continues to modernize the network amid fiscal constraints. The acquisition strategy also includes on-ramp opportunities for vendors whose technologies mature after the initial competition and operational tests. A contract award is expected in fiscal year 2015. “The full and open competition gives all vendors the opportunity to participate as we work together to build the Army network,” said Brigadier General Daniel P. Hughes, Program Executive Officer for Command, Control and Communications-Tactical. “The radio marketplace will support continuous innovation to deliver better radios for our soldiers.”
4 | MIT 18.4
Once the contract is awarded, each radio will undergo initial laboratory tests to determine if threshold requirements have been met. Vendors that meet the qualifications will move to the next phase, an operational test to be performed at one of the Army’s semi-annual Network Integration Evaluations. The Rifleman Radio is a lightweight, rugged, hand-held radio that transmits voice and data via the Soldier Radio Waveform (SRW). With the SRW, the Rifleman Radio acts as its own router and allows information to be transmitted up and down the chain, as well as into the network backbone provided by the Warfighter Information Network-Tactical (WIN-T). The Rifleman Radio can also be linked to Nett Warrior, an Android-based, smartphone-like capability that enables soldiers to send messages, access mission-related applications and track one another’s locations with GPS technology. Through low rate initial production, the Army has already purchased 21,379 Rifleman Radios, which are carried by soldiers at the platoon, squad and team levels. The radios, fielded as part of the integrated Capability Set (CS) 13 network package, are currently supporting dismounted operations in support of the advise-and-assist mission in Afghanistan. Fielding is now underway to additional BCTs as part of CS 14, with eventual fielding planned across the entire force. The Army’s total acquisition objective for the Rifleman Radio is 193,276 radios.
www.MIT-kmi.com
Recent presentations offer insights into the current status and future plans of DoD’s Joint Information Environment.
By Harrison Donnelly, MIT Editor
(Editor’s Note: AFCEA’s Joint Information Environment (JIE) Mission Partner Symposium, held May 12-14, 2014, in Baltimore, Md., brought together officials from the Defense Information Systems Agency (DISA) and other government and industry organizations to discuss the current status and future plans for the Department of Defense’s ambitious effort to realign and restructure the construction, operation, and defense of its IT networks and systems. Followed are edited excerpts from a few of the many presentations at the symposium, selected to provide an overview and example of the range of activities underway.)
David Stickley Director, JIE Implementation Office DISA
There is an awful lot happening on JIE across the globe. We’re shying away from the concept of increments, or the idea that there is some sequential lay-down of JIE capabilities across increments one, two and three. We’re trying not to talk about increments anymore, because much of the capability that we’re rolling out is truly global. www.MIT-kmi.com
[DISA Director] Lieutenant General Ronnie D. Hawkins Jr. earlier mentioned the standup of the enterprise operations center (EOC) in Europe, but let me emphasize it’s not just the EOC in Europe. The team at DISA has done a fantastic job at standing up that EOC, building the relationships you need to run an operations center. But the EOC doesn’t stand alone. The network capability that supports that EOC has been ongoing for a couple of years, and there has been an agreement with the Army to take over some fiber on top of that, and [DISA Network Services Director] Cindy Moran’s shop has been installing
routers across Europe. We’ve got seven bases coming on line in the next 30 to 60 days. We have built out a core data center in Europe. Our Stuttgart, Germany, facility has been virtually expanded into Wiesbaden, and we’ll have services up and running in that facility in30 to 60 days. We are putting JIE capability on the ground. But all of that foundational infrastructure does no good until you start looking at the applications, since a core data center without applications doesn’t help us much. We’re working with our EUCOM and AFRICOM partners to roll out applications into the data center.
Shifting to the Pacific, we just had a summit with our partners in PACOM. If you look at our JIE documentation, we talk about our Mission Partner Environment focus. Certainly it is, because that’s essential to the way they do war fighting today in their CENTRIX environments. We’re going to look at how we leverage MPLS as a capability for supporting those CENTRIX environments, and we’re doing that in Europe as well. That’s why I say don’t look at this as a sequential increment march, because we are laying these capabilities down globally. The focus now is doing what we started in Europe, defining the core nodes and MIT 18.4 | 5
enterprise operations centers where we focus efforts on, and the best candidates for core data centers. We’ll be making those decisions soon. In CONUS, our first instantiation of the single security architecture (SSA) is standing
up at Joint Base San Antonio, Texas. This is truly the revolutionary part of SSA, and in my view of JIE today. We have a great partnership and an enormous investment by the Army in this security architecture. The Joint Regional
Security Stack (JRSS) is being built now in San Antonio, in a partnership between the Army, Air Force and DISA. What wasn’t originally part of our SSA plan has now become an integral part of the way we look at cybersecurity. What was
originally rolling up base boundaries into a regional stack is now a hard-core look at how we do cyber-analytics. We now have an opportunity to do cyberanalytics on one platform in a joint fashion. We’re talking joint computer network defense.
Brigadier General Brian T. Dravis Director, JIE Technical Synchronization Office DISA
I like to talk about it as I like to talk about it as a regionalized approach supporting a global continuum. We’re not using the term increment
anymore, but looking at a regionalized approach. In EUCOM and AFRICOM, the two combatant commands with EOCs, we’re building out an SSA focused on a JRSS. Simultaneously, we’re working with the Pacific theater on the Mission Partner Environment, and establishing requirements, capabilities and approaches to satisfy the engineering, design and requirements to deliver those capabilities into that
area of responsibility. At the same time, we’re working with the Army and Air Force on a SSA approach to JRSS implementation at 11 locations in CONUS. In addition, we have a significant testing effort and engineering design effort and a significant operational focus on the command and control and management of those multiple environments as we seek to accelerate the JIE initiative.
It’s hard to say when we will get to the end. I would like to see a global end date that satisfies the minimum and initial operating capabilities that define a global JIE. But because we’re taking a regional approach through something that is not a program of record but a DoD initiative, I think it’s fair to target 2020 as the date to have enough of the requirements satisfied to say we have met the threshold to declare victory on the JIE.
Al Tarasiuk Chief Information Officer Office of the Director of National Intelligence
I’d like to talk about how the Intelligence Community Information Technology Enterprise (IC ITE) and JIE coexist, and the role of the Defense Intelligence Information Enterprise (DI2E). Much of what I’ve said about IC ITE should sound familiar to those who have been working on JIE. They both come from similar places and have 6 | MIT 18.4
many of the same goals—to consolidate existing IT infrastructures while improving mission effectiveness, enhancing information security and reducing costs. Both IC ITE and JIE will increase mission agility through easing integration of operations, enhancing information discovery access and secure sharing, providing greater capacity through the ability to quickly surge, providing a more defensible IT infrastructure, and supplying a strategic platform for innovation for both of our communities. But while we strive for the same things, our communities
are very different entities. As a result, our implementation of these strategies differs. At the IC, our initial implementation has focused on IT infrastructure services for the TS/SCI information domain. My office has established an overarching governance framework to address management, technical and security activities across planning and implementation phases. IC ITE sharing capabilities will be achieved through the use of cloud-based architectures to deliver secure IT information services. For DoD, implementation of JIE focuses on the infrastructure as well, but at a much larger scale.
It is initially focused on network normalization, data center consolidation, primarily for the Secret and unclassified domains in DoD enterprise capabilities for identity and access management, email, file storage and transport. Working these large efforts within the scope of existing and shrinking budgets and on such a scale makes this a very daunting task for both of us. But while there are differences in approach, there are also close relationships between the two, namely in ensuring that we jointly work to support mission operations. One area of strong convergence is
in governance. We participate across major CIO governance boards belonging to both the IC and DoD CIO. Many of the standards committees and data element discussions are now jointly operated and often co-chaired. Most importantly, standards and architectures are
being reused and applied in a standard fashion to all of our domains. To maximize our relationship and interoperability further, we are going to be working closely with two defense activities through the next portion of IC ITE implementation. In April, we had our kickoff planning
meeting with DISA to provide the services that currently exist or are being planned for the TS/SCI domain for the Secret and unclassified domains. This is an important and strategic partnership for us, as DISA will be able to leverage the significant experience in establishing enterprise class
IT services as well as ensuring interoperability between systems connected to and sharing within IC ITE and with JIE. The other defense activity we are working with is the DI2E, which has been charged to serve as the unifying construct between IC ITE and JIE.
[Air Force CIO] Lieutenant General Michael Basla recently signed the Air Force JIE strategy, which aligns closely with the forthcoming initial capabilities document being put out by Joint Staff J6, and we’ve participated in development of that document. We want to be engaged at the department level so that the tasks and solutions that we are being driven toward are those that we find acceptable and meet our requirements. Our ability to shape JIE is as important as our abil-
ity to adopt it. We’re taking a strategic approach to help the department develop its strategy rather than waiting for someone to come across the wall and then complain about it. We want to be on the other side of that wall helping develop the solution. There have been a lot of efforts going on in the Air Force, and now we need to feed those back into the JIE discussions. We feel we have some solutions in the Air Force that we can provide to the department as joint solutions.
It has to be simple and agile, able to move, and responsive, because we are moving rapidly, and you never know when that one sergeant might have the critical information to go after a high value target, or stop an operation, or to do the information sharing needed to help build coalitions. We are working to bring high bandwidth out to every location where we have SOF operators, including video teleconferencing, full motion video and Web portal presence, and to be able to get
services out to you whether you’re in the mud, at headquarters or with coalition partners. You have to be able to share, since a lot of the combat power that SOF brings to an operation comes from the ability to share combat information. O
Lieutenant Colonel James Bowen Chief, Air Force JIE Team For the past two years, the Air Force has been fully engaged and involved with the DoD CIO, Joint Staff and DISA in the establishment of the JIE concept. In a lot of ways, we’ve seen JIE as not just a way to improve ourselves in the Air Force, but also to take advantage of what we have learned with AFNet over the past couple of years, and provide that as a way forward in a lot of areas. We want to be part of the discussion and help shape the solution sets for JIE.
The fact that we have gone through the AFNet consolidation in the Air Force will allow us to adopt JIE much more quickly than if we hadn’t taken that step. Throughout the process, we’ve acknowledged that AFNet is our path to the JIE. But it’s not an end point either. Given the things that we’re doing at AFNet to consolidate from a major command level view of the network to an Air Force view of the network, it’s only a logical next step to get to a department view of the network.
Army Colonel John McLaughlin C4 Operations Division Chief U.S. Special Operations Command We’re working to expand the global SOF network, which is where our SOF Information Environment (SIE), tagged with the JIE, comes into play. When [USSCOM Commander] Admiral William H. McRaven talks about expanding the global network, he is not talking about ones and zeroes, but about the people and relationships, whether a SOF organization on the battlefield, interoperability with a conventional unit, information sharing in the interagency, or a coalition environment. As www.MIT-kmi.com
he expands the global SOF network, we have to support that on the C4I side. His intent is a global network, rapidly deployable and synchronized and coordinated. The key to our requirements within the SIE, and how we execute in the JIE, is that we are a global expeditionary force—one global enterprise. But we build from the tactical to the garrison, starting with the operator on the ground. How do we get his or her information, and at the same time get information to them?
For more information, contact MIT EditorHarrison Donnelly at harrisond@kmimediagroup.com or search our online archives for related stories at www.mit-kmi.com.
MIT 18.4 | 7
The growth of 4G LTE technology is creating challenges and opportunities for the military. By Karen E. Thuermer, MIT Correspondent As the U.S. military, like much of the rest of the world, rushes to take advantage of the huge potential of Fourth Generation Long Term Evolution (4G LTE) technology, the explosive popularity of this standard for high speed wireless communication is offering both opportunities and challenges for the Department of Defense. 8 | MIT 18.4
Mike Zirkle
Even as the military services launch a number of pilot projects exploring the operational use of 3G and 4G LTE, and the Defense Information Systems Agency (DISA) reaches out to industry for help in taking advantage of 4G LTE, the demand by the telecommunications industry for more bandwidth is putting heavy pressure on
the military’s traditional access to portions of the electromagnetic spectrum. The global wireless broadband industry is seeking to reallocate spectrum from defense to commercial use to meet consumer demand for greater mobility and more data-rich applications. The extent of that demand is evident in a report issued by Juniper Research, which projects that this year there will be more than 220 million 4G LTE subscribers around the world in 70 countries. In addition, a www.MIT-kmi.com
“The number of connected devices and the demand for greater bandwidth and network performance is what is driving this,” said Mike Zirkle, associate director for public sector marketing, Verizon Enterprise Solutions. “In fact, the Cisco forecast states that the number of mobile devices will exceed the number of people on earth. When you get into that, LTE is certainly a big part of the global data growth.” In addition to competition for bandwidth, the military also faces technical challenges in deploying 4G LTE in ways that meet its unique operational needs. The Navy, for example, faces a problem in that there are few cell towers its warships can access when at sea. “Very simply, the difference between the military and civilian sector in 4G LTE is the commercial vendors,” said Rob Semple, senior manager of business development for Exelis. “AT&T, Sprint and Verizon have an extensive network of cellular phone towers to provide uninterrupted coverage. Because of this extensive network, available frequencies that operate within the specified frequencies needed become scarce, and the military sold off a bunch of frequencies that were made available to the commercial market.”
Spectrum Issues
mobile data traffic forecast through 2018, issued by Cisco, indicates that a 4G connection generates far more traffic on average than a non‑4G connection. Although 4G connections represent only 2.9 percent of mobile connections today, the Cisco study found that they already account for 30 percent of mobile data traffic. By 2018, 4G will be 15 percent of connections but 51 percent of total traffic, and by 2018, a 4G connection will generate six times more traffic on average than a non-4G connection. www.MIT-kmi.com
A big difference between military and commercial requirements is that the commercial world can plan for what it needs, explained Vanu Bose, chief executive officer of Vanu Inc. Verizon Wireless, for example, engineers its network about six months ahead of demand and invests on average more than $6 billion annually in its network to satisfy growing demand for voice and data services. “The military is dealing with a global spectrum situation where the frequency allocation and uses are different all over the world. This is also the case in the U.S.,” Bose said. Military training programs offer an example of how this can be a problem. “Some of the guys who do training cannot use the same system at U.S. bases as they do in the field because the frequencies are not available,” Bose explained. Recognizing the potential for growth in one of the more vigorous sectors of the economy, the Obama administration has been pushing to free up more bandwidth. A 2010 policy called for making available a total of 500 Mhz of federal and non-federal spec-
trum over the next 10 years, suitable for both mobile and fixed wireless broadband use. Nations in other parts of the world are also taking similar actions to make additional spectrum available for wireless broadband. DoD officials have responded to the need, issuing a major report on electromagnetic spectrum strategy in 2013 and agreeing last fall to a compromise under which the military would give up use of one portion of the spectrum while moving to another portion that would be shared with commercial broadcasters. The 2013 report recognized that carriers are finding creative ways to meet demand by offloading traffic to low power unlicensed WiFi hotspots and deploying smaller wireless cells. “They expect more improvements will be needed and continue to develop more capable wireless devices and applications,” it stated. “Consequently, DoD has the opportunity to leverage commercial technologies and wireless services to meet DoD requirements, where appropriate.”
Military Benefits The military benefits from a lot of 4G conversion center on reliability and significant security updates inside of 4G LTE, according to Zirkle. “In LTE, both signaling and payload information is encrypted,” he said. “LTE offers enhanced security through strong mutual authentication, user identity confidentiality, along with other security enhancements that make it even more secure than existing 3G technologies.” The opportunities for the federal government and the military are the same as what is being seen in the broader market, he added. “The goal is to have the most reliable network in the United States. The military certainly takes advantage of that.” Just as with video and enterprise applications that are increasingly being pushed to the edge in the corporate world, the military wants to take advantage of unclassified capabilities, for example for training. “The need is not just for email or text messages, but video and more unified communications and collaboration such as navigation and data services—components that are enabled because of 4G LTE,” Zirkle said. “4G LTE delivers speeds of 5 to 12 Mbps from network to device and 2 to 5 Mbps from device to network.” Another factor is the increasing acceptance of “bring your own device” in the MIT 18.4 | 9
workplace policies. “People recognize that 4G LTE networks allow greater data speeds and coverage, which translates into better quality applications, larger and higher-quality video images, and faster connectivity,” said David Bezzant, senior national director of public sector direct sales for T-Mobile. Crowdsourced consumer data shows that T-Mobile has the fastest nationwide 4G LTE network, Bezzant said. “Compared to other technologies, 4G LTE technology is spectrally efficient so network speeds are faster, latency lower, and there is more capacity per megahertz of spectrum.” The military can benefit from T-Mobile’s 4G LTE network, Bezzant continued, as a result of improved data connection continu(Left) Lance Cpl. Keaton L. Lyon, the senior radio operator with 2nd Platoon, Bravo Company, 1st Battalion, 1st Marine Regiment, 1st ity through rapid failover from landlines; Marine Division, works with 2nd Lt. Spencer M. Everingham, platoon commander for 2nd Platoon, to communicate with the command operations center during the company training segment of Exercise Mountain Warrior 06-10 at Marine Corps Mountain Warfare Training improved low-latency voice and text appliCenter Bridgeport, July 22. cations for dissemination of mission comsince it can maintain signal strength over mand data; video streaming capabilities for In response, Vanu Inc. is involved in longer distances. Industry observers contend surveillance and monitoring; and bandwidth putting together a consortium of private that because 4G LTE provides much greater for high-resolution imagery needs such as industry to work with the government on bandwidth—up to 100 times more in some mapping. solving its dynamic spectrum problems. The cases—the military can benefit from this “T-Mobile believes our nationwide 4G company builds wireless network equipment technology. LTE network helps the military leverage and focuses on creating solutions for places “The big advantage of LTE is, with the its own investments in data centers and that do not have coverage today. global uptick in its usage, everything gets networks by improving its ability to operMeanwhile, a number of companies are cheaper because volumes of users get so ate larger, more sophisticated cloud-based involved in testing and elevating LTE syshigh,” Bose added. services on mobile devices,” he remarked. tems to understand where the military can On the other hand, military usage “T-Mobile covers 96 percent of Americans use it. doesn’t come close to that of the comcoast to coast, reaching over 287 million “The military continues to explore extendmercial market, nor can the Americans. Overseas miliing the network to the disadvantaged user via military invest in spectrum tary personnel can also bencellphone, 3G and 4G LTE, focusing more for its own needs the way efit from T-Mobile’s unlimited on 4G LTE due to its increased bandwidth,” commercial entities do. For data coverage Simple Choice Semple stated. “This allows the disadvantaged example, the range of 4G LTE plan.” user to leverage COTS smartphones with penetration becomes difficult T-Mobile has already specifically developed apps to support their for the military as it has to enhanced its LTE by deploymission.” deploy a mobile network in ing 10+10 MHz 4G LTE in Using commercially developed smartaustere environments. 43 of the top 50 metro areas, phones is a key strategy, since today’s soldiers “Where a major cell comdelivering download speeds grew up and are comfortable with these pany would have five towers up to 72 Mbps. “In November devices and other technologies. “DoD has Kevin Kelly to cover a 10-mile area, the 2013, we began deployments conducted numerous training exercises that military would have to deploy of Wideband LTE with 15+15 leverage the 4G LTE technology to extend the mobile ‘cell towers’ or points of presence to MHz and 20+20 MHz,” he said. “What that network to the soldier during Network Inteprovide the coverage and reachback capabilmeans is that we’re building 4G LTE supergration Evaluations and Army Expeditionary ity to the network inject point via some type highways that are incredibly fast and wide Warrior Experiments,” Semple stressed. of wideband communications,” Semple said. open—and where you can experience downExelis provides that capability now with load speeds up to147 Mbps.” its Global Network on the Move-Active DistriStill, there is only a finite amount of bution (GNOMAD). Industry Collaboration spectrum. “If the government clears out the “GNOMAD supplies a mobile point of spectrum for exclusive federal use, we would presence to provide services out to the disadDISA in March released a request callprobably still run out of bandwidth in 10 vantaged user via high data rate light-of-sight ing for industry, universities and research years,” Bose said, adding, “LTE requires a radios, or with its 3G/4G PICO cell module,” organizations that are involved in wireless wide spectrum to operate.” Semple stated. “The GNOMAD connects back technology, radars and signal processing, LTE networks run on frequencies in the into the network via its wideband SATCOM electronic warfare, and spectrum monitoring 700 MHz to 2.5 GHz range, though spectrum link (Ku-, Ka- or X-band) while operating on and sensing to collaborate to find ways for on lower frequencies is preferable for carriers the move.” the military to better use 4G LTE technology. 10 | MIT 18.4
www.MIT-kmi.com
4G at Sea Another company that is active in this area is Oceus Networks, which has been working with the Navy on a high profile 4G LTE project. Jeff Harman, senior vice president of DoD solutions for the company, noted that the Navy has been active in exploring innovative uses of 4G LTE technology for operations at sea. “The Navy’s visit, board, search and seizure (VBSS) mission requires the ability to stream full motion video from helicopters to the ships and fast boats engaged in VBSS operations,” he said. To do this, Naval Air Systems Command partnered with Oceus to develop a pilot program on two ships using 4G LTE technology to enable this mission. The USS Kearsarge and the USS San Antonio were equipped with a microwave-based wireless wide-area network augment existing satellite-based communications. The LTE network lets personnel on the two ships receive real-time video streaming from air nodes mounted on helicopters, which in turn allows officers to make quicker and more accurate decisions based on what advance units are doing. Oceus also is providing solutions based on secure communications in a 4G LTE environment for other military organizations as well. “Our solutions have been integrated onto Navy ships and helicopters, on Army vehicles and for dismounted solders, and on UAVs and aerostats,” Harman said. A key focus for Oceus has been in providing end-to-end solutions for the military. “We don’t just provide the bandwidth, but we also worked with the military, including the National Security Agency, to ensure these 4G LTE transmissions are secure,” he said. Oceus was the first company to receive interim authority to operate 4G LTE at the secret level. “We have integrated applications and improved the user experience for the devices used by our men and women in uniform,” he added. “Additionally, we developed a mission management solution to better enable the military to use these new capabilities in their mission.” Along with testing and evaluating LTE systems, DoD remains focused on how companies can provide secure systems, particularly when it comes to cell/smartphone usage. www.MIT-kmi.com
“If you talk to any warfighter who has been to Iraq or Afghanistan, they will tell you they used their cellphones there,” Vanu commented. “Many comment that the mapping capability on their cellphone is often better than any other technology. It’s easier to use and the map itself is oftentimes better than what the military supplies.” Consequently, Bose maintained, warfighters need to be enabled with those capabilities in a way that is as secure as possible. “It’s never going to be as secure as a Type 1 military radio,” he said. “But we need a middle ground. If we change the security requirements you can open up the use of modified commercial technology much more easily.”
Advanced Security The security incorporated in 4G systems is much more advanced in comparison to earlier cellular standards, said Kevin Kelly, chief executive officer of LGS Innovations. “To enhance security, mobile device management capabilities are being developed to enable DoD to support an overlay of its own mobile user management with VPN AES (FIPS) encryption standards, DoD user authentication, and DoD application stores,” he said. Kelly added that a substantial body of 4G LTE and LTE-Advanced (LTE-A) technology is building in the industry, and that future tactical systems should apply this technology base. These technologies include small cells, micro cores, self-optimizing networks, multi-cell coordinated signal processing, multiband operation and RF component miniaturization. The LTE-A standard will deliver much higher throughput, with up to 100 Mbps in mobility conditions and up to 1 Gbps in static mode. Kelly sees a wide range of tactical use cases. “They have a common theme of supporting deployed personnel from the Army, Marines, or Navy by providing local broadband wireless communications in an on-themove or at-the-halt common operational picture, with either agile or fixed backhaul to operating bases, airborne platforms, satellites, or other communication links to the theater backbone network,” he said. The tactical base stations would be deployed with the military assets, and personnel would use tactical smartphones with security enhancements corresponding to mission threat levels. “An example would be
a call for fire (CFF), which could be made faster and more accurate by sharing a common operational picture with all personnel, issuing commands and receiving location information for force tracking, using digital targeting devices to further identify hostile locations, supplementing the communications with text and photographs, and transmitting graphically entered symbols initiating the CFF,” Kelly said. Smartphone combat fire support applications have been developed under DoD’s Forge.mil, a collaborative software development program, that support the CFF mission in a net-centric environment and provide the military observer with improved situational awareness in the local area, graphics based targeting, highly networked mission fire support and coordinating measures processes, and command review/authorization. “In effect, deployed military personnel would have local broadband communications that would be deployed with them, using DoD applications on smartphones and tablets with which they are already familiar,” he explained. Another use case leverages the complementary capabilities of mobile broadband applications of 4G LTE IP systems with the robust, secure voice communications of widely deployed Time Division Multiplexed (TDM) Land Mobile Radio (LMR) systems. “LMR systems support military and first responder secure communications, but have very low rate data capability,” he said. “These systems can coexist in the same physical area, and they can provide broadband services and extended calling as complementary extensions of each network through interoperability either with gateways or with further IP to TDM interface standards development.” LGS Innovations offers a full portfolio of 4G LTE products, both in its own capacity and as the exclusive reseller of AlcatelLucent products where the end customer is the federal government. “LGS is a leader of base station router technology in which the base station is a small, software-defined fully integrated wireless network element with IP interfaces that interconnect to IP networks with plug and play capability,” Kelly explained. O
For more information, contact MIT Editor Harrison Donnelly at harrisond@kmimediagroup.com or search our online archives for related stories at www.mit-kmi.com.
MIT 18.4 | 11
DATA BYTES Partnership Delivers Enterprise Resource Planning BAE Systems and Infor have announced a new strategic partnership to deliver and install Infor’s enterprise resource planning (ERP) software solutions for the U.S. government. BAE Systems’ analysts and engineers will install and operate Infor software solutions purchased by federal agencies, helping expand Infor’s business with the U.S. government. These systems include the Infor Public Sector (Hansen) suite, Infor ION, Infor Enterprise Asset Management, Infor Lawson and Infor Approva. Infor has a 30-year manufacturing and distribution legacy for ERP systems within the a
erospace, automotive, chemical, electronics, food and beverage, and industrial manufacturing sectors. In addition to this partnership, BAE Systems has invested in a new Infor products lab that will provide BAE Systems technical experts and customers with enhanced knowledge of Infor’s ERP systems, enabling them to develop best practices for system integration. It will also serve as a formal system training environment for BAE Systems’ network analysts, operators and engineers who will be installing and maintaining Infor products purchased by the U.S. government.
Sustainment Provided for Blue Force Tracking Comtech Mobile Datacom has been awarded a three-year contract to continue to provide sustainment support for the Army’s Force XXI Battle Command Brigade and Below-Blue Force Tracking (BFT-1) program, a battle command real-time situational awareness and control system. In addition, the Army agreed to continue to license certain Comtech intellectual property pursuant to a separate contract. Under the new three-year BFT-1 sustainment contract, which has a not-to-exceed value of $38.2 million, Comtech will provide engineering services and satellite network operations on a cost-plus-fixed-fee basis and program management services on a firm-fixed-price basis. The base performance period begins April 1, 2014 and ends March 31, 2015, and the contract provides for two 12-month option periods exercisable by the Army. The total estimated value of the base year is $13.6 million.
Medium Orbit Satellites Offer Affordable Connectivity SES Government Solutions (SES GS) will offer O3b services on their General Services Administration schedule as of June 30, making it the first distribution partner to offer the O3b capability directly to the U.S. government. The O3b next-generation medium earth orbit (MEO) constellation of satellites offers customers affordable connectivity for up to 1.6 Gbps throughput and fiber-like latency (less than 150 msec). The first four satellites were launched in June 2013. The second four are scheduled for launch in July 2014, with another four scheduled in early 2015. SES GS provides global fixed and mobile satellite solutions in the geosynchronous (GEO) orbit. By combining this capability with O3b’s MEO offerings, SES GS offers government customers the benefit of having one provider for fixed and mobile GEO satellite service with broad coverage and complementary MEO satellite service with high throughput over O3b coverage areas. This combination will provide connectivity for customers in remote areas where terrestrial fiber infrastructure is not available and low-latency applications are required. O3b provides connectivity to support troop welfare, timecritical high bandwidth traffic, disaster recovery and maritime operations.
12 | MIT 18.4
Contract Supports Battle Network Initialization CACI has been awarded a $21 million task order contract to provide business, logistics and engineering services for Army Product Director (PD), Initialization (formerly Product Director Tactical Network Initialization). The contract award, which is for one base year and one option year, was awarded under the Army’s Strategic Services Sourcing contract vehicle. PD Initialization provides data products in support of network operations and connectivity for the Army Battle Command System, which is a digital C4I system that includes a mix of fixed, semi-fixed and mobile networks and is designed for interoperability with U.S. and coalition C4I systems. CACI’s services will help advance the integration of systems and tools for PD Initialization and migrate them to a more fully automated environment. This will allow Army units to take full advantage of the capabilities provided by their battlefield communications networks throughout all echelons, from battalion through theater commands. CACI’s support services will include research and engineering development, prototyping, demonstrations, integration, fielding and support for product/ software, systems engineering and logistics.
www.MIT-kmi.com
Compiled by KMI Media Group staff
Test Shows Seamless Switching Between SATCOM Networks In-flight network switching between a Ka-band Wideband Global SATCOM satellite and a commercial Ka-band satellite has been successfully demonstrated by ViaSat. The flight demonstration was conducted under a Cooperative Research and Development Agreement with the Air Force Life Cycle Management Center in cooperation with Air Mobility Command, 193rd Air National Guard, MITRE, and MIT Lincoln Laboratory. In the past year, ViaSat has significantly expanded the bandwidth on its global airborne network to address government requirements for broadband ISR delivery and en route connectivity. The company offers multiple service tiers, providing increasing levels of priority access to assure performance when the mission warrants it. This test proved a basic premise underlying the ViaSat “best available broadband network” concept: Seamless network-switching is possible not only between government and commercial satellites, but also between different airborne networks.
Navy Orders High-Bandwidth Shipboard Terminals The Navy has awarded Harris an eight-year contract valued at up to $133 million to provide shipboard terminals that give crews access to highbandwidth voice and data communications. Under the agreement, Harris will provide up to 120 terminals in addition to the 70 terminals already delivered since 2008 under the indefinite delivery/indefinite quantity Commercial Broadband Satellite Program (CBSP) Unit Level Variant (ULV) contract. The new award brings the total potential value of CBSP ULV and Force Level Variant contract awards to Harris to more than $250 million through 2022. The program provides worldwide, commercial, end-to-end telecommunications services to the Navy. The 1.3-meter Harris terminals offer X-band operation over existing military satellites, and the option of military/commercial Ka-band operation for future deployed satellite systems. They support essential mission requirements and provide high-speed Internet access and video communications on small combatant and support ships. Harris terminals also are used onboard Navy amphibious assault ships.
Single Board Computer Supports C4ISR Applications
Curtiss-Wright Corp.’s Defense Solutions division has introduced the first member of its new family of rugged ARM-based COTS processing modules, the VPX3-1701, a 3U VPX single board computer (SBC) based on a CPU that features dual 1 GHz ARM processors. This cost-effective, low-power small form factor SBC is rated at less than 15W maximum power dissipation. Curtiss-Wright’s ARM-based SBCs are the industry’s first VPX architecture processing modules to harness the affordability and low power advantages of the ARM architecture. They provide unmatched performance-per-Watt without compromising fullfeatured connectivity and I/O options. The VPX3-1701’s integral high-speed backplane and XMC connectivity enable multi-GB/s data flows from board-to-board through the backplane interface and from the backplane to its on-board XMC site to support the acquisition, processing, and distribution of sensor data for demanding C4ISR applications such as video, radar and sonar data processing.
Offering Streamlines Vulnerability Assessment and Auditing Tenable Network Security has released Nessus Enterprise, a new offering to streamline vulnerability assessment, configuration and compliance auditing and demonstrate adherence to PCI DSS requirements. Nessus Enterprise makes it easy for teams to collaborate by providing central management of Nessus scanners, simplifying access for multiple users to scanners and scan results. Nessus Enterprise enables security and compliance teams to scan more assets more often; include role-based access for administrators, auditors and security analysts; and share scanners, schedules, scan results and
www.MIT-kmi.com
policies. Nessus Enterprise Cloud, also available now, is Nessus Enterprise hosted by Tenable. It allows users to access their Nessus internal scanners and reports from the cloud and perform external scans of their Internet-facing IPs for network and Web application vulnerabilities. A PCI-Certified Approved Scanning Vendor solution, Nessus Enterprise Cloud also includes quarterly network scanning for external vulnerability scan validation for PCI. Nessus Enterprise is the first major scanning solution that can be deployed on-premises or accessed from the cloud.
MIT 18.4 | 13
Network Warfighter
Q& A
Enabling a Flexible, Robust, Agile and Secure Network
Brigadier General Kevin Nally Chief Information Officer U.S. Marine Corps
Brigadier General Kevin Nally is the director for command, control, communications, and computers/chief information officer (CIO) for the U.S. Marine Corps, and Department of the Navy (DON) deputy CIO (Marine Corps). Nally was commissioned a second lieutenant in the Marine Corps in May 1981, after graduating from Eastern Kentucky University with a Bachelor of Science in agronomy and natural resources. After completing the Basic School and Communications Officer Course, he was assigned to the 1st Marine Amphibious Brigade, where he served as a communications platoon commander for the Marine Service Support Group-37 and later as a communications platoon commander for the Brigade Service Support Group. During this tour, he attended SCUBA School, Pearl Harbor, where he served in an additional duty capacity as a search and rescue diver. In 1985, he was reassigned to Marine Corps Recruiting Station, Los Angeles, Calif., where he served as an officer selection officer. In 1988, Nally attended Command, Control, Systems Course in Quantico, Va. After graduating in 1989, he was assigned to the 2nd Tank Battalion, 2nd Marine Division, where he served as the communications platoon commander during Desert Shield and Desert Storm. Following this, he was assigned to Communications Company, Headquarters Battalion, 2nd Marine Division as the executive officer. In 1992, Nally was assigned as the operations officer, Recruit Training Regiment, Marine Corps Recruit Depot/Eastern Recruiting Region, Parris Island. In 1995, he was transferred to the 3rd Marine Division, where he served as the S-6, then the S-3, and finally as executive officer for the 4th Marine Regiment. In 1996, he served as commanding officer, Communications Company, Headquarters Battalion, 3rd Marine Division. 14 | MIT 18.4
In 1998, Nally was assigned as the deputy director, J-6, U.S. Forces, Japan, and completed a Master’s in Information Systems Management. From 2000 to 2002, Nally was the commanding officer of Support Battalion, MCRD/ERR, Parris Island. From May of 2002 to July 2003, he served as director, Marine Corps Martial Arts Program. Nally is a 2004 graduate of the Industrial College of the Armed Forces with a concentration in information strategy. Following this assignment, he served from 2004 to 2006 as the deputy director for C4, U.S. Central Command where he deployed twice in support of OIF/OEF. In 2006, he was transferred to Camp LeJeune, N.C., where he served as the II MEF AC/S G-6 and subsequently as the II MEF chief of staff. From 2007 to 2009, he served as commanding officer, Marine Corps Communications-Electronics School in 29 Palms, Calif. He served as the AC/S, G-6, MCAGCC/ MAGTF-TC from 2009 until 2010. Q: In broad terms, how would you describe the differences, as well as similarities, between the C4/IT needs and goals of the Marine Corps as opposed to those of the other services? A: Each service has a unique set of missions, roles and responsibilities. For the Marine Corps, the commandant has placed a www.MIT-kmi.com
priority on ensuring that the Corps is America’s crisis response force, and that we are a force that is scalable, responsive, flexible and agile across the spectrum of operations. As with the other departments within HQMC, everything we do is to support our forward deployed forces as well as those units and organizations that support them (the supporting establishment). Therefore the C4/IT needs and goals are set to enable a flexible, robust, agile and secure network that enables operations across war fighting and business functions, and I would say that all the services have a similar vision. Another similarity is with respect to the current fiscal environment, as we all have increased focus on fiscal and budgetary responsibility. Q: How do those differences affect your mission as CIO of the Marine Corps? A: The mission of CIO is set forth by law (Title 10), so there are few differences between service CIO functions. The unique mission and role of the Marine Corps requires the CIO to establish policies, standards and procedures, to execute processes, and to employ enterprise decision support capabilities for the effective and efficient governance of Marine Corps Information Enterprise assets and alignment of those assets to Marine Corps warfighter domains and mission areas. Q: As the Marine Corps charts its own course on some key IT issues, do you see any disadvantages, in terms of overall DoD coordination and interoperability, that go along with the benefits of having tailored solutions and policies? A: The Marine Corps is not charting its own course, but rather is conducting IT business to enable Marines, civilian Marines and support contractors to operate more effectively, and to be fiscally sustainable and responsible. The Marine Corps remains in compliance with higher-level policies such as Joint Information Environment (JIE). The Marine Corps is aligned to meet the initiatives that seek data access and information sharing, improved joint mission effectiveness, more effective training, increased security, and IT efficiencies. The Marine Corps Enterprise Network Unification Plan (MCEN-UP), which has been approved by the Department of Defense and DON CIOs, was developed to unify and synchronize the MCEN directly to JIE. Q: How would you assess current DoD progress towards a Joint Information Environment, and what does the Marine Corps have to offer to these efforts? A: The DoD JIE remains focused on the consolidation efforts directed by OMB and DoD, while ensuring service and combatant command mission success. Discussions range from the identification and implementation of primary core data centers, to application rationalization processes, to the identification of specific “enterprise services” that are to be provided within the JIE. The Marine Corps’ move into the Next Generation Enterprise Network (NGEN) contract initiated probably one of the most comprehensive “in-sourcing” efforts in recent memory. The Marine Corps Unification Plan has been systematically moving the service from a contractor-owned/contractor-operated environment to a government-owned/government-operated one. www.MIT-kmi.com
A key factor in this transition is transforming the former-NMCI environment into one that implements the major attributes of JIE, for example, consolidated data centers, single security architecture framework, and transparent Marine Corps network capability from the garrison to the tactical edge. Q: What is your current policy in respect to the development of an enterprise email system, as well as other shared services? A: The Marine Corps has been on an enterprise email system since the Navy Marine Corps Intranet (NMCI) began in the early 2000s. NGEN is DON’s portion of enterprise email. We continue to work with DoD in support of a DoD Enterprise-wide Global Address List capability. The Marine Corps will continue to support all DoD and DON shared services models where operationally effective and cost efficient. Q: How would you define the Marines’ approach and policy as the DON pursues the NGEN program to replace NMCI? A: In regard to the NGEN program, the Marine Corps fully transitioned to a government-owned and government-operated model (GO/GO) in June 2013. We are utilizing the NGEN contract vehicle to provide the Marine Corps with touch labor and technical resources in support of Marines and government civilians planning, operating, installing and maintaining the Marine Corps Enterprise Network. We have been successfully running the Marine Corps Classified portion of the MCEN since 2008. Using this model, we will continue to utilize our lessons learned as well as plans, polices, processes and technologies to support our future improvements to the unclassified portion of the MCEN. The MCEN-UP is our way ahead to achieve many of those future objectives. Q: What is the current state of progress in development of policy and implementation of the use of mobile devices, especially those owned by USMC personnel? A: Migrating to a net-centric interoperable network is at the heart of our vision for enabling a knowledge-based force. Achieving this vision requires the development of improved mobile, seamless and secure communications across the information enterprise. We have taken a number of important steps to address evolving information needs and challenges across the MCEN. One of these steps occurred in 2013 with the publication of the Marine Corps commercial mobile device strategy, which established a secure mobile framework intended to aid the identification of mobile device capability requirements and promote the use of existing resources, including approved personally owned mobile devices. In accordance with Goal #4 of the Strategy, “Incorporate Personally Owned Mobile Devices within the Marine Corps Enterprise Network,” the Marine Corps has been developing an unclassified personally owned corporate enabled (POCE) mobile device capability, which seeks to provide personally owned commercial mobile devices with access to the MCEN. In terms of progress, we are currently conducting a beta test to refine the technical details of the solution. Following this phase, a large-scale pilot will be conducted in order to test all elements of the user experience and further refine the model technical MIT 18.4 | 15
details. Pending successful completion of the pilot, we will determine whether the initiative will be incorporated across the CONUS elements of the enterprise. Q: Can you describe your vision of a future tactical communications architecture that includes radios as well as smartphones, tablets and other devices? A: The future Marine Corps tactical environment will be a maneuver environment unsupported by fixed infrastructure. Smartphones, tablets and other devices are simply host devices for applications that will draw network services and access data from echelons within our tactical network that can best provide reduced latency, increased availability and failover. To support existing and emerging operational concepts, expect to see data services pushed to lower levels, enabled through a mobile tactical mesh network. The specific waveforms that enable these mobile networks include Adaptive Networking Wideband Waveform, Soldier Radio Waveform, and Wideband Networking Waveform, employed in architecture of tiered subnets. However, narrowband communications provided by HF and VHF capabilities will continue to be relevant. Q: What is the current status, and how do you see the future potential, of the use of cloud computing by the Marine Corps? A: The Marine Corps has been leveraging a cloud-based Sergeant. David Evans monitors the data traffic and servers that support high-tech satellite communications of Combat Operations Center. The Operations Trailer, combines cutting-edge technology with rapid deployment approach for over a decade. As this market continues to the capability. It is a two-wheeled trailer that carries all the necessary equipment to setup and establish a high-tech expand and become more robust, we will follow indus- COC including: essential servers, routers and encryption systems that can reach back to standard military radios or to the internet via satellite. try best practices where operationally effective and cost efficient. The Marine Corps will continue to build out compliance with those policies and standards. MARFORCYBER our private based cloud environment within the Marine Corps has been tasked to operate and defend the MCEN, and they execute Enterprise Information Technology Services (MCEITS) program the direction and actions needed to ensure a protected, defended of record located in the Marine Corps Information Technology operational environment in accordance with policy and standards. Center in Kansas City, Mo. Our future cloud computing goal is to move from our current infrastructure as a service to a Q: How would you describe your goals in the area of IT govmore mature platform as a service approach. Over the coming ernance, and what processes do you have to ensure that your fiscal years, the Marine Corps will continue to consolidate and programs are meeting the needs and responding to the feedback standardize our multiple application hosting and development from USMC users? environments within MCEITS. Q: What initiatives do you have underway in the area of information security, and how does your organization coordinate with MARFORCYBER? A: Cybersecurity initiatives include a single security architecture framework that includes a “comply-to-connect� construct initially within the garrison environment. This construct would take systems that are plugging into the MCEN and automatically ensure all open IAVA patch requirements and Security Technical Implementation Guide standards are pushed and installed before allowing the systems access to any internal resources. This is in alignment with the Federal Continuous Monitoring construct. As the Marine Corps CIO, the overarching service responsibility for the network falls to C4, and this is executed through policy and standard development, with institutional validation of 16 | MIT 18.4
A: IT decisions require an objective, disciplined, repeatable process to meet the network demands of scalability, responsiveness, flexibility and agility. Our goal is to continue to execute IT governance that way: ensure roles and responsibilities, authorities and accountabilities are accurately assigned, understood and acted upon. We maximize collaboration facilitated by people, processes and technology to hear, understand, and address the needs of USMC users. We continue to mature in executing CIO Core Competencies established by the Federal CIO Council, and those processes and practices that just make sense from an operational performance and fiscal perspective. To meet user demands, we have open dialogue about requirements, and through the PPBE process balance these requirements, along with cybersecurity, with Marine Corps fiscal objectives. O www.MIT-kmi.com
Multi-service group works to stimulate development of digital intermediate format technology for processing satellite transmissions.
By Harrison Donnelly, MIT Editor manage the gateways, or terminals, and the services that are proSeeking to reduce costs and enhance control of satellite comvided. Today, we operate and manage in a decentralized manner. The munications, a multi-service group in the Department of Defense is systems being introduced will provide greater capacity and speed working to stimulate development of technology that will enable a to warfighters and decision makers, and enhance responsiveness in switch from analog intermediate frequency (IF) to digital intermediterms of making critical decisions and moving faster than the enemy. ate format (digital IF) technology for processing transmissions. “Finally, one the greatest benefits is that it will significantly The Digital IF Working Group includes the Army Project reduce the costs and footprint of what we are doing today,” Richards Manager Defense Communications and Army Transmission Sysadded. tems (PM DCATS), Defense Information Systems Agency (DISA), Randy Nash, chief of CERDEC’s Developmental Systems Branch, MILSATCOM Systems Directorate, Communications-Electronics SATCOM Systems Division, Space and Terrestrial Communications Research, Development and Engineering Center (CERDEC), Air Directorate (STCD), offered some historical perspective on the need Force Life Cycle Management Center, Navy Program Executive for new SATCOM technology: “Historically, the evolution of the straOffice C4I, Army Space and Missile Command, and other key comtegic SATCOM architecture has been relatively slow in comparison munications-focused commands. It is pursuing a long-term strategy to the evolution of other telecommunications technologies. The aimed at putting together standards and encouraging COTS produccomponent-level technology that you would typically find in a stration of systems that will bring the benefits of digitization to the tegic SATCOM terminal subsystem has significantly analog systems currently used in SATCOM gateways. evolved over time, due to demands in other growing “This fundamentally will change how we do busitechnological areas. However, the system-level techness, and the way we strategically deliver SATCOM nology has significantly lagged with regards to breakcapabilities,” said Colonel Clyde E. Richards of PM through innovation, predominately due to the longer DCATS, a working group participant who has referred than expected lifecycle of the strategic terminals. to digital IF as “the next big thing” in military SAT“SATCOM systems have not taken a significant COM. technological leap forward, even in the last decade. “It’s a very familiar paradigm shift from analog Digitizing the transmission path entirely or by comto digital, and all the benefits that come from that,” ponent would significantly improve their technical Richards explained. “You can talk about greater capacperformance, resulting in efficiencies gained in both ity and reliability. You get better error correction Col. Clyde Richards cost and space segment power/bandwidth resources,” and faster speed. We will have the ability to centrally www.MIT-kmi.com
MIT 18.4 | 17
added Nash, whose agency has been a leader in this area in recent years, sponsoring the Future Advanced SATCOM Technologies (FAST) initiative with the goal of developing the next-generation, all-digital IF architecture for strategic SATCOM.
Transmission Fabric Within a ground station, IF is the fabric that moves waveforms from the modems to the antennas and terminals. IF is used because it offers better signal processing than at the higher frequencies used for Radio Frequency (RF) propagation. In addition, it provides a fixed frequency for processing signals, instead of having to process multiple frequencies, Richards explained. “It’s much easier to process and handle, and costs less. Finally, it isolates the frequency, so it can filter out any other frequencies at a close range.” Currently, all Army/DoD SATCOM operations rely on analog IF from the modem to the antennas. In order to make a switch from an analog to an all-digital format, modems capable of providing a digital IF format will have to be installed, along with new routing and switching. “We want to implement this as soon as it is mature, available and affordable,” Richards said. “We’ll be prepared to make the investments where they make most sense. It will probably be a normal transition that fits into the tech refresh cycles that we already have planned for obsolescence.” The issue is that digital IF technology today is not at the level of maturity where it could be acquired and deployed on a systemwide basis. “It’s not available commercially, and what we are doing is trying to stimulate the market so that this capability becomes readily available. We know it can be done, it’s just a matter of getting it to market,” he noted, adding, “We’re looking at it from a COTS perspective, so we want a product that is being provided, not a developmental effort by the government—a product that we can procure that meets an open standard.” Once available, however, the digital IF technology is expected to provide substantial operational and economic benefits. “From a performance standpoint, we get higher capacity and speed to meet what we see as a growing demand for SATCOM. That translates into wider satellite transponder bandwidth, so we will be able to transmit and receive higher carrier counts than we do today,” Richards said. “We also get higher reliability, and we can mitigate noise issues that we currently have with analog terminals, taking advantage of superior signal quality that comes with digital. So we reduce the number of transmissions we have to make to get the transmission right. There is no way we can do that today without a digital capability.” From a distribution standpoint, terminals today operate in a decentralized fashion, each terminal being managed separately. With digital IF, however, the IF can be distributed globally from centralized points of operation. “We can distribute over the existing high-speed terrestrial network at the high rate of speed that it brings,” Richards said. “We’ll be able to centralize the equipment and staffing operations, rather than distributing all the capability in a decentralized manner, and having all the overhead and staff costs at each location. It not only provides better management, but also better control and security, since it is now more centralized. It provides global flexibility, because once you have this infrastructure in place, you have 18 | MIT 18.4
the ability to move transmissions over any gateway. It also provides redundancy, which gives you more reliability.” “When you talk about the economic standpoint, you will reduce costs because you won’t need to have as many modems and decentralized locations. We can reduce the floor space and costs of maintaining equipment and facilities. We also won’t have to pay as much over the life cycles of all the equipment we had. Finally, we get the benefits of digital capabilities and technology. As things get faster, we will be able to incorporate that into the capability and leverage it,” he added. To that end, the working group has been collaborating for the past couple of years, bringing together a total of nine organizations focused on developing an open commercial standard that can be provided to industry and turned into products. “We hope to see standards established and production begin within the next four to six years,” Richards said. “We have made a lot of progress. One of our greatest challenges is the fiscal constraints we face. It isn’t happening fast enough for us, because we want to start integrating this technology and reaping its benefits. But we have to go through the process, and get the funding. Based on where we are, the business case indicates that from performance and cost standpoint, this is the way to go.”
FAST Progress With several years of experience in developing and demonstrating the technology, CERDEC STCD is serving as the subject matter experts in the digital IF SATCOM domain. The organization has been examining the issue for several years, undertaking several initial and proof-of-concept studies before launching the FAST program under STCD’s Joint SATCOM Engineering Center. Lessons from the early prototyping efforts shaped digital IF development, Nash explained. “The need for standardization became a priority throughout the early development stages, as it became apparent that an all-digital SATCOM architecture can take on many variants, depending on the mission-specific requirements. It also became apparent that the architecture core subsystems can be functionally equivalent, but not interoperate when designed by different vendors.” In response, the FAST Working Group was set up in fiscal 2012 to develop an Open Standard Digital-IF Interface (OSDI) for SATCOM systems. “The impetus behind this effort was to collaborate with industry to develop an open-system architecture and protocol standard for digital IF SATCOM, using practical design experience and practice,” Nash said. “The other objective was to stimulate industry development of digital IF SATCOM systems and subsystems. This development focused on fostering open market competition while not limiting creative ‘black box’ designs, non-proprietary technology, and designs that achieve compatibility, interoperability and interchangeability.” The FAST Working Group has included STCD and DISA, teaming with Harris GCS, Comtech EF Data Systems, Welkin Sciences, Hughes Defense and Intelligence Systems, L-3 Communications West, and RT Logic. This effort has resulted in a modular architectural framework defining the signal processing elements and the subsystem communication interfaces to create all-digital strategic fixed SATCOM terminals. The standard is currently being tested, and will subsequently be published in the public domain. O For more information, contact MIT Editor Harrison Donnelly at harrisond@kmimediagroup.com or search our online archives for related stories at www.mit-kmi.com.
www.MIT-kmi.com
The promise of software-defined networking is to keep the deployment, provisioning, and management of networks as simple as possible.
By Peter Buxbaum, MIT Correspondent
University. OpenFlow has since been incorporated into OpenDaylight, With its promise of improved efficiency in setting up and controlan industry consortium seeking to develop an open platform for netling networks, software-defined networking (SDN) is bringing fundawork programmability. mental changes to this critical aspect of information technology. While Some commercial entities have undertaken major SDN deploythe Department of Defense has so far taken only limited steps in this ments, but the U.S. military has lagged behind. Nevertheless, a area, experts predict SDN will soon bring major changes to military few defense organizations have experimented with SDN pilots, and ananetworking as well. lysts say it is almost inevitable that SDN will make its way SDN embodies a number of interrelated concepts into DoD networks, for all of the benefits and efficiencies and technologies, not all of which are new, but which it can provide. have gained currency due to sheer necessity. Network “The networking industry is going through a fundadesign has lagged behind other aspects of information mental technology change,” said Tim LeMaster, director technology such as computing and storage, and SDN of systems engineering at Juniper Networks. “Traditional has come about to allow networking to catch up. network design practices do not adequately support the Today’s networks are largely based on decadesmodern user, and the networking industry is responding old technologies. Provisioning and configuring netwith SDN. This shift builds on changes already taking works continue to be time-consuming and laborious place in the data center, including the virtualization of tasks because much of the programming remains in servers and storage, which allowed them to be more hardware components. Making changes requires the Tim Lemaster agile and responsive to the services and applications that manual reprogramming of each piece of hardware. operators and providers are trying to provide.” One key attribute of SDN is to remove control of “When you change the way you compute, you have the network from distributed hardware components to change the way you network,” said Lorraine Cleary, and introduce software that enables network managdirector of product management at Avaya Networking. ers to program the network centrally, holistically and “Computing has already been virtualized. Everything in dynamically. the data center needs to talk to each other, but the netA second important aspect of SDN involves network became a bottleneck. The concept of automatically work virtualization. Virtualization of computing programming the network came to get that bottleneck and storage has been ongoing for some years now. out of the way.” Especially in a connected world, and for a military “SDN evolved into an expression of frustration with that seeks to push information to the edge, network how networks are traditionally configured and manvirtualization is required for the network to integrate Lorraine Cleary aged,” said Doug Gourlay, vice president of systems with the compute and storage components of the IT engineering at Arista. “SDN has developed from a single infrastructure. standard that allows networking components from different vendors to Creating an open-source SDN community began to take off last be orchestrated together into more of a meta-movement.” year. But SDN could just as well be represented by proprietary offerings, and some vendors have marketed those kinds of SDN network controllers. The OpenFlow communications protocol, an open standard that separates packet forwarding from high-level routing policies—an important characteristic of SDN— was developed some years ago by researchers at Stanford
www.MIT-kmi.com
www.MIT-kmi.com MIT 18.4 | 19
Agility and Control
data packets to determine where they should be directed,” explained Robert McBride, senior product manager for Brocade. Old-school networking combines the data and con“With SDN, this is controlled by policies embedtrol functions by embedding the programming in the ded in software. Routing protocols are now dictated network hardware. SDN came to separate the logical by this software, which is managed and updated from from the physical, noted Dan Kent, chief technology a single entity rather than being distributed across officer of Cisco’s public sector business. multiple network elements.” “That means separating the control plane from the “For example, in order to establish that a voice data plane,” Kent explained. “This was done on the server application on a network gets higher priority, the and compute side years earlier. The reason for doing this Robert McBride network manager has to press one button and all is to create a more agile type of network and to have the switches involved will be reprogrammed,” said some form of central control defined by software.” Clearly. “Before, each switch had to be visited and reprogrammed “The network has become the long pole in the tent for delivering individually. A mistake made on one switch could bring down the new services,” noted LeMaster. “Network solutions provisioning and entire network.” configuration takes longer than the other components of service delivSDN also allows network administrators to view and manage their ery. It often takes several weeks to get the virtual local area networks networks more holistically. “Before SDN, we were faced with having and other networking components provisioned and configured. SDN to guide individual elements and manage components with separate promises to improve that time to deployment.” policy configuration engines or network configuration applications,” Reconfiguring or reprogramming current networks requires said McBride. “By providing a holistic view into the network, SDN experts to visit 1960s era command line interpreters and manually allows managers to understand what is running on the network and provision them, Gourlay explained. “What happened is that enterwhere, and also to identify where security holes might be so that they prises and service providers started getting increasingly frustrated,” he can implement policies to address them.” said. “Workloads were moving faster than humans were able to provide for them. They wanted to enable software-to-machine interfaces to configure machines.” Open Standards Networks have been built the same since the 1980s, noted Cleary. “Any innovations were always bolted on the existing infrastructure. As The movement toward SDN open standards hit a few speed bumps a result, networks run too slow and had difficulty supporting real-time a while back, as network vendors attempted to take them in-house applications, like Voice over IP (VoIP).” Avaya Networking provides and make proprietary controllers, according to Gourlay. But some VoIP network applications. software developers also produced controllers that supported multiple Much as cloud computing came to drive efficiencies in computvendors and have allowed the SDN movement to grow. ing infrastructure and deal with the ever-growing demands on that The industry movement to create open standards for SD has infrastructure, SDN remedies the issue of network scalability that is gained steam over the last year and a half. OpenFlow was a pioneer not keeping up with increased traffic and business needs. in this area and still plays an important role in its latest instantiation, “It’s limited by the number of appliances a provider can deploy to although it does not provide the full gamut of functionality. Open deliver their services,” said LeMaster. “For example, every service, such application programming interfaces (APIs) fill these gaps by allowing as load balancing, intrusion detection and prevention, and deep packet the diverse components of the network to communicate with the ceninspection, requires another appliance. That approach isn’t flexible or tral manager and facilitating network programmability. scalable enough for the agility that organizations require. Organiza“Standards are very important for customers to maintain the flextions are looking to the cloud to increase agility and responsiveness ibility necessary for a scalable services architecture,” said LeMaster. when deploying services. “Many vendors of SDN solutions being suggested today are based on “SDN is a critical component to a more responsive infrastructure, proprietary or inflexible protocols. Those proprietary protocols will making it easy to connect clouds and the virtualized resources within lock customers in to particular solutions and prevent them from them,” LeMaster added. adapting to the ever-changing and fast-paced evolutions of data center The cloud infrastructure is made up of compute, storage and netarchitectures and cloud based models.” work components, noted Kent. “The cloud in the data center allows “With OpenFlow and open APIs, the controller is able to tell all multiple tenants to share resources,” he explained. “The virtualization network components how to program themselves on how to manage of computing enables administrators to dynamically turn out and turn the forwarding of traffic,” said McBride. “It removes the intelligence down servers based on need. To build out a large cloud infrastructure from within the network element and places it within the controlrequires the creation of a network and all the services that go along ler. Network policy changes can be made from a single application with that. and adjusted, instead of each device having to make that decision “SDN allows network managers to dynamically provision network itself.” resources. Its first capability is to virtualize the network so that you Juniper’s SDN controller, Contrail, is built on existing standardscan turn up and turn out ports and routing, firewalls load balances. based protocols, allowing users to interface with existing components SDN provides the ability to do that with software,” Kent said. provided by VMWare, OpenStack and other vendors without the need The core of SDN’s management capability involves the extraction to swap out hardware. “Contrail automates and orchestrates the of the network brains from individual hardware components and placcreation of highly scalable virtual networks,” said LeMaster. “Juniper ing them in a software application that is used to manage the network made the code available via the open source OpenContrail Project, as a whole. “Current networks hard-program components to examine with the goal of helping drive innovation and adoption of SDN across 20 | MIT 18.4
www.MIT-kmi.com
the industry. Open APIs will also be important to provide interoperability between different vendors.” Arista offers a set of products that run on a single operating system. It includes programmable APIs and OpenFlow, which allow network components to integrate with infrastructure running OpenStack, Microsoft System Center and other solutions. “This enables better visibility, faster provisioning, and more rapid network troubleshooting,” said Gourlay. In this way, SDN also supports military aspirations for on-themove communications, according to Gourlay. “Server virtualization is not well defined for mobile machines,” he said. “With network virtualization, wherever a virtual machine moves, connectivity follows. It allows personnel to find virtual machines, provision networks, and automate a lot of the more painful troubleshooting problems.” Cisco’s interpretation of SDN, Cisco ONE (Open Network Environment), is a series of tools that allow even legacy networks to become programmable and centrally managed. “Anything that was deployed in the last five years or so can be part of Cisco ONE,” said Kent. “Our components are already programmable, but also support OpenFlow and provide programmable APIs that allow outside parties to write programs to our equipment.” OpenFlow 1.3 provides basic programming functionality, such as the ability to turn network ports on and off, Kent noted. The APIs add additional value to network programmability. Other tools included in Cisco ONE, such as NetFlow, can be used to analyze network traffic and identify security trouble spots. “If you see traffic somewhere in the network where it was never seen before or if you see higher than usual volumes of traffic in certain portions of the network, NetFlow can be used as a diagnostic tool to check that out,” said Kent. “NetFlow can send an alert to an analytics device in the enterprise or the cloud, and the analytics system can do automatically what previously was a manual process, such as shutting off certain ports or sending traffic to a packet inspection tool. SDN allows for the automation of this closed-loop process.” Cisco ONE has been piloted in several DoD organizations, but details of the projects are not publicly available. Brocade comes to SDN from a number of different angles. The company is invested in a number of open source SDN-related projects such as OpenStack, a system for managing virtual resources, and OpenDaylight, an effort to create an open network controller supported by several vendors. The company also has a large number of products, such as highcapacity routers that have been deployed in many DoD locations worldwide, that have the functionality of OpenFlow enabled within the product itself, according to McBride.
Shortest Path Avaya, as a network application provider of VoIP, has gone in a somewhat different direction by implementing an existing communications protocol that accomplishes much of what SDN sets out to do. “We are not in the data center and we don’t provide the underlying network hardware, but we do know what a well-paved highway looks like,” said Cleary. “We have implemented a standardized technology called Shortest Path Bridging (SPB), embodied in IEEE standard 802.1aq. It smooths out the highway and accomplishes 80 percent of what SDN is trying to do.” Avaya has embedded its latest generation of switches and routers with an enhanced and extended version of SPB, called Fabric Connect.
“This lets you completely virtualize both the networking and forwarding in your data center or private cloud,” said Cleary. “This makes the physical layout of your network irrelevant, as you can build any logical network on top. It does to the network, what virtual machines did to the server.” SPB is able to take voice data packets from the network edge and bring them to the server by way of the shortest path, without the necessity of examining the content of the packet along the way. “This reduces latency to 30 milliseconds,” said Cleary. “That is nothing for VoIP. It may cause some slight pixelization on video transmissions, but on a traditional network that would cause the call to be dropped and the loss of video frames.” The market is beginning to realize the value of an open approach to SDN, according to LeMaster. “Customers don’t want to be locked into proprietary solutions that require a complete overhaul of their existing infrastructure,” he said. “Instead they want an SDN solution that works with their existing architecture and will evolve with their future needs. There has been a lot of buzz around SDN, but few organizations have taken the steps to deploy the technology.” Gourlay said he has seen some sizable deployments of SDN in the commercial world, but not yet in the military and intelligence communities. “They are slower to adopt new technologies,” he said. “Many of these organizations are overly reliant on a single vendor. There are also regulatory and other barriers to entry.” “SDN promises to deliver greater mission agility, flexible delivery of applications and services, and scalability via an automated virtual network,” said LeMaster. “These virtual networks let enterprises and service providers harness the power of the cloud for new services, increased mission agility and responsiveness.” “With SDN, the network infrastructure can easily be modified or manipulated to accommodate for different policies, and this can be accomplished at a very granular level,” said McBride. “Requirements for quality of service can be deployed dynamically into the network centrally, as opposed to configuring components individually. It simplifies the configuration that takes place on the network infrastructure.” SDN also promises benefits in terms of cybersecurity. “SDN can allow the network to respond more dynamically to attacks and to see quicker resolutions or mitigations of those attacks,” said Kent. “Anomalies don’t have to be dealt with at the component level. They can be managed centrally at the network level. With SDN, policies can by put into place to shut down ports and to quarantine or reroute suspicious traffic.” Ultimately, the promise of SDN is to keep the deployment, provisioning and management of networks as simple as possible. This has implications for warfighters, as the military continues to push networks and information out to the edge and down to the lowest operational echelons. “If we can keep the network simple and available, easy to deploy and easy to tear down, validate that it is working properly and keep it running reliably, this will have implications for the guy on the front lines,” said Gourlay. “It will reduce latencies and update information quickly from the rear to the person who needs the information. The warfighter will have better access to information to make the best decisions.” O For more information, contact MIT Editor Harrison Donnelly at harrisond@kmimediagroup.com or search our online archives for related stories at www.mit-kmi.com.
DoD, industry push use of mobile devices to authenticate users for secure network access. By William Murray MIT Correspondent
Indeed, biometrics scans should never be performed in a With access to many logical and physical devices, including networked environment because of the security vulnerabilities, computers and offices, hinging on Department of Defense workaccording to Ojas Rege, vice president of strategy at MobileIron. ers’ Common Access Cards (CAC), military officials are debating In order to best take advantage of commercial market innovahow best to keep up with the increased use of smartphones and tion and economies of scale, DoD officials do not want to require other digital devices while matching the security levels found on additions to the form factors of smartphones and digital devices, the desktop. particularly given their small size. So they are hoping to work The key challenge is how DoD personnel, including uniformed with COTS products to facilitate the “bring your own device” trend servicemembers, civil servants and selected contractors, will be in enterprise computing. Many smartcard readers are as large as able to authenticate themselves using a smartphone or other smartphones, and they require their own power mobile device. “The big push, over the next year or source. two, will be how to store credentials from a private “A lot of the initial push came from the user key securely in a mobile device,” said Paul Nelson, community,” said Rege. “Over time, chief informachief technology officer with Thursby Software. tion officers and technology executives have seen Analysts say the topic of mobile ID authenticathat mobile computing, which requires on-the-go tion appears to be a classic case in DoD of technolID authentication, can help push out computing ogy and user requirements outpacing policy. power to everyone,” he said. As a part of the shift CAC readers on desktop and laptop PCs allow toward mobile computing, more federal agency personnel to authenticate their identification in officials are examining the data flows and data proa multilayer fashion, which includes what a user cesses within their enterprise networks, he added. knows (password or PIN), who they are (biometrics, Rege sees a two-pronged approach at play: such as a retina scan), and what they have (ID card Paul Nelson working with the Apple iOS and Google Android or token), with more layers providing stronger operating systems and devices to ensure appropriauthentication. Office of Management and Budget ate security, and then ensuring that end-users (OMB) guidelines call for two-factor authentication have approved applications to work on the mobile for network access. devices. Through their applications, he also sees Biometrics is potentially the strongest form of smartphones that go well beyond the first wave of authentication, since passwords can be forgotten, BlackBerrys, which primarily provided mobile email lost or compromised, and an ID card can be stolen. and were early favorites of mobile government users Their weakness for logical networks, however, is in due to their strong security. replay capability—the ability of biometric scan data The challenge of working with smartcards, Rege to be replicated on another device through a netnoted, is the level of complexity that they add to a work. “You need a sophisticated method to prevent mobile computing experience. Strong passwords will the ability to replay the scan on another side of the Ojas Rege always be the preference of network administrators, network,” Nelson noted. 22 | MIT 18.4
www.MIT-kmi.com
he noted, but when there are long delays in verifying strong passwords through an enterprise network, it can hurt user adoption.
Familiar Interface In its work on mobile authentication, the Defense Information Systems Agency (DISA) is primarily looking at a COTS native solution, according to Devon O’Brien, the agency’s lead engineer for mobility and public key enablement. “We want to utilize the vanilla offering of the device. A tethered or a Bluetooth solution would be very expensive,” he said. DoD officials think it makes more sense to use the touch-based interface that many smartphone users have grown accustomed to using. Smartphones are used in mobile environments in DoD currently as pilot or proof of concept projects. Smartphones already have a great deal of cryptographic capabilities, so it would make sense for DoD to take advantage of them, according to Matt Shannon, who goes by the title of “lead dog” at 2DogsStudios LLC. “They know they want it as close to COTS as possible,” he said of DoD officials and their mobile ID authentication plans. Such an approach allows new commercial technology to be integrated faster, and it’s also less expensive. Shannon’s company produces MAuth, an app that performs mobile-based authentication of personal identity verification (PIV) based credentials for the iPhone, iPad, iPad Mini and iPod Touch. A PIV is a smartcard with the necessary data for federal employees First Sgt. Steven Purvis of C Company, 1st Combined Arms Battalion, 5th Brigade, 1st Armored and contractors to access federal information systems and faciliDivision, tests a mobile network using smartphones during a field training exercise at White Sands Missile Range, N.M. ties, and their criteria was set by the National Institute of Science and Technology (NIST) Federal Information Processing Standard required protection and accepts the required credentials.” 201, first issued in 2005. Users input their PIN, then personally identifiable information, followed by a fingerprint to authenticate themselves. Enterprise Approach An example of a company making a COTS product for the DoD mobile ID authentication market is Thursby Software, whose There are advantages to DoD “unified enterprise approach,” products include a secure ID reader for mini iPads, a built-in as O’Brien called it. The DoD market is large enough that with smartcard reader that doesn’t allow the card to protrude when a single approach toward security and basic requirements, it can fully inserted into the reader. attract innovative commercial companies to provide products and Many commercial organizations need the high security stanservices. dards used by DoD, Thursby’s Nelson pointed out, “It gives us economies of scale and ultimately citing Samsung’s development of the Knox for makes a solution cheaper with greater security Android operating system as a sign of the company’s monitoring and a unified structure,” he said. commitment to strong security. “Apple’s incredibly According to published reports, DISA officials elaborate security system to encrypt files shows have been in discussions with Apple, Google and their commitment,” he said. “While they lack the Samsung about improving the security of their two-factor authentication that DoD needs, the crypproducts to meet DoD needs for mobile ID authentography in the commercial market is very strong.” tication. Apple lacks smartcard support, indicated Nelson, Regarding usability, O’Brien and his DISA colwho added that the company also could improve in leagues look at the feasibility of deploying mobile its use of custom tokens to enable third parties to ID authentication in cost-effective ways, since CACs work well outside their framework. cost $250 each. “We need to improve upon the Devon O’Brien Shannon pointed out that DISA officials last solution and evolve our offerings moving forward,” year approved the use of the Apple iOS 6 and the hardened Samhe said. sung Knox Android operating systems for mobile devices, thus Nelson noted that a Biometrics Associates LP (BAL) Bluetooth opening a mobile DoD market formerly dominated by BlackBerry. reader for CAC, the only DoD-approved Bluetooth smartcard for “It’s a rapidly evolving mobile arena,” O’Brien said. “Finding Apple iOS and Google Android devices, costs more than $400. a solution that is both secure and usable is the biggest challenge. Some users also find it to be clunky, according to Nelson, since it We really want to make sure we don’t compromise our security can take about a minute to input a user’s PIN into the BAL Bluestandards or our security posture. We have rigorous security tooth reader and have the encryption key properties begin to work. requirements. We need to make sure each device provides the Nelson acknowledged, however, that he is seeing prices go www.MIT-kmi.com
MIT 18.4 | 23
down on CAC and smartcard related accessories. He is also seeing improved case design, but thinks that ease of use is a continued need in the marketplace. Biometric Associates’ baiMobile Framework for Secure Credentials is a reader-independent smartcard framework for iOS and Android operating systems. It was first developed in 2007 for the Air Force and other organizations to support Windows Mobile 6.x, according to Mike Smith, director of business development at Biometrics Associates. The company ported the baiMobile Framework to the iOS and Android mobile operating systems under a DoD contract. “More than 100 software development companies are building mobile apps for industry and government using the baiMobile Framework,” Smith said. One of the baiMobile Framework’s key features is its ability to support card-specific “plug-ins,” allowing support for most other enterprise smartcards. The framework supports digital certificates on traditional contact smartcards, NFC smartcards, microSD cards and embedded Secure Elements. O’Brien and his colleagues would like to require that private key infrastructure credentials for each personnel reside natively on the mobile devices they use for authentication. “The users need us to work toward a solution,” he said. “We need to find a way to make them secure.” O’Brien said he anticipates interim guidance from DoD about this subject, following discussions of senior leaders about the policy. “We’re not going to leap into something without vigorously vetting it,” he said. O’Brien’s ultimate goal is to make sure that any device that meets DoD’s security requirements can access the infrastructure, regardless of the manufacturer. “The endpoint is a seamless solution—any device that you have that can get the job done.”
Mobile Management Meanwhile, DISA also continues to work on deployment of a mobile device management (MDM) system. Last July, the agency awarded a contract to Digital Management Inc. (DMI) to develop its system, which will help DISA build a multivendor environment to support a diverse selection of devices and operating systems. Observers think it is vital to establish interoperability across enterprises between CAC/PIV cards, biometrics, derived credentials, and near field communications, which is a set of standards for smartphones and similar devices to establish radio communication by touching them together or bringing them to close proximity. The challenge with the MDM contract is that technology has moved forward since DISA completed its MDM requirements more than a year ago, according to Nelson. “They only have to make it work,” he said of DMI’s obligations on the MDM contract. Other important needs such as ease of use and multi-vendor support are not MDM requirements. DMI and DISA are building a Mobile Operations Center in the Washington, D.C., suburbs as a part of the MDM contract, to control applications and for configuration settings and other requirements. Mobileiron, which provides security and management for mobile apps, contacts and devices, is working with DMI. DMI and Mobileiron are also working together on the Department of Agriculture’s enterprise mobile solution, said to be the first large-scale federal project of its kind. It’s very important that the MDM contract proceed well, with 24 | MIT 18.4
interoperability ultimately ensured, according to Nelson. He noted that DISA runs DoD’s email servers, so even if the military services wanted to proceed with their own plans regardless of MDM, they couldn’t. “The real problem is that no one’s buying anything from the vendors, including hardware like card readers,” said Nelson, who predicted that military service mobile IT authentication spending won’t increase significantly until MDM reaches its goals. O’Brien pointed out that smartphones and other digital devices do not represent DISA and DoD’s first forays into mobile ID authentication. “The first step in mobility was laptops, as opposed to cell phones,” he said. “The device in my pocket does have increased capabilities, and I can access email, SharePoint and IT services on a mobile device.” Last fall, Thursby Software announced a partnership with Acronis, a data protection solutions provider, and Silanis, an electronic signature provider, and Juniper Networks to provide secure mobility solutions for federal Apple iPhone and iPad users. More than 400 U.S. government organizations work with Thursby Software, according to company officials, and the company supports tens of thousands of mobile users in the U.S. government and other heavily regulated organizations. Thursby Software, which holds a GSA schedule contract, is known for its secure Pkard Web browser and email apps. The Pkard Web browser doubles as an authorization agent, coordinating reader and card access for a secure app ecosystem. In addition, Acronis’ mobileEcho offers secure mobile file management, while Silanis provides electronic signature handling, and Juniper’s Junos Pulse app enables secure Virtual Private Networking. The apps can be flexibly deployed to personal or government furnished equipment, either directly and standalone, or as part of managed rollouts around app stores, apps or devices. In September 2013, NIST issued a revised standard controlling agency smartcard issuance. Nelson said he sees potential in taking derived credentials, a means of taking identity verification and encryption key infrastructure built up since 2005 for smartcards, and applying it to mobile devices. DoD officials and vendors have sought more clarification about derived credentials. In the two-factor authentication required for access to networks by OMB, one factor should be a device separate from the computer gaining access. Some have wondered what besides USB devices, such as a SIM chip, could be used as a separate device. This past March, NIST published more details about the technologies federal agencies could use to apply a derived credential onto a mobile device, and how they could manage this process. “It’s not the concept but the implementation that’s missing,” said Nelson, who noted that further clarification about hardware needs for derived credentials needs to be made. According to published reports, however, NIST officials aren’t holding out much hope for near field communications, since many mobile devices either don’t transmit a near field communication radio signal or lack the capabilities to interact with a CAC. O
For more information, contact MIT Editor Harrison Donnelly at harrisond@kmimediagroup.com or search our online archives for related stories at www.mit-kmi.com.
www.MIT-kmi.com
COTSacopia Platform as Service Delivers Rapid Application Development DLT Solutions, a value-added reseller in government IT hardware, software and services, has launched a new private platform-as-a-service offering, CODEvolved. Architected by DLT Solutions, the solution is available immediately and brings together Red Hat’s OpenShift Enterprise and Amazon Web Services (AWS) to deliver a rapid application development, testing and hosting environment built entirely in the cloud. With CODEvolved, public sector organizations can now leverage an on-demand, elastic, scalable and fully-configured environment for increased productivity with faster time-to-deployment for applications. Through CODEvolved, application developers can code, test and deploy their applications in a robust environment without the need to wait for operations staff to provision resources. Operations staff can provide a dynamic, standards-based platform while leveraging the flexibility of the AWS Cloud to provision and configure additional servers as needed. Furthermore, DLT Solutions also offers end-to-end professional services to help customers implement, integrate, and support CODEvolved. CODEvolved eliminates scalability, availability and procurement challenges, allowing agencies to accelerate slow, expensive software development processes and jumpstart application deployment timelines.
Performance Management Suite Enables Easier Sharing Riverbed Technology, a provider of application performance infrastructure, has released new versions of its Riverbed SteelCentral product family, SteelCentral AppResponse 9.0 and Riverbed SteelCentral NetProfiler 10.6. The SteelCentral product family is the only performance management suite that combines user experience, application and network performance management to provide the visibility needed to detect and resolve issues before end-users notice. AppResponse 9.0 and NetProfiler 10.6 include new capabilities to simplify Web application monitoring so IT teams can share data more easily, identify trends faster and make performance data more relevant to users. New features in these releases include a Web console, outof-the-box and customizable dashboard templates and a global view of the end-user experience. Together, these new features provide diverse IT teams with a holistic picture of end-user experience for Web applications across the network resulting in improved IT efficiency, enhanced business continuity and revenue preservation.
Mission Computers Serve Multiple Air Platforms Rockwell Collins has released the FMC-4000 series of flight and mission computers, offering advanced capabilities with unprecedented levels of performance and flexibility across a large variety of platforms. The FMC-4000 series is available for fighter, trainer, tanker, transport, rotary wing and UAV systems aircraft. It uses the latest multicore processor and hardware, along with accelerated video and signal processing and compression functions, that are suitable for dual use applications. These comply with both commercial and military environmental requirements.
Insider Threat Solution Enhances Privileged User Monitoring Raytheon has unveiled the latest developments found in the latest release of its SureView endpoint audit and investigation solution, which include new policy support features that enhance product capability for continuous monitoring and network auditing against insider threat and privileged user abuse. With this release, commercial and federal organizations now have access to a privileged user monitoring and auditing policy pack specifically designed to enable SureView to detect malicious acts and policy violations by privileged users that often go undetected. Additionally, this latest release includes SureView Spotlight, a software development kit that allows integration with best-of-breed analytic solutions. Other new features of SureView include host-based network traffic monitoring and collection; simplified policy creation; new collection capability; and enterprise application suite enhancements.
New Processor Speeds Rugged Unit Performance Getac is upgrading its flagship X500 ultra rugged notebook and X500 rugged mobile server. By incorporating a fourth-generation Intel Core Processor, Getac has been able to increase CPU performance by 55 percent over the previous model, an enormous benefit to the technologically advanced military customers who rely on speed and efficiency when working in some of the world’s harshest and most demanding work environments. The X500 will also support larger RAM capacities up to 16GB, next generation 802.11ac WiFi, and improved graphics that boast a 286 percent improvement over the previous generation in processing power.