Military Embedded Systems October 2020

@military_cots

John McHale

7

Mergers, markets, missing friends

Industry Spotlight

Securing systems: A giant challenge

22

Mil Tech Insider

8

CMOSS is rolling forward

Mil Tech Trends

Electronic warfare trends www.MilitaryEmbedded.com

16

October 2020 | Volume 16 | Number 7

DOMINATING THE ELECTROMAGNETIC SPECTRUM REQUIRES PROCESSING AND AIÂ INNOVATION P 12

PC104 CONSORTIUM

SPECIAL SECTION

P 36 PC/104 trends in the small-form-factor realm By Roy Keeler PC104 Consortium

X-ES

Extreme Engineering Solutions 608.833.1155 www.xes-inc.com

•

D�;g,ed, maa"1actmed, aad '"ppo,t,d ;, the USA

www.militaryembedded.com

TABLE OF CONTENTS 12

October 2020 Volume 16 | Number 7

16

COLUMNS Editor’s Perspective 7 Mergers, markets, missing friends By John McHale

Mil Tech Insider 8 CMOSS is rolling forward By David Jedynak and Jason DeChiaro

Guest Blog 42 Timing is everything when mobilizing an Ethernet network By Ronen Isaac, MilSource

THE LATEST Defense Tech Wire 10 By Emma Helfrich Editor’s Choice Products 44 By Mil-Embedded Staff Connecting with Mil Embedded 46 By Military Embedded Staff

FEATURES SPECIAL REPORT: Solving Electromagnetic Spectrum (EMS) Challenges 12 Dominating the electromagnetic spectrum requires processing and AI innovation By Emma Helfrich, Associate Editor MIL TECH TRENDS: Signal Processing for EW Systems 16 Managing new trends for embedded EW systems By Rodger Hosking, Pentek

INDUSTRY SPOTLIGHT: Enabling Security in Embedded Systems 22 Securing military embedded systems is a giant challenge By Sally Cole, Senior Editor 26 Creating a trusted platform for embedded security-critical applications By Richard Jaenicke, Green Hills Software and Steve Edwards, Curtiss-Wright 32 Manufacturing status report: Legacy software infrastructure can hurt security,

ability to change

By Matt Medley, IFS

SPECIAL SECTION: PC/104 and Small Form Factors WEB RESOURCES Subscribe to the magazine or E-letter Live industry news | Submit new products http://submit.opensystemsmedia.com WHITE PAPERS – Read: https://militaryembedded.com/whitepapers

36 PC104 Consortium Column

PC/104 trends in the small-form-factor realm By Roy Keeler

37 PC104 Consortium Member List

WHITE PAPERS – Submit: http://submit.opensystemsmedia.com All registered brands and trademarks within Military Embedded Systems magazine are the property of their respective owners. © 2020 OpenSystems Media © 2020 Military Embedded Systems ISSN: Print 1557-3222

To unsubscribe, email your name, address, and subscription number as it appears on the label to: subscriptions@opensysmedia.com Published by:

4 October 2020

ON THE COVER: Efforts to dominate the electromagnetic spectrum in the military arena are moving forward as manufacturers develop innovative technologies to find actionable needles in the crowded electromagnetic intelligence haystack. Cognitive capabilities, artificial intelligence, and similarly cuttingedge developments have opened a new chapter in electronic warfare; so too has the need to keep pace with adversarial advancements. (Stock photo.)

https://www.linkedin.com/groups/1864255/

MILITARY EMBEDDED SYSTEMS

@military_cots

www.militaryembedded.com

3 phase. 3U.1 choice. THE MILITARY FLIES HIGH WITH VPXtra 704™ When the mission calls for a 3-phase 3U power supply that can stand up to the most rugged environments, the military chooses VPXtra 704™ from Behlman – the only VPX solution of its kind built to operate seamlessly from MIL-STD-704F power for mission-critical airborne, shipboard, ground and mobile applications. > 3-phase AC input; high-power DC output > Available holdup card stores 700W of DC power for 50 msec > Overvoltage, short circuit, over-current and thermal protection > Provides full output performance during both normal and abnormal transients

The Power Solutions Provider : 631-435-0410

: sales@behlman.com

: www.behlman.com

ADVERTISERS PAGE ADVERTISER/AD TITLE 17 21 47 5 15 35 2 31 9 30 48 23 34 19 3

ACCES I/O Products, Inc – PCI Express mini card, mPCIe embedded I/O solutions Acromag – Because we know I/O Analog Devices, Inc. – Power for your world Behlman Electronics, Inc. – 3 Phase. 3U. 1 Choice. Cobham Semiconductor Solutions – Ka-band AESA technology Elma Electronic – Development to deployment Extreme Engineering Solutions (X-ES) – From COTS to fully custom General Standards – Major Navy contractors chose us! GMS – Rugged servers, engineered to serve Omnetics Connector Corp. – Appliation-specific interconnects for defense solutions Pentek – The big thing in RFSoC is here. Phoenix International – Phalanx II: The ultimate NAS Pixus Technologies – Ultra-slim & rugged OpenVPX handle SeaLevel Systems, Inc. – Thrives in rugged environments. Lives to test limits. Systel, Inc. – Mini. Mighty. Modular.

GROUP EDITORIAL DIRECTOR John McHale john.mchale@opensysmedia.com ASSISTANT MANAGING EDITOR Lisa Daigle lisa.daigle@opensysmedia.com SENIOR EDITOR Sally Cole sally.cole@opensysmedia.com ASSOCIATE EDITOR Emma Helfrich emma.helfrich@opensysmedia.com DIRECTOR OF E-CAST LEAD GENERATION AND AUDIENCE ENGAGEMENT Joy Gilmore joy.gilmore@opensysmedia.com ONLINE EVENTS MANAGER Josh Steiger josh.steiger@opensysmedia.com CREATIVE DIRECTOR Stephanie Sweet stephanie.sweet@opensysmedia.com SENIOR WEB DEVELOPER Aaron Ganschow aaron.ganschow@opensysmedia.com WEB DEVELOPER Paul Nelson paul.nelson@opensysmedia.com CONTRIBUTING DESIGNER Joann Toth joann.toth@opensysmedia.com EMAIL MARKETING SPECIALIST Drew Kaufman drew.kaufman@opensysmedia.com VITA EDITORIAL DIRECTOR Jerry Gipper jerry.gipper@opensysmedia.com

SALES/MARKETING DIRECTOR OF SALES AND MARKETING Tom Varcie tom.varcie@opensysmedia.com (734) 748-9660 MARKETING MANAGER Eric Henry eric.henry@opensysmedia.com (541) 760-5361 STRATEGIC ACCOUNT MANAGER Rebecca Barker rebecca.barker@opensysmedia.com (281) 724-8021 STRATEGIC ACCOUNT MANAGER Bill Barron bill.barron@opensysmedia.com (516) 376-9838 STRATEGIC ACCOUNT MANAGER Kathleen Wackowski kathleen.wackowski@opensysmedia.com (978) 888-7367 SOUTHERN CAL REGIONAL SALES MANAGER Len Pettek len.pettek@opensysmedia.com (805) 231-9582 ASSISTANT DIRECTOR OF PRODUCT MARKETING/SALES Barbara Quinlan barbara.quinlan@opensysmedia.com (480) 236-8818 STRATEGIC ACCOUNT MANAGER Glen Sundin glen.sundin@opensysmedia.com (973) 723-9672

PC/104 and SFF

INSIDE SALES Amy Russell amy.russell@opensysmedia.com

SPECIAL SECTION

TAIWAN SALES ACCOUNT MANAGER Patty Wu patty.wu@opensysmedia.com CHINA SALES ACCOUNT MANAGER Judy Wang judywang2000@vip.126.com

PAGE ADVERTISER/AD TITLE 38 38 39 39 40

EUROPEAN MARKETING SPECIALIST Steven Jameson steven.jameson@opensysmedia.com +44 (0)7708976338

RTD Embedded Technologies – RTD Off-the-Shelf Mission Computer RTD Embedded Technologies – Managed Scalable GigE Switch RTD Embedded Technologies – Intel Atom E3800-based SBC RTD Embedded Technologies – Dual 10 Gbit/s Copper Ethernet RTD Embedded Technologies – Dual 10 Gbit/s Fiber Ethernet

WWW.OPENSYSMEDIA.COM PRESIDENT Patrick Hopper patrick.hopper@opensysmedia.com EXECUTIVE VICE PRESIDENT John McHale john.mchale@opensysmedia.com EXECUTIVE VICE PRESIDENT Rich Nass rich.nass@opensysmedia.com EMBEDDED COMPUTING BRAND DIRECTOR Rich Nass rich.nass@opensysmedia.com ECD EDITOR-IN-CHIEF Brandon Lewis brandon.lewis@opensysmedia.com

WEBCASTS

TECHNOLOGY EDITOR Curt Schwaderer curt.schwaderer@opensysmedia.com ASSOCIATE EDITOR Perry Cohen perry.cohen@opensysmedia.com

Signal Integrity in Military Radar and Electronic Warfare Systems Sponsored by Abaco, Elma, Mercury Systems, Pentek https://bit.ly/3i0pTMi

ASSISTANT EDITOR Tiera Oliver tiera.oliver@opensysmedia.com CREATIVE PROJECTS Chris Rassiccia chris.rassiccia@opensysmedia.com PROJECT MANAGER Kristine Jennings kristine.jennings@opensysmedia.com FINANCIAL ASSISTANT Emily Verhoeks emily.verhoeks@opensysmedia.com

Solving Big Data Challenges Through Signal Processing and AI Technology Sponsored by ADLINK, Aitech, Mercury Systems https://bit.ly/2Hr8cst For more webcasts: https://militaryembedded.com/webcasts

www.MilitaryEmbedded.com 6 October 2020

FINANCE Rosemary Kristoff rosemary.kristoff@opensysmedia.com SUBSCRIPTION MANAGER subscriptions@opensysmedia.com CORPORATE OFFICE 1505 N. Hayden Rd. #105 • Scottsdale, AZ 85257 • Tel: (480) 967-5581 REPRINTS WRIGHT’S MEDIA REPRINT COORDINATOR Wyndell Hamilton whamilton@wrightsmedia.com (281) 419-5725

MILITARY EMBEDDED SYSTEMS

www.militaryembedded.com

EDITOR’S PERSPECTIVE

Mergers, markets, missing friends John.McHale@opensysmedia.com

One impact of the COVID-19 pandemic has been a decrease in mergers and acquisition (M&A) activity in the defense industry – and to some respect others – at least in the beginning of it all, when everyone was shutting down and didn’t know what to expect from the crisis. Folks were sheltering in place and in lockdown across the globe, not exactly an environment conducive to multimillion and multibillion-dollar acquisitions. Deals like that so often rely on face-to-face interaction. In Deloitte’s “2020 Aerospace and Defense Industry Outlook: A midyear update,” analysts caution that while M&A has been strong for the last five years and will benefit from growth in C4ISR, unmanned systems, hypersonics, and the like, the 2020 presidential election and economic slowdowns are in fact shaping current M&A considerations. The study authors assert that “further industry consolidation is possible as some of the smaller companies may not be able to meet the increased financial, program management, skills, risk-taking, and investment requirements. Consolidation by parts family, i.e., components, aero-structures, electronics, and interiors, is expected to continue … .” Mergers We are seeing some of that consolidation in the embedded electronics space, where there has been a handful of acquisitions throughout the pandemic. The largest of these is the purchase of signal-processing and power-management company Maxim Integrated Products by Analog Devices for about $21 billion, in an all-stock deal. NVIDIA continues to be a behemoth in the commercial semiconductor world, making big news recently with its intent to acquire chipmaking giant Arm for about $40 billion. While the military is not NVDIA nor Arm’s largest market, NVIDIA-based embedded solutions are quite popular in the military electronics market. Connect Tech’s success selling NVIDIA-based devices made the Ontario-based rugged computer maker quite attractive to HEICO, which purchased Connect Tech this summer and made it a subsidiary, with its leadership staying in place. More recently, Curtiss-Wright’s Defense Solutions division announced that it intends to acquire the stock of Pacific Star Communications (PacStar), a provider of secure networking communications systems for defense applications. A security acquisition was also made by Wind River when it acquired Star Labs at the start of the year, just before the pandemic. Markets Security and command, control, computers, communications, intelligence, surveillance, and reconnaissance (C4ISR) applications www.militaryembedded.com

By John McHale, Editorial Director also look to remain strong funding areas through 2025, according to analysts at Frost & Sullivan. They estimate that market spending for C4ISR programs will grow to about $58.5 billion by 2025 from $53.6 billion in 2019, at a compound annual growth rate (CAGR) of 1.5% in their analysis, titled “Assessment of the US DoD C4ISR Market, Forecast to 2025.” “C4ISR and IT industries are converging around artificial intelligence, machine learning, data analysis, self-healing networks, and cloud computing,” says Brad Curran, Aerospace & Defense Research Analyst at Frost & Sullivan. “Going forward, naval, airborne, and ground tactical networks are overly complex, making the networks too difficult to establish and defend. To resolve this problem, DoD requires integration and cybersecurity services from the defense industry.” In addition to the C4ISR spending increases predicted by Frost & Sullivan, radar and electronic warfare applications are also expected to see growth, due to necessary upgrades as militaries deal with merging adversarial threats, including newer ones such as hypersonic weapons. This will likely remain the case even if the administration changes in January. The threats will only get more complicated, no matter who sits in the Oval Office. In the Deloitte report cited above, analysts referenced this stability and growth, stating “Defense expenditure is expected to grow between 3 and 4 percent in 2020 to reach an estimated US$1.9 trillion, as governments worldwide continue to modernize and recapitalize their militaries.” Missing friends With good news, alas, also comes sad news: While writing this column, I learned that Ian McMurray, longtime communications manager and public relations man for Abaco Systems (formerly GE Intelligent Platforms, and before that Radstone Technology) passed away at age 67 after a battle with cancer. I was very sad to hear this. Ian was a class act and a gifted and prolific writer. We first met at the old Bus & Board event some 15 years ago. Although it’d been some time since I’d shared a drink with him at an event, I enjoyed our chats each year and will miss his dry wit, kindness, and professionalism. His colleagues at Abaco Systems often spoke of his ability to turn dry engineering copy on complicated subjects into clear articles that could be understood by all. Ian also worked as a journalist at IBC.org, where his colleagues wrote a lovely tribute to him (read it here: https://www.ibc.org/obituary-ianmcmurray-ibc-daily-reporter/6822.article). I know from our chats how much pride he took in his writing and journalism work, but more than anything, he was proud of his family. Our thoughts are with them.

MILITARY EMBEDDED SYSTEMS

October 2020 7

MIL TECH INSIDER

CMOSS is rolling forward By David Jedynak and Jason DeChiaro An industry perspective from Curtiss-Wright Defense Solutions The U.S. Army CCDC [Combat Capabilities Development Command] C5ISR Center’s C5ISR/EW [Command, Control, Communication, Computers, Cyber, Intelligence, Surveillance and Reconnaissance/Electronic Warfare] Modular Open Suite of Standards (CMOSS) defines an open architecture that reduces the size, weight, power, and cost of systems deployed on ground vehicles by enabling in-vehicle hardware and software resources to be shared. A panel on CMOSS at a U.S. Army Technical Exchange Meeting held earlier this year provided details on new developments underway and areas in which the Army is looking to industry for help in taking the suite of standards from prototype to deployment. CMOSS is seen as a key enabler for rapidly deploying new updates and enhancements, and for modifying and adapting capabilities as threats and technology evolve. By eliminating data stovepipes, CMOSS makes the sharing of hardware between systems simpler where appropriate, enabling optimized integration and utilization of all the sensor information available on the platform. Moreover, the use of open standards will greatly improve the user experience for soldiers and reduce their cognitive burden. CMOSS also promises to help drive advances in automation and the deployment of machine learning/artificial intelligence (ML/AI) applications for tasks that can run at machine speed instead of human speeds. To date, a number of CMOSS solutions have been prototyped and applications have been demonstrated across the entire C5ISR suite, ranging from EW and PNT [position, navigation, and timing], to wireless comms and command and control. The Army’s planned next step is to engage in operational experimentation and pursue mature solutions. As the CMOSS standard rolls forward, the Army also plans to establish labs where CMOSS-aligned hardware solutions can be integrated and their capabilities assessed. Collaboration, assessment, and screening One such lab, the U.S. Army’s Open Innovation Lab (OIL), is being established for prototyping and implementing CMOSS capabilities. The lab, which is currently scheduled to open in November 2020, will initially focus on standards-based assured PNT (A-PNT) solutions, with intent to support other converged capabilities later. Information on how industry suppliers can submit proposals and applications to OIL will be shared at the OIL Industry Day on November 17, 2020. This unclassified facility is being set up to bring vendors, academia, government, and other organizations together to test and collaborate on Army PNT future capabilities. Seeking COTS solutions The Army is actively turning to industry, seeking prototype systems to help address a number of near-term high-priority CMOSS requirements. One opportunity is for a graphical interface that can improve the user experience by displaying the information and capabilities of the platform in a unified, intuitive way. The goal is for the graphical interface to integrate mission-command capabilities, like JBC-P/MMC, along with radio controls, PNT, and EW sensor control in a multiuser environment. Suppliers are also being asked to propose flexible digital RF and radiohead solutions, based on the CMOSS Modular Open RF Architecture (MORA) standard, for systems optimized to compete with a peer adversary using EW and other capabilities. These solutions should have the ability to leverage and utilize capable antennas and aperture

8 October 2020

MILITARY EMBEDDED SYSTEMS

systems if present on the platform. For CMOSS, digital RF enables cabling complexity on the platform to be significantly reduced. It also enables the platform’s RF assets to be rapidly and easier configured and reused in different ways. While a robust ecosystem of CMOSS transceivers already exists, the Army is seeking to rapidly grow its radiohead options in order to support the full suite of RF applications it anticipates being needed for combat vehicles. Army system designers want to be able to deliver, rapidly update, upgrade, and deploy the full suite of comms waveforms to the soldiers in the field via CMOSS systems. The requirement spans government proprietary waveforms (such as Link 16, SINCGARS, BFT, etc.) and commercial waveforms (4G, 5G, WiFi, etc.). Implementations are being sought for nearly every type of waveform, so that CMOSS solutions can be readily dropped into platforms as necessary. Since each of the waveform types will also need a radio front end, the requirement will also drive the need for radioheads able to support them. COTS solutions for CMOSS As requirements for CMOSS solutions increasingly emerge, system integrators will turn to trusted leading providers of OpenVPX modules and systems that can deliver these types of card-level solutions. Curtiss-Wright has already developed a range of CMOSS-compliant solutions, including modules that are aligned with the CMOSS I/O, processor, GPGPU, and timing profiles. David Jedynak is Chief Technology Officer and Technical Fellow for Curtiss-Wright Defense Solutions. Jason DeChiaro is a System Architect at Curtiss-Wright. Curtiss-Wright Defense Solutions https://www.curtisswrightds.com www.militaryembedded.com

DEFENSE TECH WIRE NEWS | TRENDS | DOD SPENDS | CONTRACTS | TECHNOLOGY UPDATES

By Emma Helfrich, Associate Editor

Large unmanned surface vessel study for U.S. Navy led by Lockheed Martin Lockheed Martin will provide a study for an unmanned payload ship, able to patrol for extended durations, as part of the U.S. Navy’s Large Unmanned Surface Vessel (LUSV) competition, according to information from the company. Lockheed Martin – together with shipbuilders Vigor Works (Clackamas, Oregon) – will manage the program and integrate systems-engineering, combat-management, automation, and cyber solutions.

Figure 1 | Another Vigor Works-built unmanned ship, the Sea Hunter. Vigor Works photo.

Lockheed Martin states that its design leverages its experience in autonomy/automation, including its Sikorsky MATRIX technology that’s been used to fly a helicopter from a wireless tablet; and the AXIS control technology, used on U.S. Navy surface ships to manage engineering and machinery. Under the $7 million LUSV contract, Lockheed Martin says that it will deliver the study within 12 months in time for the next phase of the competition – the Navy’s LUSV Detailed Design & Construction portion, expected to conclude in FY 2022.

Loyal Wingman unmanned aircraft engine tested by Boeing Australia Boeing Australia started up the commercial turbofan engine on the first Loyal Wingman unmanned aircraft in September 2020, as part of ground testing and preparations for first flight, Boeing officials report. This test follows Boeing’s completion of the initial unmanned Loyal Wingman aircraft for the Royal Australian Air Force in May 2020, another step toward the Loyal Wingman serving as the foundation for the global Boeing Airpower Teaming System. “This engine run gets us closer toward flying the first aircraft later this year and was successful thanks to the collaboration and dedication of our team,” states Dr. Shane Arnott, program director of the Boeing Airpower Teaming System. “We’ve been able to select a very light, off-the-shelf jet engine for the unmanned system as a result of the advanced manufacturing technologies applied to the aircraft.”

Gray Eagle UAS adopts LYNX MOSA.ic software framework Lynx Software Technologies announced that General Atomics Aeronautical Systems, Inc. (GA-ASI) has adopted the LYNX MOSA.ic software framework for the Gray Eagle Extended Range (GE-ER) Unmanned Aircraft System (UAS). According to the company, LYNX MOSA.ic is aligned with GA-ASI’s objectives to meet softwaremodernization targets for the GE-ER program that include safety and cost efficiency, as well as introducing new features, increasing system robustness, and securing future flexibility. An early goal of the software modernization, according to Lynx officials, sought to integrate a new and advanced video codec implemented on the Zynq UltraScale+ adaptable multiprocessor systemon-chip (MPSoC) from Xilinx. The company claims that the modularity of LYNX MOSA.ic enabled the team to achieve an efficient and robust solution in a mixed-criticality environment including both Linux and a deterministic real-time operating system.

10 October 2020

MILITARY EMBEDDED SYSTEMS

Figure 2 | The GE-ER is a multimission UAS including surveillance and other intelligence-gathering capabilities. GA-ASI photo.

www.militaryembedded.com

Electronic attack system to be integrated into Army ground vehicles Flyer Defense – a company specializing in specialized, lightweight, high-mobility, all-terrain tactical wheeled vehicles – recently delivered vehicles contracted by General Dynamics Mission Systems for integration with the Tactical Electronic Warfare Light (TEWL) system, a building block of the electronic warfare (EW) system used by U.S. Army airborne units. According to General Dynamics, the TEWL system is a dedicated all-weather, 24-hour, ground tactical electronic support and electronic attack system designed to decrease what it calls the “sensor-to-shooter” timeline. Flyer received a contract in May 2020 to build Army Ground Mobility Vehicles (A-GMV); it was reported that all vehicles were delivered more than a month earlier than the contractual due dates. The vehicles have been shipped to General Dynamics Mission Systems in Scottsdale, Arizona, where they will be outfitted with the TEWL system and shipped directly to U.S. Army airborne units.

Figure 3 | The new systems – which will be integrated into Army vehicles – would facilitate sensing, SIGINT electronic warfare, and RF-borne cyberattacks. Flyer Defense photo.

Cybersecurity support for USAF weapons systems gets $75 million task order Engineering firm Alion Science and Technology has won a $75 million task order to support the Air Force Life Cycle Management Center’s (AFLCMC) Fighters & Advanced Aircraft Directorate and Bombers Directorate (AFLCMC/WA and AFLCMC/WB, respectively). These directorates provide technical support for every Air Force fighter and bomber weapon system in the service branch’s inventory supporting U.S. joint services and foreign military partners. Under the terms of the task order, Alion will define, develop, and analyze acquisition, sustainment, cybersecurity, and resiliency strategies for developing, fielding, and sustaining major weapon systems and subsystems. Alion will also help the directorates to modify existing weapon systems to meet the needs of the USAF, U.S. joint services, and coalition partners.

Army to get portable satellite imagery ground systems Maxar Technologies (Westminster, Colorado) announced that it has been selected by the U.S. Army Geospatial Center to deliver multiple highly portable, direct-downlink tactical ground systems intended to provide critical geospatial intelligence to users in remote locations. According to the company, Maxar was awarded a sole-source, indefinite-delivery/indefinite-quantity (IDIQ) contract valued at up to $49 million over eight years plus two initial task orders worth a combined value of $8 million. The system, called the U.S. Army Remote Ground Terminal (RGT), aims to enable troops in remote locations to rapidly set up, downlink, analyze, and disseminate data from commercial Earth observation satellites to support military, humanitarian, and disaster relief missions. The RGT system is based on Maxar’s Tactical Architecture for Near-real-time Global Operations (TANGO) platform, the company states. The portable RGT system is also designed to be continuously upgraded with additional commercial electro-optical and synthetic aperture radar sources.

Ground mobile radar system engineering contract won by Teledyne Brown Teledyne Brown Engineering, a division of Teledyne Technologies, announced it won a $29 million contract from Raytheon to produce and sustain the Army Navy/Transportable Radar Surveillance (AN/TPY-2) Cooling Equipment Units (CEU). According to information from Raytheon officials, the AN/TPY-2 is a powerful ground mobile radar system and requires one CEU per unit. The system interfaces with Terminal High Altitude Area Defense (THAAD) Fire Control and Communications and several other weapon systems. The CEU is a transportable shelter that houses power distribution to the radar and provides temperature-controlled liquid cooling to the Antenna Equipment Unit. Under the terms of the contract, Teledyne Brown Engineering will continue to manufacture and assemble multiple CEUs plus perform equipment sustainment over the next three years. www.militaryembedded.com

Figure 4 | AN/TPY-2 is a one portion of the Ballistic Missile Defense System used to detect, acquire, track, and discriminate possible incoming ballistic missiles. Raytheon photo.

MILITARY EMBEDDED SYSTEMS

October 2020 11

SPECIAL REPORT

Dominating the electromagnetic spectrum requires processing and AI innovation By Emma Helfrich, Associate Editor Efforts to dominate the electromagnetic spectrum (EMS) in the military arena are moving forward as manufacturers develop innovative technologies to find actionable needles in the crowded electromagnetic intelligence haystack. Cognitive capabilities, artificial intelligence (AI), and similarly cutting-edge developments have opened a new chapter in electronic warfare (EW), and so too has the need to keep pace with adversarial advancements.

12 October 2020

Solving Electromagnetic Spectrum (EMS) Challenges

The EA-18G Growler, an American carrier-based electronic warfare aircraft, is used by the U.S. Navy in combat and contested situations. U.S. Navy photo.

Quicker response and heightened accuracy have a huge effect on the proliferation of electromagnetic spectrum (EMS) systems and cognitive radar and electronic radar (EW) capabilities, as all of these aim to reduce workload while fostering an environment of trust and the ability to rely on the information being fed into the system. With speed steering the direction of many EMS technology trends, the software and hardware is all being designed with the intent to significantly reduce what the military and the industry calls the “sensor-to-shooter” timeline and has begun to pull from commercial inspiration. It is true that the EMS is becoming increasingly congested with monumental amounts of data, and both defense customers and manufacturers alike know that that it’s those actors who can reliably access that intelligence and act on it first who have the advantage. Perhaps the first step in mitigating the crowded airwaves could be to consider the EMS its own domain? This very question has been posed by the U.S. Department of Defense (DoD) and the users of the technologies; military technology companies are using their varying interpretations of it to create more robust EMS portfolios. The DoD does actually consider the EMS an operating environment. While that nod doesn’t officially deem the spectrum as a “domain,” it doesn’t negate the fact that all of the services are connected through it and must exist on it in battle. This reality makes any complications that arise on the EMS not a service challenge, but rather a force challenge.

MILITARY EMBEDDED SYSTEMS

www.militaryembedded.com

“And more importantly, it’s a move to network the kill chain across all domains – EMS included.” (Figure 1). Among the questions and concerns the introduction of JADC2 has conjured: uncertainties surrounding the logistical and financial aspects of fielding such a network. A key method through which military technology could be able to develop and promote the JADC2 concept may lie in designing EMS systems with open architectures. “‘Interoperability’ and ‘open’ are two key concepts we prioritize when designing EMSdependent systems for each individual customer,” says Steve Ling, senior director of EMS operations, cyber, and ISR [intelligence, surveillance, and reconnaissance] programs at Alion Science and Technology (McLean, Virginia). (Figure 2). “While typical domains have services and forces dedicated to operating, maneuvering, and dominating within them, the EMS is shared, and every conflict is executed using a joint Figure 1

Understanding the EMS as a joint domain In order to optimize the military’s existence on the EMS, the DoD earlier in 2020 introduced the concept of Joint all Domain Command and Control (JADC2). This initiative aims to connect sensors across military services rather than developing incompatible tactical networks for each domain; the strategy coincides with the efforts being made to reduce the decision-making timeline in EMS systems and ensure reliability in the data being accessed. “Electronic warfare in the EMS has been around a long time, so that’s not new, but the processing speeds we have access to, the maturing of artificial intelligence and a more deliberate focus on controlling EMS as a domain, are all trends that are driving technological advancements to quickly and decisively act within the EMS,” says Ryan Hurt, vice president of business development at Liteye Systems (Centennial, Colorado). www.militaryembedded.com

Liteye integrated AUDS [anti-UAV defense system] and Citadel’s Titan 3 radio-frequency detection into the T-AUDS for enhanced detection, identification, and defeat methods across the full C-UAS [counter-unmanned aerial system] mission. Figure 2

Just as the EA-6B Prowler aircraft paved the way for the EA-18G Growler aircraft, technology in the electromagnetic spectrum continues to evolve. The EA-18G currently uses the same ALQ-99 jamming pods carried by the EA-6B and will continue to until the Next Generation Jammer (NGJ) pods are available. Artwork by Wayne Shaw.

MILITARY EMBEDDED SYSTEMS

October 2020 13

SPECIAL REPORT

Solving Electromagnetic Spectrum (EMS) Challenges

force. Timing and tempo are critical, so we want interoperability and open architectures baked into whatever we do to ensure that the joint force can execute its mission seamlessly. To conduct all-domain operations through the JADC2 and Advanced Battle Management System (ABMS) concepts, interoperability and open systems are an absolute must.” In spite of the advantages that open architectures and interoperability could offer EW systems, there remain drawbacks rooted in the lack of sufficient bandwidth. The contested environments in and around battlefields present their own set of challenges regarding moving significant amounts of data safely and efficiently. To clear this hurdle, military technology companies are beginning with hardware.

Whereas the military used to set the precedent for many technological innovations in the past, the commercial industry is now doing the inspiring. With such successful methods of data processing and analysis currently in use in commercial production, the defense community is starting to take note.

Solving EMS challenges at the hardware level “BAE Systems is developing hardware that is reprogrammable and provides battlefield advantages against current and emerging threats,” says David Subisak, electronic combat solutions technical director at BAE Systems (London, England). “Developing the hardware that enables discriminating capabilities takes time, but once installed in a military platform, an upgrade cadence can be maintained, or a rapid response request can be more easily accomplished to meet a critical need to counter the everchanging digital EME [encrypted media extensions].” Hardware demands from within the defense and aerospace community stem from the need to achieve the highest efficiency. Technology that aims to take previously competing systems and then combine them into a single payload, or a multimission payload, is in development by companies like Xilinx. “We have technology that went from FPGAs [field-programmable gate arrays] to SOCs [systems-on-chip] to adaptive compute acceleration platforms, or ACAPs; that’s where we see things like the SOC and ACAP technology really being a great fit because it brings in all of those different types of compute engines that you need, the different types of waveform processing, and it’s able to be dynamically adjustable and adaptive in real time,” says Manuel Uhm, director of silicon marketing at Xilinx (San Jose, California). “[We solved] this problem [merging] four disparate systems into one.” Such technological innovations would not only help shrink the sensor-to-shooter timeline but also could offer an entirely separate set of benefits in the size, weight, and power (SWaP) arena as well. Ruggedizing the hardware in an EMS system presents its own challenges, as operating on the electromagnetic spectrum requires immense amounts of data processing and power consumption. “On the hardware side alone, for instance, we do a lot with heat dissipation, especially in the area of air-flow-by and liquid cooling,” says Mark Bruington, vice president and general manager of spectrum systems at Mercury Systems (Andover, Massachusetts). “Those technologies specifically in the hardware are key enablers to making this equipment ruggedized, miniaturized, and then more importantly we’re also working with the open standards communities that many of the military departments are looking to for open standards.”

14 October 2020

MILITARY EMBEDDED SYSTEMS

Figure 3 | The IPN254 from Abaco Systems combines the NVIDIA Quadro RTX3000 GPU with the 9th-generation Intel Xeon E CPU.

In essence, the next generation of EMS compute technology will need to catch up and then keep up if the U.S. military is to achieve any semblance of spectrum dominance. Harnessing and processing all of the unstructured data being brought in by sensors across domains is the next step and doing so quickly and dependably will define the direction EMS systems are headed. Turning data into actionable intelligence Whereas the military used to set the precedent for many technological innovations in the past, the commercial industry is now doing the inspiring. With such successful methods of data processing and analysis currently in use in commercial production, the defense community is starting to take note. “Processing power and speed are two of the easiest places to show how commercial technology is being leveraged between commercial and defense sectors,” Hurt says. “The improved ability to process the data being received from the sensors is perpetuating the need for better, faster sensors and identifying more reliance and utilization of those sensors. As sensors improve and become better utilized, processing power will need to improve. It’s a cycle we are seeing, to both sectors’ benefit.” The flow of information coming from these sensors and systems is inundating and analyzing it to then decide the most effective next step asks much of even the most skilled of warfighters. To supplement the FPGAs, CPUs, ACAPs, and other powerful processors currently on the market for EMS systems: artificial intelligence (AI) engines designed to enable higher throughput. www.militaryembedded.com

“There is an explosion of data, and that’s for both commercial purposes but also military purposes and it’s a combination of video, audio, and pictures – a lot of it is unstructured,” Uhm says. “There’s this requirement to be able to sift through all this data, so it’s created the need to have a processor that can keep up with the higher throughput and do it in real time, especially for defense applications as they’re so dependent on real-time response and timely, actionable intelligence. Part of the way that we can make this more real time and do more processing is with this dawn of AI.” In the high-stakes, crowded EW environment, everything from sensors to signal jamming to radar requires the ability to execute high-throughput, real-time compute on the edge; leveraging AI in doing so is presenting momentous advantages on the spectrum. Without such technology, operations are constrained to only what humans can perceive, which can impose limitations.

www.militaryembedded.com

Where cognitive EW stands today Where AI will converge with the EW world will be in cognitive EW applications. “Cognitive and adaptive EW will have its place in new systems and revitalizing older systems,” says Lorne Graves, chief technology officer at Abaco Systems (Huntsville, Alabama). “The enabling products are really starting to move into full production.” These include Abaco’s IPN254, which uses a combination of processing power and high-speed data throughput to enable manipulation of the data with various processing architectures as algorithms mature, he adds. (Figure 3.) While many of the cognitive EW advancements remain undisclosed by the DoD, military technology manufacturers remain optimistic about the opportunities such capabilities could introduce. Software-defined systems are growing in popularity, in terms of both customer requests and funding. “The government has invested in cognitive algorithms, with BAE Systems being one of the primary developers,” Subisak says. “The technology continues to mature and expand beyond the initial algorithms. Because of the digital age in threat radars and how rapidly these radars can be reprogrammed, we expect new cognitive algorithms enhancing the performance of U.S. systems will continue to rapidly evolve and mature. “A continuum of algorithms is in the pipeline, and these are expected to be developed, tested, and deployed as part of the digital technology-acquisition process [to develop and deploy technology faster].” The next phase as users clamor for cognitive technologies and AI to converge in usable tools: To “get to deployment – trusted, with assurance,” Bruington says. MES

MILITARY EMBEDDED SYSTEMS

October 2020 15

MIL TECH TRENDS

Managing new trends for embedded EW systems By Rodger Hosking

Electronic warfare (EW) not only plays a dominant role in worldwide defense capabilities, but it also must evolve rapidly to counter new threats and take advantage of new technology. Each advance must take into account the ever-changing system design landscape.

16 October 2020

Signal Processing for EW Systems

Many critical sections of electronic warfare (EW) systems are now combined within single components like the RFSoC [RF system-on-chip], including signal acquisition, processing, and generation functions. Increasing complexity in hardware, firmware, and software adds risk and costs, so effective, high-level development tools are becoming more important than ever before. At the same time, emerging U.S. Department of Defense (DoD) initiatives like Sensor Open Systems Architecture (SOSA) seek to standardize embedded system architectures for improved interoperability and upgradeability while reducing costs and delivery times. Scope of electronic warfare EW has evolved to become a dominant military force, often overshadowing the importance of traditional weapons, manpower, and transport systems. EW encompasses an incredibly diverse range of specific military capabilities, each one focusing on widely different aspects of exploiting the electromagnetic spectrum to gain advantage over the enemy. EW signals extend across nearly a dozen orders of magnitude of both frequency and power levels, using a vast array of different platforms for each application.

MILITARY EMBEDDED SYSTEMS

www.militaryembedded.com

Deployed EW systems can be found everywhere, including land, air, sea, underwater, and space. They often use the same increasingly congested slices of the spectrum as nonmilitary radio activities including those used for commercial, entertainment, government, consumer, municipal, emergency, and transportation purposes. Indeed, our electromagnetic spectrum is a finite resource that is carefully controlled, highly congested – and therefore, heavily exploited – by advanced technology to make the most of it.

optical, and other sensors, and feeding those digitized streams to signal processing elements, algorithms can produce real-time representations of the battlefield for tactical and strategic decisions. Such electronic-support functions are now greatly enhanced with artificial intelligence (AI) and machine learning technologies. Resulting orders containing precise information for the next course of action, carefully tailored for each asset, are distributed quickly across the battlefield network to men and equipment. These examples illustrate how EW functions for EA, EP, and ES are often highly integrated and interactive within the same platform. All of these operations increasingly rely upon advanced antennas, including phased array designs, and sophisticated signal processing techniques like beamforming, modulation/demodulation, AI, multidimensional algorithms, spread-spectrum techniques, cryptography, adaptive radio, and cognitive radio.

EW is roughly divided into three major sectors. Electronic attack (EA) includes classic offensive goals to disrupt, deny, degrade, destroy or deceive. Electronic protection (EP) seeks to thwart the effectiveness of EA. Electronic support (ES) harvests the extensive wealth of signal information of all types to improve decision making and strategies. EW challenges and strategies Radar represents a major segment of EW, rich with aspects of attack, protection, and support. Under development for nearly a century, radar technology provides critical support for virtually all military platforms. Jamming is one form of electronic attack used to destroy, disable or degrade radar receivers, blinding them to enemy assets. Jamming – originally using brute force, high-power broadband transmitters – has now become extremely sophisticated with highly directed frequency- and pulse-adaptive signals. This structure makes it harder to locate and disable the jamming source. For electronic protection, clever radar transponders in aircraft can generate artificial reflected signals carefully crafted to simulate multiple targets and can transmit false location, bearing, speed, and target cross-section information. Short reaction times to synthesize these deceptive signals are vital for air-to-air combat, because of close proximities. After nearly 25 years, network-centric warfare has evolved rapidly to embrace network technology as a fast, reliable mesh of information links among all warfighting elements. By carefully acquiring signals from radar, communication, electrowww.militaryembedded.com

MILITARY EMBEDDED SYSTEMS

October 2020 17

MIL TECH TRENDS

Signal Processing for EW Systems

Nevertheless, any single implementation of these strategies will eventually become less effective as new countermeasures are deployed. This self-sustaining cycle is the engine of EW, which virtually guarantees on-going military funding and incentives for new development. New technologies for EW To advance EW objectives, several critical technologies are required. Many EW signals now occupy wider bandwidths, not only to simply accommodate higher information rates, but also to support spread-spectrum modulation schemes to improve channel reliability and resiliency against jamming. Another contributor is frequency-hopping, in which RF carrier frequencies are rapidly changed during transmission in a predetermined pseudo-random pattern known only to the receiving device. This increase in signal bandwidth means wideband analog front-end RF and intermediate/IF circuits, higher sampling rates for the data converters, and increased data rates for digitized signal interface links. Perhaps the biggest effect is the major impact on the workload for digital signal processing engines, which must now implement AI and other advanced, compute-intensive algorithms. Phased-array antennas are linear or two-dimensional planar arrays of elements, each one capable of applying independent phase shifts to a common transmit or receive signal. By precisely controlling each phase shift to achieve constructive interference, the antenna can be highly directional, both for receive and transmit. Unlike traditional dish antennas, by applying a new set of phase shifts, phased arrays can be instantly steered to a new direction with no moving parts. Additional signal processing allows simultaneous tracking of multiple targets. Phased arrays are particularly appropriate for airborne and UAV radars where they can be installed on a hull surface and quickly adapt to threats and targets without the bulky mechanical structures required for a directional dish. But the agility and reliability of phased arrays makes them increasingly popular for ground- and maritimebased radars as well, especially for fire-control systems and countermeasures. All of these important benefits incur some complexity and cost. Each element of the phased array requires independent phase-shifts (weights). Originally done with analog circuitry, now this is performed on the digitized signals using DSP because of improved precision and speed. Thus, each element in a transceiver array requires its DDR 4 S DR A M

8x RF/IF Analog In

8x RF/IF Analog Out Timing & Sync

8 A DC s 12-bits 4 G Hz

8 DAC s 14-bits 6.4 G Hz

DDR 4 S DR AM

RFSoC Xilinx Zynq UltraScale+ FPGA

Dual 100 G bE

2x 100 GbE 25 GB/sec

Interfac e E ngines

10 GbE 40 GbE LVDS PCIe Gen.3

AR M CPU C ores

1GbE USB Display port Serial

Figure 1 | Xilinx’s Zynq UltraScale+ RFSoC device combines all critical components of EW sub-system including eight RF ADCs and DACs, high-speed Ethernet and PCIe, DDR4 SDRAM interfaces, and multi-core ARM processors.

18 October 2020

MILITARY EMBEDDED SYSTEMS

own analog-to-digital converter (ADC) and digital-to-analog converter (DAC), plus its own DSP engine. To make this more manageable, the RFSoC was introduced by Xilinx in 2018. Based on its UltraScale+ FPGA [fieldprogrammable gate array] Zynq architecture, the RFSoC includes eight ADCs sampling at 4 GS/sec and eight DACs sampling at 6.4 GS/sec. These are connected directly to the Zynq FPGA fabric, eliminating the power, connections, complexity, and latencies of external interfaces to discrete data converters. An onboard, multicore ARM processor acts as a system controller with control/ status I/O, and two 100 GbE interfaces connect the RFSoC to external devices supporting 24 GB/sec data transfers in both directions. (Figure 1.) Introduced for commercial 5G wireless markets, the RFSoC nicely integrates the key support functions for eight elements of a phased-array antenna, and is small enough to fit right behind the phasedarray panel to reduce cumbersome cabling. By harvesting new technology like RFSoC from commercial markets for military applications, defense vendors are dramatically shrinking size, weight, power, and cost (SWaP-C), especially critical for air vehicles and small EW countermeasure systems. Because RFSoC offers a complete software radio subsystem on a chip, it opens open a wealth of new military uses previously impractical with earlier technology. These include small standalone monitoring stations, more capable robots, smarter munitions, and portable adaptive radios that can dynamically change operational frequencies to avoid crowded bands or countermeasures. New development tools for EW Emerging EW threats and strategies now require answering technologies like exploitation of advanced vector processing, configurable hardware for sensor interfaces, AI, neural networks, machine learning, and scalar processing for analysis and decision-making. Each of these disciplines currently requires specific processing hardware and specialists www.militaryembedded.com

Emerging EW threats and strategies now require answering technologies like exploitation of advanced vector processing,

Some new initiatives offer a promising path forward: Xilinx recently announced its Versal ACAP [adaptive compute acceleration platform] family of hardware devices and supporting development tools. Different members of the family provide different blends of three major resources: scalar processors (CPUs), vector processors (GPUs, DSPs) and adaptable logic (FPGAs). One even offers RF ADCs and DACs, similar to the RFSoC and therefore highly appropriate for embedded EW. Onboard, high-bandwidth memory and flexible memory structures eliminates the need for external devices.

configurable hardware for sensor interfaces, AI, neural networks, machine learning, and scalar processing for analysis and decision-making. Each of these disciplines

To interconnect these resources, ACAP includes an extremely wideband network-onchip that offers a uniform interface and protocol to simplify system integration. Versal development tools target high-level design entry from frameworks, models, C language, and register-transfer level (RTL) coding. Users can create a custom development environment to suit their project needs and programming preferences. Other hardware/software platforms will evolve to help speed EW development tasks to help overcome high complexity and extreme performance requirements.

currently requires specific processing hardware and specialists who are capable of programming them. who are capable of programming them. Even if each section is fully operational, integrating these diverse resources into a tightly coupled, functional system is daunting.

SOSA: A new embedded open standard for EW In May 2013, the U.S. Department of Defense (DoD) issued a milestone memo mandating that all acquisition activity must incorporate DoD Open Systems Architecture (OSA) principles and practices defined in evolving open standards for well-defined modular hardware and software components. The objectives include multivendor sourcing, reusability for quick-reaction needs, and easier upgrades to new technology, which reduces development risks and ensures significantly longer operational life cycles.

Thrives in rugged environments. Lives to test limits. Yes, this is a tardigrade. And it’s also every product Sealevel designs and manufactures. Resilient Rugged • Up for the challenge • •

Like a tardigrade, but with heart.

Innovation

COTS & Full Custom

www.militaryembedded.com

Confidence

Quality

Hardware and software products for every major military contractor

Lifetime warranty on all I/O matched with long-term availability guaranteed

Fully-tested critical communications solutions delivered on time, every time |

Rugged Computing

|

Synchronous Serial

|

MIL- STD -1553

|

MILITARY EMBEDDED SYSTEMS

sealevel.com

October 2020 19

MIL TECH TRENDS

Signal Processing for EW Systems

In response, each of the three primary U.S. service branches (Army, Navy, and Air Force), began developing standards that embraced OSA principles to meet future procurement needs of deployed systems for their respective services. Five years later, it was apparent that the three services had many common elements; this realization inspired the formation of the Sensor Open Systems Architecture (SOSA) Consortium to unify these initiatives. (Figure 2.) SOSA adopts the most appropriate subsets of existing open standards to form a multipurpose backbone of building blocks for current and future embedded systems for

DoD MOSA OBJECTIVES

US Navy Navair HOST Hardware Open Systems Technology

US Army CCDC CMOSS C4ISR and EW Modular Open Systems Suite of Stds

US Air Force OMS Open Mission Systems

Tier 1: Airframe Tier 2: Chassis Tier 3: Modules Redhawk – VITA 49 OpenVPX

VICTORY – MORA Redhawk – VITA 49 JBC - Platform OpenVPX

UCI FACE Redhawk – VITA 49 OpenVPX

SOSATM Consortium Sensor Open Systems Architecture Navy, Army, & Air Force Industry and Universities formed under The Open Group

Defining Best Standards & Practices for Open, Modular Defense Systems

Figure 2 | Open Systems Architecture initiatives developed independently by the three U.S. DoD services share common elements that are now consolidated under the Open Group SOSA Initiative for open embedded system acquisition requirements.

Figure 3 | Pentek Model 5550 SOSA-aligned 3U VPX RFSoC processor card with the QuartzXM module on its conduction-cooled carrier, and dual VITA 67.3 rear-panel connectors for 20 RF coaxial cables and dual 100 GbE optical cables.

20 October 2020

MILITARY EMBEDDED SYSTEMS

radar, electro-optical/infrared (EO/IR), signals intelligence (SIGINT), EW, and communications. SOSA contributing members are U.S. government organizations including the U.S. DoD, Army, Navy, and Air Force, as well as key representatives from industry and universities. A major SOSA product is the Technical Standard, which draws primarily from OpenVPX and other related VITA standards, plus emerging extensions for new technologies, topologies, and environmental requirements. Under intensive development for several years, the Technical Standard Snapshot 3 was released in July 2020 for review and amendment prior to the first full release at version 1.0, expected in early 2021. Dozens of vendors are now offering “SOSA-aligned” products that are well poised to become “SOSA certified” after third-party certification to the final standard once released. (Figure 3.) The DoD is now issuing requests for proposals and information clearly favoring respondents that offer OSA-based solutions. A key difference in the SOSA architecture from earlier open standards is the well-defined protection of IP, which encourages innovation and investment. This certainty helps ensure that SOSA is well on its way to revolutionize the future of embedded military EW systems. MES Rodger Hosking is vice president and cofounder of Pentek. He has spent more than 30 years in the electronics industry and has authored hundreds of articles about software radio and digital signal processing. He previously served as engineering manager at Wavetek/Rockland; he also holds patents in frequency synthesis and spectrum analysis. He holds a BS degree in physics from Allegheny College in Pennsylvania and BSEE and MSEE degrees from Columbia University in New York. Pentek • www.pentek.com www.militaryembedded.com

Because We

Know I/O You get personalized supportGuaranteed A global network of sales representatives and distributors gives you local access to friendly, highly-trained control professionals that can help you select the right products for your needs.

Products Designed for Real-Time Control Systems Acromag provides a full line of high-performance analog, digital I/O and serial I/O bus boards for VMEbus, PCI, CompactPCI® Serial and CompactPCI® computer systems including XMC, IndustryPack®, FPGAs, and PMC mezzanine modules. Ruggedized processors include VPX single board computers, COM Express boards, and mission computers.

Visit Acromag.com/Solutions

TO SEE WHAT’S NEW 877-295-7088

Embedded I/O Solutions You Can Depend On.

INDUSTRY SPOTLIGHT

Title Securing military By John McHale, Editorial Director embedded systems is a giant challenge abstract

By Sally Cole, Senior Editor Updating and patching security vulnerabilities to limit the attack surface for the military’s embedded systems – especially legacy ones – can be a daunting task.

Embedded systems used by the military, many of which were once considered to be standalone and secure thanks to air gaps – network security measures used on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks – now require security. Demand for interconnectivity of embedded systems is increasing their attack surface, often necessitating updates and patches to thwart vulnerabilities. “It’s a huge challenge because there are a broad range of requirements and use cases for legacy embedded systems,” says Rich Lucente,

22 October 2020

Enabling Security in Embedded Systems

caption

principal solutions architect, DoD, for Red Hat North America Public Sector (Raleigh, North Carolina). “Some are either very isolated or surrounded by external mitigation measures that seemingly reduce the burden to secure the system, but in reality may provide a false sense of security.” Other embedded systems are singular in purpose, or nearly so, with a limited attack surface that can also give a false sense of security. “Systems may rely on ‘zero trust’ mitigations, which themselves must be properly implemented with timely and intelligent responses to alerts and notifications,” Lucente adds. “The challenge increases with shortening attack time scales and alert fatigue. Continuous risk analysis is also needed to determine which protections are necessary.” As more devices become interconnected and “more embedded systems are exposed to networks, the risk of an attack increases,” says Paul Butcher, senior software engineer and lead engineer in the U.K. for the AdaCore HICLASS project (Bristol, England). “The current trend within the military programs is toward systems of systems, such as Tempest or FCAS [Future Combat Air System], where complexity is one order of magnitude higher than in the previous generation.” This direction leads to another challenge: “How do we refute that embedded systems are insecure and how do we convince a regulatory body that our system is free of vulnerabilities that, if undetected, could lead to malicious intent or even safety hazards?” Butcher posits. “Testing is key for ensuring systems are secure, but security engineering has other objectives to more traditional softwaredevelopment life cycles and, across multiple sectors, this is where we’re seeing advances in security standards’ guidelines for ensuring security compliance.”

MILITARY EMBEDDED SYSTEMS

www.militaryembedded.com

The high level of integration of the current typical military embedded systems also presents problems, according to Butcher. “This includes components of various origins, tightly integrated together within the same partition or on different partitions – typically including an RTOS, utility layers such as communication and crypto services, and application layers – through communication channels,” he says. “We expect it to increase and pose huge engineering problems at the specification, implementation, and integration levels, and further down at the supply-chain level as well.”

Emerging threats New attacks exploit existing architectures in ways that were unforeseen when they were originally released, according to Irby Thompson, general manager of Wind River Security (Washington, D.C.), which acquired Star Lab in 2019 to broaden its portfolio with software for Linux cybersecurity.

To secure legacy systems, security guidelines can be applied to remove or at least mitigate known or anticipated security vulnerabilities. “Automated tooling helps with hardening the system, but these efforts also typically include manual steps,” Lucente says. “In combination with mitigation, the testing regime validates that systems have no known vulnerabilities or can withstand anticipated threats. So there’s a combination at play where you try your best to secure and then validate the system.”

Increasing sophistication of software solutions raises issues with the supply chain as well, Lucente points out: “Instead of black-bag physical infiltration of public and private sector facilities, nation-states are exploiting weaknesses in third-party software applications to penetrate networks and steal intellectual property to use for their own purposes as well as probe for weaknesses,” he explains. “This is particularly true with software ‘appliances,’ which aren’t appliances in the traditional sense, but instead yet another general-purpose computer running software. Security approaches need to evolve to meet current and future threats.”

Thompson points to attack examples such as Meltdown and Spectre, which exploited performance optimizations within modern microprocessors to allow unauthorized access to code and data. “These attacks were not known or foreseen when the microprocessors were released, so an entirely new class of threats was born to be exploit deployed devices,” he says. The sophisticated cache side-channel attacks in modern processors “enabled the recovery of what was thought to be protected data – cryptographic keys, passphrases, etc.,” says Lucente.

Attack tools may grow in terms of their power, but the software within deployed systems largely stays the same. “While software patches can be applied, it’s a catand-mouse game between the developer and attacker,” says Thompson. “Strong embedded systems engineers with an eye toward security are always trying to stay

AS 9100D / ISO 9001:2015 CERTIFIED

PHALANX II: THE ULTIMATE NAS

THE

Supports AES-256 and FIPS140-2 encryption

The McHale Report, by mil-embedded.com Editorial Director John McHale, covers technology and procurement trends in the defense electronics community.

Utilizing two removable SSDs, the Phalanx II is a rugged Small Form Factor (SSF) Network Attached Storage (NAS) file server designed for manned and unmanned airborne, undersea and ground mobile applications. w w w . p h e n x i n t . c o m

ARCHIVED MCHALE REPORTS AVAILABLE AT:

https://militaryembedded.com/newsletters/the-mchale-report

www.militaryembedded.com

MILITARY EMBEDDED SYSTEMS

PHX_OSP_3.375_4.875.indd 1

October 2020 23 1/22/18 11:36 AM

INDUSTRY SPOTLIGHT ahead of the attacker by releasing updates to their systems before exploits are published in the wild. But without the right security expertise, budget, or time, this can be an uphill battle.” Figure 1

The U.S. military expects that artificial intelligence (AI) will be used to further exploit vulnerabilities in devices used by personnel at the tactical and intelligent edge. U.S. Army photo.

PATCHING CODE FOR EMBEDDED SYSTEMS Researchers at Purdue University (West Lafayette, Indiana) are currently exploring how the military can safely patch code within embedded systems without introducing unintended problems with functionality, with the help of a U.S. Defense Advanced Research Projects Agency (DARPA) grant. “Many embedded systems, like computer systems running in trucks, airplanes, and medical devices, run old code for which the source code and the original compilation toolchain are unavailable,” says Antonio Bianchi, an assistant professor of computer science at Purdue University. “Old software components running within these systems are known to contain vulnerabilities, but patching them isn’t always possible or easy.” Without source code, Bianchi says patching vulns requires editing the binary code directly. Even if a system has been patched, there’s no guarantee it won’t interfere with the original functionality of the device. Because of these difficulties, he notes that code running within embedded systems is often left unpatched – even when it’s known to be vulnerable. The researchers say that when on the large scale, it’s impossible to compare two pieces of software – in this case, the original code and the patched code – to determine if their functionality is the same. “But if the modifications are ‘small,’ as is typical for security patches, it’s possible to develop a formal analysis system to automatically compute the impact that a patch has on the functionality of a device,” Bianchi explains. “So our approach is based on developing such formal analysis and adding the patch to the original code in a way so that the code modifications produced by the patch are minimal.” Most people are unaware of how problematic it is to update embedded systems. “If we think about standard desktop or mobile systems, a huge part of the effort to make them secure has been invested in developing fast, automated, and scalable update systems,” Bianchi says. “For example, a modern Android phone’s operating system and apps are updated frequently – weekly – in a fully automated way. These updating mechanisms were developed because it became clear that the best way to secure them was to update their code frequently.” Unfortunately, these updating mechanisms are typically not available within embedded systems. “Updating the code, in some usage scenarios – such as embedded systems used in avionics – requires recertification of the entire system, making the entire updating process inconvenient, expensive, and therefore infrequent,” he adds.

24 October 2020

MILITARY EMBEDDED SYSTEMS

Enabling Security in Embedded Systems Thompson is already seeing signs of artificial intelligence (AI) being used to create unique and unknown zero-day attacks – that is, previously unknown vulnerabilities or “vulns” – on devices at the intelligent edge. He expects to see these threats grow; he also believes that AI will discover more efficient ways to attack systems or vulns that only humans could have previously discovered. (Figure 1.) Updating/hardening embedded systems via software To defeat these emerging threats, designers need to think about security hardening from the beginning of the design process. Treating security hardening as an afterthought or bolting it onto a system is no longer acceptable, according to Lucente. “Security hardening should ‘shift left’ from a one-time certification at the end to being a continuous part of development and operations processes,” he says. “We can no longer do long and expensive certifications as the landscape changes, including during and immediately after the certification process.” Rather, Lucente says developmental and operational approaches need to evolve to a continuous cycle of developing and refining models of identified security threats and risks; defining approaches to mitigate or remove those threats and risks; implementing mitigations; measuring the effectiveness of those mitigations; and monitoring for new threats. “Most security architectures aim to keep the bad guys out,” Thompson says. “They attempt to prevent an attacker from ever gaining administrative access to a system – ensuring the attacker doesn’t gain elevated privileges and have unauthorized access to code and data.” But a properly hardened embedded system running Linux doesn’t care if the bad guy gets root access because it’s configured to protect the integrity and confidentiality of the system, using mandatory access-control policies defined by the embedded systems developer. “Code and data are accessed if and only if a policy is defined for that www.militaryembedded.com

access – regardless of the privileges granted to the user,” Thompson explains. “In other words, if you’ve defined a policy that allows only write access to an audit log, then nobody, not even the administrator, will be able to read from that audit log. The mandatory access-control policy is enforced by Linux.”

Multilayered approach to security What the industry needs, say industry experts, is a stepped, multilayered approach to security for embedded intelligent systems.

Designers can also use a secure virtualization environment to separate and isolate embedded applications from each other, Thompson adds, to ensure that an attack on one application or operating system doesn’t enable unauthorized access to other applications or operating systems on the system.

A single layer “can never protect against all threats or patch all vulnerabilities,” says Wind River Security’s Thompson. “Multiple layers of security, known as defense-indepth, cover far more threats and vulnerabilities. If any single layer is defeated, the attacker still has to move through multiple other layers of defenses to achieve their objective,” he says.

“When you combine this policy control and enforcement with isolation, separation, tamper resistance, and reverseengineering prevention features such as antidebugging, driver application signing, and the like, you turn an open Linux distribution into a locked-down distribution that allows the embedded system to do only one thing: that which is was intended to do by the developer,” Thompson notes.

The goal of security engineering is “the protection of identified key assets,” according to AdaCore’s Butcher and Romain Berrendonner, a security-offering architect at AdaCore (Paris). They say that layered defense-security architectures can ensure a “strength-in-depth” approach by adding redundancy to countermeasures.

“It forces them to be knowledgeable about many types of vulnerabilities, attacks, and attack tools. It can help increase the time to defeat significant – giving the developer more time to update the embedded system after a new vulnerability or attack is discovered.” One interesting area of active research within industry is to use hypervisor security around separation kernels, Butcher and Berrenndonner point out. This approach plays a key role in the upfront design of modern secure systems, but it can also help secure legacy applications around midlife updates where security certification may otherwise not be possible. The security executives also believe that formal specification of hardware interfaces will become more important as embedded systems become more complex, if only to keep the engineering of such systems manageable. MES

SOSA and VITA: Enabling Open Standards for Improved Capability Sponsored by Annapolis Micro System, Epiq Solutions, Pentek, TE Connectivity

Elements of the Sensor Open System Architecture (SOSA) technical standard are leveraging standards developed by the VITA Standards Organization, specifically VITA 65, also known as OpenVPX. VITA has also become a participating member of the SOSA Consortium along with the Air Force, Army, and Navy. This harmonization between the services, industry, and industry standardization bodies helps drive the SOSA initiative’s strong momentum within the defense community. In this webcast, join industry experts as they cover the ways in which the SOSA Consortium is working with VITA to enable standardization of VITA-based standards within the SOSA Technical Standard. Watch the webcast: https://bit.ly/2S8LDeh

WATCH MORE WEBCASTS:

https://militaryembedded.com/webcasts/ www.militaryembedded.com

MILITARY EMBEDDED SYSTEMS

October 2020 25

INDUSTRY SPOTLIGHT

Creating a trusted platform for embedded securitycritical applications By Richard Jaenicke and Steve Edwards

Security-critical applications, such as cross-domain solutions (CDS), require a secure, trusted platform on which to execute, spanning software, firmware, and hardware. The lowest layer that the application interacts with directly is a trusted operating system (OS). Trust in the OS is dependent on two factors: its robustness from a security perspective, and assurance that the OS was both loaded and configured correctly and never tampered with. OS trust also depends partly on trusted pre-OS functionality, such as secure boot firmware that executes before the OS.

26 October 2020

Enabling Security in Embedded Systems

The security robustness of computer hardware and software platforms is often specified by evaluation to the “Common Criteria for Information Technology Security Evaluation” (ISO/IEC 15408)1. Typically, Common Criteria targets of evaluation (TOE) are evaluated against a government-defined protection profile that includes both functional and assurance requirements. Evaluations can be done to different levels of depth and rigor, called Evaluation Assurance Levels (EAL), with EAL1 being the least rigorous and EAL7 being the most rigorous. Alternatively, a certain level of trust can be achieved through safety certifications. Although safety certifications provide a level of assurance for integrity and availability, they generally do not directly address confidentiality or other trust mechanisms. Trusting the correct operating system (OS) code has been loaded requires the establishment of a chain of trust all the way back to a root of trust (RoT) that is established at power-on. Each link in the chain of trust must have sufficient security assurance functionality and must authenticate the next piece of software in the chain of trust before it is executed. The robustness of the RoT is the critical starting point for any trusted platform. The level of robustness can range broadly, from a software RoT, to one based on a physical unclonable function (PUF) embedded in the hardware. Security robustness In U.S. government-defined protection profiles, robustness is a metric that measures the TOE’s ability to protect itself, its data, and its resources. Robustness levels are characterized as basic, medium, or high2. The level of robustness required for a TOE is characterized as a function of the value of the data that

MILITARY EMBEDDED SYSTEMS

www.militaryembedded.com

robustness requires EAL6 or higher and is appropriate for protecting systems against extremely sophisticated and well-funded threats, such as attacks from nation-states and national laboratories. For medium and high robustness environments, it is generally necessary to require that certain hardware components of a product be evaluated as part of a TOE. This requirement enables higher confidence that the product is less likely to be compromised and that the security policy is always invoked2.

it protects and the threats identified for the environment in which it is deployed. Basic robustness environments are defined as those that encounter threats introduced by inadvertent errors or casually mischievous users. In general, “best commercial practice” is sufficient to protect information in a basic robustness environment3. Medium robustness environments are sufficient where the motivation of an attacker is considered “medium,” and the attacker has at least a moderate level of resources or expertise2. In general, medium robustness is “appropriate for an assumed nonhostile and well-managed user community requiring protection against threats of inadvertent or casual attempts to breach the system security.”4 A high robustness TOE is required for environments where sophisticated threat agents and high-value resources are both present, resulting in a high likelihood of an attempted security compromise5. High www.militaryembedded.com

Chain of trust Providing a secure computing environment for cross-domain solutions (CDS) applications depends in part on establishing a chain of trust, starting with a hardware RoT and reaching up through every layer of software (see Figure 1 for an example chain of trust). Trust in each link in the chain has two components: the robustness of the security solution and the authenticity of the component. Authenticity is ensured by cryptographic signature, generally in the form of a secure hash algorithm. Authentication provides assurance that the software loaded is the one intended and nothing else, but authentication does not address security functionality, including being free from vulnerabilities. The beginning of the chain of trust, the RoT, can be software-based, but a hardware RoT is more secure. The main choices for a hardware RoT include a separate Trusted Platform Module (TPM) chip, on-chip boot ROM code, and on-chip security based on a physically unclonable function (PUF). On Intel processor-based systems, Intel Trusted eXecution Technology (TXT) uses a TPM to store known-good values for the hashes of the BIOS and the hypervisor or OS kernel. At poweron, the hash of the BIOS is compared with the value stored in the TPM. If it matches, the BIOS is loaded, and the hash of the hypervisor or OS kernel is calculated and compared. Note that some portion of the CPU is already running to compute the hashes, and the boot microcode – which is the first software executed by the CPU – has already

Figure 1 | Example chain of trust, starting with the hardware RoT.

been cryptographically authenticated by the processor itself. FPGA-based RoT A higher level of security can be achieved with a device that features a RoT built into its own silicon. Typical examples of such devices include the Microsemi PolarFire or SmartFusion2 SoC FPGA [field-programmable gate array], Intel Stratix 10 FPGA, and Xilinx Zynq UltraScale+ MPSoC [multiprocessor system-on-chip]. In the case of the Zynq MPSoC, the metal-masked boot ROM code, together with an RSA key hash stored in a hardware eFUSE, provides the hardware RoT. The device’s Configuration Security Unit (CSU) boots from on-chip, metal-masked ROM and enforces the RoT. It validates the integrity of the user public key read from external memory by calculating its cryptographic checksum using the SHA-3/384 engine and then compares it to the value stored in eFUSEs. If those match, the CSU loads and authenticates the first stage boot loader (FSBL)7. Some portions of the boot process, such as loading the FPGA bitstream, might require confidentiality in addition to authenticity. An on-chip PUF can be

MILITARY EMBEDDED SYSTEMS

October 2020 27

INDUSTRY SPOTLIGHT used to create a key encryption key (KEK), which is used to encrypt the user symmetric key used for decrypting the bitstream. The KEK is never stored but it instead created at each power-up based on the PUF, which is physically unique and cannot be copied. On some devices, the same technique can be employed to generate the initial key used to authenticate the boot ROM instead of storing the key eFUSE, thereby further enhancing security. Once an SoC or FPGA has securely booted, it can act as the RoT for the main processor. It can be used to provide hardware authentication of the boot process and ensure the processor is executing only trusted code8. Vulnerabilities in the chain of trust As stated above, although authenticating each link in the chain of trust ensures that nothing but the intended software is loaded, authentication does not address security functionality, including freedom from vulnerabilities. For that reason, each portion of the code should be designed, tested, and verified to be free from vulnerabilities. This rule particularly applies to metal-masked boot ROM code, which cannot be easily updated if a vulnerability is discovered later. For example, a recently revealed flaw in the boot ROM for Intel’s Converged Security and Management Engine (CSME), undiscovered for the last five years, enables control over reading of the chipset key and generation of all other encryption keys9. Once an attacker has obtained this chipset key, they can decrypt any data encrypted using Intel Platform Trust Technology (PTT) and forge the device’s Enhanced Privacy ID (EPID), which is used for the remote attestation of trusted systems. What’s more, because the vulnerability resides in metal-masked boot ROM, it cannot be patched with a firmware update10. MILS architecture Once a trusted hardware platform is established, the next step is the design of the software architecture. The most accepted path to building a trusted software environment for CDS applications is a Multiple Independent Levels of Security (MILS) operating environment implemented to high robustness. MILS divides the software architecture into three layers: the separation kernel, middleware, and applications. Each layer enforces a separate portion of the security policy set. The separation kernel is the only layer that executes in privileged mode. Applications can enforce their own security policies, enabling application-specific policies instead of relying on broad security policies in a monolithic kernel. Each layer and application can be evaluated separately

Figure 2 | Using a separation kernel, applications run in isolated partitions and access external data through a multiple single-level security (MSLS) file server or network stack.

28 October 2020

MILITARY EMBEDDED SYSTEMS

Enabling Security in Embedded Systems without affecting the evaluation of the other layers/applications, making the CDS system easier to implement, certify, maintain, and reconfigure11. A separation kernel12 divides memory into partitions using a hardware-based memory management unit (MMU) and allows only carefully controlled communications between nonkernel partitions. Furthermore, OS services, such as networking stacks, file systems, and most device drivers, execute in a partition instead of in the kernel in privileged mode (Figure 2). Because the separation kernel relies on hardware features such as the MMU to enforce some of the separation requirements, it is imperative to have trust in the hardware platform. NEAT security properties The separation kernel enforces the data isolation and controls communication between partitions. This enables untrusted applications and data objects at various levels of classification to reside on a single processor. The separation kernel also enables trusted applications to execute on the same processor as less-trusted applications, while ensuring that trusted applications will not be compromised or interfered with in any way by less-trusted applications. Security-policy enforcement by the separation kernel is nonbypassable, always invoked, and tamperproof because it is the only software that runs in privileged mode on the processor13. Additionally, the small size of the separation kernel makes it “evaluatable.” These four properties – nonbypassable, evaluatable, always invoked, and tamper-proof – are referred to by the acronym “NEAT.” The guarantee of NEAT properties in a MILS operating environment enables the design of a multi-level security (MLS) system as a set of independent systemhigh partitions with cross-domain solutions that enable secure communications, both among those partitions and with external systems. Leveraging the NEAT security-policy enforcement provided in a separation kernel evaluated to high robustness results in small and tightly focused cross-domain servers, downgraders, and guards. This step, in www.militaryembedded.com

Figure 3 | Curtiss-Wright’s CHAMP-XD1S 3U VPX digital signal processing module provides enhanced trusted computing features, including an FPGA and software security with TrustedCOTS Enhanced Trusted Boot capabilities.

turn, makes high-assurance evaluations of those cross-domain solutions practical, achievable, and affordable14. Covert channels One of the most challenging requirements for achieving high robustness is the mitigation of covert channels, which is an unintended or unauthorized communications path that can be used to transfer information in a manner that violates a security policy15. Covert channels can be categorized as either storage-based or timing-based, or as a hybrid of the two. Covert storage channels transfer information through the setting of bits by one application in a location that is readable by another application. Covert timing channels convey information by modulating some aspect of system behavior over time in a way that can be observed by another application. Many covert channels are extremely challenging to identify and mitigate. A high-robustness separation kernel must demonstrate that a systematic approach was taken to identify and mitigate covert channels across the range of possible communication mechanisms. Mitigation techniques include shutting down or preventing the covert channel, limiting the bandwidth of potential covert channels so that the assurance outweighs the risks, and ensuring that only highly trusted applications have access to the covert channels. Extended security functionality Additional functionality that may be required by a secure system architecture, depending on the level of security robustness required, includes audit logging, integrity tests, and abstract machine www.militaryembedded.com

tests (AMT). Audit logging records specific events during execution of the separation kernel to detect potentially malicious code behavior. Integrity tests ensure the integrity of the executable images of the separation kernel that are stored in both volatile and nonvolatile RAM. Integrity testing includes continuous tests of the separation kernel’s active executable image in RAM as well as a set of power-up tests. AMTs are continuous tests that ensure that hardware protection mechanisms are being enforced; an example would be those tests that attempt memory violations and privileged instruction execution in order to ensure that the hardware enforcing separation between the virtual address spaces is still operational. Audit logging, integrity tests, and AMT are all required to meet high robustness15.

AMTs are continuous tests that ensure that hardware protection mechanisms are being enforced; an example would be those tests that attempt memory violations and privileged instruction execution in order to ensure that the hardware enforcing separation between the virtual address spaces is still operational. Examples of trusted hardware and software solutions Curtiss-Wright’s CHAMP-XD1S 3U VPX digital signal processing (DSP) module (Figure 3) features an Intel Xeon D processor, a Xilinx Zynq UltraScale+ MPSoC FPGA, and a flash-based Microsemi SmartFusion2 FPGA to provide a secure processor board designed for high-performance embedded computing (HPEC). The module’s FPGA and software security features with TrustedCOTS Enhanced Trusted Boot capabilities, including an FPGA-based Root of Security to protect against malicious cyberattacks, probing, and reverse-engineering. The CHAMP-XD1S uses a TPM 2.0 security chip to support Intel TXT secure boot technology. The board also uses a PUF in the Zynq UltraScale+ MPSoC to generate the encryption key used authenticate the boot code. That authentication can be used as the RoT to extend trust to other portions of the system. The SmartFusion 2 FPGA provides health and management functions and can integrate additional security functions. In the software realm, the INTEGRITY-178 tuMP real-time operating system (RTOS) from Green Hills Software provides a MILS operating environment based on a separation microkernel that is capable of hosting MLS applications, including cross-domain solutions. The RTOS provides the high level of data isolation, control of information flow, resource sanitization, and fault isolation required for a high robustness separation kernel. Those foundation security policies are nonbypassable, evaluateable, always invoked, and tamperproof (again, that NEAT acronym), providing the high assurance level needed to enable the design of an MLS system as a set of independent, secure partitions with cross-domain solutions enabling secure communications among those partitions. In 2008, the INTEGRITY-178 RTOS became the first and only operating system to be certified against the “U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness” (SKPP), which was issued by the Information Assurance Directorate of the U.S. National Security Agency (NSA). The certification against the SKPP was to both high robustness and EAL6+. As part of certification to the SKPP, the RTOS underwent independent vulnerability analysis and penetration testing by NSA to demonstrate both that it is resistant to an attacker possessing a high attack potential and that it does not allow attackers with high attack potential to violate the security policies. Additionally, it underwent covert channel analysis by NSA to demonstrate that it satisfies all covert channel mitigation metrics.

MILITARY EMBEDDED SYSTEMS

October 2020 29

INDUSTRY SPOTLIGHT

Enabling Security in Embedded Systems

Beyond the approval as a MILS separation kernel, INTEGRITY-178 provides a complete set of APIs that were also evaluated by the NSA for use by MLS applications within a secure partition – an MLS guard, which is a fundamental requirement in a cross-domain system. Those secure APIs include support for multithreading, concurrent execution on multiple cores, and flexible core assignments at the configuration file level, all within the secure MILS environment. MES

11

References

14

1

2

3

4 5

6

7

8

9

10

Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5, CCIMB-2017-04-[001, 002, 003], Apr 2017. Consistency Instruction Manual For Development of US Government Protection Profiles For Use in Medium Robustness Environments, Release 3.0, National Security Agency, 1 Feb 2005. Consistency Instruction Manual For Development of US Government Protection Profiles For Use in Basic Robustness Environments, Release 2.0, National Security Agency, 1 Mar 2005. “Controlled Access Protection Profile, version 1.d,” NSA, 8 Oct 1999. U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness, Version 1.03, National Security Agency, 29 July 2007. Information Assurance Technical Framework, Chapter 4, Release 3.1, National Security Agency, Sep 2002. “Zynq Ultrascale+ MPSoC Security Features,” Xilinx, 2020. https://xilinx-wiki.atlassian.net/wiki/ spaces/A/pages/18841708/Zynq+Ultrascale+MPSoC+Security+Features “Overview of Secure Boot With Microsemi SmartFusion2 FPGAs,” Microsemi, 2013. http://www.microsemi.com/document-portal/doc_download/132874-overview-of-secure-bootwith-microsemi-smartfusion2-fpgas M. Ermolov, “Intel x86 Root of Trust: loss of trust,” Positive Technologies, 5 Mar 2020. http://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html Edward Kovacs, “Vulnerability in Intel Chipsets Allows Hackers to Obtain Protected Data,” Security Week, 20 Mar 2020. https://www.securityweek.com/vulnerability-intel-chipsets-allowshackers-obtain-protected-data

APPLICATION-SPECIFIC INTERCONNECTS FOR DEFENSE SOLUTIONS WWW.OMNETICS.COM | SALES@OMNETICS.COM | +1 763-572-0656

OMNETICS IS A WORLD-CLASS MINIATURE CONNECTOR DESIGN AND MANUFACTURING COMPANY WITH OVER 30 YEARS OF EXPERIENCE. OUR MINIATURE CONNECTORS ARE DESIGNED AND ASSEMBLED IN A SINGLE LOCATION AT OUR PLANT IN MINNEAPOLIS, MINNESOTA.

WE TAKE PRIDE IN WHAT WE BUILD FOR YOU. 30 October 2020

MILITARY EMBEDDED SYSTEMS

12

13

15

J. Alves-Foss et al, “Enabling the GIG”, PowerPoint presentation, Integrated Defense Architectures Conf., 11 May 2005. Rushby, J., “Design and Verification of Secure Systems,” ACM Operating Systems Review, vol. 15, no. 5, Dec 1981. IAEC 3285, NSA Infosec Design Course, High Robustness Reference Monitors version 3, Michael Dransfield, W. Mark Vanfleet. W. Mark Vanfleet, et al, “MILS: Architecture for High Assurance Embedded Computing,” CrossTalk, Aug 2005. U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness, Version 1.03, National Security Agency, 29 July 2007.

Richard Jaenicke is director of marketing for safety and securitycritical products at Green Hills Software. Prior to Green Hills, he served as director of strategic marketing and alliances at Mercury Systems, and held marketing and technology positions at XCube, EMC, and AMD. Rich earned an MS in computer systems engineering from Rensselaer Polytechnic Institute and a BA in computer science from Dartmouth College. Readers may email him at richj@ghs.com. Steve Edwards is Director of Secure Embedded Solutions for Curtiss-Wright. He has been with Curtiss-Wright for 22 years in a number of roles. Steve codesigned CurtissWright’s first rugged multiprocessor and FPGA products and was involved in the evangelization of the industry’s first VPX products. He was Chair of OpenVPX (VITA 65) from 2013 to 2015, and is current co-lead of the Sensor Open Systems Architecture (SOSA) Security Subcommittee. He has been involved in Curtiss-Wright’s AT and cybersecurity efforts for 11 years. Readers may reach him at Steve. Edwards@curtisswright.com. Green Hills Software https://www.ghs.com/ Curtiss-Wright https://www.curtisswrightds.com/ www.militaryembedded.com

Major Navy Contractors Chose Us! 64-Channel Sonar Boards - Available Now! Double

the number of channels per board (64-channels) Custom Channel Sync Among 500 channels 24DSI64C200K - New Product! Max 50 Nanosecond Delay 24-Bit, 64-Channel, 200KSPS, PCI-Express Module Low Power Consumption Low SKEW Low Noise Saves Space

We offer free loaner boards.

Free software drivers for Windows®, LabVIEW, and Linux.

For more information on this board: http://www.generalstandards.com/sonar.php

64 differential 24-Bit simultaneously-sampled analog input channels. Optional 48 and 32-channel versions also available. Input sample rates from 1KSPS to 200KSPS per channel. Fixed input range available from 2Vpp (±1V) to 5Vpp (±2.5V). Call for availability of a specific range. Delta-Sigma input conversion minimizes or eliminates the need for antialias filtering. Precision DC characteristics as well as wide dynamic range AC performance. 256K-sample analog input FIFO buffer. Typical dynamic range of 102dB; 120dB with 10kHz software postfilter. Continuous and Burst (one-shot) sampling modes. Sample clock source selected as internal or external. Supports multiboard synchronization of analog inputs. On-demand internal offset and gain autocalibration of all analog inputs. 4-Bit bi-directional digital TTL port. www.GeneralStandards.com High-density Front-Panel system I/O connections. PCI Express control interface, single-lane. Available in PMC or XMC form factors with reduced channel-count. Custom Cables for this board.

1-800-653-9970

INDUSTRY SPOTLIGHT

Manufacturing status report: Legacy software infrastructure can hurt security, ability to change By Matt Medley There are many pitfalls to keep an eye on when assessing whether a current or potential enterprise resource planning (ERP) system is fit-for-purpose in defense and aerospace manufacturing. Making the wrong choice could leave a manufacturer hamstrung when looking to transform their operations, with existing software requiring expensive customizations, providing limited deployment options, offering little business intelligence or – a very bad situation – compromising security.

32 October 2020

Enabling Security in Embedded Systems

Defense and aerospace manufacturers are no strangers to a market where progress is demanded first and rewarded second. When a military organization, tier-one original equipment manufacturer (OEM), or industry regulator shifts the goalposts or a new technology comes to the fore in an open competitive advantage, agility becomes the name of the game. Sometimes external market forces can also apply pressure on defense and aerospace manufacturing operations, including such upheavals as the current COVID-19 pandemic. This disruptive situation is having a serious impact on supply and demand, and has resulted in some serious government action, for example the invocation of the Defense Production Act: The Act – usually required during wartime – mandates that manufacturers must shift operations to producing goods in short supply. Some defense manufacturers have really set the bar here: BAE Systems, for example, quickly shifted its production focus to design more than 100,000 face shields and work on developing a ventilator from scratch. With defense and all kinds of manufacturers currently experiencing an extreme stress test, this can put real strain on the enterprise resource planning (ERP) software underpinning their operations. In fact, in a primary research poll taken at a recent IFS webinar – attended by a roll call of blue-chip aerospace manufacturers and aviation organizations – almost half of the respondents (46%) said that their current ERP platform was hindering their ability to adapt to changing market demands. In this arena, failure to react to changing market climates, modernize business processes, and meet ever-moving security requirements can mean being left

MILITARY EMBEDDED SYSTEMS

www.militaryembedded.com

Figure 1 | Cyber hygiene = enhanced data security.

serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene as well as protect controlled unclassified information (CUI) that resides on the department’s industry partners’ networks.” Failing to adhere means defense and aerospace manufacturers are shut out of valuable military RFPs and bid situations. Meeting digital security requirements Enterprise software plays a key role in meeting digital security requirements; it’s here where “one-size-fits-all” ERP systems do not contain the industry specificity to keep defense and aerospace manufacturers compliant. Without a fully integrated application suite allowing data to flow seamlessly between different functions such as supply-chain management, manufacturing, engineering, and customer relationship management (CRM), it is difficult to know which products, parts or transactions may put a defense manufacturer in jeopardy. (Figure 1.) behind. This reality has been thrown into stark focus during the current COVID-19 crisis, where some agile trendsetters have led the charge. Securing operations now and into the future Due the nature of the sectors they operate in, defense and aerospace manufacturers must meet some of the world’s strictest security requirements and regulatory measures. Obtaining the required level of security sophistication applies not only to the physical products manufacturers deliver, but also their digital presence. Witness the compliance mandates required by defense operators before they can even supply a defense customer: the International Traffic in Arms Regulations (ITAR) and the newly released U.S. DoD Cybersecurity Maturity Model Certification (CMMC) Version 1.0 being just two examples. The U.S. government explains in the latter document that “the CMMC is intended to www.militaryembedded.com

A business dealing in regulated materials or involved in sensitive military contracts must be able to quickly and efficiently assemble all critical compliance information from within its ERP system and combine that information with external regulatory data to ensure compliance as the company processes orders, shares information, and conducts other transactions. Such a company also must be able to share it with overseas partner companies in a frictionless environment. It will become more and more important to ensure any ERP solution used for defense and aerospace manufacturing has functionality specifically designed for export control and cybersecurity regulations; tagging this on an as afterthought can be costly in more ways than one. Industry expertise and customer choice must drive software Enterprise software cannot be a jack of all trades and master of none. The baseline ERP functionality delivered by large incumbent providers – who develop a single platform and customize it to support as many industries as possible – may well be good for operations such as finance, HR, and payroll. Running aerospace and defense manufacturing operations is not the same as managing the day-to-day processes of a retail business, for example. Far too often, defense and aerospace manufacturers set out on an implementation strategy and find that costly, complex, and confusing customizations must be made to their software infrastructure to accommodate critical manufacturing processes such as precision-part engineering and intensive quality control. Defense and aerospace manufacturers need to be confident that their underlying systems infrastructure actually supports the specific business needs of their industry now and into the future – not simply dances to the tune of the software supplier.

MILITARY EMBEDDED SYSTEMS

October 2020 33

INDUSTRY SPOTLIGHT Clear up cloud confusion This caution even applies to the deployment model for enterprise software. Many ERP vendors are pushing their customers to the cloud as a prerequisite which, again, may seem like a sensible choice for industries with less-heightened security requirements. But defense and aerospace manufacturers are involved in a sensitive supply chain, where they must prove compliance with strict military security requirements. When researching the challenges of cloud adoption in aerospace and defense organizations, market research firm Tech-Clarity found that two-thirds of defense and aerospace companies highlighted security as a “significant risk.” When looking specifically at OEM respondents, the research found that this figure rises to almost three-quarters. In fact, the IFS webinar poll also showed a limited appetite for fully cloud-based ERP deployments: Again, with questions of security and compliance weighing on the mind, just 3% of respondents currently deploy ERP software through cloud technology only, whereas 64% said they use their software either on-premise only or use a hybrid of on-premise and cloud-based deployments. Ultimately, manufacturers of sensitive materials need to have full control over how they decide to deploy supporting enterprise software. Where business processes dictate, this could be a physically secure on-premise installation, a full SaaS [software-asa-service]-based deployment, or a hybrid environment spanning both. Connectivity through all levels of project Defense and aerospace manufacturers are behind some of their other-company peers on the “Industry 4.0” or smart manufacturing curve. During another recent webinar, which zeroed in on the impact of Industry 4.0 for defense/aerospace manufacturers,

Enabling Security in Embedded Systems

Many legacy ERP suites used in defense organizations are using multiple software products comprised of disparate applications, developed separately, and stitched together with a common user interface. 140 defense and aerospace decisionmakers answered specific questions to gauge views on Industry 4.0 adoption. Only 20% of participants were actively looking to leverage 4.0 technology, identifying it as an enterprise-wide priority. The majority – 68% – were still researching how these technology advances can help achieve their digital transformation goals. Opening up smart manufacturing Smart factories and intelligent assets deployed in the field will generate many terabytes of data. Simply extracting this data – let alone mining it to truly inform business decisions and better take advantage of aftermarket service revenue – is something this industry is still trying to master. This is no surprise. Many legacy ERP suites used in defense organizations are using multiple software products comprised of disparate applications, developed separately, and stitched together with a common user interface. No software can exchange data with every sensor, and those defense and aerospace organizations with inflexible deployments will need to customize and add to their existing implementation to gather information from every available sensor. RESTful APIs: catalyst for connected operations Such inflexibility can be avoided by deploying industry-specific manufacturing ERP software built on application programming interface (API)-driven architecture. To a certain extent, defense manufacturers and services companies

34 October 2020

MILITARY EMBEDDED SYSTEMS

www.militaryembedded.com

today are becoming software companies themselves. They may have developers who write software to do things such as introduce data from the IoT [Internet of Things] and enable other systems to interact with enterprise software. RESTful APIs – a software architectural style for designing networked applications that uses HTTP requests to handle data – make it that much easier for them to link valuable data streams into the core ERP system.

Matt Medley is senior product manager at IFS, ensuring that solutions meet the demanding needs of defense service and support organizations, defense manufacturers, and defense operators and helps bring these solutions to market. He has served as a consultant, program manager, and project manager in aerospace and defense organizations. Matt – a graduate of the U.S. Air Force Academy and a certified flight instructor – served for 12 years in the U.S. Air Force, achieving the rank of major and compiling 2,500 flight hours in the C-130 aircraft. He holds an MBA from Kennesaw State University and a master’s degree from Webster University, and is a certified project management professional. IFS • www.ifs.com/us/

Turning data into decisions Once data is introduced into a supporting enterprise solution, half the battle is won; the next stage is analyzing that information to gain insights into operational and business performance. Manufacturers are moving data analytics from a tool for observation to a tool for optimization, from proactive to predictive intelligence, and to help meet the demands of rapid industry changes. By actively monitoring the performance of assets and processes, manufacturers can make faster and better-informed decisions, which ultimately lead to productivity improvements, cost savings, and added maintenance predictions. But this is impossible to achieve if data exists in a heavily customized and fragmented arena. Siloed sources cannot be harnessed to paint a full 360-degree view spanning frontline manufacturing operations and back-end business processes. Aligned with goals Intelligent enterprise software should bring together solutions that visualize information to support decision-making at both strategic and tactical levels, providing insight and context when and where it is needed. This approach includes integration with other programs vital to defense and aerospace manufacturing. By combining enterprise architecture, business-activity monitoring, intelligent business-process management, business intelligence, and reporting capabilities, a unified platform can be created that enables an end-to-end picture to be built in line with manufacturers’ security, technology, and business goals. MES www.militaryembedded.com

Development to Deployment Elma has the products and experience to help you through every step of system realization.

With you at every stage! Elma Electronic Inc.

MILITARY EMBEDDED SYSTEMS

elma.com

October 2020 35

www.pc104.org

PC104

Consortium

By Roy Keeler, PC104 Consortium

PC/104 trends in the small-form-factor realm Common wisdom is clear: Don’t fix what isn’t broken. For decades, the PC/104 form factor has spanned many generations of processors and interfaces, always with the goal of making computing solutions as compact, modular, and enduring as possible. PC/104 remains the favored small form factor (SFF) for embedded solutions in markets where vibration, fluctuating power, granular debris, and round-the-clock use can’t be allowed to interrupt critical application uptime. The PC104 Consortium’s vision for PC/104 remains timeless: to support and promote the design, manufacture, and support the world’s most dependable and flexible product family built for demanding, SWaP (size, weight, and power)-sensitive applications. What is PC/104? › Highly integrated single-board computer (SBC) › System expansion and customization through stackable applicationspecific carrier boards › Small rugged form factor that will fit where other boards don’t, speaking mechanically, economically, and functionally › Based on industry and proprietary standards of mechanical and electrical interface characteristics › Ideal solution for a host of industry applications › Robust ecosystem of products and manufacturers Why PC/104? › Performance: The latest processor technology with high speed serial interfaces, including PCI Express Gen 3, 10GbE, USB 3.0, SATA, LVDS, CAN, HDMI, and other high-resolution graphics.

36 October 2020

› Flexibility: Can operate standalone or in conjunction with a user-supplied carrier boards that provides application specific I/O. › Technology insertion: When used with a carrier board, performance upgrades can be as simple as plugging in the latest commercially available module with the newest chip sets. › Selection: Multiple generations are available that balance cost, features, and performance while maintaining common connectors and mounting holes and common signaling where appropriate. SFF application areas › General-purpose embedded computing, including industrial control, transportation, data acquisition, medical, point of sale, human/machine interface, digital signage, multimedia, and communications. › Ruggedized and high-temperature-range products are available for demanding applications across industries including military, aerospace, rail, and oil and gas. › High-speed and connectivity applications using multiple PCIe Express lanes and as many as four 10 GbE interfaces. These include high-bandwidth applications such as data centers and video surveillance. Even though SFF systems have been a force in computing for over 30 years, there seems to be no sign of slowing in the SFF market. If anything, the range of opportunities for SFF in government, military, and defense vertical markets is expanding faster than ever. Edge and fog computing: Key PC/104 areas Topping today’s embedded computing headlines, edge and fog computing have become key PC/104 deployment areas and a core requirement in most broad Internet of Things (IoT) strategies for data-driven organizations. Fog and edge computing are relatively new terms, and some people are unaware of their differences or how they are distinguished from cloud computing. Essentially, edge applications gather data at the source from environmental sensors, video cameras, and so on, and pre-process them. Edge systems feed collected data up to fog systems, which sit between the edge and the cloud; the systems then aggregate, analyze, and filter data, along with other functions. Fog can then send data upstream into the cloud for further refinement, big data analysis, and storage. This chain of data collection and processing is bidirectional. Edge applications can pass data to fog nodes as well as receive information back from them, and the same is true between fog nodes and the cloud. Generally speaking, the closer one gets to the network edge, the smaller systems become. In a military setting, field soldiers each might have a dozen data sources streaming off their armor, all of which might be gathered by one squad member toting a battery-powered gateway system – perhaps something like an PC/104-based fanless embedded computer mounted in a Humvee. Several such gateways, in turn, might feed back to a server running at the company/ battery/troop headquarters. Not that long ago, minimal computing power was needed for video capture. A digital video recorder could capture a TV or surveillance camera stream with fairly modest processing resources. The game changes when that one video stream grows into high-def or 4K resolution and then multiplies across multiple cameras, then multiplies again with

MILITARY EMBEDDED SYSTEMS

www.militaryembedded.com

feeds coming from multiple people – all accompanied by other data sources, such as LiDAR [light detection and ranging] cameras, laser sighting, long-range microphones, GPS, and more. Depending on the circumstances, there may be a need for this data to be processed, analyzed, and visualized in the field, especially if cloud latency and/or connectivity results in too much delay. Even relaying to fog nodes may be infeasible. SFF PC/104 systems can provide the intelligence needed at the edge without significant increase to SWaP parameters. The rise of in-vehicle computing will clearly benefit from the advantages of SFF PC/104 systems. Of course, although cars have relied on microprocessors for decades, between integrated communication systems, in-car entertainment, in-car sensor analysis (think of the visual recognition needed for backup guidance), real-time navigation, and soon intercar communication for collision avoidance, the need for more powerful processing and graphics in vehicles demands high-performance embedded systems. Other transportation fields including freight, rail, nautical, and military are also seeing an increase in SFF adoption. Again, don’t fix what isn’t broken. Although new technologies such as COM Express and SMARC are gradually replacing PC/104 in certain applications, the market for PC/104 remains robust with moderate growth through 2023, especially in defense, industrial, and medical applications. So, when PC/104 celebrates its 30th birthday in 2022 it will be celebrating remarkable longevity with its loyal customer base in every market it serves. PC/104’s versatility, adaptability, and inherent ruggedness make it the ideal platform with which to build the nextgeneration SFF edge systems. Roy Keeler is on the Board of Directors and is vice president of branding for the PC104 Consortium; he also works as senior product and business development manager, Aerospace & Defense, ADLINK Technology. PC104 Consortium https://pc104.org/ www.militaryembedded.com

The PC104 Consortium was established in February 1992 by 12 companies with a common vision of adapting desktop computer technology for embedded applications. The initial release of the PC/104 specification in March of 1992 was an open design offering the power and flexibility of an IBM compatible personal computer in a size ideally suited for embedding. Simple and elegant in design, while small but rugged in performance, PC/104 technology bridged the successes of the past with the promises of future innovations. The ISA bus of the original IBM PC – as established by the IEEE P996 specification – is still fully supported today by PC/104 technology over two decades after it was created. When demand for a faster, higher-bandwidth bus emerged, the PC104 Consortium once again followed the desktop PC by adding a PCI bus to the ISA bus. Following on, PC/104Plus was introduced in February of 1997. By keeping the ISA bus and adding the PCI bus, this specification became an addition to the technology rather than a replacement of any existing technology. When desktop PCs stopped using the ISA bus, the PC104 Consortium was ready with PCI-104 technology. The concept of PCI with no ISA was introduced in the original PC/104-Plus specification and was subsequently formally recognized with its own specification in November 2003. Once again, the PC104 Consortium followed the desktop PC while keeping the legacy specifications intact. This growth pattern underscores the PC104 Consortium’s desire to support the legacy technology while developing new solutions for the future. Longevity is a requirement for embedded systems and remains one of the hallmarks of PC/104 technology. This aspect is proven time and again by the number of PC/104, PC/104-Plus, and PCI-104 products on the market today, as well as by the number of PC/104 sites on other form-factor boards. To learn more about PC104 Consortium organization and membership, please visit https://pc104.org/ or email the organization at info@pc104.org. AAEON Technology Inc. www.aaeon.com ADL Embedded Solutions www.adl-usa.com ADLINK Technology www.adlinktech.com Advanced Micro Peripherals www.ampltd.com Alpha Project Co. www.apnet.co.jp Apex Embedded Systems apexembeddedsystems.com Axiomtek www.axiomtek.com bplus GmBH www.b-plus.com/en.home.html Connect Tech www.connecttech.com Diamond Systems www.diamondsystems.com Douglas Electronics www.douglas.com Dynamic Engineering www.dyneng.com/pc104.html ept Inc. www.ept.de EVOC Intelligent Technology www.evoc.com Fastwel Corp. www.fastwel.com General Standards Corp. www.generalstandards.com Hivertec www.hivertec.com

iBASE www.ibase.com/tw MicroMax Computer Intelligence www.micromax.com MPL AG www.mpl.ch PEAK System Technik www.peak-system.com PC104 and Small Form Factors http://smallformfactors.mil-embedded.com RAF Electronic Hardware www.rafdwe.com RedWave Labs Ltd. www.redwavelabs.com RTD Embedded Technologies www.rtd.com Samtec www.samtec.com SBS Science & Technology www.sbs.cn Sealevel Systems www.sealevel.com Sundance Multiprocessor Technology www.sundance.com Tri M Technologies www.tri-m.com Umezawa Musen Denki http://www.umezawa.co.jp Unicorp www.unicorpinc.com Versa Logic www.versalogic.com WinSystems www.winsystems.com

Listings per PC104 Consortium as of 9/14/2020; subject to change

MILITARY EMBEDDED SYSTEMS

October 2020 37

Embedded Hardware

RTD Off-the-Shelf Mission Computer RTD’s standard HiDANplus® embedded computer system provides a robust Commercial-Off-the-Shelf (COTS) solution enabling rapid uptime for mission-critical applications. The system includes a rugged single board computer, power supply, mSATA card carrier, and room for an additional peripheral module. Without increasing the enclosure size, functional upgrades can include high-performance data acquisition, versatile networking options, or enhanced capabilities from a variety of special-purpose add-in modules. Additional configuration options include a removable SATA drawer. The milled aluminum enclosure with advanced heat sinking delivers passively-cooled performance from -40 to +85°C. Integrated tongue-and-groove architecture with EMI gaskets create a watertight solution with excellent environmental isolation. Keyed cylindrical connectors offer easy cable connections while maintaining the integrity of the environmental seal.

RTD Embedded Technologies, Inc.

FEATURES Ą -40 to +85°C standard operating temperature

Ą Designed for high ingress protection in harsh environments Ą Milled aluminum enclosure with integrated heat sinks and

heat fins

Ą Rugged Intel and AMD-based Single Board Computers Ą High-performance, synchronized power supply

Ą mSATA card carrier and optional 2.5" removable drive

Ą Designed to include an additional PCIe/104, PCI/104-Express

or PCI-104 peripheral module without increasing overall enclosure size

www.rtd.com 

www.rtdstacknet.com/iot

sales@rtd.com

 814-234-8087

Embedded Hardware

Managed Scalable GigE Switch The LAN35MH08HR is an 8-port 10/100/1000 Managed Ethernet switch. This switch module has a total of 10 ports. Eight ports are provided to I/O connectors, one port is available to the host CPU through a x1 PCI Express GigE controller, and one port is used as a stacking switch expansion port allowing full compatibility with RTD’s managed and unmanaged StackNET™ Ethernet switch family. Additionally, this allows the CPU to use the switch without the need for external cables. The LAN35MH08HR can also be used as an expandable, standalone 8-port Ethernet switch. The onboard CEServices Carrier Ethernet switching software provides a rich Layer 2 switching solution with Layer 3-aware packet processing. All of the industry-standard Managed Ethernet Switch features found in an enterprise rackmount switch are provided, such as VLANs, Spanning Tree, QoS, and SNMP. Additionally, the CEServices software provides features for carrier and timing-critical networks such as OAM, Synchronous Ethernet, and IEEE 1588. The switch may be configured via a web GUI interface, or a command-line console via USB, Telnet, or SSH. www.rtd.com

RTD Embedded Technologies, Inc. www.rtdstacknet.com

FEATURES Ą -40 to +85°C operation, passively cooled Ą PCIe/104 stackable bus structure Ą Eight 1000/100/10 Mbps Ethernet ports plus one host port and one

stacking switch expansion port

Ą Onboard tri-color LED for each Ethernet Port Ą RJ-45 jacks or 10-pin right-angle headers Ą Fully-managed Layer 2 Ethernet Switch with Layer 3-aware packet

processing • Support for all major Enterprise switching features such as VLANs, Spanning Tree, QoS, and SNMP • Manageable via web GUI interface, SSH, Telnet, and Serial Console • Industry-standard CLI interface Ą Onboard PCI Express Ethernet Controller for interface to host cpuModule Ą USB Device Port for Serial Console command-line interface Ą Passive heat sink included • Available in stackable, rugged enclosures



sales@rtd.com

 814-234-8087

Embedded Hardware Intel Atom E3800-based SBC RTD’s Intel Atom E3800-based single board computers are available in PCIe/104 and PCI/104-Epress. These CPUs are exceptionally suited for intelligent systems requiring low power consumption in harsh thermal conditions. Available in quad-core, dual-core, and single-core configurations. Stackable buses allow users to add peripheral modules above and below the CPU. TPM 2.0 support and ECC memory available. All models include 4GB surface-mount single-channel DDR3 SDRAM and a 32GB industrial-grade surface-mount SATA flash drive. Thermal-optimized passive heat sink included.

FEATURES Ą PCIe/104 and PCI/104-Express stackable bus structures Ą Available in modular, rugged enclosures and eBuild systems Ą Intel Atom E3800 Series Processor, Clock Speed: 1.33 GHz, 1.46 GHz, and

1.91 GHz options, Max. Core Temperature: 110°C

Ą 4GB Single-Channel DDR3 SDRAM with ECC (Surface-Mounted) Ą 32GB Surface-mounted industrial-grade SATA flash drive Ą 4 PCIe x1 Links, One SATA Port, 4 Serial Ports, 9 USB ports, Dual Gigabit

Ethernet, Analog VGA, Embedded DisplayPort (eDP) 1.3 with Audio, on-board advanced Digital I/O, TPM encryption Ą -40 to +85°C standard operating temperature www.rtd.com

RTD Embedded Technologies, Inc. www.rtd.com/atom



sales@rtd.com

 814-234-8087

Embedded Hardware Dual 10 Gbit/s Copper Ethernet RTD’s LAN24550 is a dual 10 Gbit/s Copper Ethernet Module utilizing Intel’s X550 10 GbE controller. The X550-AT2 Ethernet controller is a second-generation 10GBASE-T controller with integrated MAC and PHY. It provides backward compatibility with existing 1000BASE-T, simplifying the migration to 10 GbE, and provides iSCSI, FCoE, virtualization, and Flexible Port Partitioning (FPP). 10 Gigabit – using stacked switch configurations – can introduce an increased use of redundancy as Active-Active LACP port teaming. Multiple ports grouped into one logical link improves speed and availability.

FEATURES Ą PCIe/104 and PCI/104-Express stackable bus structures Ą Intel X550 10 Gigabit Ethernet Controller Ą 2 Independent 10 Gb/s Twisted Pair Ethernet Connections

with Integrated MAC and PHY

Ą RJ-45 connectors with integrated magnetics and

Link/Activity indicator LEDs

Ą 10/1 GbE data rate per port: support for vision systems,

network and server virtualization, and LAN and SAN flexibility Ą -20 to +70°C standard operating temperature

www.rtd.com

RTD Embedded Technologies, Inc. www.rtd.com

www.militaryembedded.com



sales@rtd.com

 814-234-8087

MILITARY EMBEDDED SYSTEMS

October 2020 39

Embedded Hardware Dual 10 Gbit/s Fiber Ethernet RTD’s LAN24710 is a dual 10Gbit/s Fiber Ethernet module utilizing Intel’s X710 GigE controller. Fiber connectivity is provided by standard SFP+ modules allowing the board to be used with various standards including 10GBASE-SR, 10GBASE-LR, and SFP+ Direct Attach Cable. The X710-BM2 Ethernet controller is ideal for emerging cloud network networking markets. X710 strengths include networking performance, energy efficiency and automation (including resource provisioning and monitoring and workload balancing) and sophisticated packet header parsing.

FEATURES Ą PCIe/104 and PCI/104-Express stackable bus structures Ą Intel X710 10 Gigabit Ethernet Controller Ą 2 Independent 10 Gb/s Fiber Ethernet Connections Ą SFP+ module sockets to support 10GBASE-SR,

10GBASE-LR SFP+, and Direct Attach Cable

Ą 10/1 GbE data rate per port: support for vision systems,

network and server virtualization, and LAN and SAN flexibility Ą -40 to +85°C standard operating temperature (Note: operating temperature may be limited by any installed SFP modules)

www.rtd.com

RTD Embedded Technologies, Inc. www.rtd.com



sales@rtd.com

 814-234-8087

OpenSystems Media Webcast Shorten Development Time of Edge AI Solutions Sponsored by Connect Tech The continuous battle when designing edge artificial intelligence (AI) and autonomous machines is balancing size, weight, power, and cost (SWaP-C) requirements. NVIDIA’s newest embedded platform opens possibilities for AI projects with unparalleled size vs. power capabilities. In this webcast, attendees will join Connect Tech and NVIDIA’s embedded experts to learn more about specific use cases and find out how to accelerate development and deployment of Edge AI applications. Also covered: understanding the NVIDIA Jetson platform of leading-edge system-on-modules. Speakers: Patrick Dietrich, CTO, Connect Tech Barrie Mullins, Director of Product Marketing, NVIDIA

Attend the webcast: https://bit.ly/3m83Whx Explore other OSM webcasts: https://militaryembedded.com/webcasts 40 October 2020

MILITARY EMBEDDED SYSTEMS

www.militaryembedded.com

NAVIGATE ...

THROUGH ALL PARTS OF THE DESIGN PROCESS

TECHNOLOGY, TRENDS, AND PRODUCTS DRIVING THE DESIGN PROCESS Military Embedded Systems focuses on embedded electronics – hardware and software – for military applications through technical coverage of all parts of the design process. The website, Resource Guide, e-mags, newsletters, podcasts, webcasts, and print editions provide insight on embedded tools and strategies including technology insertion, obsolescence management, standards adoption, and many other military-specific technical subjects. Coverage areas include the latest innovative products, technology, and market trends driving military embedded applications such as radar, electronic warfare, unmanned systems, cybersecurity, AI and machine learning, avionics, and more. Each issue is full of the information readers need to stay connected to the pulse of embedded technology in the military and aerospace industries. mil-embedded.com

GUEST BLOG

Timing is everything when mobilizing an Ethernet network By Ronen Isaac, MilSource ETHERNET EVERYWHERE BLOG. In this space we are going to discuss timing and synchronization of devices on an Ethernet network. Synchronization of packet cadence is necessary for time-sensitive applications to work like they’re supposed to.

the slaves use to correct their local clocks. Precise timestamps are captured at the master and slave clocks. These timestamps are then used to determine the network latency which is required to synchronize the slave to the master. A sync message is transmitted typically every two seconds from the master, and a delay request message from a slave is transmitted less frequently, approximately one request per minute.

Using open architecture and standardizing on Ethernet as a common communication platform while using IEEE-1588 standards will ensure calibrated communications between

Ethernet is considered (for the most part) a nondeterministic networking scheme, using “best effort” and requiring handshakes and confirmation. While this makes it inherently reliable, it also makes Ethernet natively unsuitable for time-sensitive applications – such as voice/video over IP, robotic (motion) control, industrial automation, etc. – that require real-time communication or time synchronization. The IEEE 1588 Precision Time Protocol (released in 2002 and updated in 2008) was developed specifically for applications operating over nondeterministic Ethernet networks. It operates at layer 2 (the data link layer) of the network and overcomes Ethernet latency and jitter issues through hardware time-stamping at layer 1 (the physical layer) of the network. Software time-stamping is now available, but not to the precision that hardware-based time-stamping enables. The Precision Time Protocol, as defined in the IEEE-1588 standard, provides a method to precisely synchronize compute devices over a local area network (LAN) or wide area network (WAN) using “clock synchronization.” However, if two clocks are set at the same rate, there is no guarantee that they will stay in synchronization. Therefore the synchronization process must be continuous. Clock synchronization on the LAN/WAN requires at least one master and one slave clock – multiple slaves can synchronize to a single master. The master clock provides synchronization messages that

42 October 2020

all devices on the network and provide Ethernet reliability with deterministic, real-time communications. Ethernet switches Ethernet switches are categorized as either standard Ethernet switches or IEEE-1588 enabled Ethernet switches. The IEEE 1588 protocol defines three kinds of clocks (or switches): 1. Ordinary: A device with a single network connection, either the source of (master) or destination for (slave) a synchronization reference. 2. Boundary: A device with multiple network connections that can accurately synchronize one network segment to another. A synchronization master is selected for each of the network segments in the system. The root timing reference is called the grandmaster. 3. Transparent: A multiport device that forwards precision time protocol messages, measuring the time taken for event messages to pass through the device, and accounts for this residence time by modifying the message, or by sending a separate follow-up message. A standard Ethernet switch temporarily stores packets before sending them out. The storing time of the packet is nondeterministic and network load-dependent, which results in packet delay variation. The packet delay variation is the primary reason for poor time synchronization on the network, even when there are master and slave devices on the network that support hardware timestamping. An IEEE-1588 enabled Ethernet switch is either a transparent device or a boundary device that improves synchronization between the master and slaves, thus ensuring that the master and slaves are not impacted by packet delay variation. As Ethernet becomes ubiquitous on mobile military platforms, advanced applications such as communication, video, and robotics will require this advanced timing and synchronization of networked devices. Using open architecture and standardizing on Ethernet as a common communication platform while using IEEE-1588 standards will ensure calibrated communications between all devices on the network and provide Ethernet reliability with deterministic, real-time communications. To read more Ethernet blogs from Ronen Isaac, visit the Military Embedded Systems website at https://militaryembedded.com/authors/ronenisaac.

MILITARY EMBEDDED SYSTEMS

www.militaryembedded.com

TECHNOLOGY MAKING YOUR HEAD SPIN? WE CAN HELP YOU MAKE SENSE OF IT ALL

Military Embedded Systems focuses on embedded electronics – hardware and software – for military applications through technical coverage of all parts of the design process. The website, Resource Guide, e-mags, newsletters, podcasts, webcasts, and print editions provide insight on embedded tools and strategies including technology insertion, obsolescence management, standards adoption, and many other military-specific technical subjects. Coverage areas include the latest innovative products, technology, and market trends driving military embedded applications such as radar, electronic warfare, unmanned systems, cybersecurity, AI and machine learning, avionics, and more. Each issue is full of the information readers need to stay connected to the pulse of embedded technology in the military and aerospace industries.

mil-embedded.com

EDITOR’S CHOICE PRODUCTS ABB’s latest additions to CC-series aim to enable precise power tuning ABB has expanded its line of CC-series conduction-cooled rectifiers with the addition of the CC2725AC34TZL, CC2725AC48TZL, and CC3500AC52TZL power supplies. The new rectifiers feature wide output voltage ranges intended to provide the precise power needed for various RF applications as well as the high power density and efficiency required in RF systems. ABB’s new CC2725AC48 rectifier features a new level of power density, in part due to its compact size and reduced weight. The rectifier is designed to meet the needs of smaller devices such as robotics or RF devices. All three of the digital CC-series rectifiers employ fanless thermal management techniques to better channel and manage heat and maintain optimally rated power levels – a frequent challenge in small, fully enclosed electrical devices. By placing power-conversion components near, or even in contact with, a metal casing, ABB materials state, excessive heat can be mitigated via conductive cooling. In addition, the rectifiers are designed to be adapted to integrate with an applications’ existing heat sink or chill plate, aiming to enable even higher power densities and efficiencies at a system level.

ABB | www.abb.com

N.A.T. introduces SDR product line The new N.A.T software-defined radio (SDR) portfolio ranges from an individual radio frequency (RF) card in the FMC form factor (NAT-FMC-SDR4) to turnkey, field-deployable 19-inch rackmounted systems (NAT-SDR-FLEX) with application software and sample projects. These SDR solutions are designed to streamline the development and deployment of applications, intended to improve time-to-market, and retain flexibility. Applications include wideband receivers for scanning and direction-finding, wideband transmitters used for jamming, and sensing techniques for cognitive radio, among others. The optional 5G (3GPP rel.15) package is designed to enable private wireless network applications such as wideband LTE/5G base station and radio units as well as narrowband cellular IOT (cIOT). The off-the-shelf N.A.T. turnkey systems, dubbed the NAT-SDR-FLEX, include the hardware and software needed to build these applications with scalability from 8 to 72 channels, or more using multiple systems. The N.A.T. SDR portfolio also features a modular AMC board, the NAT-AMC-ZYNQUP-SDR, that combines Analog Devices’ large bandwidth RF-transceivers (ADVR 9009) and Xilinx Zynq UltraScale+ FPGA [field-programmable gate array] with integrated quadcore Arm processor. This board can be configured with different RF front end and front panel I/O by choosing N.A.T.’s FMC boards with the required functions. The NAT-AMC-ZYNQUP-SDR can be integrated into any system hosting AMCs or advanced mezzanine cards, which are open standards-based modules.

N.A.T. | www.nateurope.com

BittWare releases RFSoC-based acquisition card for wireless application performance The RFX-8440 data acquisition card featuring the Zynq UltraScale+ RFSoC (Radio Frequency System-on-Chip), from Xilinx, Inc. is available from BittWare. This PCIe card is designed to leverage the capabilities of the Gen 3 version of the Xilinx RFSoC to address the entire sub-6 gigahertz (GHz) spectrum, which is a critical need for applications such as 5G, LTE wireless, phased-array radar, and satellite communications. BittWare’s analog front end features variable gain in/out down to -80 dBm (input) and is optimized for L Band with other analog configurations available. The four analog-to-digital and digital-to-analog converters are 14-bit, handling 5 Gsamples/sec on the input and 10 Gsamples/sec on the output. The build-in variable gain shows ranges of -80 to 0 dBm on the input and -40 to 0 dBm on the output. Bittware officials say that using the latest Gen 3 RFSoC (up to 6 GHz), customers are provided with a mix of processing solutions, including FPGA and dual Arm processors. The design is intended to allow the designer to do more in the digital domain by bringing together multichannel data conversion and processing in a single chip.

BittWare | www.bittware.com

44 October 2020

MILITARY EMBEDDED SYSTEMS

www.militaryembedded.com

EDITOR’S CHOICE PRODUCTS Class AB high-power amplifiers feature optional heatsinks Fairview Microwave – a maker of on-demand RF, microwave, and millimeter wave components – has released a new series of Class AB broadband high-power amplifier modules that incorporate GaN [gallium nitride], LDMOS [laterally-diffused metaloxide semiconductor], or VDMOS [vertically-diffused metal-oxide semiconductor] semiconductor technology. According to the company, Fairview’s new line of class AB broadband high-power amplifiers consists of 18 new models spanning frequency bands from 20 MHz to 18 GHz. These designs are intended to be stable and operate in a 50 ohm environment, offering power gain of as much as 53 dB and saturated output power levels from 10 watts to 200 watts. This line includes two new heat sink modules with DC-controlled cooling fans specifically designed for the 18 new models designed to ensure optimum baseplate temperature for reliable performance. These compact, coaxial packages use N-Type or SMA connectors and have integrated D-Sub control connectors for DC bias, enabled with TTL logic control and temperature and current-sense functions. The assemblies are to be used in rugged or extreme-environment military applications; they are rated to withstand relative humidity exposure up to 95% maximum and operate over a temperature range from -20 °C to +60 °C.

Fairview Microwave | www.fairviewmicrowave.com

OpenIMU ROS driver aimed at developing autonomous navigation systems ACEINNA, a developer of inertial-based guidance and navigation systems for autonomous vehicles and devices, offers what it calls the ACEINNA OpenIMU ROS Driver, aimed at use by developers of robots and autonomous applications. The new ROS [Robotic Operating System] Driver currently works with ACEINNA’s OpenIMU family, which includes the OpenIMU300ZI, OpenIMU300RI, and OpenIMU330BI. Each sensor is built with its own hardware features, intended to give the user options for their application. ACEINNA’s IMUs are designed to optimize size, weight, and power (SWaP) and integrate a triple-redundant architecture. The new driver – available on the Sensors Page at ROS.org and GitHub – is intended to enable robotic application developers to integrate accurate IMUs into their navigation guidance systems. The new tool is a set of software libraries intended to help developers create robotics applications. ACEINNA, which calls the tool a software development kit (SDK), says that it will enable users to get their robotics projects up and running more quickly and efficiently than starting from scratch.

ACEINNA | www.aceinna.com

Pasternack introduces new line of miniature SMT noise sources Pasternack offers a series of miniature surface-mount technology (SMT) packaged noise sources that are intended to be used for built-in test equipment, generating dithering for increased dynamic range of A/D converters, and as a source for bit-error-rate testing. Applications include military and commercial radar, communication systems, microwave radio, test and measurement, base station infrastructure, and telecom data links. These noise sources include nine models with industry-standard surface-mount gullwing pin and dual-in-line pin (DIP) surface-mount packaging options. They are designed to cover frequency ranges from 0.2 MHz to 3 GHz and provide a source of additive white gaussian noise (AWGN) with a crest factor of 5:1. The SMT gullwing pin models in this line feature high-output ENR [excess noise ratio] levels ranging from 31 dB to 51 dB. The DIP models operate at a noise output power level of -5dBm. The ruggedized 50 ohm designs require DC voltage levels of +12 Vdc or +15 Vdc to run and are intended to operate over a wide temperature range of -55 °C to +125 °C.

Pasternack | www.pasternack.com

www.militaryembedded.com

MILITARY EMBEDDED SYSTEMS

October 2020 45

www.militaryembedded.com

CONNECTING WITH MIL EMBEDDED

By Editorial Staff

GIVING BACK | PODCAST | WHITE PAPER | BLOG | VIDEO | SOCIAL MEDIA | WEBCAST GIVING BACK

Operation Care and Comfort Each issue, the editorial staff of Military Embedded Systems will highlight a different charitable organization that benefits the military, veterans, and their families. We are honored to cover the technology that protects those who protect us every day. To back that up, our parent company – OpenSystems Media – will make a donation to every group we showcase on this page. This issue we are highlighting Operation Care and Comfort (OCC), an all-volunteer 501(c)(3) nonprofit organization that brings people together to donate their time, talents, and funds to honor and help both active-duty military and those who have served in the past. According to information from the organization, it was established in April 2003 when the three cofounders decided to combine their efforts to send packages to military troops stationed in combat zones overseas. While OCC’s initial focus was providing monthly care packages for troops deployed to Afghanistan and Iraq, the organization now provides support and comfort to dozens of “adopted” units of deployed U.S. military service members serving in Iraq, Afghanistan, and other conflict regions. Working with donations received from helpers from across the U.S., OCC volunteers assemble and mail care packages to these adopted units until they return home. The organization says that it currently sends supplies to dozens of overseas units and ships on a monthly basis, working from large quarterly volunteering events, with smaller events in between. OCC statistics state that the group has packed and mailed over a million pounds worth of care packages to active-duty troops. Other programs sponsored by OCC include Tickets for Troops, which distributes donated tickets to sporting events to eligible veterans; and Adopt A Military Family, in which individuals, organizations, and companies anonymously “adopt” a military family to donate to and support throughout the year. For additional information on Operation Care and Comfort, please visit https://www.occ-usa.org/.

WHITE PAPER

WEBCAST

Driving the Heat out of Embedded Military Systems: Reducing Thermals

Adaptive Innovation

Sponsored by ACT, LCR Embedded Systems, and nVent Schroff

For many businesses and organizations, commercial off-the-shelf (COTS) hardware can meet most product needs and objectives. However, markets and projects that require systems to withstand extremely hostile conditions – including extremes of temperature, shock, and dust – may find disappointing results when using conventional OEM technologies. While it is true that COTS equipment addresses the majority of needs, deeper customization will often help customers overcome unique build challenges. Modified COTS (MCOTS) is often the favored approach for customers in the military, aerospace, and railway industries, as it offers sizable cost savings while drastically reducing time to market.

Radar, electronic warfare (EW), and ISR [intelligence, surveillance, and reconnaissance] systems all depend heavily on superior signal-processing solutions that often leverage commercial processors, graphics processors, FPGAs [fieldprogrammable gate arrays], and the like. While these devices provide unprecedented performance, they also can create headaches for military embedded systems designers when it comes to keeping the systems cool enough for intensive military-processing applications. Reducing component temperatures in these systems is critical in military applications that are experiencing ever-shrinking size, weight, and power (SWaP) requirements.

By ADLINK

In this webcast, join our industry experts who will discuss the thermal challenges in modern military electronics applications and detail the cooling strategies to solve them.

In this white paper, readers will review MCOTS use cases, read about the benefits of modifying off-the-shelf parts, and learn how enlisting an original design manufacturer can offer customers dedicated research and development, skilled onboarding, and committed life cycle support.

Watch this webcast: https://bit.ly/32Y4e2I

Read the white paper: https://bit.ly/2HrKOex

Watch more webcasts: https://militaryembedded.com/webcasts

Read more white papers: https://militaryembedded.com/whitepapers

46 October 2020

MILITARY EMBEDDED SYSTEMS

www.militaryembedded.com

Power for your world. Simplify your designs by leveraging ADI’s highly integrated power solutions.

Integrated Solutions

Local Design Support

Easy to Use Tools

Find your competitive advantage at analog.com/power

The Big Thing in

RFSoC is Here. (And it’s only 2.5 inches wide!)

Small

Powerful Deployable

Pentek’s Model 6001 FPGA board lets you quickly develop and deploy RFSoC technology, while optimizing your system for SWaP. Mounted on your custom carrier or Pentek’s proven 3U VPX carrier, the new QuartzXM® comes pre-loaded with a full suite of IP modules, robust software, and fully integrated hardware — all geared to shorten time to market and reduce design risk. And at only 4"x2.5", it can be deployed in extremely compact environments, including aircraft pods, unmanned vehicles, mast-mounted radars and more. • QuartzXM eXpress Module speeds migration to custom form factors • Powerful Zynq® Ultrascale+™ RFSoC with built-in wideband A/Ds, D/As & ARM processors • Dual 100 GigE interfaces for extreme system connectivity • Robust Factory-Installed IP for waveform generation, real-time data acquisition and more • Board Resources include PCIe Gen.3 x8 and 16 GB DDR4 SDRAM • Navigator® Design Suite BSP and FPGA design kit for seamless integration with Xilinx Vivado®

Unleash the Power of the RFSoC. Download the FREE White Paper! www.pentek.com/go/mesrfsoc

All this plus FREE lifetime applications support! ™

Pentek, Inc., One Park Way, Upper Saddle River, NJ 07458 Phone: 201-818-5900 • Fax: 201-818-5904 • email: info@pentek.com • www.pentek.com Worldwide Distribution & Support, Copyright © 2019 Pentek, Inc. Pentek, Quartz, QuartzXM and Navigator are trademarks of Pentek, Inc. Other trademarks are properties of their respective owners.