Canada's exclusion from the AUKUS security pact reveals a failing national defence policy

On the same subject

• 

  August 5, 2019 | Local, Security

  Hacker Community to Take on DARPA Hardware Defenses at DEF CON 2019

  This month, DARPA will bring a demonstration version of a secure voting ballot box equipped with hardware defenses in development on the System Security Integrated Through Hardware and Firmware (SSITH) program to the DEF CON 2019 Voting Machine Hacking Village (Voting Village). The SSITH program is developing methodologies and design tools that enable the use of hardware advances to protect systems against software exploitation of hardware vulnerabilities. To evaluate progress on the program, DARPA is incorporating the secure processors researchers are developing into a secure voting ballot box and turning the system loose for public assessment by thousands of hackers and DEF CON community members. Many of today's hardware defenses cover very specific instances or vulnerabilities, leaving much open to attack or compromise. Instead of tackling individual instances, SSITH researchers are building defenses that address classes of vulnerabilities. In particular, SSITH is tackling seven vulnerabilities classes identified by the NIST Common Weakness Enumeration Specification (CWE), which span exploitation of permissions and privilege in the system architectures, memory errors, information leakage, and code injection. “There are a whole set of cyber vulnerabilities that happen in electronic systems that are at their core due to hardware vulnerabilities – or vulnerabilities that hardware could block,” said Dr. Linton Salmon, the program manager leading SSITH. “Current efforts to provide electronic security largely rely on robust software development and integration, utilizing an endless cycle of developing and deploying patches to the software firewall without addressing the underlying hardware vulnerability. The basic concept around SSITH is to make hardware a more significant participant in cybersecurity, rather than relegating system security only to software.” Under the SSITH program, researchers are exploring a number of different design approaches that go well beyond patching. These include using metadata tagging to detect unauthorized system access; employing formal methods to reason about integrated circuit systems and guarantee the accuracy of security characteristics; and combining hardware performance counters (HPCs) with machine learning to detect attacks and establish protective fences within the hardware. One team from the University of Michigan is developing a novel security approach that changes the unspecified semantics of a system every 50 milliseconds. Currently, attackers continuously probe a system to locate these undefined sections and, over time, are able to create a system map to identify possible hacks. By changing the construct every 50 milliseconds, attackers do not have enough time to find those weaknesses or develop an accurate representation of the system as a whole. To evaluate the hardware security concepts in development on the SSITH program, DARPA – working with Galois – is pursuing a voting system evaluation effort to provide a demonstration system that facilitates open challenges. The program elected to use a voting system as its demonstration platform to provide researchers with an accessible application that can be evaluated in an open forum. Further, the topic of election system security has become an increasingly critical area of concern for the hacker and security community, as well as the United States more broadly. “DARPA focuses on creating technologies to enhance national defense, and election system security falls within that remit. Eroding trust in the election process is a threat to the very fabric of our democracy,” noted Salmon. While protecting democracy is a critical national defense issue, SSITH is not trying to solve all issues with election system security nor is it working to provide a specific solution to use during elections. “We expect the voting booth demonstrator to provide tools, concepts, and ideas that the election enterprise can use to increase security, however, our true aim is to improve security for all electronic systems. This includes election equipment, but also defense systems, commercial devices, and beyond,” said Salmon. During DEF CON 2019, the SSITH voting system demonstrator will consist of a set of RISC-V processors that the research teams will modify to include their SSITH security features. These processors will be mounted on field programmable gate arrays (FPGAs) and incorporated into a secure ballot box. Hackers will have access to the system via an Ethernet port as well as a USB port, through which they can load software or other attacks to challenge the SSITH hardware. Since SSITH's research is still in the early stages, only two prototype versions of the 15 processors in development will be available for evaluation. “At this year's Voting Village, hackers may find issues with the processors and quite frankly we would consider that a success. We want to be transparent about the technologies we are creating and find any problems in these venues before the technology is placed in another venue where a compromise could be more dangerous,” said Salmon. Following DEF CON 2019, the voting system evaluation effort will go on a university roadshow where additional cybersecurity experts will have an opportunity to further analyze and hack the technology. In 2020, DARPA plans to return to DEF CON with an entire voting system, which will incorporate fixes to the issues discovered during the previous year's evaluation efforts. The 2020 demonstrator will use the STAR-Vote system architecture, which is a documented, open source architecture that includes a system of microprocessors for the voting booth, ballot box, and other components. It also includes a verifiable paper ballot, providing both digital and physical representations of the votes cast within the booth. “While the 2020 demonstrator will provide a better representation of the full attack surface, the exercise will not result in a deployable voting system. To aid in the advancement of secure election equipment as well as electronic systems more broadly, the hardware design approaches and techniques developed during the SSITH program will be made available to the community as open-source items,” concluded Salmon. https://www.darpa.mil/news-events/2019-08-01

• 

  November 1, 2018 | Local, Aerospace

  CDR: Team Artemis

  http://viewer.zmags.com/publication/46cfb3a8#/46cfb3a8/18

• 

  August 12, 2024 | Local, Aerospace

  Construction begins on new NORAD Quick Reaction Alert facility at Canadian Forces Base Bagotville

  News release August 12, 2024 – Bagotville, Quebec – National Defence / Canadian Armed Forces Today, Marie-France Lalonde, Parliamentary Secretary to the Minister of National Defence, on behalf of the Honourable Bill Blair, Minister of National Defence, announced the beginning of construction on a new Quick Reaction Alert (QRA) facility at Canadian Forces Base (CFB) Bagotville.  This facility will enable Canadian Armed Forces (CAF) members to posture and deploy Canada’s incoming fleet of CF-35A fighter jets in a flight-ready state in support of North American Aerospace Defense Command (NORAD) operations. The new 7,400 m2 QRA facility at CFB Bagotville will include aircraft hangar bays, office space and sleeping quarters for personnel, and a 17,000 m2 secure fenced compound surrounding the facility. Once completed, it will help CAF personnel support Canada and the NORAD mission and quickly respond to any threats in North American airspace.   Construction is estimated at approximately $120 million and will sustain more than 600 jobs in the region. The facility is expected to be completed in 2027. The design and construction contract has been awarded to Pomerleau Inc of Lévis, QC.  This investment is part of Canada’s $38.6 billion NORAD Modernization Plan, announced by the Government of Canada in June 2022. This represents the most significant upgrade to Canada's NORAD capabilities in almost four decades. In particular, the QRA facility is part of the NORAD Modernization Plan’s Defence of Canada Infrastructure Project (DCFI), which commits funding to upgrade fighter infrastructure and NORAD QRA capabilities at bases across Canada to operationalize and employ the CF-35A for continental defence. This project will provide Canadian Armed Forces personnel with the infrastructure they need to support the NORAD mission, including Operation NOBLE EAGLE, which deters, detects, and defeats potential threats to U.S. and Canadian airspace 24 hours a day, 7 days a week, 365 days a year. Quotes “This investment in Bagotville will enable our personnel at the base to plan, posture, and deploy our new fleet of CF-35A fighters rapidly and effectively. Today’s milestone is a clear sign of Canada’s commitment to modernizing our NORAD infrastructure and capabilities in support of the continental defence mission. In close collaboration with our American allies, our government will continue to make the necessary investments to protect North America as our continent faces new security challenges.” The Honourable Bill Blair, Minister of National Defence “For decades, NORAD has ensured the defence of North American aerospace. Today, we are reaffirming our commitment to this unique binational command, and investing in new infrastructure so that Canadian Armed Forces members can effectively deploy fifth-generation fighter jets in support of NORAD’s mission. Our government will continue to invest in new military infrastructure that supports the combat power of the Canadian Armed Forces.” Marie-France Lalonde, Parliamentary Secretary to the Minister of National Defence  Quick facts NORAD ensures U.S. and Canadian aerospace control, to include air defense operations, through a network of alert fighters, tankers, airborne early warning aircraft, rotary wing air interceptors, and ground-based air defense assets cued by interagency and defense radars. By using this network of sensors, NORAD detects airborne objects approaching North America and conducts its air defense mission by tracking, identifying, and taking appropriate actions. Appropriate actions may include, but are not limited to, monitoring a track, scrambling fighters to intercept and identify an approaching aircraft, and/or escorting an aircraft through an Air Defense Identification Zone (ADIZ) or a Temporary Flight Restriction Area. In June 2022, the Minister of National Defence announced funding for Canada's continental defence capabilities, including to modernize the North American Aerospace Defence Command (NORAD). This represents the most significant upgrade to Canada's NORAD capabilities in almost four decades. NORAD modernization will ensure that the CAF can sustain a strong military presence across the country, including in Canada’s North, through investments in infrastructure and support capabilities. The two main operating bases for Canada’s fighter aircraft are 4 Wing Cold Lake and 3 Wing Bagotville. As announced in January 2023, Canada is acquiring a new fleet of 88 F-35 aircraft, which will be known as the CF-35A by the Royal Canadian Air Force. 36 of the 88 incoming CF-35As will be stationed at 3 Wing Bagotville, and the remaining (52) will be stationed at 4 Wing Cold Lake. CFB Bagotville opened in 1951 as a training base for the squadrons serving with the Canadian Division in Europe to support the air defence operations of the newly formed Canadian and American forces (which became NORAD in 1958). Following the September 11, 2001, attacks, NORAD established Operation NOBLE EAGLE. Operation NOBLE EAGLE is the name given to all North American Aerospace Defense Command (NORAD) aerospace warning, control, and defense missions in North America. Through Operation NOBLE EAGLE, NORAD deters, detects, and defeats potential threats to U.S. and Canadian airspace 24/7/365. CAF personnel at 3 Wing Bagotville continue to play a critical NORAD role in helping monitor and respond to potential threats.  A modified design-build approach is being used for this project. This means that the project’s design and construction have both been awarded to one successful bidder under one single contract, as opposed to the traditional method, which contracts separately for design and construction. The facility will be constructed to LEED Silver standards and will use energy efficient options wherever possible. By modernizing and greening our defence infrastructure, we are supporting the needs of a modern military, while reducing our greenhouse gas emissions and saving on energy costs.  Through our updated Defence Policy—Our North, Strong and Free—Canada is building on its 2022 NORAD Modernization Plan, with a slate of new equipment and infrastructure that will strengthen our capabilities to defend Canada and North America, such as modernized infrastructure and a new fleet of airborne early warning aircraft. Canada’s efforts to bolster domestic and continental defence, including by modernizing NORAD, are also contributions to strengthening NATO’s Western Flank, and will ensure North America remains a safe base from which we can deploy forces in support of Allies and partners.