July 24, 2018 | International, C4ISR
By: Mark Pomerleau
In his first public comments since assuming the head of U.S. Cyber Command, Gen. Paul Nakasone said the Department of Defense is taking a more aggressive approach to protect the nation's data and networks and aims to stay ahead of malicious cyber and information-related activity.
The command's new vision, called “Achieve and Maintain Cyberspace Superiority," published in April, describes the notion of “continuous engagement” and “defending forward” to understand adversary weaknesses and impose “tactical friction and strategic costs.”
“Through persistent action and competing more effectively below the level of armed conflict, we can influence the calculations of our adversaries, deter aggression, and clarify the distinction between acceptable and unacceptable behavior in cyberspace,” the document reads.
Nakasone speaking July 21 at the Aspen Security Forum, said adversaries have long worked below the threshold of war to steal intellectual property, personally identifiable information and undermine societal discourse. While individually, these activities don't appear sensational, taken in aggregate, Nakasone said, they have grave national economic and security implications.
Many academics have criticized the U.S. response to Russian election interference and noted that the United States tends to view conflicts through the binary lens of war or peace while competitors such as Russia see themselves constantly engaged in a state of war.
From the U.S. perspective, many cyber acts are considered beneath the threshold of war, denoting a lesser response. But Nakasone said the philosophy of continuous engagement is more in line with the new National Defense Strategy, one that suggests the return of great power competition with nations such as Russia and China.
In practice, Nakasone articulated a more aggressive approach, one that involves entering an adversary's network to learn what they are doing as a means of improving defenses.
The philosophy is “this idea that we want to have our forces to be able to enable our defensive capabilities and to act forward,” Nakasone said. “Act outside of the boundaries of the United States to understand what our adversaries are doing and be able to engage those adversaries and obviously [be] able to better protect our networks, our data and our weapon systems.
Such action, penetrating a network or sovereign territory, has not typically been an action a military organization has taken outside an engaged hostility with an organization or nation vice a covert action finding.
Nakasone's predecessor told Congress that the command was mulling over cyber operations in nations where the United States is not actively involved in a conflict.
Then Adm. Michael Rogers, explained he is comfortable with his authorities to use offensive cyber tactics in Iraq, Syria and Afghanistan, however, he added that they need more speed and agility in employing these capabilities “outside the designated areas of hostility.”
May 20, 2022 | International, Aerospace, Security
Pushing back initial operational capability of the CC-295 will disrupt SAR pilots and maintenance technicians preparing to transition to the new aircraft.
December 17, 2020 | International, C4ISR
Mark Pomerleau WASHINGTON — The Department of Defense must bolster its resilience in mission platforms in order to stay ahead of threats, a new think tank report says. With the military's shift toward great power competition, or conflict against nation states, its systems and platforms will be under greater stress than technological inferior adversaries battled during the counterterrorism fight of the last decade-plus. Systems and networks are expected to be contested, disrupted and even destroyed, meaning officials need to build redundancy and resilience in from the start to work through such challenges. In fact, top defense officials have been warning for several years that they are engaged in conflict that is taking place below the threshold of armed conflict in which adversaries are probing networks and systems daily for espionage or disruptive purposes. “Resilience is a key challenge for combat mission systems in the defense community as a result of accumulating technical debt, outdated procurement frameworks, and a recurring failure to prioritize learning over compliance. The result is brittle technology systems and organizations strained to the point of compromising basic mission functions in the face of changing technology and evolving threats,” said a new report out today by the Atlantic Council titled “How Do You Fix a Flying Computer? Seeking Resilience in Software-Intensive Mission Systems.” “Mission resilience must be a priority area of work for the defense community. Resilience offers a critical pathway to sustain the long-term utility of software-intensive mission systems, while avoiding organizational brittleness in technology use and resulting national security risks. The United States and its allies face an unprecedented defense landscape in the 2020s and beyond.” This resilience, is built upon three pillars, the authors write: robustness, which is the ability of a system to negate the impact of disruption; responsiveness, which is the ability of a system to provide feedback and incorporate changes on a disruption, and; adaptability, which is the ability to a system to change itself to continue operating despite a disruption. Systems, the report notes, are more than just the sum of its parts — hardware and software — but rather are much broader to include people, organizational processes and technologies. To date, DoD has struggled to manage complexity and develop robust and reliable mission systems, even in a relatively benign environment, the report bluntly asserts, citing problems with the F-35′s Autonomic Logistics Information System (ALIS) as one key example. “A conflict or more contested environment would only exacerbate these issues. The F-35 is not alone in a generation of combat systems so dependent on IT and software that failures in code are as critical as a malfunctioning munition or faulty engine — other examples include Navy ships and military satellites,” the authors write. “To ensure mission systems like the F-35 remain available, capable, and lethal in conflicts to come demands the United States and its allies prioritize the resilience of these systems. Not merely security against compromise, mission resilience is the ability of a mission system to prevent, respond to, and adapt to both anticipated and unanticipated disruptions, to optimize efficacy under uncertainty, and to maximize value over the long term. Adaptability is measured by the capacity to change — not only to modify lines of software code, but to overturn and replace the entire organization and the processes by which it performs the mission, if necessary. Any aspect that an organization cannot or will not change may turn out to be the weakest link, or at least a highly reliable target for an adversary.” The report offers four principles that defense organizations can undertake to me more resilient in future conflicts against sophisticated adversaries: Embrace failure: DoD must be more willing to take risks and embrace failure to stay ahead of the curve. Organizations can adopt concepts such as chaos engineering, experimenting on a system to build confidence in its ability to withstand turbulent conditions in production, and planning for loss of confidentiality in compromised systems. Improve speed: DoD must be faster at adapting and developing, which includes improving its antiquated acquisition policies and adopt agile methodologies of continuous integration and delivery. Of note, DoD has created a software acquisition pathway and is implementing agile methodologies of continuous integration and delivery, though on small scales. Always be learning: Defense organizations operate in a highly contested cyber environment, the report notes, and as the department grows more complex, how it learns and adapts to rapidly evolving threats grows in importance. Thus, it must embrace experimentation and continuous learning at all levels of systems as a tool to drive improvement. Manage trade-offs and complexity: DoD should improve mission system programs' understanding of the trade-offs between near-term functionality and long-term complexity to include their impact on systems' resilience. https://www.c4isrnet.com/cyber/2020/12/14/how-dod-can-improve-its-technology-resilience/
May 4, 2021 | International, Aerospace
The US government has approved the sale to India of further Boeing P-8I Neptune maritime multimission aircraft (MMA). Subject to Congressional approval for its latest request, the Indian Navy will field 18 P-8I Neptune MMAs under its current...