Russia's New Fighter And Other Scenes From The MAKS Air Show | Aviation Week Network

On the same subject

• 

  January 10, 2020 | International, C4ISR, Security

  How tensions with Iran could test a new cyber strategy

  Mark Pomerleau In 2018, the Department of Defense began following a new philosophy for cyber operations to better protect U.S. networks and infrastructure. Known as “defend forward,” the approach allows U.S. cyber forces to be active in foreign network outside the United States to either act against adversaries or warn allies of impending cyber activity that they've observed on foreign networks. After the U.S. military killed an Iranian general in a Jan. 2 drone strike and after national security experts said they expect Iran might take some retaliatory action through cyber operations, the specter of increased cyber attacks against U.S. networks puts Cyber Command and its new approach front and center. “This Iran situation today is a big test of the ‘defend forward' approach of this administration,” James Miller, senior fellow at Johns Hopkins Applied Physics Laboratory and former undersecretary of defense for policy, said at a Jan. 7 event hosted by the Council on Foreign Relations. “Will [Cyber Command] take preventative action? Will they do it in a way that our allies and partners support and that can be explained to the public?” While Iran fired several missiles Jan. 7 at a base in Iraq where U.S. troops lived as an initial response to the drone strike, many national security experts expect Iran could continue cyber actions as further retaliation for the strike. Iran could also ratchet up its cyber operations in the United States following the collapse of portions of the 2015 nuclear deal between the United States, Iran and five other nations to curb Iran's nuclear weapons capability in return for sanctions relief. Over the past 12 months, the White House and Congress streamlined many of the authorities used to conduct cyber operations to help cyber forces to get ahead of threats in networks around the world. One such provision in last year's annual defense policy bill provides the Pentagon with the authority to act in foreign networks if Iran, among other named nations, is conducting active, systematic and ongoing campaigns of attacks against the U.S. government or people. Cyber Command declined to comment on what, if anything, they were doing differently since the drone strike. Some experts, however, have expressed caution when assessing how well this defend forward approach has worked thus far given it is still relatively new. “The jury is very much still out here,” Ben Buchanan, assistant professor and senor faculty fellow at Georgetown University, said at the same event. “We don't have a lot of data, there's been a lot of hand-wringing ... about these authorities and about how Cyber Command may or may not be using them. I just don't think we've seen enough to judge whether or not ... [it is] meaningfully changing adversary behavior.” Others have also expressed reservations about how effective Iran can even be in cyberspace toward U.S. networks. “Iran is a capable cyber actor, Iran is a wiling cyber actor. That means Iran will conduct cyberattacks,” said Jacquelyn Schneider, Hoover fellow at the Hoover Institution at Stanford University. “It's not like they have this capability and they've been deterred in the past and maybe now they're going to turn it on. I think they've been trying this entire time.” Complicating matters further could be other actors trying to take advantage of U.S.-Iran imbroglio for their own interests. Priscilla Moriuchi, senior principal researcher and head of nation-state research at threat intelligence firm Recorded Future, said over the past several months, there have been reports of Russian state-affiliated actors hijacking Iranian cyber infrastructure to conduct operations masquerading as Iranians. “That creates its own uncertainty,” she said at the same event. “Another level of potential what we call inadvertent escalation if a country perceives that they are attacked by Iran but in reality, it” wasn't. https://www.fifthdomain.com/dod/2020/01/09/how-tensions-with-iran-could-test-a-new-cyber-strategy/

• 

  December 19, 2018 | International, C4ISR

  DoD IG: Military networks are exposed to ‘unnecessary’ cyber risks

  By: Mark Pomerleau The military services are exposing networks to “unnecessary cybersecurity risks” thanks in part to a lack of visibility over software application inventories, according to a Department of Defense Inspector General report. The IG investigated whether DoD components rationalized their software applications by identifying and eliminating any duplicative or obsolete applications. Rationalizing software applications seeks to improve enterprise IT by identifying all software applications on the network; determining if existing applications are needed, duplicative or obsolete; and determining if applications already existing within the network prior to purchasing new ones. The audit — which focused on Marine Corps, Navy and Air Force commands and divisions — found that the groups examined did not consistently perform this rationalization process. By not having visibility into software application inventories, these organizations were unable to identify the extent of existing vulnerabilities within their applications, the report found. Moreover, such a process could lead to cost savings associated with eliminating duplicative and obsolete applications. Fleet Forces Command was the only command the IG reviewed that had a process in place for eliminating duplicative or obsolete applications. The Air Force did not have a process in place to prevent duplication when purchasing new applications. The report placed blame on the DoD chief information officer for not implementing a solution for software rationalization in response to Federal Information Technology Acquisition Reform Act requirements. The IG made three recommendations for the CIO, who did not provide a response to draft recommendations: Develop an enterprisewide process for conduction software application rationalization throughout DoD; Establish guidance requiring DoD components to conduct rationalization and require DoD component CIOs to develop implementation guidance outlining responsibilities for rationalization. Such a policy should also require components on at least an annual basis to validate the accuracy of their owned and in use software applications inventory; and Conduct periodic review to ensure components are regularly validating the accuracy of their inventory and they are eliminating duplicative and obsolete applications. https://www.fifthdomain.com/dod/2018/12/18/dod-ig-military-networks-are-exposed-to-unnecessary-cyber-risks

• 

  August 20, 2018 | International, Naval

  UK restarts frigate competition - but will anyone take part?

  By: Andrew Chuter LONDON - Britain's Ministry of Defence is restarting its contest to build five general purpose frigates for the Royal Navy after it terminated the original competition due to insufficient interest from industry. The Defence Equipment & Support organisation, the MoD's procurement arm, has issued a “prior information notice” informing potential bidders it is moving forward with the Type 31e program, and plans a short period of market engagement with companies or consortia that have expressed interest starting on Aug 20. “We have relaunched discussions with industry for our new Type 31e fleet, and this week issued a Prior Information Notice to ensure we do not lose any momentum. We remain committed to a cutting-edge Royal Navy fleet of at least 19 frigates and destroyers, and the first batch of five new Type 31e ships will bolster our modern Navy,” said an MoD spokesperson. “The purpose of the market engagement is for the Authority [DE&S] to share key elements of the new procurement, including technical and commercial elements. The Authority intends to use the feedback from the market engagement to inform the further shaping of its requirements and commercial construct,” said the DE&S in its announcement it was relaunching the competition. DE&S said suppliers should “only respond if they are in a position to undertake the full Type 31e programme, meeting its full requirement including a £1.25billion cost and building the Type 31e in a UK shipyard.” The Type 31e is a key part of the government's 2017 national shipbuilding strategy which in part seeks to open up the sector to local competition, rather than contract via a non-competitive single source contract with U.K. giant BAE Systems, the world's third largest defense company according to the Defense News Top 100 list. The fast track schedule for the Type 31e calls for the initial vessel to be in service by 2023, replacing the first of 13 Type 23 class frigates due to be retired by the Royal Navy in the period up to the middle of the 2030's. The final Type 31e -- the e stands for export -- is due to be delivered in 2028. Eight of the Type 23's will be replaced by anti-submarine warfare Type 26's. The remainder of the Type 23's will be replaced by the Type 31e. DE&S and industry are up against a time crunch on getting the first Type 31e into service, one which some executives here see as daunting, if not unachieveable, thanks to the need to restart the competition. But despite the delay in getting to the competitive design phase contract announcements, DE&S says it remains committed to the 2023 service date. “A new streamlined procedure will present an opportunity to save time in the overall program. We will release more information about our plans when we have completed the market engagement - which we plan to start from Aug 20,” said a second MoD spokesperson. Full Article: https://www.defensenews.com/naval/2018/08/17/uk-restarts-frigate-competition-but-will-anyone-take-part/