September 30, 2020 | International, C4ISR, Security
Drew Schnabel
The U.S. Department of Defense is set to adopt an initial zero-trust architecture by the end of the calendar year, transitioning from a network-centric to a data-centric modern security model.
Zero trust means an organization does not inherently trust any user. Trust must be continually assessed and granted in a granular fashion. This allows defense agencies to create policies that provide secure access for users connecting from any device, in any location.
“This paradigm shift from a network-centric to a data-centric security model will affect every arena of our cyber domain, focusing first on how to protect our data and critical resources and then secondarily on our networks,” Vice Adm. Nancy Norton, director of the Defense Information Systems Agency and commander of the Joint Force Headquarters-Department of Defense Information Network, said at a virtual conference in July.
How does the Pentagon's AI center plan to give the military a battlefield advantage?
The Pentagon's artificial intelligence hub is working on tools to help in joint, all-domain operations as department leaders seek to use data to gain an advantage on the battlefield.
Andrew Eversden
To understand how the DoD will benefit from this new zero-trust security model, it's important to understand the department's current Joint Information Environment, or JIE, architecture; the initial intent of this model; and why the JIE can't fully protect modern networks, mobile users and advanced threats.
Evolving DoD information security
The JIE framework was developed to address inefficiencies of siloed architectures. The goal of developing a single security architecture, or SSA, with JIE was to collapse network security boundaries, reduce the department's external attack surface and standardize management operations. This framework helped ensure that defense agencies and mission partners could share information securely while reducing required maintenance and continued infrastructure expenditures.
Previously, there were more than 190 agency security stacks located at the base/post/camp/station around the globe. Now, with the JIE architecture, there are just 22 security stacks centrally managed by the Defense Information Systems Agency to provide consistent security for users, regardless of location.
To understand how the DoD will benefit from this new zero-trust security model, it's important to understand the department's current Joint Information Environment, or JIE, architecture; the initial intent of this model; and why the JIE can't fully protect modern networks, mobile users and advanced threats.
Evolving DoD information security
The JIE framework was developed to address inefficiencies of siloed architectures. The goal of developing a single security architecture, or SSA, with JIE was to collapse network security boundaries, reduce the department's external attack surface and standardize management operations. This framework helped ensure that defense agencies and mission partners could share information securely while reducing required maintenance and continued infrastructure expenditures.
Previously, there were more than 190 agency security stacks located at the base/post/camp/station around the globe. Now, with the JIE architecture, there are just 22 security stacks centrally managed by the Defense Information Systems Agency to provide consistent security for users, regardless of location.
Initially, the JIE was an innovative concept that took the DoD from a highly fragmented architecture, in which each agency managed its own cybersecurity strategy, to an architecture in which there is a unified SSA.
However, one of the early challenges identified for the JIE was managing cloud cybersecurity as part of the SSA. The components in the JIE — the Joint Regional Security Stacks family's internet access points and cloud access points — have traditionally focused on securing the network, rather than the data or user.
As more DoD employees and contractors work remotely and data volumes increase, hardware cannot scale to support them. This has created ongoing concerns with performance, reliability, latency and cost.
A cloud-first approach
In response, the DoD leverages authorized solutions from the Federal Risk and Authorization Management Program, and it references the Secure Cloud Computing Architecture guidance for a standard approach for boundary and application-level security for impact Level 4 and 5 data hosted in commercial cloud environments.
The purpose of the SCCA is to provide a barrier of protection between the DoD Information Services Network and the commercial cloud services that the DoD uses while optimizing the cost-performance trade in cybersecurity.
Defense agencies are now exploring enterprise-IT-as-a-service options to move to cloud, and reduce the need for constant updates and management of hardware. Through enterprise-IT-as-a-service models, defense agencies will be able to scale easily, reduce management costs and achieve a more competitive edge over their adversaries.
Before the pandemic hit, defense agencies were already moving to support a more mobile workforce, where employees can access data from anywhere on any device. However, a cyber-centric military requires security to be more deeply ingrained into employee culture rather than physical protection of the perimeter.
The next evolution to secure DISA and DoD networks is to embrace a secure access edge model with zero-trust capabilities. The SASE model moves essential security functions — such as web gateway firewalls, zero-trust capabilities, data loss prevention and secure network connectivity — all to the cloud. Then, federal employees have direct access to the cloud, while security is pushed as close to the user/data/device as possible.
SP 800-27, zero-trust guidance from the National Institute of Standards and Technology, provides a road map to migrate and deploy zero trust across the enterprise environment. This guidance outlines the necessary tenants of zero trust, including securing all communication regardless of network location, and granting access on a per-session basis. This creates a least-privilege-access model to ensure the right person, device and service have access to the data they need while protecting high-value assets.
As the DoD transforms the JIE architecture to an as-a-service model with zero-trust capabilities, defense agencies will experience cost savings, greater scalability, better performance for the end user and war fighter, improved visibility, and control across DoD networks — and ultimately a stronger and more holistic cybersecurity capability moving forward.
https://www.c4isrnet.com/opinion/2020/09/29/the-dod-needs-data-centric-security-and-heres-why/
November 4, 2021 | International, Aerospace
The Spanish air force's top military official wants his country to invest more in its military apparatus, to be able to defend itself at home and contribute to its international partnerships.
February 3, 2021 | International, Aerospace
Piotr Butowski On Jan. 22, Russian state development agency Rostec Corp. published a story on its website about the MiG-31 Foxhound interceptor in which it mentioned that the aircraft's successor, PAK DP or MiG-41, is currently under development. A few days later, the designation MiG-41 was removed from the text. The program for PAK DP, an acronym that roughly translates to Future Air Complex of Long-Range Interception, deserves close attention, as the conceptual work on it has been commissioned and is financed by the Russian defense ministry. The sums allocated to this program so far are small. The PAK DP is a research project, which aims to develop an initial concept of the aircraft and formulate requirements for a subsequent development effort. Available documents show that the main contractor for the PAK DP research work is the United Aircraft Corp. (UAC), which on Dec. 25, 2018, secured a contract from Russia's defense ministry. In May 2019, UAC ordered Russian Aircraft Corp. (RSK MiG) and Sukhoi to develop the aircraft concept. It is not clear whether each company is developing its own concept or if Sukhoi has a section of work under the RSK MiG project. That Sukhoi received the order directly from UAC, and not through RSK MiG, suggests the former. RSK MiG and Sukhoi have commissioned individual parts of the work to subcontractors. In 2020, RSK MiG ordered airborne missile designer and manufacturer GosMKB Vympel to conceptualize arming the PAK DP with air-to-air missiles. At the request of RSK MiG, part of the research work carried out in 2020—though it is not known what work specifically—was undertaken by the Moscow Institute of Thermal Technology (MITT). The engineering school deals with intercontinental and tactical ballistic missiles, as well as hypersonic technologies. Even before the contract from the defense ministry, RSK MiG had requested the Central Aerohydrodynamic Institute (TsAGI) perform tests of the PAK DP model in the T-102 wind tunnel in 2017 and 2018. The T-102 is a low-speed tunnel; the research concerned the characteristics of the PAK DP in various configurations of the wing high-lift devices at speed Mach 0.2 and at angles of attack from -7 deg. to 36 deg. A total of 246 measurements of the model were made. Judging by the meager value of these contracts so far—2.5 million rubles ($33,000) for Vympel, 3 million rubles for MITT and 8.9 million rubles.for TsAGI, the project remains in its early stages. In 2019, as part of the PAK DP program, Sukhoi commissioned the development of instructions for counteracting foreign intelligence. With the launch of any military equipment development program in Russia, an accompanying document is developed in which it is determined what features of the new design must be hidden, as well as ways to hide them—including disinformation. The PAK DP program was broadly referenced by representatives of the Russian aviation industry and the air force in previous years. In August 2017, Ilya Tarasenko, then the director general of RSK MiG, said that PAK DP will implement all the technologies that the company has to offer. In November of that year, Sergey Korotkov, UAC vice president and general designer, said that PAK DP will fight against hypersonic targets. “We will have to deal with hypersonic carriers and their weapons, which are also hypersonic,” Korotkov said. People involved in the PAK DP project have publicly used the designation MiG-41 several times. In the above-mentioned RSK MiG order for PAK DP's wind-tunnel tests, the airplane is called “izdeliye,” or “product” 41. The PAK DP project dates back to the days of the Soviet Union. In the 1980s, MiG was designing MDP, a multifunction long-range interceptor that was developed to achieve a range of 7,000 km (4,350 mi.) while flying at a cruising speed of Mach 2.35. Summing up the available information, it can be said that the purpose of the PAK DP is to fight the most demanding air targets, including hypersonic ones as well as low-orbit spacecraft. The aircraft would also fight against threats similar to those targeted by the current MiG-31, such as heavy bombers and strategic cruise missiles. PAK DP is to achieve the same cruising speed as the MiG-31 at 20 km altitude, Mach 2.35, but with a much longer radius of action. When speaking about the timing of the PAK DP program, UAC President Yury Slyusar said in August 2018 that the creation of the new interceptor “has to be synchronized with exhaustion of the MiG-31's lifetime.” In other words, the 2030s, Slyusar added. For Russia, however, the date is so distant that it is difficult to forecast anything. Current trends in the Russian economy and the aviation industry indicate that Russia will not be able to afford such an aircraft. It is possible that the tasks currently planned for PAK DP will be partially moved to an intercepting variant of the Su-57 fighter, especially after arming it with the new very-long-range missile “izdeliye 810.” In addition, the Russians may again extend the service life and upgrade the current MiG-31 fleet in order to keep it in service well beyond 2030. Light Strike Aircraft, With or Without Pilot RSK MiG, and Sukhoi too undoubtedly, are conducting conceptual work on variants of lightweight tactical combat aircraft. They all have a lower status than the PAK DP project, given there is no procurement or government financing for the variants under study. Sergey Chemezov, the CEO of Rostec, to which UAC, RSK MiG and Sukhoi belong, told reporters in early December 2020 that the corporation is developing the concept of a fifth-generation fighter “in the light- and medium-weight class.” “This could be a universal platform in manned and unmanned versions,” he added. On Dec. 16, 2020, Andrei Yelchaninov, deputy chairman of the Military-Industrial Commission board, told the Izvestia newspaper that “MiG is working on the creation of a light strike aircraft, which can be either manned or unmanned.” Both Chemezov and Yelchaninov underlined that the work “is conducted on an initiative basis and is not funded by the state.” They also emphasized the export orientation of this project and possible cooperation with a foreign partner. One of Russia's possible partners is the United Arab Emirates (UAE). In February 2017, during the IDEX 2017 exhibition, Chemezov announced that Russia and the UAE had agreed to jointly create a new-generation lightweight fighter. Chemezov proclaimed the signing of an appropriate contract later that year. The aircraft would be produced in the UAE and was intended for the UAE Air Force and neighbor services. In the following years, apart from a few general declarations that the project is up to date, details were not available. There are three known acronyms for Russia's new lightweight fighter project. The official strategy of UAC for 2016-2035 was published in December 2016. That document interchangeably uses “LFI,” an acronym translated as Lightweight Tactical Fighter, or “PLIB,” translated as the Future Lightweight Fighter-Bomber, as the names of this program. In 2018, the United Engine Corp. (UEC) said in a presentation that the LFI/PLIB's powerplant could be a single “izdeliye 30” turbofan developed for the Su-57 fighter. According to the same presentation, two modified “izdeliye 30” engines would be used to provide propulsion for the PAK DP. The RSK MiG uses the acronym “LMFS” for its lightweight fighter project. In December 2019, RSK MiG ordered TsAGI to “calculate the aerodynamics of a lightweight multifunction tactical aircraft (LMFS) in a twin-engine configuration” and compare it with foreign counterparts. One of the known RSK MiG LMFS designs is a canard that has a large delta wing, with small control surfaces at the rear and on the sides of the engine nacelles. It has a maximum takeoff weight of 24,500 kg (54,000 lb.) and is designed to reach speeds of up to Mach 2. The ferry range with additional fuel tanks will be 2,160 nm, and the basic weapon load is to be carried inside the fuselage. The current conceptual work on the RSK MiG LFMS is a continuation of the LFI lightweight tactical fighter program launched by MiG as early as 1986. The LFI fighter was later refreshed in the form of the E-721 project for the purposes of the PAK FA stealth fighter program. In 2002, the MiG E-721 lost the PAK FA competition for the Sukhoi T-50 project, the present Su-57. https://aviationweek.com/defense-space/budget-policy-operations/russia-researching-future-interceptor-technologies-new-light
November 13, 2019 | International, Naval, C4ISR, Security
By: Martin Banks BRUSSELS — The European Union has unveiled the latest batch of projects under its flagship defense-cooperation scheme, boosting the areas of training, cyber operations and naval warfare. The decision, announced on Tuesday, brings to 47 the number of projects that are currently in place under the Permanent Structured Cooperation, or PESCO, initiative. The first two batches were adopted in the spring and fall of 2018. Finnish Prime Minister Juha Sipilä, whose country is the current holder of the EU's rotating presidency, welcomed the bloc's progress in security and defense cooperation, saying the PESCO schemes are “steps in the right direction.” “We should now concentrate on implementation and reaching results,” he said. The eventual aim of PESCO is to develop and deploy forces together, backed by a multibillion-euro fund for defense research and development Two of the 13 new projects relate to efforts to counter cyber threats. An envisioned EU Cyber Academia and Innovation Hub (EU CAIH), for example, could enhance the creation of an innovative web of knowledge for cyber defense and cybersecurity education and training. The aim of another scheme, the Cyber and Information Domain Coordination Center (CIDCC), is to create a “standing multinational military element” where the participating member states “continuously contribute with national staff but decide sovereignly on case-by-case basis,” reads an EU announcement. The Integrated European Joint Training and simulation Centre (EUROSIM) will integrate tactical training and simulation sites in Europe into a “real-time, networked, connected system.” Another of the new PESCO projects, the European Union Network of Diving Centres (EUNDC), will coordinate and enhance the operation of EU diving centres in order to better support defense missions, while the European Patrol Corvette (EPC) will design and develop a prototype for a new class of military ship. The Maritime Unmanned Anti-Submarine System (MUSAS), meanwhile, aims to develop and deliver an advanced command, control and communications service architecture for anti-submarine warfare. Elsewhere, the Special Operations Forces Medical Training Centre (SMTC) will focus on medical support for special operations and expand the Polish Military Medical Training Centre in Łódź. One other new scheme is the CBRN Defence Training Range (CBRNDTR), which intends to accommodate what the EU calls a “full spectrum of practical training, including live chemical agents training.” The Airborne Electronic Attack (AEA), also included in the latest batch, will allow European and NATO air forces to safely operate within EU territories while the Timely Warning and Interception with Space-based TheatER surveillance (TWISTER) scheme seeks to strengthen the ability of Europeans to better detect, track and counter air threats. A scheme called “Materials and Components for Technological EU Competitiveness” (MAC-EU) will develop the European defense technology and industrial base while the EU Collaborative Warfare Capabilities (ECoWAR) initiative hopes to increase the ability of the EU armed forces to face “collectively and efficiently the upcoming threats that are more and more diffuse, rapid, and hard to detect and to neutralize.” Jamie Shea, former Deputy Assistant Secretary General for Emerging Security Challenges at NATO, said the new projects “are good news for the EU at a time when President Macron is calling for the EU to step up its defense efforts and stand on its own feet. They show that PESCO is gaining traction in EU capitals and nations are buying in to the long overdue need to pool and share capability programs.” https://www.defensenews.com/global/europe/2019/11/12/eu-unveils-new-cooperation-projects-in-training-cyber-operations-naval-warfare/