Back to news

August 30, 2018 | International, C4ISR

What will top the Space Force to-do list?

By:

In the late 1980s and early 1990s, the Air Force's Global Positioning System was a continuous target.

“Every year [as] we went through the budget cycle the United States Air Force ... tried to kill the GPS program,” Gen. John Hyten, now head of U.S. Strategic Command, said during a 2015 speech.

“Why would they kill the GPS program? It's really very simple: ‘Why would we need a satellite navigation system when we have perfectly good [inertial navigation system, or] INS for airplanes? Why would we do it?' Nobody could see the future of what GPS was going to bring to the world.”

First developed and launched late in the Cold War, GPS made its combat debut in Operations Desert Shield and Desert Storm and ever since has informed the movements and targeting capabilities of the Department of Defense. More than that, since GPS signals were opened to the commercial world, everything from road trips to finding new restaurants to the entire development of self-driving cars has hinged around accessing the reliable signals, that let machines and people know exactly where they are in time and space.

The whole architecture is simultaneously vital and vulnerable and, in the era of a pending Space Force, an unspoken mandate is that it has never been more important that the United States ensure the signal endures.

It is the potential risk of losing GPS, and everything else supported by the satellite network, that serves as the foundation for much of the discussion around a new Space Force. For as long as humans have put objects into orbit, space has been a military domain, but one with a curious distinction from other fighting theaters: while land, sea and air have all seen direct armed confrontation, space is instead a storehouse for sensors, where weapons are vanishingly rare and have yet to be used in anger.

“Capabilities that we have built that we now take for granted in the Air Force, the whole [remotely piloted aircraft, or RPA] fleet that we fly, is impossible without space,” Hyten said at another speech in 2015.

“You cannot have Creech Air Force Base without space because the operators at Creech reach out and talk to their RPAs via satellite links. Those aircraft are guided by GPS. You take away GPS, you take away SATCOM, you take away RPAs. They don't exist anymore. All those things are fundamentally changed in the Air Force.”

Looking over the horizon

Missiles remain the most effective way for nations to reach out and mess with something in orbit, and so long as GPS satellites cost around $500 million to build and launch, the cost of destroying a satellite will remain cheaper than fielding satellites. There is a double asymmetry here: not only are the satellites that power the GPS network expensive to build and launch, but the United States relies on this network to a far greater extent than any adversary that might decide to shoot those satellites down.

This vulnerability is one reason that the Defense Advanced Research Projects Agency is funding development of networks of smaller satellites, which are individually less capable than existing models but are cheaper to field and replace and will deploy in greater numbers, making destruction by missile a much more expensive proposition. Blackjack, the DARPA program that aims to do this, is focused on military communications satellites first, though the approach may have lessons for other satellite functions.

“Better distribution, disaggregation and diversity of space capabilities can make them more resilient against attacks,” said Brian Weeden, director of program planning for the Secure World Foundation.

“But the specific answer of how best to do that might be different for each capability. The specific techniques to make [position, navigation and timing, or] PNT more resilient may be different than the techniques needed to make satellite communications more resilient.”

Missiles are not the only threat faced by satellites in orbit. An April 2018 report by the Secure World Foundation on Global Counterspace Capabilities details the full spectrum of weapons and tools for disrupting objects in orbit, and also the nations and, in some instances, nonstate actors that can field those tools.

The nations with counterspace programs highlighted in the report include China, Russia, the United States, Iran, North Korea and India, all of which (barring Iran) are also nuclear-armed nations. Beyond anti-satellite missiles, which only China, Russia and the United States have demonstrated, the other means of messing up a satellite are the familiar bugaboos of modern machines: electronic warfare, jamming and cyberattacks.

“The most important thing is that it's not always about the satellites in space. Space capabilities include the satellites, the user terminal/receivers, and the signals being broadcast between them. Disrupting any one of those segments could lead to loss of the capability,” Weeden said.

“In many cases, it's far easier to jam a satellite capability rather than destroy the satellite. And, from a military perspective, the end effect is what's important.”

A satellite that cannot broadcast or whose signal cannot overcome the strength of a jammer is a satellite that is functionally offline, and the means to disable satellites extend beyond the traditional strengths of near-peer competitors to the United States and down even to nonstate actors.

In 2007, the Tamil Tigers reportedly hacked the ground nodes for a commercial satellite and were able to gain control of its broadcasting capabilities, and in 2008 a set of hackers demonstrated they could eavesdrop on supposedly secure Iridium signals. A decade has passed since those demonstrations, but satellite architectures change slowly, in waves of half-a-billion dollar machines launched over time. Should a vulnerability be found on the ground, there's lag time between how long it can be exploited and how long it can be rendered inert.

What happens if the GPS signal stutters out of sync with time? Everything about how GPS works is bound up in its ability to precisely and consistently track time. Knowing where something is depends on knowing when something was. Without the entire network of automatic navigation aids they've built their lives around, people will fumble. Consider what happened for 11 hours on Jan. 26, 2016.

“The root cause was a bug in the GPS network,” wrote Paul Tullis in Bloomberg.

“When the U.S. Air Force, which operates the 31 satellites, decommissioned an older one and zeroed out its database values, it accidentally introduced tiny errors into the database, skewing the numbers. By the time Buckner's inbox started blowing up, several satellites were transmitting bad timing data, running slow by 13.7 millionths of a second.”

Tullis goes on to detail the possibility and plans for a redundant ground-based navigation system that could let GPS-dependent functions of commercial machines keep working, even if a satellite slips out of sync. There is an international agreement to eventually make all signals across the Global Navigation Satellite System (GPS, Galileo, etc.) broadcast compatible civil signals. This would improve the redundancy among day-to-day civilian applications dependent upon GPS, but it would do very little for the military signals.

“There is no such compatibility between the military signals of the different constellations,” says Weeden.

“In fact, during negotiations with the European Union the U.S. demanded that the Galileo protected/military signal be made separate from the GPS military signal. It is possible to create receivers that can pull in the military signals from both GPS and Galileo, but it's not easy to do so securely.”

GPS III, which Lockheed Martin is building, will mitigate some of this when those satellites are on orbit: the new hardware is designed with stronger signals that will make them harder to jam, but that will also require new receivers on the ground.

While developers are working on making those new receivers, one way to build in redundancy would be to make GPS receivers that can use both Galileo and GPS military signals, suggests Weeden. That's a technical solution that requires at least some political finesse to achieve, but it's one possibility for making existing infrastructure more redundant.

“But there are also other ways to get precision timing and navigation other than from GPS, such as better gyroscopes or even using airborne or terrestrial broadcasts of PNT signals,” says Weeden.

“These alternatives are probably not going to be as easy to use or have other drawbacks compared to GPS, but they're better than nothing.”

Redundant systems or complementary systems provide a safeguard against spoofing, when a navigation system is fed false GPS coordinates in order to reroute it. Big changes in inputs are easy for humans monitoring the system, say a car's navigation or a drone flying by GPS coordinates, to spot, but subtle changes can be accepted as normal, lost as noise, and then lead people or cars or drones into places they did not plan on going.

The next generation of threats

Protecting the integrity of satellite communications from malicious interference is the centerpiece of a report from the Belfer Center, entitled “Job One for Space Force: Space Asset Cybersecurity.”

The report's author, Gregory Falco, outlines broad goals for organizations that manage objects in space, policymakers, as well as a proposed Information Sharing and Analysis Center for space. These include everything from adopting cybersecurity practices like working with security researchers and encrypting communications to setting up a mechanism for organizations to disclose if their satellites suffered interference or hacking. If the security of GPS is suffering from anything, it is less ignorance of the threat and more complacency in the continued durability of the system as currently operating.

“Cybersecurity challenges will only become more substantial as technology continues to evolve and attackers will always find the weakest link to penetrate a target system,” writes Falco.

“Today, space assets are that weakest link. Space asset organizations must not wait for policy-makers to take action on this issue, as there are several steps that could be taken to secure their systems without policy guidance.”

The fourth domain of space is more directly threatened by threats traveling through the fifth domain of cyberspace than anything else.

To the extent that space requires a specialized hand, it is managing from the start to the launch the specific vulnerabilities of orbital assets, and the points at which they are controlled from the ground. Perhaps the way to address that specific problem is a Space Force framed around the physical and cybersecurity needs of satellites.

Raytheon is the contractor tasked with building GPS OCX, the next-generation operational control system for the satellite network.

After years of delay in the program, Block 0 of the OCX deployed in September 2017, putting in place a system that could manage the launch and early orbit management of the new GPS satellites. Besides managing the satellites, the control system has to ensure that only the right people access the controls, and that means extensive cybersecurity.

Raytheon says that, together with the Air Force, the company recently completed two cybersecurity assessments, including a simulated attack by an adversary. While Air Force classification prevents Raytheon from disclosing the results of that test, the company's president of intelligence, information and services, Dave Wajsgras, offered this:

“We've built a layered defense and implemented all information assurance requirements for the program into this system. We're cognizant that the cyber threat will always change, so we've built GPS OCX to evolve and to make sure it's always operating at this level of protection.”

Ideally, this massive job of protecting GPS will fall to the Space Force.

“One of the big drivers for the Space Force is improving the space acquisitions process, and another is developing better ways to defend U.S. military satellites against attack,” says Weeden.

“So, in that context, the Space Force debate could impact the future of GPS.”

Yet many of the answers to vulnerabilities in space are not found in orbit, and it's possible that shifting the full responsibility for signal security to a body built around managing satellites would miss the ways greater signal redundancy can be built in atmospheric or terrestrial systems. The Army and Navy are funding GPS alternatives, but that funding is minuscule by Pentagon standards.

“The United States should take smart steps to make its space force more resilient,” writes Paul Scharre of the Center for New American Security, “but the U.S. also needs to be investing in ways to fight without space, given the inherent vulnerabilities in the domain.”

https://www.c4isrnet.com/c2-comms/satellites/2018/08/29/what-will-top-the-space-force-to-do-list

On the same subject

  • Contract Awards by US Department of Defense - October 5, 2018

    October 9, 2018 | International, Aerospace, Naval, Land, C4ISR, Security

    Contract Awards by US Department of Defense - October 5, 2018

    AIR FORCE Lockheed Martin Corp., Orlando, Florida, has been awarded a $390,792,959 firm-fixed-price, fixed-price-incentive-fee contract for Joint Air-to-Surface Standoff Missile (JASSM) lot 16 production for 360 JASSM-extended range, three foreign military sales (FMS) separation text vehicles, one FMS flight test vehicle-live fire and tooling and test equipment. Work will be performed in Orlando, Florida, and is expected to be completed by Oct. 31, 2021. This award is the result of a sole-source acquisition. This award uses fiscal 2018 missile procurement funds and FMS funds. Air Force Life Cycle Management Center, Eglin Air Force Base, Florida, is the contracting activity (FA8682-19-C-0009). Applied Defense Solutions Inc., Columbia, Maryland, has been awarded a $7,526,650 fixed-price and cost-reimbursement modification (P00015) to contract FA255017C8002 for non-governmental space situational awareness services. This modification provides for the exercise of an option for an additional quantity of 12 months of services under the basic contract. Work will be performed at Schriever Air Force Base, Colorado, and is expected to be completed by Oct. 18, 2019. No funds are being obligated at the time of award. Total cumulative face value of the contract is $26,458,756. The 50th Contracting Squadron, Schriever Air Force Base, Colorado, is the contracting activity. (Awarded Oct. 4, 2018). CORRECTION: The contract announced on Oct. 4, 2018, to General Atomics Aeronautical Systems Inc., Poway, California, (FA8620-18-F-2365) for $19,446,593 has not awarded. ARMY General Dynamics Land Systems, Sterling Heights, Michigan, was awarded a $366,852,050 modification (0002 04) to contract W56HZV-17-D-B020 for upgrade of Stryker flat-bottom vehicles to the Double V-Hull Engineering Change Proposal 1 configuration. Work will be performed in Sterling Heights, Michigan, with an estimated completion date of April 30, 2021. Fiscal 2018 and 2019 procurement of weapons and tracked vehicle funds in the amount of $366,852,050 were obligated at the time of the award. U.S. Army Contracting Command, Warren, Michigan, is the contracting activity. The Boeing Co., Mesa, Arizona, was awarded a $242,109,170 modification (P00021) to foreign military sales (United Arab Emirates) contract W58RGZ-16-C-0023 for the remanufacture of eight, and procurement of nine new-build Apache AH-64E aircraft. Work will be performed in Mesa, Arizona, with an estimated completion date of Feb. 28, 2023. Fiscal 2010 foreign military sales funds in the amount of $242,109,170 were obligated at the time of the award. U.S. Army Contracting Command, Redstone Arsenal, Alabama, is the contracting activity. Federal Contracting Inc., doing business as Bryan Construction, Colorado Springs, Colorado, was awarded a $52,812,678 firm-fixed-price contract for design and construction of a squadron operations facility and associated operational training facilities at Cannon Air Force Base, New Mexico. Bids were solicited via the internet with 15 received. Work will be performed in Cannon Air Force Base, New Mexico, with an estimated completion date of April 1, 2021. Fiscal 2015 and 2016 military construction funds in the amount of $52,812,678 were obligated at the time of the award. U.S. Army Corps of Engineers, Albuquerque, New Mexico, is the contracting activity (W912PP-19-C-0001). General Dynamics Land Systems, Sterling Heights, Michigan, was awarded a $24,957,920 modification (0001 19) to contract W56HZV-17-D-B020 for upgrade of Stryker flat-bottom vehicles to the Double V-Hull Engineering Change Proposal 1 configuration. Work will be performed in Sterling Heights, Michigan, with an estimated completion date of April 30, 2021. Fiscal 2018 and 2019 procurement of weapons and tracked vehicle funds in the amount of $24,957,920 were obligated at the time of the award. U.S. Army Contracting Command, Warren, Michigan, is the contracting activity. M.R. Pittman Group LLC,* Saint Rose, Louisiana, was awarded a $17,255,645 firm-fixed-price contract for interim closure structure demolition. Bids were solicited via the internet with three received. Work will be performed in New Orleans, Louisiana, with an estimated completion date of May 8, 2020. Fiscal 2014 other procurement (Army) funds in the amount of $17,255,645 were obligated at the time of the award. U.S. Army Corps of Engineers, New Orleans, Louisiana, is the contracting activity (W912P8-19-C-0001). Short-Elliott-Hendrickson Inc., Lacrosse, Wisconsin, was awarded a $19,500,000 firm-fixed-price contract for architect and engineering services for the Fort McCoy, Wisconsin, Department of Public Works. Bids were solicited via the internet with nine received. Work locations and funding will be determined with each order, with an estimated completion date of Oct. 5, 2023. U.S. Army Mission and Installation Contracting Command, Fort McCoy, Wisconsin, is the contracting activity (W911SA-19-D-2001). Keysight Technologies, Englewood, Colorado, was awarded an $8,977,287 firm-fixed-price contract for Oscilloscopes 307/U. Two bids were solicited via the internet with one received. Work locations and funding will be determined with each order, with an estimated completion date of Sept. 28, 2023. U.S. Army Contracting Command, Redstone Arsenal, Alabama, is the contracting activity (W31P4Q-18-D-0081). NAVY Donjon Marine Co. Inc., Hillside, New Jersey, was awarded a maximum value $215,000,000 cost-plus-award-fee, indefinite-delivery/indefinite-quantity contract for salvage related towing, harbor clearance, ocean engineering project and point-to-point towing services. The primary purpose of this contract is to provide services to assist in the performance of salvage of ships, craft, cargo, and other items as tasked (e.g., aircraft, weaponry, equipment); salvage related towing, harbor clearance; and point-to-point towing; and ocean engineering projects in support of the Supervisor of Salvage. Work will be performed along the North and South American East Coast, and is expected to be completed by September 2023. Fiscal 2018 operations and maintenance (Navy) funding in the amount of $50,000 was obligated at the time of award and expired at the end of the fiscal 2018. This contract was competitively procured via the Federal Business Opportunities website, with four offers received. The Naval Sea Systems Command, Washington, District of Columbia, is the contracting activity (N00024-18-D-4307). (Awarded Sept. 28, 2018) SMIT Salvage Americas LLC, Houston, Texas, was awarded a maximum value $215,000,000 cost-plus-award-fee, indefinite-delivery/indefinite-quantity contract for salvage related towing, harbor clearance, ocean engineering project and point-to-point towing services. The primary purpose of this contract is to provide services to assist in the performance of salvage of ships, craft, cargo, and other items as tasked (e.g., aircraft, weaponry, equipment); salvage related towing, harbor clearance; and point-to-point towing; and ocean engineering projects in support of the Supervisor of Salvage, SEA. Work will be performed along the North and South American West Coast, and is expected to be completed by September 2023. Fiscal 2018 operations and maintenance (Navy) funding in the amount of $5,000 was obligated at the time of award and expired at the end of the fiscal 2018. This contract was competitively procured via Federal Business Opportunities website, with one offer received. The Naval Sea Systems Command, Washington, District of Columbia, is the contracting activity (N00024-18-D-4308). (Awarded Sept. 28, 2018) SMIT Singapore PTE LTD, Singapore, was awarded a maximum value $215,000,000 cost-plus-award-fee, indefinite-delivery/indefinite-quantity contract for salvage related towing, harbor clearance, ocean engineering project and point-to-point towing services. The primary purpose of this contract is to provide services to assist in the performance of salvage of ships, craft, cargo, and other items as tasked (e.g., aircraft, weaponry, equipment); salvage related towing, harbor clearance; and point-to-point towing; and ocean engineering projects in support of the Supervisor of Salvage. Work will be performed across the Western Pacific region, and is expected to be completed by September 2023. Fiscal 2018 operations and maintenance (Navy) funding in the amount of $5,000 was obligated at the time of award and expired at the end of the fiscal 2018. This contract was competitively procured via Federal Business Opportunities website, with two offers received. The Naval Sea Systems Command, Washington, District of Columbia, is the contracting activity (N00024-18-D-4309). (Awarded Sept. 28, 2018) PAE Applied Technologies LLC, Arlington, Virginia, is awarded a $24,292,143 cost-plus-award-fee modification to previously-awarded contract (N66604-05-C-1277), increasing the cumulative total value of the contract for operation and maintenance services for the Atlantic Undersea Test and Evaluation Center (AUTEC). AUTEC is the U.S. Navy's large-area, deep-water, undersea test and evaluation range. Underwater research, testing and evaluation of anti-submarine weapons, sonar tracking and communications are the predominant activities conducted at AUTEC. The contractor performs services required to perform AUTEC range operations and maintenance of facilities and range systems. In addition, the contractor is responsible for operating a self-sufficient one-square-mile Navy outpost. This modification increases the total value of the contract to $788,075,722. Work will be performed on Andros Island, Commonwealth of the Bahamas (82 percent); West Palm Beach, Florida (18 percent); and is expected to be completed by September 2019. No contract funds are being obligated at this time. The Naval Undersea Warfare Center Newport Division, Newport, Rhode Island, is the contracting activity. Lockheed Martin Corp., Rotary and Mission Systems, Moorestown, New Jersey, is awarded $8,020,809 for cost-plus-fixed-fee order N6339419F0003 under a previously awarded basic ordering agreement (N6339417G0001) for engineering services in support of land-based test site maintenance, inventory control, diminishing material source efforts, and program management for the Mk 92 fire control system. This order includes options which, if exercised, would bring the cumulative value of this order to $9,276,806. The order combines purchases for the Navy (16 percent); and the governments of Philippines (40 percent); Egypt (20 percent); Saudi Arabia (16 percent); Poland (4 percent); and Taiwan (2 percent). Work will be performed in Huntsville, Alabama (26 percent); Philippines (20 percent); Egypt (17 percent); Moorestown, New Jersey (13 percent); Saudi Arabia (13 percent); Port Hueneme, California (4 percent); Poland (3 percent); Taiwan (2 percent); and Nigeria (2 percent); and is expected to be completed by September 2022. Foreign military sales (other defense agencies) funding in the amount of $2,579,000 will be obligated at time of award and will not expire at the end of the current fiscal year. The Naval Surface Warfare Center, Port Hueneme, California, is the contracting activity. U.S. TRANSPORTATION COMMAND Jacobs Technology Inc., Tampa, Florida, has been awarded a contract modification P00017 on contract HTC711-17-C-D001 in the amount of $18,940,678. This modification provides continued Information Technology Service Management Enterprise support to the U.S. Transportation Command (US TRANSCOM). Work will be performed primarily on-site at Scott Air Force Base, Illinois, and other locations: DISA DECC, St Louis, Missouri; USTRANSCOM Office, Washington District of Columbia; JECC, Norfolk, Virginia; and the Pentagon. The option period of performance is from Oct. 1, 2018, to Sept. 30, 2019. Fiscal 2019 transportation working capital funds operations, operations and maintenance and Defense Health Program funds were obligated at award. This modification brings the total cumulative face value of the contract to $48,981,052 from $30,040,374. U.S. Transportation Command, Directorate of Acquisition, Scott Air Force Base, Illinois, is the contracting activity. DEFENSE LOGISTICS AGENCY Airtronics Inc.,* Tucson, Arizona, has been awarded a maximum $13,644,800 firm-fixed-price, indefinite-quantity contract for aviation cable assemblies. This was a competitive acquisition with three offers received. This is a two-year base contract with a one-year option period. Location of performance is Arizona, with an Oct. 16, 2021, performance completion date. Using military service is Army. Type of appropriation is fiscal 2019 through 2021 defense working capital funds. The contracting activity is Defense Logistics Agency Aviation, Richmond, Virginia (SPE4A619D0001). DCX-CHOL Enterprises, Inc.,* Chatsworth, California, has been awarded a maximum $12,960,000 firm-fixed-price, indefinite-quantity contract for aviation cable assemblies. This was a competitive acquisition with three offers received. This is a two-year base contract with a one-year option period. Location of performance is California, with an Oct. 16, 2021, performance completion date. Using military service Army. The type of appropriation is fiscal 2019 through 2021 defense working capital funds. The contracting activity is Defense Logistics Agency Aviation, Richmond, Virginia (SPE4A619D0002). *Small Business https://dod.defense.gov/News/Contracts/Contract-View/Article/1656310/source/GovDelivery/

  • L3Harris Viper Shield Electronic Warfare System achieves Critical Design Review milestone

    February 1, 2023 | International, Aerospace

    L3Harris Viper Shield Electronic Warfare System achieves Critical Design Review milestone

    The AN/ALQ-254(V)1 Viper Shield successfully completed a CDR milestone with partner Lockheed Martin and the U.S. Air Force observing

  • Making DoD Security Operations Centers More Effective: Security Automation

    July 13, 2020 | International, C4ISR, Security

    Making DoD Security Operations Centers More Effective: Security Automation

    Security orchestration, automation, and response (SOAR) software frees DoD analysts to apply cognitive skills to actually fixing problems. By SPLUNKon July 10, 2020 at 6:39 PM The Defense Department's most recent National Defense Strategy (NDS) describes a complex military environment characterized by increased global disorder, a decline in the long-standing rules-based international order, myriad threats from rogue states like Iran and North Korea, great power peers like China and Russia, malicious hackers, and terrorists in places like Yemen. One of the military domains where this dynamic is most evident is cyberspace, where bad actors arguably have comparable or better cyber capabilities than us. “This increasingly complex security environment is defined by rapid technological change, challenges from adversaries in every operating domain, and the impact on current readiness from the longest continuous stretch of armed conflict in our nation's history,” the NDS states. “In this environment, there can be no complacency—we must make difficult choices and prioritize what is most important...” More cybersecurity threats mean more cyberattacks on DoD networks. Essye Miller, former principal deputy for the DoD CIO, said recently that attacks on department networks are surging and that the attack surface is expanding as adversaries target DoD employees working from home during the coronavirus pandemic. This surge in cyberattacks means that analysts working in DoD information security operations centers (SOCs) are being bombarded with security alerts. With so many events, it's hard for them to differentiate true alerts from false ones, and to determine which events are priorities to address immediately. Through no fault of their own, they end up chasing their tail when their time could be better spent on mission-critical activities that directly support warfighters. The solution for this domain is automation. While popular in commercial software segments for years—including SalesForce automation, marketing automation, human resources automation, and IT automation—DoD security teams are just beginning to realize the benefits of what's known as security orchestration, automation, and response. The Value of Security Automation “Automation is nothing new to the military. The Defense Department is making great inroads into DevSecOps, for example,” explained Drew Church, senior security advisor at Splunk, referring to an agile software development process where software is quickly developed, tested, and improved over weeks and months rather than years. “A key, fundamental concept of DevSecOps is automation. The point of automation in DevSecOps is to bring together different technologies, tools, people, and processes to develop code and get it out to the war fighter more rapidly. “Automation provides that same capability inside IT operations procedures, security operations procedures, and other business processes,” said church. “It does this in a reliable and repeatable fashion every time, and at speed and scale.” Splunk's SOAR solution is called Phantom. It helps security teams work to identify, analyze, and mitigate threats facing their organizations. It can be used to improve efficiency, shorten incident response times and reduce the growing backlog of security incidents, even when there's a shortfall of DoD security personnel to analyze the volume of daily security alerts. Phantom does so by integrating teams, processes, and tools, and by automating tasks, orchestrating workflows, and supporting a range of SOC functions to include event and case management, collaboration, and reporting. In essence, it frees SOC analysts of the usual Tier I-type activities of gathering data from the security information and event management (SIEM) platform, prioritizing these alerts, performing triage to determine if an alert is real or a false alarm, configuring and managing security monitoring tools, and generating trouble tickets. Instead, Splunk Phantom lets them spend more time on the value-added work of Tier II SOC analysts. This includes actually investigating the trouble tickets, responding to incidents, and leveraging threat intelligence to better understand the threat and be proactive rather than reactive. “Focusing on the bureaucracy of security rather than the actual doing of security limits the effectiveness of security analysts,” said Church. “Better to free them of the tasks that can be easily automated like reviewing IP addresses, domain names, and URLs so that they can be force multipliers in conducting the thoughtful work needed to protect DoD networks. “That automation is done for them in Phantom. It let's analysts focus on investigating and taking remediation or mitigation steps as appropriate. Where humans excel is in actually thinking through a problem. Copying and pasting from websites, emails, and reports is not the most effective use of a highly paid, resource-limited talent pool.” Integration With Existing SOC Tools SOC analysts make their decisions by gathering information. They sometimes review classified military intelligence, but usually they look at a lot of open-source information and data from commercial off-the-shelf products from myriad providers of cybersecurity threat intelligence products. Some of the common ones that are relevant to the Defense Department include: McAfee's ePolicy Orchestrator, which the DoD refers to as Host Based Security Systems (HBSS); and Tenable's Security Center, which is known inside the DoD as Assured Compliance Assessment Solution (ACAS). Splunk Phantom has more than 300 out-of-the-box integrations with products like HBSS and ACAS. “Being integrated with each of those products permits the analyst to get the information they need without having to go to another browser window, or another tab, or a different computer,” said Church. “Phantom automatically brings all that data to the analyst. That takes somebody who spends most of their time copying information from page A into system B and lets them make more rapid and accurate determinations about the threat.” Through the use of APIs (application programming interface), that same integration is also found with government off-the-shelf (GOTs) solutions that haven't before been integrated with Splunk Phantom because there was never a request to do so. The same goes for a custom app created by a DevSecOps shop like the Air Force's Kessel Run project in Boston, for example. Automating these vital but drudgerous processes also pays dividends during both staffing shortfalls and times of surge, and brings consistency to SOC activities. Military service members are constantly rotating and changing duty stations; senior leadership turns over regularly. Contractors have to be relied upon to provide continuity from tour to tour. That means that SOC processes that were well oiled on a Monday may no longer be operating smoothly on Friday because of a change of command. Or maybe there is a compelling event that grabs everyone's attention. Or possibly there are legal or policy requirements that need to be addressed, and though they don't add mission value they still must be completed. Automation by Splunk Phantom smooths out the bumps associated with those all-to-common scenarios by keeping the flow of vital data moving to where it can be acted upon best. “The computer's running the marathon for you so that you are free to sprint and swarm on the problems that need the most resources at any particular time,” said Church. The Takeaway For security analysts, incident handlers/responders, IT operations managers, security operations managers, and forward-leaning business process experts, Splunk Phantom is all about removing barriers so people can get back to accomplishing the mission, maximizing productivity of skilled personnel and organizations. “For anybody that has a business process, a mission process, an IT operations process, or a security process and wants to free those skilled workers to get back to what you brought them onboard to do, we can help you with that,” said Church. “We do that through orchestration, we do that through automation. We bring in collaboration, and we're able to do that at scale because of the value that a company like Splunk brings to the table. By being able to have a rich ecosystem of partners and support across the board, we're able to do that even with differences from organization to organization.” Splunk Phantom addresses technology-based processes, and orchestrates and automates those processes to get people back to doing what they do best. https://breakingdefense.com/2020/07/making-dod-security-operations-centers-more-effective-security-automation/

All news