Retour aux nouvelles

3 septembre 2019 | International, C4ISR

DoD ‘Office’ Functions Move To Cloud In Multi-Billion-Dollar Contract

By BARRY ROSENBERG

WASHINGTON: Overshadowed by the dispute with DoD's planned single-award JEDI cloud contract is another multi-billion-dollar single-award cloud contract awarded today that will actually determine the software that military personnel and civil servants use every day.

Under the $7.6 billion 10-year Defense Enterprise Office Solutions (DEOS) cloud contract, the Pentagon will use Microsoft productivity tools such as word processing, spreadsheets, email, collaboration, file sharing, and storage — Office 365. Those applications presently reside mostly on legacy desktop computers, and will transition to a cloud-based solution across all military services.

The result should be improved cybersecurity, for one thing.

“The notion is that if you have it professionally and centrally managed it should be better patched and configured than having hundreds of individually managed servers,” said David Mihelcic, former chief technology officer at the Defense Information Systems Agency (DISA) and now a consultant with DMMI. “This seems reasonable, but I don't think there is any cyber magic in DEOS either.”

The joint General Services Administration/Defense Department DEOS blanket purchase agreement was awarded to CSRA (acquired by General Dynamics in April 2018 for $9.7 billion) and its subcontractors Dell Marketing (a wholesale distributor of computers, peripherals, and software) and Minburn Technology (a value added reseller that specializes in Microsoft enterprise software agreements). The award includes a five-year base period with two two-year options and one one-year option.

“DOD's cloud strategy includes both general purpose and fit-for-purpose clouds (and) DEOS is a great example of a fit-for-purpose cloud that supports our multi-cloud strategy,” said DOD Chief Information Officer Dana Deasy in a statement. “DEOS will streamline our use of cloud email and collaborative tools while enhancing cybersecurity and information sharing based on standardized needs and market offerings.

“The journey to the cloud has been, and will continue to be, an iterative learning process. All lessons learned from pilot programs and the department's early cloud adopters have been rolled into this solution. DEOS takes advantage of technical, security and contractual lessons from these ongoing pilots, while military services are leveraging them to assess the readiness of their infrastructure to support migration to DEOS.”

DEOS includes voice, video, and text collaboration capabilities, which the DoD already has with capabilities under enterprise services like: Defense Collaboration Services (DCS), which provides secure web conferencing and instant messaging services on the Non-secure Internet Protocol Router Network (NIPRNet) and Secure Internet Protocol Routing Network (SIPRNet), and Extensible Messaging and Presence Protocol (XMPP) chat.

“Will it be an improvement over the current capabilities? I guess we will see,” said Mihalcic. “I can't say I found the collaborative capabilities of O365 better than what we had in DoD.”

While DEOS on the surface appears to provide a back-office function, it can also be considered a weapon system given that it will provide common enterprise applications at local base, post, camp, and station levels — including deployed and afloat organizations — over the sensitive but unclassified NIPRNet and the secret SIPRNet, to include operations in Denied, Disconnected, Intermittent, and Limited Bandwidth (D-DIL) environments.

“I would say almost certainly (DEOS is a warfighting capability), especially the SIPR instance,” said Mihelcic. “DoD uses email, chat, and DCS collaboration in support of warfighting today and this will now take on those needs.

“As for DIL environments, DISA had threshold requirements for deployable instances in the draft RFP. The vendor most likely will satisfy with existing MS Exchange and Sharepoint software on deployable servers. To be honest, I think that most tactical units, including deployed Marines and Navy afloat, will stick with what they have.”

https://breakingdefense.com/2019/08/dod-office-functions-move-to-cloud-in-multi-billion-dollar-contract/

Sur le même sujet

  • Navy awards $22.2B contract for nine Virginia-class submarines

    4 décembre 2019 | International, Naval

    Navy awards $22.2B contract for nine Virginia-class submarines

    The General Dynamics subsidiary Electric Boat has been awarded a 10-year contract for design and construction of the vessels. By Christen McCurdy Dec. 3 (UPI) -- General Dynamics Electric Boat Corp. has been awarded a $22.2 billion contract modification to build nine Virginia-class submarines for the U.S. Navy. The deal covers the nine vessels of Block 5, eight of which contain the Virginia Payload Module, to be designed and built over the next decade, the Department of Defense announced on Monday. The contract also includes an option for spare materials and an additional submarine to include the VPM, which, if exercised, would push the total value of the deal over $24 billion. Virginia-class submarines are built to conduct anti-submarine warfare, anti-surface-ship warfare, strike warfare and special operations support as well as intelligence, surveillance and reconnaissance. To date, the Navy has 18 Virginia-class submarines, with James Geurts, assistant secretary of the Navy for research, development and acquisition, calling the VPM and other Block 5 design changes "a generational leap in submarine capability for the Navy." "This team developed a Block V multi-year contract which provides significant increases in lethality and performance for the fleet to support the National Defense Strategy while also ensuring we are maximizing the use of taxpayer dollars," Geurts said in a press release. "The multi-year contract also provides the stability needed in this critical industrial base to ensure we can continue to maintain our competitive advantage in undersea warfare while also providing a solid foundation for the Columbia program to build upon." This contract continues a teaming arrangement between Gorton, Conn.-based GDEB and Huntington Ingalls in Newport News. Under the modification, Block V submarines will incorporate improved acoustic design changes and increase Tomahawk strike capacity from 12 to 40 missiles per boat. "Our submarine force is fundamental to the power and reach of our integrated naval force," said acting Secretary of the Navy Thomas B. Modly. "Today's announcement affirms our commitment to the future strength of our nation, undersea and around the world." The first Block 5 Virginia-class submarine is expected for delivery to the Navy in fiscal year 202 https://www.upi.com/Defense-News/2019/12/03/Navy-awards-222B-contract-for-nine-Virginia-class-submarines/3281575400735/

  • The largest cyber exercise you’ve never heard of

    25 février 2020 | International, Aérospatial, C4ISR, Sécurité

    The largest cyber exercise you’ve never heard of

    For years, the first time the Department of Defense's cyber forces faced high-end digital attacks was not in practice or in a classroom, but in actual operations. For the cyber teams that focused on offense, a playbook developed from years of National Security Agency operations guided their work. But on the defensive side, standards and processes needed to be created from scratch meaning, in part, there was a lack of uniformity and little tradecraft to follow. Because cyber leaders had focused on staffing, training opportunities for defensive cyber operators had been sparse. To help solve that problem, the Department of Defense is expected to award a contract worth roughly $1 billion later this year for a global cyber training environment. But in the meantime, some units across the joint force have gone so far as to create their own small-scale training events and exercises to keep their forces' skill sets sharp. Perhaps the best example of these efforts are the 567th Cyberspace Operations Group's “Hunt Event,” which has quickly grown to become one of the largest cyber exercises across the department. The bi-monthly exercise pits teams against each other in a competition for the coveted Goblet of Cyber trophy and bragging rights. The group aims to better train defensive hunters, improve defensive tactics, techniques and procedures and develop defensive tradecraft. “The point of this was that we didn't really have a good range space to play on that had an active and live adversary so we could, in theory, replay traffic and we could go in and generate some easy kill, low hanging fruit signatures for detection,” Capt. Reid Hottel, training flight commander at the 837th Cyber Operations Squadron, told Fifth Domain. “If we are supposed to be the primary counter to advanced persistent threats, the way that we were training was not like how we were fighting.” The exercises started roughly a year ago to teach operators how to hunt on networks. It's now evolved to where participants also work on leadership skills and build custom exploits on a large range with multiple stakeholders. In addition to the Air Force CPTs — the defensive cyber teams each service provides to U.S. Cyber Command — members from the Air Force Office of Special Investigations and Mission Defense Teams, specialized defensive cyber teams that will protect critical Air Force missions and local installations, also take part. At the most recent exercise in January, a representative from NASA participated. Now, the exercises have become so popular Hottel said other services are interested in participating in the future. This includes a Marine Corps CPT at Scott Air Force Base. Building better leaders and hunters To be the best, cyber leaders recognized their teams would have to beat the best and that meant training against the world's most advanced cyber threats. Some other forms of training — such as the popular capture the flag game, which involve teams trying to find “flags” such as files or scripts inside a network — are not always the most realistic form of training. “When we were fighting, we're up against advanced adversaries. We're up against adversaries that are using tactics, techniques and procedures that are just above and beyond what simple little [scripts] ... we were using in the past,” Hottel said. “This hunt exercise allows us to do that, whereas in the past, particularly in other flag exercises, we are not training at the APT level. We [were] training at the script kiddie kind of level and here we're training at a much higher difficulty, which stretches and grows our operators into being true hunters.” He added that the exercises are also helping develop tradecraft. “That's one thing that nobody really teaches, there's no commercial course that you can go buy that teaches tradecraft, that teaches the military away, that teaches the way that we use to find the APT, which in theory, should be ever evolving because our adversary is as well,” Hottel said. “These exercises have been really eye-opening to provide tradecraft development, to become hunters, to understand what it means to be a cyber protection team.” The exercise has evolved to include custom exploits, custom root kits, custom attacks and zero-day exploits within a real-world mission where in some cases hunters don't have any indictors of compromise that exist in the public domain. This means that there is no public reporting available on the exploits or tactics the adversary is using. Participants can hone their skills, by actively hunting on a network in order to find anomalies that could lead to trouble. “As hunters,” he said, “we don't necessarily have singular methodology, we don't necessarily have a unique way that we can go about finding advanced threats mostly because we haven't really been training like that.” The training is also helpful for new mission defense teams, which are just being officially resourced within the Air Force around local installations. By having those teams sit next to CPTs, who are using generally the same tools, they can learn about tradecraft and what to look for at the local level. During the most recent exercise, officials said it was the first time they intentionally tried to trip up participants. Organizers created fake attack chains to see how the players scoped an investigation into a network and deducted points for the amount of time they wasted following that lead. This technique helps teach teams how to scope investigations without going down “rabbit holes,” and not adequately planning, Lt. Christopher Trusnik, chief of training at the 835th Cyberspace Operations Squadron, told Fifth Domain. Beyond the technical hunting, this approach helped team leader to flex leadership muscles. “It was more of teaching that leadership technique of you plan for this, how do you investigate quickly and how do you triage your investigation,” Trusnik, whose unit ran the January exercise, said. Hottel explained that following this most recent event, teams focused on leadership and organization. At one point, someone on his team previously had been coached on what they needed to include such as specific indictors that might be valuable to their mission partners to understand. At this exercise, they included those indicators. In another instance, one team member who had never run a hunt mission struggled at first. Hottel stepped in and with just a little guidance, the leader became more disciplined and was able to find things much better in the last three days. Benefits of cyberspace in training Training in cyberspace has benefits that other domains don't offer. For one, forces don't need a dedicated battlespace such as the Army's National Training Center or the range used at Nellis Air Force Base for the Air Force's Red Flag. With cyber, a custom range can be built and forces from all across the world can come in and participate. The range used for the hunt exercises stays up weeks after the formal event so individuals or teams can try their hand, though they obviously won't be eligible for the Goblet of Cyber trophy. All of this could change with the Persistent Cyber Training Environment (PCTE). PCTE is a major program being run by the Army on behalf of Cyber Command and the joint force to provide a web-based cyber training environment where cyber warriors can remotely plug in around the world and conduct individual training, collective team training or even mission rehearsal — all of which does not exist on a large scale currently. Hottel said that his forces haven't been limited thus far without PCTE. Though, once the platform is online, they can upload the range they used for a competition and it can be accessed by anyone across the joint cyber mission force. Testing new concepts But in the meantime, smaller, unit level exercises like those run by the 567th allow forces to test concepts and learn from others. Unlike larger exercises that have requirements and stated objectives, smaller exercises can serve as a proving ground for staying sharp and pushing the envelope. This allows local units more control over what their personnel do but can also allow teams to test new concepts in a relatively risk-free environment. “Let's say that a national [cyber protection] team wants to test out ... whatever they're currently using because they feel like it would provide them an advantage so they want to test out something,” Hottel said. “We can throw that on the range as well and they can utilize an entirely defensive tool set. We're not trying to make people tool experts, we're trying to make them tradecraft, defensive hunters.” Hottel also said that personnel playing on the archived range can bring new ideas, which can then be tested during the next exercise. In some cases, they may come up with an idea on their own and bring it to the next exercise to see if it actually works. Ultimately, the event is designed to create better cyber warriors. “We're not trying to make people tool experts, we're trying to make them tradecraft, defensive hunters,” Hottel said. https://www.fifthdomain.com/dod/air-force/2020/02/21/the-largest-cyber-exercise-youve-never-heard-of/

  • DARPA wants an AI system that can basically make sense of everything

    24 août 2018 | International, C4ISR

    DARPA wants an AI system that can basically make sense of everything

    By: Daniel Cebul Defense Advanced Research Project Agency is looking for an artificial intelligence and machine-learning model that can help scientists and researchers push their work to new limits. The Automating Scientific Knowledge Extraction (ASKE) program, announced Aug. 17, is the first contract opportunity DARPA has released as part of its new AI exploration program. The goal is to establish the feasibility of new AI concepts and do it fast ― within 18 months of award ― to help DARPA outpace global AI science and technology discovery efforts. Specifically, the ASKE opportunity is looking to develop an AI system that can rapidly aggregate scientific data over a number of complex systems (physical, biological, social) and identify new data and information resources automatically. Science depends on equations and complex computations of large data sets. The proposed AI system would be able to interpret and expose scientific knowledge and underlying assumptions in existing computational models to extract useful information, like causal relationships, correlations and parameters. This information would then be integrated into a machine-curated model that generates more robust hypotheses. To ensure the system is working with the full-breadth of scientific information available, DARPA is interested in a system that automatically verifies published scientific results and can monitor “fragile economic, political, social and environmental systems undergoing complex events,” in real-time. For such a system to be viable, DARPA believes advanced AI techniques such as “natural language processing, knowledge-based reasoning, machine learning, and/or human-machine collaboration” are needed. Although rapid and real-time aggregation of data from a variety digital sources may have military applications, for now DARPA maintains its “overriding interest is in innovative approaches to extracting knowledge from scientific models.” The winner will be awarded a contract worth as much as $1 million for a prototype. Proposals are due Sept. 17. https://www.c4isrnet.com/it-networks/2018/08/23/darpa-wants-an-ai-system-that-can-basically-make-sense-of-everything

Toutes les nouvelles