New Attack Technique Exploits Microsoft Management Console Files

Sur le même sujet

• 

  11 juin 2020 | International, Aérospatial, Naval, Terrestre, C4ISR, Sécurité

  Defense industry’s COVID costs could tank DoD modernization plans

  By: Joe Gould WASHINGTON ― The Pentagon is facing billions of dollars in pandemic-related claims, which may force it to dip into modernization and readiness accounts if Congress doesn't backfill the money, the department's top acquisitions official said Wednesday. Testifying at the House Armed Services Committee, Undersecretary of Defense for Acquisition and Sustainment Ellen Lord reaffirmed the Pentagon's commitment to request supplemental appropriations from Congress, beyond its fiscal 2021 budget of $740 billion. It's been seven weeks since Department of Defense officials first publicly disclosed a request was coming; that request is currently sitting with the White House Office of Management and Budget. The defense industry claims are expected to be covered by Section 3610 of the coronavirus relief package, among other provisions, Lord said. To give an idea of the scope, one of the major prime contractors told the DoD it and its suppliers could claim as much as $1 billion. Under Section 3610, the Pentagon and other agencies can reimburse suppliers for expenses to keep workers employed. Under other provisions, contractors can seek reimbursement for leave and DoD-directed purchases of personal protective equipment, cleaning, and costs associated with spacing out workers in factories. “The department does not have the funding to cover these costs,” Lord said, which she later said were “in the lower end” of “double-digit billions of dollars.” Lord affirmed the Defense Department would need Congress to pass supplemental appropriations beyond its fiscal 2021 budget during an exchange with HASC ranking member Mac Thornberry, R-Texas. “Otherwise these contractors are going to have to eat several billion dollars, which could well come at their employees' expense, which this was supposed to help to begin with,” Thornberry noted. “There's a choice there,” Lord said. “Whether we want to eat into readiness and modernization ― and slow down modernization or readiness on an ongoing basis ― or whether we want to remedy the situation in the next six months or so ... and continue to have the ready forces we need for our national security.” Though some House Democrats have expressed reservations about the size of the Pentagon's budget request, HASC Seapower and Projection Forces Subcommittee Chairman Joe Courtney, D-Conn., expressed support, saying: "The intent of Congress needs to be followed up on with an appropriation.” Courtney called on the DoD to provide Congress the data underlying its request, when the request actually arrives on Capitol Hill, saying it would foster conversation among lawmakers. The Pentagon has rough calculations, but contractors have not yet filed claims, Lord said, because Congress has not drafted an appropriations bill. She speculated the full extent of the issues will emerge over time. “I believe they are concerned that they'll get a one-time shot and want to make sure what the entire situation is,” she said. “We believe we understand the lower end of the number.” https://www.defensenews.com/congress/2020/06/10/defense-industrys-covid-costs-could-tank-dod-modernization-plans/

• 

  18 mars 2020 | International, C4ISR, Sécurité

  The Pentagon is handling cyber vulnerabilities inconsistently

  Mark Pomerleau The Department of Defense has not consistently mitigated cyber vulnerabilities identified in a 2012 report, according to the department's inspector general. The DoD IG issued a follow-on report to its 2012 report, issued March 13 and made public March 17, that determined cyber red teams didn't report the results of assessments to organizations and components didn't effectively correct or mitigate the identified vulnerabilities. The new report discovered that components didn't consistently mitigate or include unmitigated vulnerabilities identified in the prior audit and during this audit by red teams during combatant command exercises, operational testing assessments and agency-specific assessments in plans of action and milestones. “Ensuring DoD Components mitigate vulnerabilities is essential to achieve a better return on investment,” the report stated. “In addition, we determined that the DoD did not establish a unified approach to support and prioritize DoD Cyber Red Team missions. Instead, the DoD Components implemented Component-specific approaches to staff, train and develop tools for DoD Cyber Red Teams, and prioritize DoD Cyber Red Team missions.” The report found that DoD didn't establish a unified approach because it didn't assign an organization with responsibility to oversee and synchronize red team activity based on priorities, it didn't assess the resources needed for each red team and identify requirements to train them to meet priorities and it didn't develop baseline tools to perform assessments. “Without an enterprisewide solution to staff, train and develop tools for DoD Cyber Red Teams and prioritize their missions, DoD Cyber Red Teams have not met current mission requests and will not meet future requests because of the increased demands for DoD Cyber Red Team services,” the report said. “Until the DoD assigns an organization to assess DoD Cyber Red Team resources, it will be unable to determine the number of DoD Cyber Red Teams and staffing of each team to support mission needs, which will impact the Do D's ability to identify vulnerabilities and take corrective actions that limit malicious actors from compromising DoD operations.” The DoD IG issued seven recommendations the secretary of defense assign an organization responsibility for. They include: Review and assess red team reports for systemic vulnerabilities and coordinate the development and implementation of enterprise solutions to mitigate them; Ensure components develop and implement a risk-based process to assess the impact of identified vulnerabilities and prioritize funding for corrective actions for high-risk vulnerabilities; Ensure components develop and implement processes for providing reports with red team findings and recommendations to organizations with responsibility for corrective actions; Develop processes and procedures to oversee red team activities, including synchronizing and prioritizing red team missions, to ensure activities align with priorities; Perform a joint DoD-wide mission-impact analysis to determine the number of red teams, minimum staffing levels of each team, the composition of the staffing levels needed to meet current and future mission requests; Assess and identify a baseline of core and specialized training standards, based on the three red team roles that team staff must meet for the team to be certified and accredited; and Identify and develop baseline tools needed by red teams to perform missions. https://www.fifthdomain.com/dod/2020/03/17/the-pentagon-is-handling-cyber-vulnerabilities-inconsistently/

• 

  19 septembre 2018 | International, Aérospatial

  Bombers, fighters and tankers unite: Will the Air Force rebuild composite wings to fight near-peer foes?

  By: Kyle Rempfer The Air Force has spent the past few years gearing up for a near-peer fight against adversaries with high-end air forces that match their own. While new doctrines and technologies occupy much of the planning for such a shift, another type of preparation is needed: reorganizing wings and squadrons. One possibility on the table is a return to composite wings. In the early 1990s, the Air Force organized the 366th Fighter Wing out of Mountain Home Air Force Base, Idaho, into the service's premier “air intervention” composite wing. For roughly a decade, the wing flew fighters, bombers and tankers with the goal of meeting the challenges of a post-Cold War world order — where conflict could arrive anywhere, anytime. “They were ready to pack up and go fight as a unified team,” Lt. Gen. Mark Kelly, commander of 12th Air Force, told a crowd of Air Force leaders Monday at the 2018 Air, Space and Cyber Conference in Washington, D.C. “But that was disbanded, and part of it came down to money," Kelly said. "The cost per flying hour of trying to sustain the small-fleet dynamics there didn't look great on spreadsheets.” But Kelly argues that financial assessment was faulty. The quality of the training airmen were getting was being compared to the day-to-day operations at other bases around the Air Force. In reality, it was more comparable to the day-to-day training at Red Flag — a two-week, advanced air combat training exercise still held several times a year in Nevada and Alaska. “Frankly, the training they were getting compared more to Red Flag daily ops," Kelly said. “And that would be a good problem to have and a good construct to be able to build.” The Air Force is rethinking how it constructs wings and squadrons, as well as how it deploys airmen, as it shifts to better align with the 2018 National Defense Strategy, according to Kelly. As it stands, “airmen only come together to fight at the line of scrimmage," Kelly said. For instance, before airmen arrive at a forward base to fight against insurgents in Afghanistan, they may have a unified command at the squadron level, but a unified command at the wing level is severely lacking. Additionally, airmen preparing to deploy today benefit from a surplus of “spin-up" time. They know when their unit is scheduled to deploy and have the luxury of training to meet that challenge well in advance. “That's a luxury that we cannot rely on in great power competition,” Kelly said. Organizing some aircraft and airmen into composite wings could provide the training and deployment structure necessary for fights against modern militaries, Kelly said. The composite wing concept was heavily pushed in 1991 by then Air Force Chief of Staff Gen. Merrill McPeak, according to his biography on the Defense Department's website. McPeak wanted to organize wings by their mission-set, not aircraft type. According to his “air intervention” doctrine, a wing deploying for a near-peer fight should have all the aircraft and airmen it needs to accomplish its mission with limited, or possibly no, outside support. This meant one wing could potentially operate electronic warfare aircraft for the suppression of enemy air defenses, bombers to lay waste to enemy fortifications, fighters to engage in air-to-air combat, and tankers to refuel them all. After the Sept. 11, 2001 terrorist attacks, however, the old composite squadron idea was mostly discarded. The 366th Fighter Wing was restored to fly F-16Js, and the consolidation of the Air Force's KC-135 and B-1 forces led to the reallocation of the wing's bombers and tankers to McConnell AFB, Kansas, and Ellsworth AFB, South Dakota, according to Mountain Home's website. But composite wings, and the idea of sustainable fights with more or less autonomous Air Force commanders, is back in vogue. Funding was one of the biggest challenges to composite wings back in the day, but the reasons for that unit structure are better appreciated now as concerns about China and Russia preoccupy defense planners. To fuel a restructuring, steady funding will be key, according to Kelly. He projected the Air Force's shift to great power competition will continue to be a focus of the defense budget into 2021 and 2022. But regardless of the funds Congress ultimately appropriates for the Air Force in the coming years, restructuring for a near-peer fight needs to happen, Kelly said. “This has to happen regardless of if we have the force we have today with only one more airman, or the force we need with tens of thousands more airmen," he added. https://www.airforcetimes.com/news/your-air-force/2018/09/18/bombers-fighters-and-tankers-unite-will-the-air-force-rebuild-composite-wings-to-fight-near-peer-foes