NSA’s transformation from secret agency to public cybercrime warrior

Sur le même sujet

• 

  7 octobre 2019 | International, Terrestre

  Lynx 41 disqualified from Bradley replacement competition

  By: Jen Judson WASHINGTON — The Army has disqualified Raytheon and Rheinmetall's bid for the Optionally Manned Fighting Vehicle prototype competition, Defense News has learned. The OMFV is meant to replace the service's Bradley Infantry Fighting Vehicle. The Army's plan was to take the bid samples submitted this week, evaluate them over a period of time and then choose two companies to deliver 14 prototypes each and then would pick a single winner after further evaluation. The Army's goal was to begin replacing Bradleys in 2026. The Army would not comment on the disqualification and said in a statement sent to Defense News that the solicitation for the OMFV prototyping effort closed on Oct. 1 and “we are now in the competition sensitive Source Selection Evaluation process.” The service noted in the statement that it “remains committed to rapidly execute the Optionally Manned Fighting Vehicle program,” its number two modernization priority. But multiple sources have confirmed that the bid — Rheinmetall's Lynx 41 Infantry Fighting Vehicle — was disqualified and the bid sample, the only one in existence, remains in Germany at the company's facility in Unterluss. The Army required the competitors to deliver a single bid sample — a full-up working vehicle — to Aberdeen Proving Ground, Maryland, by Oct. 1. The Lynx has left the Rheinmetall compound several times before, notably to travel to be unveiled in Paris at Eurosatory in June 2018 and again at the Association of the U.S. Army's annual conference last fall. Raytheon and the Rheinmetall announced at AUSA that they would partner on the OMFV program and submit Lynx as its offering. The disqualification of the team means that General Dynamics Land Systems' offering is the only vehicle remaining in the competition. According to sources, no other company submitted. Hanwha, a South Korean defense company, was interested in competing but chose not to participate, multiple sources claim. Industry sources have said that several companies who wanted to compete or submitted bids had asked for extensions, roughly 90 days in the case of Rheinmetall, to meet requirements. According to multiple sources, potential bidders expressed concern to the service that meeting the requirements, the timeline and a combination of the two wasn't possible. What snarled Rheinmetall, for instance, according to sources, was the timeline it needed to get approvals from the local municipal government to transport the vehicle by tractor trailer or rail and then via air. Sources said that the company had requested a four-week extension to deliver the vehicle to Aberdeen and also offered to hand over the vehicle to the Army under lock and bond in Germany by the Oct. 1 deadline and both were denied. But a larger issue, multiple sources conveyed, was the clear differences between what the Army acquisition community and what Army Futures Command wanted to do. Sources confirmed that the acquisition side of the house was willing to agree to extensions, for instance, but AFC, who is in charge of rapid requirements development and prototyping efforts ahead of programs of record, insisted the Army must adhere to the schedule. Industry also expressed concern to the Army over the roughly 100 mandatory requirements, with just six tradeable ones, expected to be met over 15 months using non-developmental vehicles. Brig. Gen. Ross Coffman, who is in charge of Next-Generation Combat Vehicle (NGCV) modernization efforts, said at the Defense News Conference in September that he was confident the requirements set for OMFV are appropriate and had no plans to change them. Presently, the OMFV competition is on hold due to a congressionally mandated continuing resolution that prevents the effort from kicking off. The Army had planned to begin the $378 million program in the first quarter after taking receipt of the bid samples at the start of the new fiscal year. As the Army enters its competition to build prototypes to replace the Bradley, Australia is running a similar effort and recently downselected to two competitors: Rheinmetall's Lynx and an offering from Hanwha. GDLS was competing but did not make the final cut. Australia laid out just five mandatory requirements for its competition. GDLS has not yet detailed its offering for OMFV but said it was “purpose built” for the U.S. Army. https://www.defensenews.com/land/2019/10/04/lynx-41-disqualified-from-bradley-replacement-competition/

• 

  29 mars 2019 | International, C4ISR, Sécurité, Autre défense

  DARPA Seeks to Make Scalable On-Chip Security Pervasive

  For the past decade, cybersecurity threats have moved from high in the software stack to progressively lower levels of the computational hierarchy, working their way towards the underlying hardware. The rise of the Internet of Things (IoT) has driven the creation of a rapidly growing number of accessible devices and a multitude of complex chip designs needed to enable them. With this rapid growth comes increased opportunity for economic and nation-state adversaries alike to shift their attention to chips that enable complex capabilities across commercial and defense applications. The consequences of a hardware cyberattack are significant as a compromise could potentially impact not millions, but billions of devices. Despite growing recognition of the issue, there are no common tools, methods, or solutions for chip-level security currently in wide use. This is largely driven by the economic hurdles and technical trade-offs often associated with secure chip design. Incorporating security into chips is a manual, expensive, and cumbersome task that requires significant time and a level of expertise that is not readily available in most chip and system companies. The inclusion of security also often requires certain trade-offs with the typical design objectives, such as size, performance, and power dissipation. Further, modern chip design methods are unforgiving – once a chip is designed, adding security after the fact or making changes to address newly discovered threats is nearly impossible. “Today, it can take six to nine months to design a modern chip, and twice as long if you want to make that same design secure,” said Serge Leef, a program manager in DARPA's Microsystems Technology Office (MTO). “While large merchant semiconductor companies are investing in in-house personnel to manually incorporate security into their high-volume silicon, mid-size chip companies, system houses, and start-ups with small design teams who create lower volume chips lack the resources and economic drivers to support the necessary investment in scalable security mechanisms, leaving a majority of today's chips largely unprotected.” To ease the burden of developing secure chips, DARPA developed the Automatic Implementation of Secure Silicon (AISS) program. AISS aims to automate the process of incorporating scalable defense mechanisms into chip designs, while allowing designers to explore economics versus security trade-offs and maximize design productivity. The objective of the program is to develop a design tool and IP ecosystem – which includes tool vendors, chip developers, IP licensers, and the open source community – that will allow security to be inexpensively incorporated into chip designs with minimal effort and expertise, ultimately making scalable on-chip security pervasive. Leef continued, “The security, design, and economic objectives of a chip can vary based on its intended application. As an example, a chip design with extreme security requirements may have to accept certain tradeoffs. Achieving the required security level may cause the chip to become larger, consume more power, or deliver slower performance. Depending on the application, some or all of these tradeoffs may be acceptable, but with today's manual processes it's hard to determine where tradeoffs can be made.” AISS seeks to create a novel, automated chip design flow that will allow the security mechanisms to scale consistently with the goals of the design. The design flow will provide a means of rapidly evaluating architectural alternatives that best address the required design and security metrics, as well as varying cost models to optimize the economics versus security tradeoff. The target AISS system – or system on chip (SoC) – will be automatically generated, integrated, and optimized to meet the objectives of the application and security intent. These systems will consist of two partitions – an application specific processor partition and a security partition implementing the on-chip security features. This approach is novel in that most systems today do not include a security partition due to its design complexity and cost of integration. By bringing greater automation to the chip design process, the burden of security inclusion can be profoundly decreased. While the threat landscape is ever evolving and expansive, AISS seeks to address four specific attack surfaces that are most relevant to digital ASICs and SoCs. These include side channel attacks, reverse engineering attacks, supply chain attacks, and malicious hardware attacks. “Strategies for resisting threats vary widely in cost, complexity, and invasiveness. As such, AISS will help designers assess which defense mechanisms are most appropriate based on the potential attack surface and the likelihood of a compromise,” said Leef. In addition to incorporating scalable defense mechanisms, AISS seeks to ensure that the IP blocks that make up the chip remain secure throughout the design process and are not compromised as they move through the ecosystem. As such, the program will also aim to move forward provenance and integrity validation techniques for preexisting design components by advancing current methods or inventing novel technical approaches. These techniques may include IP watermarking and threat detection to help validate the chip's integrity and IP provenance throughout its lifetime. AISS is part of the second phase of DARPA's Electronics Resurgence Initiative (ERI) – a five-year, upwards of $1.5 billion investment in the future of domestic, U.S. government, and defense electronics systems. Under ERI Phase II, DARPA is exploring the development of trusted electronics components, including the advancement of electronics that can enforce security and privacy protections. AISS will help address this mission through its efforts to enable scalable on-chip security. DARPA will hold a Proposers Day on April 10, 2019 at the DARPA Conference Center, located at 675 North Randolph Street, Arlington, Virginia 22203, to provide more information about AISS and answer questions from potential proposers. For details about the event, including registration requirements, please visit: https://www.fbo.gov/index?s=opportunity&mode=form&id=6770487d820ee13f33af67b0980a7d73&tab=core&_cview=0 Additional information will be available in the forthcoming Broad Agency Announcement, which will be posted to www.fbo.gov. https://www.darpa.mil/news-events/2019-03-25

• 

  11 septembre 2024 | International, Terrestre

  NATO shepherds 10 firms whose tech could help the alliance

  The companies are part of the Defense Innovation Accelerator for the North Atlantic’s inaugural cohort, which NATO announced last year.