Thales faces Anglo-French investigation over suspected bribery

Sur le même sujet

• 

  7 décembre 2018 | International, C4ISR

  Germany Develops Offensive Cyber Capabilities Without A Coherent Strategy of What to Do With Them

  BY MATTHIAS SCHULZE Germany has traditionally prioritized defense over offense in cyberspace. That's now beginning to change. There is a reoccurring debate in German national security and foreign policy whether Germany suffers from “Strategieunfähigkeit”—an inability to develop and implement strategy. The historic trauma of two lost World Wars created a pacifist culture that always struggled with formulating national security interests and defining strategy. The so-called “culture of reluctance” regarding the use of hard power has bled into Berlin's thinking about cyber issues, especially as it rushes to develop capabilities without an overarching strategy on how to use them. Until recently, Germany has prioritized defense over offense in cyberspace. The Federal Office for Information Security (BSI), Germany's cybersecurity agency, has a strictly non-military defensive mandate and is a vigilant advocate of strong encryption and full disclosure of zero-day vulnerabilities to vendors. Germany's foreign intelligence agency (BND) has historically had a relatively small cyber espionage budget. Germany's defensive posture began to shift in 2015, after the internal network of the German Bundestag was successfully compromised by Russian state-backed operators. That led the country to revise its cybersecurity strategy, issuing a more offensive-minded document in 2016. It called for the development of cyber teams in the intelligence agencies. It also might have been a contributing factor to the creation of a specialized agency, called the Central Office for Information Technology in the Security Sphere (ZITiS), to develop innovative techniques to break into encrypted devices, develop exploits and malware for real time interception and accessing data at rest, as well as identify or purchase zero-days to support offensive capabilities. As Germany rolled out its 2016 strategy, the German military (Bundeswehr) centralized its cyber capacity by consolidating around 14,000 soldiers and IT personnel into a unified cyber command (CIR), loosely modelled on U.S. Cyber Command. CIRwants to achieve full operational capacity by the early 2020s and plans to perform strategic and tactical cyber operations against enemy assets. Usage scenarios include disrupting enemy military assets, battlefield support and reconnaissance on adversary IT assets. Full article: https://www.defenseone.com/ideas/2018/12/germany-develops-offensive-cyber-capabilities-without-coherent-strategy-what-do-them/153227

• 

  18 juillet 2023 | International, Autre défense

  UK’s updated defense plan seeks force changes based on Ukraine war

  “We have learned that staying ahead of the threat and gaining strategic advantage can be achieved through novel and creative means."

• 

  6 mai 2019 | International, Aérospatial, Naval, Terrestre, C4ISR, Sécurité, Autre défense

  DARPA: Expediting Software Certification for Military Systems, Platforms

  Military systems are increasingly using software to support functionality, new capabilities, and beyond. Before a new piece of software can be deployed within a system however, its functional safety and compliance with certain standards must be verified and ultimately receive certification. As the rapid rate of software usage continues to grow, it is becoming exceedingly difficult to assure that all software considered for military use is coded correctly and then tested, verified, and documented appropriately. “Software requires a certain level of certification – or approval that it will work as intended with minimal risks – before receiving approval for use within military systems and platforms,” said Dr. Ray Richards, a program manager in DARPA's Information Innovation Office (I2O). “However, the effort required to certify software is an impediment to expeditiously developing and fielding new capabilities within the defense community.” Today, the software certification process is largely manual and relies on human evaluators combing through piles of documentation, or assurance evidence, to determine whether the software meets certain certification criteria. The process is time consuming, costly, and can result in superficial or incomplete evaluations as reviewers bring their own sets of expertise, experiences, and biases to the process. A lack of a principled means of decomposing evaluations makes it difficult to create a balanced and trustworthy process that applies equally to all software. Further, each subsystem and component must be evaluated independently and re-evaluated before it can be used in a new system. “Just because a subsystem is certified for one system or platform does not mean it is unilaterally certified for all,” noted Richards. This creates additional time delays and review cycles. To help accelerate and scale the software certification process, DARPA developed the Automated Rapid Certification Of Software (ARCOS) program. The goal of ARCOS is to create tools and a process that would allow for the automated assessment of software evidence and provide justification for a software's level of assurance that is understandable. Taking advantage of recent advances in model-based design technology, “Big Code” analytics, mathematically rigorous analysis and verification, as well as assurance case languages, ARCOS seeks to develop a capability to automatically evaluate software assurance evidence to enable certifiers to rapidly determine that system risk is acceptable. “This approach to reengineering the software certification process is well timed as it aligns with the DoD Digital Engineering Strategy, which details how the department is looking to move away from document-based engineering processes and towards design models that are to be the authoritative source of truth for systems,” said Richards. To create this automated capability, ARCOS will explore techniques for automating the evidence generation process for new and legacy software; create a means of curating evidence while maintaining its provenance; and develop technologies for the automated construction of assurance cases, as well as technologies that can validate and assess the confidence of an assurance case argument. The evidence generation, curation, and assessment technologies will form the ARCOS tools and processes, working collectively to provide a scalable means of accelerating the pathway to certification. Throughout the program's expected three phases, evaluations and assessments will occur to gauge how the research is progressing. ARCOS researchers will tackle progressively more challenging sets of software systems and associated artifacts. The envisioned evaluation progression will move from a single software module to a set of interacting modules and finally to a realistic military software system. Interested proposers will have an opportunity to learn more during a Proposers Day on May 14, 2019, from 8:30AM to 3:30PM (EST) at the DARPA Conference Center, located at 675 N. Randolph Street, Arlington, Virginia, 22203. The purpose of the Proposers Day is to outline the ARCOS technical goals and challenges, and to promote an understanding of the BAA proposal requirements. For details about the event, including registration requirements, please visit: https://www.fbo.gov/index?s=opportunity&mode=form&id=6a8f03472cf43a3558456b807877f248&tab=core&_cview=0 Additional information will be available in the forthcoming Broad Agency Announcement, which will be posted to www.fbo.gov. https://www.darpa.mil/news-events/2019-05-03