18 mars 2020 | International, C4ISR, Sécurité

The Pentagon is handling cyber vulnerabilities inconsistently

Mark Pomerleau

The Department of Defense has not consistently mitigated cyber vulnerabilities identified in a 2012 report, according to the department's inspector general.

The DoD IG issued a follow-on report to its 2012 report, issued March 13 and made public March 17, that determined cyber red teams didn't report the results of assessments to organizations and components didn't effectively correct or mitigate the identified vulnerabilities.

The new report discovered that components didn't consistently mitigate or include unmitigated vulnerabilities identified in the prior audit and during this audit by red teams during combatant command exercises, operational testing assessments and agency-specific assessments in plans of action and milestones.

“Ensuring DoD Components mitigate vulnerabilities is essential to achieve a better return on investment,” the report stated. “In addition, we determined that the DoD did not establish a unified approach to support and prioritize DoD Cyber Red Team missions. Instead, the DoD Components implemented Component-specific approaches to staff, train and develop tools for DoD Cyber Red Teams, and prioritize DoD Cyber Red Team missions.”

The report found that DoD didn't establish a unified approach because it didn't assign an organization with responsibility to oversee and synchronize red team activity based on priorities, it didn't assess the resources needed for each red team and identify requirements to train them to meet priorities and it didn't develop baseline tools to perform assessments.

“Without an enterprisewide solution to staff, train and develop tools for DoD Cyber Red Teams and prioritize their missions, DoD Cyber Red Teams have not met current mission requests and will not meet future requests because of the increased demands for DoD Cyber Red Team services,” the report said. “Until the DoD assigns an organization to assess DoD Cyber Red Team resources, it will be unable to determine the number of DoD Cyber Red Teams and staffing of each team to support mission needs, which will impact the Do D's ability to identify vulnerabilities and take corrective actions that limit malicious actors from compromising DoD operations.”

The DoD IG issued seven recommendations the secretary of defense assign an organization responsibility for. They include:

  • Review and assess red team reports for systemic vulnerabilities and coordinate the development and implementation of enterprise solutions to mitigate them;
  • Ensure components develop and implement a risk-based process to assess the impact of identified vulnerabilities and prioritize funding for corrective actions for high-risk vulnerabilities;
  • Ensure components develop and implement processes for providing reports with red team findings and recommendations to organizations with responsibility for corrective actions;
  • Develop processes and procedures to oversee red team activities, including synchronizing and prioritizing red team missions, to ensure activities align with priorities;
  • Perform a joint DoD-wide mission-impact analysis to determine the number of red teams, minimum staffing levels of each team, the composition of the staffing levels needed to meet current and future mission requests;
  • Assess and identify a baseline of core and specialized training standards, based on the three red team roles that team staff must meet for the team to be certified and accredited; and
  • Identify and develop baseline tools needed by red teams to perform missions.

https://www.fifthdomain.com/dod/2020/03/17/the-pentagon-is-handling-cyber-vulnerabilities-inconsistently/

Sur le même sujet

  • Contract Awards by US Department of Defense - February 11, 2021

    12 février 2021 | International, Aérospatial, Naval, Terrestre, C4ISR, Sécurité

    Contract Awards by US Department of Defense - February 11, 2021

    ARMY Archer Western Federal JV, Chicago, Illinois, was awarded a $205,442,643 firm-fixed-price contract for construction of a new 916-car parking structure and of a new spinal cord injury/community living center. Bids were solicited via the internet with two received. Work will be performed in San Diego, California, with an estimated completion date of March 11, 2024. Fiscal 2021 civil construction funds in the amount of $205,442,643 were obligated at the time of the award. U.S. Army Corps of Engineers, Los Angeles, California, is the contracting activity (W912PL-21-C-0004). Westech International Inc,* Albuquerque, New Mexico, was awarded a $58,805,487 cost-plus-fixed-fee contract for data collection, data management, logistical support for operational test events and field test support. Bids were solicited via the internet with eight received. Work locations and funding will be determined with each order, with an estimated completion date of March 31, 2026. U.S. Army 418th Contracting Support Brigade, Fort Hood, Texas, is the contracting activity (W91151-21-D-0003). Fugro USA Land Inc., Houston, Texas (W912HY-21-D-0001); Professional Service Industries Inc., Arlington Heights, Illinois (W912HY-21-D-0002); Eustis Engineering LLC,* Metairie, Louisiana (W912HY-21-D-0003); and QRI-Tetra Tech JV,* Baton Rouge, Louisiana (W912HY-21-D-0004), will compete for each order of the $20,000,000 firm-fixed-price contract for geotechnical field exploration and laboratory testing. Bids were solicited via the internet with 11 received. Work locations and funding will be determined with each order, with an estimated completion date of Feb. 8, 2026. U.S. Army Corps of Engineers, Galveston, Texas, is the contracting activity. S&E Services Inc.,* Edison, New Jersey, was awarded an $11,549,400 firm-fixed-price contract for revitalizing 12 buildings at Camp Buckner. Bids were solicited via the internet with 15 received. Work will be performed in West Point, New York, with an estimated completion date of March 31, 2022. Fiscal 2021 operation and maintenance (Army) funds in the amount of $11,549,400 were obligated at the time of the award. U.S. Army Corps of Engineers, New York, New York, is the contracting activity (W912DS-21-C-0003). Syblon Reid, Folsom, California, was awarded a $7,621,699 firm-fixed-price contract for the replacement of Pumping Plant 4 and other construction for the Natomas Reach D levee project. Bids were solicited via the internet with four received. Work will be performed in Sacramento, California, with an estimated completion date of Feb. 24, 2022. Fiscal 2020 non-federal funds; and 2020 civil construction funds in the amount of $7,621,699 were obligated at the time of the award. U.S. Army Corps of Engineers, Sacramento, California, is the contracting activity (W91238-21-C-0012). NAVY International Flooring and Protective Coatings Inc.,* Norfolk, Virginia (N50054-21-D-2101); Main Industries Inc.,* Hampton, Virginia (N50054-21-D-2102); Surface Technologies Corp.,* Atlantic Beach, Florida (N50054-21-D-2103); and UHP Projects Inc.,* Newport News, Virginia (N50054-21-D-2104), are awarded a combined $41,425,862 firm-fixed-price, indefinite-delivery/indefinite-quantity multiple award contract to furnish management, administrative and production services, materials, tools, equipment and required support to accomplish removal of old deck covering and underlayment (including rubber base if present), abrasive blast, ultra-high pressure water jet and power tool clean decks; and prepare surfaces, apply primer coatings and install new non-skid deck covering onboard Navy or other military type vessels. International Flooring and Protective Coatings Inc. is being awarded a $10,887,224 estimate and if all options are exercised, the total value will be $58,889,922. Main Industries Inc. is being awarded a $9,616,068 estimate and if all options are exercised, the total value will be $50,102,014. Surface Technologies Corp. is being awarded a $9,410,280 estimate and if all options are exercised, the total value will be $47,110,600. UHP Projects Inc. is being awarded an $11,512,290 estimate and if all options are exercised, the total value will be $65,057,475. Work will be accomplished onboard Navy vessels located primarily within a 50-mile radius of Norfolk, Virginia, and is expected to be completed in February 2022, and February 2026 if all options are exercised. The maximum dollar value for all four contracts is $65,057,475. Fiscal 2021 operation and maintenance (Navy) funding in the amount of $10,000 ($2,500 per awardee) will be obligated at the time of award and will expire at the end of the current fiscal year. The requirement was competitively procured as a small business set-aside solicited through the beta.SAM.gov website with five offers received. The Mid-Atlantic Regional Maintenance Center, Norfolk, Virginia, is the contracting activity. Huntington Ingalls Industries' Newport News Shipbuilding division, Newport News, Virginia, is awarded a $13,435,247 cost-plus-fixed-fee contract for engineering and technical design effort to support research and development concept formulation for current and future submarine platforms. This contract procures advanced submarine research and development (R&D) including studies to support assessments, development, design studies and tests; provide on-site engineering, logistics and technical services; and integrate/incorporate technologies for land-based or at-sea tests/demonstrations. Development and design of advanced submarine R&D technologies include integration/incorporation of developing technologies as well as advanced development models into the designated R&D test platform(s) and current and future submarine platforms. This contract includes options which, if exercised, would bring the cumulative value of this contract to $117,332,071. Work will be performed in Newport News, Virginia, and is expected to be completed by September 2021. If all options are exercised, work will continue through September 2025. Fiscal 2021 research, development, test and evaluation (Navy) funding in the amount of $250,000 will be obligated at time of award and will not expire at the end of the current fiscal year. Fiscal 2020 research, development, test and evaluation (Navy) funding in the amount of $35,000 will be obligated at time of award and will expire at the end of the current fiscal year. This contract was not competitively procured and is a sole-source award pursuant to 10 U.S. Code 2304(c)(3) – Industrial Mobilization. The Naval Sea Systems Command, Washington, D.C., is the contracting activity (N00024-21-C-2104). AIR FORCE Titan Facility Services LLC, Gilbert, Arizona, has been awarded a $10,378,274 modification (P00029) to contract FA8052-18-C-000913 for healthcare aseptic management services to exercise Option Period Two. This contract provides for medical aseptic housekeeping, waste management and linen management. These services constitute the enterprise-level healthcare aseptic management services requirement for the Air Force Medical Service. Work will be performed at Little Rock Air Force Base, Arkansas; Barksdale AFB, Louisiana; Keesler AFB, Mississippi; Eglin AFB, Florida; Hurlburt Field AFB, Florida; MacDill AFB, Florida; Tyndall AFB, Florida; Patrick AFB, Florida; Charleston AFB, South Carolina; Shaw AFB, South Carolina; Moody AFB, Georgia; Robins AFB, Georgia; Columbus AFB, Mississippi; Altus AFB, Oklahoma; Tinker AFB, Oklahoma; and Vance AFB, Oklahoma, and is expected to be completed Feb. 13, 2022. Fiscal 2021 operation and maintenance funds in the full amount are being obligated at time of award. The total cumulative value of this contract including, Option Two, is $32,348,517. The 773rd Enterprise Sourcing Squadron, Joint Base San Antonio, Texas, is the contracting activity. Main Building Maintenance Inc., San Antonio, Texas, has been awarded a $10,355,594 modification (P00030) for healthcare aseptic management services to exercise Option Period Two. This contract provides for medical aseptic housekeeping, waste management and linen management. These services constitute the enterprise-level healthcare aseptic management services requirement for the Air Force Medical Service. Work will be performed at the Air Force Academy, Colorado; Buckley Air Force Base, Colorado; Peterson AFB, Colorado; Schriever AFB, Colorado; Beale AFB, California; Eielson AFB, Alaska; Elmendorf AFB, Alaska; Fairchild AFB, Washington; Ellsworth AFB, South Dakota; FE Warren AFB, Wyoming; Hill AFB, Utah; Malmstrom AFB, Montana; McConnell AFB, Kansas; Mountain Home AFB, Idaho; Nellis/Creech AFB, Nevada; and Offutt AFB, Nebraska, and is expected to be completed Feb. 13, 2022. Fiscal 2021 operation and maintenance funds in the full amount are being obligated at time of award. The total cumulative value of this contract, including Option Two, is $32,350,692. The 773rd Enterprise Sourcing Squadron, Joint Base San Antonio, Texas, is the contracting activity (FA8052-18-C-0006). TFOM HHS Group JV, Austin, Texas, has been awarded a $9,865,349 modification (P00021) to contract FA8052-19-C-A002 for healthcare aseptic management services to exercise Option Period Two. This contract provides for medical aseptic housekeeping, waste management and linen management. These services constitute the enterprise-level healthcare aseptic management services requirement for the Air Force Medical Service. Work will be performed at Cannon Air Force Base, New Mexico; Davis-Monthan AFB, Arizona; Dyess AFB, Texas; Edwards AFB, California; Goodfellow AFB, Texas; Holloman AFB, New Mexico; Kirtland AFB, New Mexico; Joint Base San Antonio (JBSA)-Lackland, Texas; Laughlin AFB, Texas; Los Angeles AFB, California; Luke AFB, Arizona; JBSA, Texas; Sheppard AFB, Texas; and Vandenberg AFB, California, and is expected to be completed Feb. 13, 2022. Fiscal 2021 operation and maintenance funds in the full amount are being obligated at time of award. The total cumulative value of this contract, including Option Two, is $31,537,150. The 773rd Enterprise Sourcing Squadron, Joint Base San Antonio, Texas, is the contracting activity. DEFENSE ADVANCED RESEARCH PROJECTS AGENCY Raytheon Co. Missile Systems, Tucson, Arizona, was awarded an $8,377,372 cost-plus-fixed-fee completion contract for a Defense Advanced Research Projects Agency research project. Work will be performed in Tucson, Arizona (38%); Goleta, California (14%); and Cedar Rapids, Iowa (48%), with an expected completion date of October 2022. Fiscal 2020 research, development, test and evaluation funds in the amount of $454,127; and fiscal 2021 research, development, test and evaluation funds in the amount of $1,765,783, are being obligated at time of award. This contract was a limited competitive acquisition with five offers received. The Defense Advanced Research Projects Agency, Arlington, Virginia, is the contracting activity (HR0011-21-C-0036). DEFENSE LOGISTICS AGENCY UPDATE: Skymark Refuelers LLC, Kansas City, Kansas (SPE8EC-21-D-0077), has been added as an awardee to the multiple award contract for commercial trucks and trailers, issued against solicitation SPE8EC-17-R-0008, and awarded Jan. 9, 2018. *Small business https://www.defense.gov/Newsroom/Contracts/Contract/Article/2501750/source/GovDelivery/

  • Orolia to contribute timing system to missile defense radar

    15 juillet 2020 | International, Aérospatial, C4ISR

    Orolia to contribute timing system to missile defense radar

    Nathan Strout Raytheon has selected Orolia to provide a critical time and frequency system to the Lower Tier Air and Missile Defense Sensor the company is building for the U.S. Army, Orolia announced July 8. The Army awarded Raytheon $384 million in October 2019 to deliver six LTAMDS radar units. LTAMDS is expected to replace the Army's Patriot radars — a system that has been fielded since the 1980s and is also built by Raytheon — operating on the Army's Integrated Air and Missile Defense network. While approximately the same size as its predecessor, the LTAMDS has more than twice the power and will be able to detect threats coming in from a full 360 degrees. The new radars are expected to reach initial operational capacity in fiscal 2022. Raytheon has now tapped Orolia to contribute a rugged time and frequency system. In a press release, Orolia claims it was chosen due to the low size, weight and power constraints of its system and its past work with Raytheon. The company's SecureSync position, navigation and timing solution was the first time and frequency reference system approved by the Defense Information Systems Agency for network interoperability. “Ultra-precise mission timing and sync technology are fundamental building blocks for the resilient PNT systems that war fighters rely on for continuous operations in contested environments,” said Orolia Defense and Security President Hironori Sasaki. “We are proud to be a Raytheon Missiles & Defense partner on LTAMDS and other programs that utilize GPS signals for timing, frequency and network synchronization across critical military systems.” https://www.c4isrnet.com/battlefield-tech/2020/07/14/orolia-to-contribute-timing-sysstem-to-missile-defense-radar/

  • Turkey develops AI-based simulator for light fighter jet

    9 septembre 2020 | International, Aérospatial

    Turkey develops AI-based simulator for light fighter jet

    Burak Ege Bekdil ANKARA, Turkey — Turkish Aerospace Industries says it has developed Turkey's first artificial intelligence-based simulator, which will be used in the design and development phases of Hurjet, a locally designed light assault aircraft. TAI said the engineering simulator, Hurjet 270, is designed to collect feedback from test pilots to make the design of Hurjet “better, more solid and more efficient.” The simulator is also meant to detect design faults at the development stage. Company officials said the simulator will feature “human eye-level resolution.” Atilla Dogan, TAI's deputy general manager for aircraft design, told the state news agency Anadolu that Hurjet 270 will help engineers improve designing flight control algorithms and avionics software based on feedback from test pilots. The armed trainer Hurjet is a jet engine version of the turboprop Hurkus, Turkey's first indigenous basic trainer aircraft. TAI launched the Hurjet program in 2018, with a target of having the aircraft's maiden flight in 2022. The Hurjet will have a maximum speed of Mach 1.2 and can fly at a maximum altitude of 45,000 feet. The aircraft will have a maximum payload of 3,000 kilograms, including ammunition, radar and camera. Hurkus-C, the armed version of the base variant of Hurkus, features locally developed ammunition including CIRIT, TEBER, HGK and LGK. It can also use INS/GPS-guided bombs, conventional bombs, non-guided rockets and machine guns. Hurkus-C also features armored body parts, a self-protection system, a data link, laser tacking, an electro-optical and infrared pod, an external fuel tank, and advanced avionics. With a 1,500-kilogram payload that can be used through seven external hardpoints, the Hurkus-C can perform light-attack and armed reconnaissance missions. https://www.c4isrnet.com/artificial-intelligence/2020/09/08/turkey-develops-ai-based-simulator-for-light-fighter-jet/

Toutes les nouvelles