What’s changing in the cyber domain? We ask industry experts

Sur le même sujet

• 

  6 mai 2020 | International, C4ISR, Sécurité

  EXCLUSIVE: DoD CIO Makes Case For Sticking With JEDI

  No current cloud, commercial or military, lets frontline troops access both classified and unclassified data from all over the world, Dana Deasy told Breaking Defense. That makes JEDI unique – and too complex to split up among multiple contractors. By SYDNEY J. FREEDBERG JR. WASHINGTON: A lot of people – even experts – don't get what the JEDI cloud computing program is really about, Dana Deasy told me. And that, the Defense Department's Chief Information Officer admitted, is partly the Pentagon's own fault he told me during a half-hour interview. So, this morning, after Breaking Defense published the latest of several stories on JEDI's legal and political troubles and the mounting criticism of the program, Deasy agreed to an interview to explain just why he thinks the worldwide military cloud is still essential – and too complexly integrated to split chunks off to different contractors. There are three fundamental misunderstandings about JEDI that the Pentagon needs to dispel, Deasy told me: First, people think JEDI is meant to be the one cloud to rule them all. It's not. While JEDI will be the default option for “general purpose” cloud computing across the entire Department of Defense, it will not replace hundreds of existing cloud contracts across the DoD not prevent the creation of new “fit for purpose” clouds tailored to specific missions. “We definitely had created the wrong perception. People believed that we were going to take all of our clouds, get rid of them, and migrate everything over to JEDI,” Deasy told me. “That was clearly never the intent.” Second, people think JEDI is a 10-year, $10 billion contract. It's not – not necessarily. While that's the maximum value and duration of the contract, the Pentagon has the option to terminate it after two years. There's another end-it-or-extend-it decision three years later, and a third three years after that. The minimum the winning contractor is guaranteed to get? Just $1 million over two years. The Defense Department's strategy to transition to cloud computing. “When I came on board, one thing I did was restructure the terms,” Deasy told me. “I've been working with clouds since clouds were first brought to the commercial industry marketplace, and about every two to three years, you see really big changes. I'm talking about significant enough changes where you just want to step back and look at the marketplace. That's why we changed the terms of the contract.” Third, people think JEDI is just another cloud. It's not. While existing military and even civilian clouds can do some of what JEDI is meant to do, none of them can do all of it. None of them can pull unclassified, secret, and top secret data, from the Pentagon, bases around the world, and forward outposts, and put it all together in a way that even troops in combat can access. “Go out to the tactical edge, sit down with the warfighter, and look at how we push information out to someone who's literally outside of the village on the side of a mountain,” Deasy told me. “I spent some time in Afghanistan last year, and you look at what it takes for them to prepare for a mission, to execute a mission. They are pulling data from a variety of sources, some unclassified, some classified.” But doing that today is damnably hard. It takes a lot of awkward workarounds to bridge the gaps between different and frequently incompatible networks, and you can't bring the kludged-together solution with you into combat. That's why one of JEDI's first priorities is building backpack-sized mini-servers. “To actually combine that data and physically get the information out to the warfighter in a form factor that they could use when they're out in the field, it just doesn't exist today. And no — you cannot pull that off the shelf,” Deasy said. “That is a unique capability that we have to build.” “We have to find a partner to help us do that, and that is what we've been looking to do with JEDI,” he told me. He really means a partner, one contractor, not many, because the task of building this highly complex, tightly integrated system is not something you can split up, the way you would an order for bulk commodities like potatoes, jet fuel, or even online storage. Why not? Let's let Deasy explain it in his own words (edited for clarity and brevity). Q: There's been a lot of excitement over JEDI since the program began in 2018, and a lot of frustration over the delays. How would you respond to the critics who say it's time to give up, or even that it was the wrong approach all along? A: At the time I joined [the Defense Department], which was actually two years ago this week, the first thing that Deputy Shanahan turned over to me was JEDI. The first thing he asked me to do was to go back and take a hard look at was, was this the right thing we were doing for the Department of Defense, were we going about it the right way. Was it the right thing? Yes. Were we going about the right way? Well, I'd say, mixed results. [Now] there's this whole conversation: “Should the DoD give up? Should the DoD start over? Should the DoD go and do something else?” I've spent a lot of time contemplating a bunch of different scenarios, and no matter what scenario I look at, you still have to solve the problem for the warfighter. We need to take data all the way out to the tactical edge, across multiple classification levels. And even if I wanted to stop JEDI today, there is no solution that is available already inside the Department of Defense to do that. I'd have to turn right around, go back out to the market, start an RFP once again to solve for that particular problem. This is why we stay the course. We're not staying the course because we're just being defiant or stubborn. We're staying the course because it's the shortest way to get from point A to point B, because if we don't stay this course, we will still have to go back and solve this particular warfighting need. And that is why I believe staying with JEDI and moving forward is the right solution. It's very easy for critics to say, “hey, there's a bunch of clouds already inside of the Department of Defense, why don't you just go use one of those?” Or “why don't you just split this up and give this to a bunch of different suppliers?” Yes, of course, JEDI can do commodity cloud capabilities, and so do a lot of our other clouds across the Department of Defense. The whole world of commodity cloud has gotten better and better. But it doesn't solve for our classification levels. It doesn't solve for the tactical edge today. If you look at the heart of that RFP [the 2018 Request For Proposals] and you really sort through all the requirements, what makes JEDI still unique today, that cannot be satisfied by other cloud environments, is the fact that it was solving for both OCONUS [Outside the Continental United States] and CONUS; it's moving data across multiple classification levels; and it was looking to create a commercial solution that would give us far better terms, conditions, and pricing than we'd ever seen inside the Department of Defense. When we looked across the landscape of all the cloud environments we had, there was not a single cloud environment that we had that could do all those things, nor was there one being contemplated inside the Department of Defense. We've got the Army that is now looking to consolidate their clouds, we have the Air Force has their cloudOne platform, Navy has stood up a special purpose cloud with their SAP HANA to consolidate their various SAP environments. All of those things fit exactly what we were trying to achieve in the cloud strategy document at the end of 2018. However, if you look at all those cloud environments and other ones that are stood up across Department of Defense, none of those, still, can do CONUS and OCONUS, none of them is solving for the tactical edge, and none of them is solving for multiple classification levels. [Before the stop-work order], we had dozens of projects across combatant commands and the services wanting to be the first to standup in the new JEDI cloud, because of two fundamental things: It offered capabilities that their clouds didn't offer and it offered it at a way better price. At the end of the day, the most competitive way of looking at market forces is, where are the services going to? And they were clearly going towards JEDI because of what it offered in terms of technology and what it offered in terms of price. One of the criteria that we really wanted out of JEDI was to get to the best commercial terms and conditions. And I can tell you after we were done with that award, we clearly in that award had better terms, better pricing than we had in any cloud across the Department. Q: But you took a long time assessing which competitors could meet your technical requirements, finally choosing Microsoft. Given the delays, and given how fast IT changes, is that assessment now obsolete? A: We did not take this final decision on the selection of our vendor until towards the back half of last year. Yes, we started this in 2018, but the offerings that we were looking at were being updated and refreshed throughout the entire RFP process until the point that they submitted their final submissions. Our [implementation] schedule is actually going to be in phases. First, we're going to roll out unclassified, then we're going to roll out the secret, and then we're going to roll out the top secret. And those solutions were going to be designed and built as we went through this process. One of the reasons we did that was because we did recognize that technology would change. We set it up in a way that we absolutely can stay fresh with technology as it changes, because we have these option periods [at two years, five years, and eight years] to go back and look at whoever our provider is and to decide whether or not they're staying current. If we saw that a vendor was starting to lose its competitiveness either on pricing, on speed of delivery, or on technology, you make it clear that if they were to continue down the path they're going, there's not going to be a renewal. The best evidence you get is just how are they delivering every day? Is it working, is it up and running? Do they really give you a tactical edge? Do they really give you multiple classifications? Are the warfighters benefiting from it? Q: But why is having a single contractor you can opt out of at set times better than having multiple vendors competing all the time for work orders under an Indefinite Delivery, Indefinite Quanity contract? A: It's a fair question. And if what we were providing the Department of Defense was pure commodity cloud, a platform for storing and compute and building applications in a standard way that we see industry doing it today, IDIQ would be a perfect way to go. But that's not what we're doing here. That's what gets lost in this whole conversation. This is not your typical, basic, commodity cloud offering where you can put it out to three or four vendors and let the service pick every day who they want. Let's go back to what the requirements are. We are trying to build a cloud that can handle CONUS, OCONUS, unclassified, secret, top secret, traverse the data between those environments, and create hardware solutions at forward bases and to the tactical edge. Imagine for a second that I now wanted to have three or four vendors to do that. Think of the complexity it would take to build cross domain solutions for unclassified, top secret and secret, OCONUS, CONUS, forward bases, tactical edge devices, all the way out to the guys on the side of the mountain. Especially when you think about trying to move forward with this Joint All-Domain Command & Control, where the fight of the future is going to be multiple services and combatant commands having to work together and share data. That becomes almost untenable if you set it up as an IDIQ with multiple vendors. I mean, how would you ever build that to work all the way to the tactical edge? To move data from unclassified to secret to top secret, it's extremely complicated. It's not like you go buy this off the shelf. This is a very bespoke, tailored solution that has to be built. There is an actual hardware element of this, of creating the hardened devices that need to be put into the hands of a warfighter out there on a mission and that's what we don't have today. You have to find a vendor that can help you build those hardened devices out on the tactical edge. If we're doing IDIQs and every time we have a new warfighter need, we now are going to go out for three or four vendors, we're going to put that out, they're going to come back and bid, they're going to give a solution and then we have to go back and now re-integrate that solution. That gets be very hard and very complicated and very time consuming. You have to FEDRAMP all of them, you have to test all of them, you got to run them through certification. We have to put NSA red teams onto them, we have to put US Cyber Command to oversee each of those environments. Is that in the taxpayer's best interest? Does that sound like to you the lowest cost, most efficient solution for the DoD and the warfighter? There's going to be a lot of business across the Department of Defense where IDIQs are going to be perfect and we'll have lots of cloud providers that will flourish. But JEDI is a unique environment where having a partner to help us build this out is the smartest way to go. Throughout this entire process one thing has stayed constant: You have to find a way of putting a warfighter cloud capability into the hands of our men and women out on the tactical edge every day. And I've always looked at my responsibilities as CIO is to not to satisfy the cloud industry, but to satisfy what the warfighter needs. We have a unique war-fighting need that you just can't go get off of the shelf today. https://breakingdefense.com/2020/05/exclusive-dods-cio-makes-case-for-sticking-with-jedi

• 

  27 juillet 2020 | International, Terrestre

  Should Army Compete With Industry On OMFV?

  Industry sources say the Army shouldn't enter its own in-house design team in the race to replace the M2 Bradley. Top Army officials told us why it would work. By SYDNEY J. FREEDBERG JR.on July 24, 2020 at 7:00 AM WASHINGTON: Is fourth time the charm? After three failed attempts to replace the Reagan-era M2 Bradley troop carrier with better tech for modern warfare, the Army has a bold new strategy – one that could include a government design team competing head-to-head against contractors. The draft Request For Proposals (RFP), released Friday, raised some eyebrows in industry. But in an exclusive interview with Breaking Defense, Army officials told me a government team should stimulate, not stifle, much-needed innovation and competition. “We recognize that this does generate some concerns about potential organizational conflicts of interest,” said James Schirmer, the Deputy Program Executive Officer for Ground Combat Systems. “We certainly take those seriously.” The potential government team is now developing a formal “Organizational Conflict of Interest Mitigation Plan,” creating organizational firewalls so the Army team can't influence the requirements or selection process, Schirmer told me. If that plan doesn't pass muster with Army lawyers, he said bluntly, “then we would be prohibited from awarding a contract to the government team.” “To my knowledge, there's not a direct example of something similar occurring,” Schirmer agreed. But armored combat vehicles are a uniquely military design problem with few equivalents in the commercial world. “If you look at small arms, while we do have expertise in-house, there's a commercial industry that is very, very similar to the small arms that we're procuring for the military,” Schirmer told me. “If you look at aviation, while there's obviously some very important differences with military aircraft versus civilian ones, there's an awful lot of similarities.” “On the combat vehicle side, they're aren't as many similarities,” he said. “The engines that we use in commercial trucking can't survive under armor without cooling.... Our suspension systems are not unlike some commercial construction equipment, but we drive our vehicles at much higher speeds and are generally much heavier.” Meanwhile, Army scientists and engineers have spent decades studying everything from engines to armaments, from automated targeting systems to complete concepts for new vehicles. “We've got government folks that are really experts on combat vehicles and have good ideas,” Schirmer told me. “This phase primarily is generating ideas... potentially some innovation from inside our own halls.” That said, Schirmer didn't rule out the possibility that a government team might compete in later phases of the program – not just in developing “preliminary digital designs,” the subject of the draft RFP, but potentially in building a physical prototype vehicle as well. Actual mass production, however, would definitely be up to the private sector. “The government's got the ability to build prototypes,” he said. “The challenge would be the transition from an EMD [Engineering & Manufacturing Development]-like prototype into a production asset. That's something, typically, the government has not done.” So, he said, “the government team might need some help in that phase.” A government team might need help crafting a sufficiently detailed design that a contractor could actually build a working vehicle from it. Conversely, the manufacture would have to set up their supply chain and production line without the benefit of having done a prototype beforehand. “We'd have to figure out how we do that if the government were to continue as a competitor,” Schirmer said. “But to be honest, we have not thought beyond this phase” in any detail. Remember, the Army's still seeking industry feedback on the draft RFP; it has until next year to revise and finalize it. So at this point, it's not certain that a government team will even enter the current phase of the competition, let alone win a contract to develop the preliminary digital design. “We have room to award up to five contracts,” Schirmer said. “Even if the government team is one of those, there will be four additional contracts for industry.” “There's plenty of room for industry to get in and win,” he said. “I don't think they're going to be at a disadvantage relative to ... the government team.” Industry experts and insiders weren't so sure. Skeptics Speak Out “Let's face some reality first,” said Bill Greenwalt, an acquisition veteran who's worked in both the Pentagon and Congress. “There is no way the Army can effectively mitigate conflict of interest with a government design team, and there is no way that the government team will not have an advantage, through access to information flow within the Army's chain of command not available to the private sector.” After three previous failed attempts to replace the Bradley – FCS, GCV, and the first version of OMFV – the Army rebooted the Optionally Manned Fighting Vehicle program and tried to give industry wide leeway to come up with solutions, instead of prescribing rigid requirements. But with the new mandate for a two-man crew and the proposal for a government design team, Greenwalt lamented, “just when the Army has finally asked industry to come up with a solution rather than dictate it to them, it seems they have signaled what they really want to do is dictate the solution.” “Unfortunately, for decades, the Army has [been] wanting to return to the pre-World War II arsenal system where they controlled everything but were woefully un-innovative,” Greenwalt told me. “Rather than this half measure they should just nationalize the industrial base and get it over with and then see what kind of innovation they come up with.” Two industry sources, who asked to remain anonymous, expressed similar skepticism that the Army's Combat Capabilities Development Center (CCDC) and its subordinate commands, particularly the Ground Vehicle Systems Center (GVSC), can pull this off. “I anticipate the CCDC and its conglomerate of R&D facilities will think they can compete and win,” one industry source told me. “Their design will be exquisite and probably un-manufacturable.” “The CCDC and its R&D teams are under intense pressure from Futures Command to prove their value for the voluminous funding they have received over the last 10 years,” the source continued. “Armaments Center (formerly ARDEC) has the best track record for working with industry on guns, cannons (ERCA) and ammo, but GVSC (formerly TARDEC) has an abysmal record of having any of its technology investment migrating to a fielded platform.” “I'm not in agreement with the Army on the acquisition strategy,” another industry source told me. “They think there are companies that would welcome the government business [to mass-produce a government design]. But I'm always skeptical of a build-to-print proposal when the company doing the production has little invested in the design. The government loses out on innovation and cost in the process, because there is no incentive to improve or advance the product.” Greenwalt put the skeptics' bottom line most bluntly: “Private industry should think long and hard about whether to potentially waste their valuable engineering talent and bid & proposal dollars on such a competition.” Army officials, however, argued that they've set the competition up to let industry participate at minimal risk. “They submit a proposal, and then the government is paying them for their initial design,” said Brig. Gen. Richard Ross Coffman, director of armored vehicle modernization at Army Futures Command. While the final value is still being worked out, each of the up to five contract awards for the next phase should include enough funding for industry to get through Preliminary Design Review (PDR) without having to invest additional money of their own. But what if a company feels it's not competitive without investing its own Independent Research And Development (IRAD), as General Dynamics in particular has already done over the years? “That's a question for industry, [but] that is not the intent of the program,” Coffman told me. “We're trying to reduce risk for industry.” The Army wants a wide range of competitors – definitely from industry, but perhaps in-house as well – to offer the widest possible range of ideas. OMFV could resemble a Bradley rebuilt with the best available 21st century tech, or it could look nothing like a 20th century Infantry Fighting Vehicle at all. “Industry has a choice,” Coffman said. “Industry can use a traditional IFV model... or industry can provide a different manner in which we will transport our infantrymen on the battlefield in the most dangerous places on Earth.” “I think we're going to see a lot of unique solutions to the problem,” he said. The biggest technological innovation the Army's seeking: replacing the three-man crew used in the Bradley – and almost every comparable IFV worldwide – with just two humans assisted by powerful software. Why the Army thinks that's achievable, and why some are skeptical, is the topic for Part II of this story, coming Monday. https://breakingdefense.com/2020/07/should-army-compete-with-industry-on-omfv/

• 

  22 septembre 2020 | International, Terrestre, C4ISR

  New US Army radios show anti-jam progress at network experiment

  Andrew Eversden WASHINGTON — The U.S. Army is seeing improvements in anti-jam capabilities in new radios crucial to securing manned-unmanned communications at its annual Network Modernization Experiment. At NetModX '20, which runs from late July to early October at Joint Base McGuire-Dix-Lakehurst in New Jersey, the Army's Combat Capabilities Development Command's C5ISR Center — or Command, Control, Communication, Computers, Cyber, Intelligence, Surveillance, and Reconnaissance Center — is testing the resiliency of the new radios. The effort will help the service observe how they would perform in the field as the Army looks to partner humans and machines. Initial data from the event suggests the two companies involved — Silvus and Persistent Systems — have improved their radio capabilities from last year, specifically in regard to anti-jam, according to Daniel Duvak, chief of the C5ISR Center's Radio Frequency Communications division. But one major challenge is making the radios less detectable as the Army's tactical network team starts to focus on command post survivability — or reducing the electromagnetic signature of command post communications — while not sacrificing latency and throughput. “If you want to make it less detectable, you know oftentimes you have to trade off the throughput or the range or one of those other products,” Duvak said. “So that's the piece and the real technical challenge that they're continuing to work on over the next few months. We've seen progress that they've made in those areas, but that's the piece that they're still working on.” Robert Stevens, an electronics engineer at the Radio Frequency Communications division, told C4ISRNET that the radios are an important piece of the next-generation combat vehicle. And Duvak said the Army's tactical network modernization team — made up of the Network Cross-Functional Team and Program Executive Office Command, Control, Communications-Tactical — wants to use the radios as a mid-tier radio solution. The development and fielding of new science and technology projects can take more than five years; however, the Army wants to speed that up as it seeks to modernize systems in preparation for future conflicts with near-peer adversaries. At last year's Network Modernization Experiment, the C5ISR Center tested several vendors' radios to see where commercial technology stood. Alternative contracting options, like broad agency announcements as well as cooperative research and development agreements, have proved critical to quickening radio development. Under the contracting mechanisms, vendors and the Army have more flexibility to experiment with radios and make iterative modifications as requirements change. Duvak said this is different from how the Army did business years ago, when it would award yearslong contracts but eventually receive radios that no longer met current requirements. “What we were able to do at this program was, in just about a year and a half of development time, take a couple of those products that we saw that were very promising and we were able to add and actually fund vendors to enhance those radios with those resiliency features that we were just talking about for the contested environment,” Duvak said. “Things like making them anti-jam, or more difficult for the adversary to jam, making them more difficult for the adversary to detect or intercept our communications.” Duvak said the Army wants the new radio capabilities for Capability Set '23, a collection of new tactical network tools to be fielded to soldiers in fiscal 2023. The resiliency of communications is critical as the tactical network modernization team pivots to reduce the electronic signature of the service's command post under Capability Set '23. The team is looking to increase bandwidth and reduce latency as part of that set of tools. Preliminary design review for Capability Set '23 is scheduled for April next year. https://www.c4isrnet.com/battlefield-tech/it-networks/2020/09/21/new-us-army-radios-show-anti-jam-progress-at-network-experiment/