11 juin 2024 | International, Sécurité
23 juillet 2018 | International, C4ISR
With cyber forces underequipped, DoD turns to rapid prototyping contracting
By: Mark Pomerleau
U.S. Cyber Command's main warrior cadre has been deemed ready for war and now the organization is shifting its focus to readiness and operations.
Sources have told Fifth Domain that DoD's cyber warriors lack certain skills, capabilities and even equipment. One source went so far as to say that the list of what these forces can do is short.
As a result, the military wants to quickly get these new cyber warriors the tools they need. To do this, they are turning to contracting vehicles such as other transaction authorities and the so-called IT Box construct as a way to skirt the traditional acquisition system, which is often derided as lethargic, bureaucratic and not optimized for the high tempo of the software-centric world.
These approaches allow for the government to partner with non-traditional companies for less mature technologies and prototypes meaning solutions, albeit some that are not always 100 percent mature, get to warfighters faster. This approach allows DoD to be more agile and flexible in procuring and equipping, multiple industry sources told Fifth Domain. However, one potential downside to this approach is a lack of competition for this work.
What do cyber warriors need?
As the command is growing, maturing and standing on its own, it needs training modules, infrastructure to conduct operations on and tools.
Leaders say one of the most critical needs of cyber warriors is a training platform. And industry officials add that often the first time cyber warriors face certain techniques is during a mission. This is because of a lack of a holistic and robust training environment, similar to the Army's combat training centers or the Air Force's Red Flag.
To change that the Army, on behalf of Cyber Command, is in charge of an effort called the Persistent Cyber Training Environment. The Army, using an OTA approach, is running a series of innovation challenges as a way to prototype capability. This approach would provide an interim solution to cyber warriors while at the same time reduce risk and help the larger program of record.
Another capability cyber warriors will need is an operational platform from which to house tools, launch operations and perform command and control.
Currently, the Air Force is working this program on behalf of Cyber Command. The Unified Platform, as it's called, is considered one of CYBERCOM's largest and most critical acquisition programs to date. Industry officials have said it is necessary to conduct cyber operations and is critical to national security.
The Air Force's acquisition strategy is not totally clear, with some industry sources noting that they are not taking an OTA approach to this critical capability. The service is currently using the General Services Administration's premier enterprise Alliant Government wide Acquisition Contract vehicle in which multiple contractors will be awarded and will compete against each other for individual task orders on the final program. Federal agencies traditionally use Alliant to implement new and innovative technologies.
(Potential) Drawbacks
Despite being an attractive option to rapidly equip forces, these vehicles come with some risk.
Industry officials acknowledge that OTAs were meant for prototyping, research and development and risk reduction for larger programs of record, not as a replacement for procuring large programs and platforms. While Congress has extended the use of OTAs for actual development of production, William LaPlante, senior vice president and general manager for MITRE National Security Sector, calls this “a dodgy area.”
LaPlante, who served as assistant secretary of the Air Force for acquisition,, told Fifth Domain that the OTAs can limit competition. Since these rapid prototyping vehicles enable DoD to work with non-traditional companies that don't have to bring forth fully developed solutions, they tend to favor smaller tech companies as opposed to larger defense contractors.
LaPlante said if one subscribes to the philosophy that the best product comes from a full competition, the competition part of these contracting mechanisms is not very clear.
Second, he said, going faster means the upfront homework in the way of budgeting, market research and strategy may be neglected. While this work might take a bit of time, if it's not done, he said, the risk of making mistakes increases.
Going forward, LaPlante noted that it will be important how blowback and failure is handled because “there's no question mistakes will be made."
There is also the issue of integration. With a series of disparate systems, it is unclear who will be the integrator: government or industry?
“It's a perpetual discussion of the last 20-30 years: is the government itself strong enough to assume the role of integrator? Probably not. You need some industry partner,” he said.
Sur le même sujet
-
-
19 mai 2020 | International, C4ISR, Sécurité
India ups foreign investment, but will stop importing weapons that can be made locally
Andrew Eversden Booz Allen Hamilton won a five-year, $800 million task order to provide artificial intelligence services to the Department of Defense's Joint Artificial Intelligence Center (JAIC). Under the contract award, announced by the General Services Administration and the JAIC on May 18, Booz Allen Hamilton will provide a “wide mix of technical services and products” to support the JAIC, a DoD entity dedicated to advancing the use of artificial intelligence across the department. The contracting giant will provide the JAIC with “data labeling, data management, data conditioning, AI product development, and the transition of AI products into new and existing fielded programs,” according to the GSA news release. “The delivered AI products will leverage the power of DoD data to enable a transformational shift across the Department that will give the U.S. a definitive information advantage to prepare for future warfare operations,” the release said. The contract will support the JAIC's new joint warfighting mission initiative, launched earlier this year. The initiative includes “Joint All-Domain Command and Control; autonomous ground reconnaissance and surveillance; accelerated sensor-to-shooter timelines; operations center workflows; and deliberate and dynamic targeting solutions,” said JAIC spokesperson Arlo Abrahamson told C4ISRNET in January. The joint warfighting initiative is looking for "AI solutions that help manage information so humans can make decisions safely and quickly in battle,” Abrahamson said. The award to Booz Allen Hamilton will push that effort forward, Lt. Gen. Jack Shanahan, the center's director, said in a statement. “The Joint Warfighting mission initiative will provide the Joint Force with AI-enabled solutions vital to improving operational effectiveness in all domains. This contract will be an important element as the JAIC increasingly focuses on fielding AI-enabled capabilities that meet the needs of the warfighter and decision-makers at every level," Shanahan said. DoD CIO Dana Deasy told Defense News in December that the JAIC would embark on its first lethality project in 2020, which Abrahamson said would be part of the joint warfighting initiative. According to an April blog post from the JAIC, the initiative's first RFP released in March included the ethical principles DoD adopted this year, an effort to quell concern about how the Pentagon uses artificial intelligence. The award to Booz Allen Hamilton was made by the GSA through its Alliant 2 Government-wide Acquisition Contract, a vehicle designed to provide artificial intelligence services to the federal government. The GSA and JAIC have been partners since last September, when the pair announced that they were teaming up as part of the GSA's Centers of Excellence initiative, a program meant to accelerate modernization with agencies across government. “The CoE and the JAIC continue to learn from each other and identify lessons that can be shared broadly across the federal space,” said Anil Cheriyan, director of the GSA's Technology Transformation Services office, which administers the Centers of Excellence program. “It is important to work closely with our customers to acquire the best in digital adoption to meet their needs.” https://www.c4isrnet.com/artificial-intelligence/2020/05/18/booz-allen-hamilton-wins-massive-pentagon-artificial-intelligence-contract
-
13 juillet 2020 | International, C4ISR, Sécurité
Making DoD Security Operations Centers More Effective: Security Automation
Security orchestration, automation, and response (SOAR) software frees DoD analysts to apply cognitive skills to actually fixing problems. By SPLUNKon July 10, 2020 at 6:39 PM The Defense Department's most recent National Defense Strategy (NDS) describes a complex military environment characterized by increased global disorder, a decline in the long-standing rules-based international order, myriad threats from rogue states like Iran and North Korea, great power peers like China and Russia, malicious hackers, and terrorists in places like Yemen. One of the military domains where this dynamic is most evident is cyberspace, where bad actors arguably have comparable or better cyber capabilities than us. “This increasingly complex security environment is defined by rapid technological change, challenges from adversaries in every operating domain, and the impact on current readiness from the longest continuous stretch of armed conflict in our nation's history,” the NDS states. “In this environment, there can be no complacency—we must make difficult choices and prioritize what is most important...” More cybersecurity threats mean more cyberattacks on DoD networks. Essye Miller, former principal deputy for the DoD CIO, said recently that attacks on department networks are surging and that the attack surface is expanding as adversaries target DoD employees working from home during the coronavirus pandemic. This surge in cyberattacks means that analysts working in DoD information security operations centers (SOCs) are being bombarded with security alerts. With so many events, it's hard for them to differentiate true alerts from false ones, and to determine which events are priorities to address immediately. Through no fault of their own, they end up chasing their tail when their time could be better spent on mission-critical activities that directly support warfighters. The solution for this domain is automation. While popular in commercial software segments for years—including SalesForce automation, marketing automation, human resources automation, and IT automation—DoD security teams are just beginning to realize the benefits of what's known as security orchestration, automation, and response. The Value of Security Automation “Automation is nothing new to the military. The Defense Department is making great inroads into DevSecOps, for example,” explained Drew Church, senior security advisor at Splunk, referring to an agile software development process where software is quickly developed, tested, and improved over weeks and months rather than years. “A key, fundamental concept of DevSecOps is automation. The point of automation in DevSecOps is to bring together different technologies, tools, people, and processes to develop code and get it out to the war fighter more rapidly. “Automation provides that same capability inside IT operations procedures, security operations procedures, and other business processes,” said church. “It does this in a reliable and repeatable fashion every time, and at speed and scale.” Splunk's SOAR solution is called Phantom. It helps security teams work to identify, analyze, and mitigate threats facing their organizations. It can be used to improve efficiency, shorten incident response times and reduce the growing backlog of security incidents, even when there's a shortfall of DoD security personnel to analyze the volume of daily security alerts. Phantom does so by integrating teams, processes, and tools, and by automating tasks, orchestrating workflows, and supporting a range of SOC functions to include event and case management, collaboration, and reporting. In essence, it frees SOC analysts of the usual Tier I-type activities of gathering data from the security information and event management (SIEM) platform, prioritizing these alerts, performing triage to determine if an alert is real or a false alarm, configuring and managing security monitoring tools, and generating trouble tickets. Instead, Splunk Phantom lets them spend more time on the value-added work of Tier II SOC analysts. This includes actually investigating the trouble tickets, responding to incidents, and leveraging threat intelligence to better understand the threat and be proactive rather than reactive. “Focusing on the bureaucracy of security rather than the actual doing of security limits the effectiveness of security analysts,” said Church. “Better to free them of the tasks that can be easily automated like reviewing IP addresses, domain names, and URLs so that they can be force multipliers in conducting the thoughtful work needed to protect DoD networks. “That automation is done for them in Phantom. It let's analysts focus on investigating and taking remediation or mitigation steps as appropriate. Where humans excel is in actually thinking through a problem. Copying and pasting from websites, emails, and reports is not the most effective use of a highly paid, resource-limited talent pool.” Integration With Existing SOC Tools SOC analysts make their decisions by gathering information. They sometimes review classified military intelligence, but usually they look at a lot of open-source information and data from commercial off-the-shelf products from myriad providers of cybersecurity threat intelligence products. Some of the common ones that are relevant to the Defense Department include: McAfee's ePolicy Orchestrator, which the DoD refers to as Host Based Security Systems (HBSS); and Tenable's Security Center, which is known inside the DoD as Assured Compliance Assessment Solution (ACAS). Splunk Phantom has more than 300 out-of-the-box integrations with products like HBSS and ACAS. “Being integrated with each of those products permits the analyst to get the information they need without having to go to another browser window, or another tab, or a different computer,” said Church. “Phantom automatically brings all that data to the analyst. That takes somebody who spends most of their time copying information from page A into system B and lets them make more rapid and accurate determinations about the threat.” Through the use of APIs (application programming interface), that same integration is also found with government off-the-shelf (GOTs) solutions that haven't before been integrated with Splunk Phantom because there was never a request to do so. The same goes for a custom app created by a DevSecOps shop like the Air Force's Kessel Run project in Boston, for example. Automating these vital but drudgerous processes also pays dividends during both staffing shortfalls and times of surge, and brings consistency to SOC activities. Military service members are constantly rotating and changing duty stations; senior leadership turns over regularly. Contractors have to be relied upon to provide continuity from tour to tour. That means that SOC processes that were well oiled on a Monday may no longer be operating smoothly on Friday because of a change of command. Or maybe there is a compelling event that grabs everyone's attention. Or possibly there are legal or policy requirements that need to be addressed, and though they don't add mission value they still must be completed. Automation by Splunk Phantom smooths out the bumps associated with those all-to-common scenarios by keeping the flow of vital data moving to where it can be acted upon best. “The computer's running the marathon for you so that you are free to sprint and swarm on the problems that need the most resources at any particular time,” said Church. The Takeaway For security analysts, incident handlers/responders, IT operations managers, security operations managers, and forward-leaning business process experts, Splunk Phantom is all about removing barriers so people can get back to accomplishing the mission, maximizing productivity of skilled personnel and organizations. “For anybody that has a business process, a mission process, an IT operations process, or a security process and wants to free those skilled workers to get back to what you brought them onboard to do, we can help you with that,” said Church. “We do that through orchestration, we do that through automation. We bring in collaboration, and we're able to do that at scale because of the value that a company like Splunk brings to the table. By being able to have a rich ecosystem of partners and support across the board, we're able to do that even with differences from organization to organization.” Splunk Phantom addresses technology-based processes, and orchestrates and automates those processes to get people back to doing what they do best. https://breakingdefense.com/2020/07/making-dod-security-operations-centers-more-effective-security-automation/