Nouvelles

Lee Hudson In keeping with the Pentagon's focus on rapid prototyping, the U.S. Navy opened an Innovation Hub (iHUB) this month at the Naval Air Warfare Command Aircraft Division (NAWCAD) in Patuxent River, ... http://aviationweek.com/awindefense/us-navy-opens-innovation-hub-pax-river

By: Stephen Losey The 552nd Maintenance Group at Tinker Air Force Base in Oklahoma has issued strict new rules on who can check out tools after several recent “minor lapses” in keeping track of them. In an emailed statement Monday, 552nd Air Control Wing spokesman Ron Mullan said the lapses in tool accountability did not cause any mishaps. However, the lost tool incidents led the 552nd to impound two aircraft to make sure they were safe before returning them to full flying status. “The 552nd Air Control Wing employs a multitude of standard procedures regarding activities in and around aircraft to ensure safety," Mullan said. ”Occasionally, despite sound procedures, we identify emerging trends which cause us to review and adjust these procedures as needed to maintain the highest standards of safety." The 552nd Maintenance Group supports the wing's 28 E-3 Sentry, or AWACS, aircraft. The wing's official website said those planes are worth a total of $8.4 billion. “Ensuring the safety, health and welfare of the men and women of the 552nd Air Control Wing is always a top priority and essential to mission effectiveness,” wing commander Col. Geoffrey Weiss said in a Thursday email. “Therefore, I have asked our maintenance group commander and his team to review tool checkout and accountability procedures and make necessary changes to ensure our ground and flight operations remain fully safe and effective across the full range of our mission responsibilities.” Full Article: https://www.airforcetimes.com/news/your-air-force/2018/08/14/tinker-cracks-down-on-tool-checkouts-after-lapses-lead-to-impounded-aircraft/

By Oriana Pawlyk If Dan Sullivan could use small drones to keep an eye in the sky over U.S. air bases, he would. But that may be a future strategy to survey wildlife lurking near military airfields, posing a risk to aircraft. Drones would negate the need for airmen to suit up and wade through swampy areas around bases to look for animals. And "if your drone is equipped with a forward-looking infrared, at night it could pick up deer, hogs, coyotes ... and having that drone pick up heat flying around, that would be a great asset for a BASH program," Sullivan, the Air Force's wildlife biologist and the Bird/Wildlife Aircraft Strike Hazard chief, said in a recent interview with Military.com. While drone use remains debatable in terms of safety and vulnerabilities, Sullivan said there is a growing need for them and other technologies as wildlife finds refuge near installations that house major aviation operations. But for now, he said, he'll settle for having more airmen trained in spotting bothersome wildlife and how to safely confront it. "I'm looking to institute a more in-depth training [program] here at the [Air Force Safety Center], more for folks that are boots on the ground." 'A Little War' Sullivan, who oversees the BASH program, which is headquartered at Kirtland Air Force Base, New Mexico, said he sees the "threat" of wildlife increasing because the U.S. has some of the best wildlife conservation programs in the world. Full Article: https://www.military.com/defensetech/2018/08/14/need-new-tech-grows-air-forces-bird-strike-mission-expands.html

By: Shawn Snow The Corps plans to hire a slew of athletic trainers, and come October Marines will likely notice a new healthier food menu and layout at their respective chow halls. It's all part of an effort by the Corps to reduce injuries across the force and cater to combat athletes in similar fashion to division one collegiate players. The new chow facilities or “athletic kitchens” will boast healthier options with fresh fruit and vegetables up front. There will be a cold bar option with yogurt, granola and fresh fruit in the morning and a salad bar for lunch and dinner. “As you go through the line it's going to be the green stuff,” Col. Stephen Armes, the director of the Force Fitness Division told Marine Corps Times in an interview. “All the healthy stuff is going to be up front.” The new chow halls are going to resemble college athletic dining facilities with fresh greens and an assortment of healthy proteins, according to Armes. But unhealthy food is not disappearing, the Corps just plans to make it harder for you to choose that option. “Sometimes you just need a cheeseburger, there's nothing wrong with that,” Armes said. But, a Marine is “going to have to fight to get down to that cheeseburger.” The Corps is also on the verge of hiring new athletic trainers separate from the nearly 600 Force Fitness Instructors already fielded across the Marines. Full Article: https://www.marinecorpstimes.com/news/your-marine-corps/2018/08/14/athletic-trainers-and-greener-kitchens-on-the-way-as-corps-caters-to-combat-athletes/

By: Valerie Insinna WASHINGTON — Lockheed Martin will design a second hypersonic weapon prototype for the U.S. Air Force, the service announced Monday. Although final terms have not been established, the contract could be worth up to $480 million for the critical design review, testing and production readiness support of the Air-Launched Rapid Response Weapon, or ARRW. Lockheed is already working on a separate hypersonic weapon for the Air Force under the Hypersonic Conventional Strike Weapon program, or HCSW, and this newest award sets it up to become a hypersonics-manufacturing powerhouse at a time when the Defense Department is deeply interested in the technology — and is investing funds to match that interest. “We are going to go fast and leverage the best technology available to get hypersonic capability to the warfighter as soon as possible,” Air Force Secretary Heather Wilson said in a statement announcing the contract. The Air Force wants to move both ARRW and the HCSW to a flying prototype as soon as possible, with 2021 cited as the goal date. By signing off on an undefinitized contract action, Lockheed and the Air Force Life Cycle Management Center will be able to begin working on the program as the parties settle the final terms and price of the contract. Full Article: https://www.defensenews.com/air/2018/08/14/lockheed-nabs-another-big-hypersonic-weapons-contract/

Security would be ‘fourth pillar' in weapons purchase decisions The Pentagon should take into account the cybersecurity capabilities of defense contractors in addition to cost and performance measures when awarding contracts, a U.S. government-funded think tank recommended in a report published Monday. Through its buying process, the Pentagon “can influence and shape the conduct of its suppliers,” the Mitre Corp. said in a report titled “Deliver Uncompromised: A Strategy for Supply Chain Security and Resilience in Response to the Changing Character of War.” The Defense Department “can define requirements to incorporate new security measures, reward superior security measures in the source selection process, include contract terms that impose security obligations, and use contractual oversight to monitor contractor accomplishments,” the report said. The Pentagon must consider new measures because the very nature of war is changing, the Mitre report said. Adversaries no longer have to engage the United States in direct conflict using weapons but can respond to American military strikes “through blended operations that take place through supply chain, cyber domain, and human elements,” the report noted. The report recommends that security be made a “primary metric” in Pentagon weapons purchase and sustainment decisions and that the Defense Department increase awareness of risks associated with its supply chains. It also calls for a National Supply Chain Intelligence Center that would include officials from the FBI, Homeland Security, the Pentagon and intelligence agencies to track risks and advise agencies. When choosing current or new contractors, in addition to considering cost, performance and schedule, the Pentagon must also make security a so-called “fourth pillar,” the report said. Contractors should be continuously monitored and assessed for the degree of risk they pose, the report said. In addition to measuring a contractor's ongoing performance on a contract, an independent, federally-funded research agency could develop a risk rating similar to credit ratings done by agencies like Moody's, the report said. Mitre is a federally-funded research and development center. The Pentagon did not respond to an email seeking comment on the report. The report and its recommendations come as U.S. intelligence officials have become increasingly alarmed at potential cybersecurity risks that may be embedded in vast computer networks and systems that power government agencies as well as weapon systems. Last year the Trump administration banned federal agencies from using a popular anti-virus software made by Kaspersky Labs, which was alleged to have close ties with Russian intelligence services. Full Article: https://www.rollcall.com/news/politics/pentagon-judge-contractors-cybersecurity

By: Justin Lynch A vast majority of security professionals and experts who attended the Black Hat conference in Las Vegas predict that nation-states will target smart devices in the next year, according to a survey. Ninety-three percent of respondents told Armis, a security platform, that they expected governments to exploit connected devices during a hack or cyberattack. Twenty-three percent of respondents said that the energy and utility sector were most at risk of being attacked through smart devices, the survey found. Hackers are using connected devices as intermediaries to attack computer networks, the FBI warned Aug. 2. Examples of previous hacks using smart devices include an attack on a Las Vegas casino through the thermometer of an aquarium. Full Article: https://www.fifthdomain.com/critical-infrastructure/2018/08/14/experts-predict-countries-will-use-smart-devices-to-launch-cyberattacks/

By: David B. Larter WASHINGTON — Huntington Ingalls Newport News is gearing up to start a yearslong overhaul of the U.S. Navy carrier John C. Stennis, which is shifting home ports from Washington state to Norfolk to get ready for its break from the rotation. The company announced last week it had inked a $187.5 million contract for advanced planning to support Stennis' refueling and complex overhaul, or RCOH, slated to begin in 2021. The contract is for “engineering, design, material procurement and fabrication, documentation, resource forecasting, and pre-overhaul inspections,” according to the announcement. In a statement, HII's head of carrier maintenance said the contract was a critical first step toward getting Stennis started out right. WASHINGTON — Huntington Ingalls Newport News is gearing up to start a yearslong overhaul of the U.S. Navy carrier John C. Stennis, which is shifting home ports from Washington state to Norfolk to get ready for its break from the rotation. The company announced last week it had inked a $187.5 million contract for advanced planning to support Stennis' refueling and complex overhaul, or RCOH, slated to begin in 2021. The contract is for “engineering, design, material procurement and fabrication, documentation, resource forecasting, and pre-overhaul inspections,” according to the announcement. In a statement, HII's head of carrier maintenance said the contract was a critical first step toward getting Stennis started out right. Full Article: https://www.defensenews.com/naval/2018/08/14/us-navy-supercarrier-john-c-stennis-headed-for-layup/

WHEN THE CYBERSECURITY industry warns about the nightmare of hackers causing blackouts, the scenario they describe typically entails an elite team of hackers breaking into the inner sanctum of a power utility to start flipping switches. But one group of researchers has imagined how an entire power grid could be taken down by hacking a less centralized and protected class of targets: home air conditioners and water heaters. Lots of them. At the Usenix Security conference this week, a group of Princeton University security researchers will present a study that considers a little-examined question in power grid cybersecurity: What if hackers attacked not the supply side of the power grid, but the demand side? In a series of simulations, the researchers imagined what might happen if hackers controlled a botnet composed of thousands of silently hacked consumer internet of things devices, particularly power-hungry ones like air conditioners, water heaters, and space heaters. Then they ran a series of software simulations to see how many of those devices an attacker would need to simultaneously hijack to disrupt the stability of the power grid. Their answers point to a disturbing, if not quite yet practical scenario: In a power network large enough to serve an area of 38 million people—a population roughly equal to Canada or California—the researchers estimate that just a one percent bump in demand might be enough to take down the majority of the grid. That demand increase could be created by a botnet as small as a few tens of thousands of hacked electric water heaters or a couple hundred thousand air conditioners. "Power grids are stable as long as supply is equal to demand," says Saleh Soltan, a researcher in Princeton's Department of Electrical Engineering, who led the study. "If you have a very large botnet of IoT devices, you can really manipulate the demand, changing it abruptly, any time you want." The result of that botnet-induced imbalance, Soltan says, could be cascading blackouts. When demand in one part of the grid rapidly increases, it can overload the current on certain power lines, damaging them or more likely triggering devices called protective relays, which turn off the power when they sense dangerous conditions. Switching off those lines puts more load on the remaining ones, potentially leading to a chain reaction. "Fewer lines need to carry the same flows and they get overloaded, so then the next one will be disconnected and the next one," says Soltan. "In the worst case, most or all of them are disconnected, and you have a blackout in most of your grid." Power utility engineers, of course, expertly forecast fluctuations in electric demand on a daily basis. They plan for everything from heat waves that predictably cause spikes in air conditioner usage to the moment at the end of British soap opera episodes when hundreds of thousands of viewers all switch on their tea kettles. But the Princeton researchers' study suggests that hackers could make those demand spikes not only unpredictable, but maliciously timed. The researchers don't actually point to any vulnerabilities in specific household devices, or suggest how exactly they might be hacked. Instead, they start from the premise that a large number of those devices could somehow be compromised and silently controlled by a hacker. That's arguably a realistic assumption, given the myriad vulnerabilities other security researchers and hackers have found in the internet of things. One talk at the Kaspersky Analyst Summit in 2016 described security flaws in air conditioners that could be used to pull off the sort of grid disturbance that the Princeton researchers describe. And real-world malicious hackers have compromised everything from refrigerators to fish tanks. Given that assumption, the researchers ran simulations in power grid software MATPOWER and Power World to determine what sort of botnet would could disrupt what size grid. They ran most of their simulations on models of the Polish power grid from 2004 and 2008, a rare country-sized electrical system whose architecture is described in publicly available records. They found they could cause a cascading blackout of 86 percent of the power lines in the 2008 Poland grid model with just a one percent increase in demand. That would require the equivalent of 210,000 hacked air conditioners, or 42,000 electric water heaters. The notion of an internet of things botnet large enough to pull off one of those attacks isn't entirely farfetched. The Princeton researchers point to the Mirai botnet of 600,000 hacked IoT devices, including security cameras and home routers. That zombie horde hit DNS provider Dyn with an unprecedented denial of service attack in late 2016, taking down a broad collection of websites. Building a botnet of the same size out of more power-hungry IoT devices is probably impossible today, says Ben Miller, a former cybersecurity engineer at electric utility Constellation Energy and now the director of the threat operations center at industrial security firm Dragos. There simply aren't enough high-power smart devices in homes, he says, especially since the entire botnet would have to be within the geographic area of the target electrical grid, not distributed across the world like the Mirai botnet. But as internet-connected air conditioners, heaters, and the smart thermostats that control them increasingly show up in homes for convenience and efficiency, a demand-based attack like the one the Princeton researchers describes could become more practical than one that targets grid operators. "It's as simple as running a botnet. When a botnet is successful, it can scale by itself. That makes the attack easier," Miller says. "It's really hard to attack all the generation sites on a grid all at once. But with a botnet you could attack all these end user devices at once and have some sort of impact." The Princeton researchers modeled more devious techniques their imaginary IoT botnet might use to mess with power grids, too. They found it was possible to increase demand in one area while decreasing it in another, so that the total load on a system's generators remains constant while the attack overloads certain lines. That could make it even harder for utility operators to figure out the source of the disruption. If a botnet did succeed in taking down a grid, the researchers' models showed it would be even easier to keepit down as operators attempted to bring it back online, triggering smaller scale versions of their attack in the sections or "islands" of the grid that recover first. And smaller scale attacks could force utility operators to pay for expensive backup power supplies, even if they fall short of causing actual blackouts. And the researchers point out that since the source of the demand spikes would be largely hidden from utilities, attackers could simply try them again and again, experimenting until they had the desired effect. The owners of the actual air conditioners and water heaters might notice that their equipment was suddenly behaving strangely. But that still wouldn't immediately be apparent to the target energy utility. "Where do the consumers report it?" asks Princeton's Soltan. "They don't report it to Con Edison, they report it to the manufacturer of the smart device. But the real impact is on the power system that doesn't have any of this data." That disconnect represents the root of the security vulnerability that utility operators need to fix, Soltan argues. Just as utilities carefully model heat waves and British tea times and keep a stock of energy in reserve to cover those demands, they now need to account for the number of potentially hackable high-powered devices on their grids, too. As high-power smart-home gadgets multiply, the consequences of IoT insecurity could someday be more than just a haywire thermostat, but entire portions of a country going dark. https://www.wired.com/story/water-heaters-power-grid-hack-blackout/