Filtrer les résultats :

Tous les secteurs

Toutes les catégories

    4069 nouvelles

    Vous pouvez affiner les résultats en utilisant les filtres ci-dessus.

  • Lockheed Takes Another Shot at Multi Domain War

    17 août 2018 | International, C4ISR

    Lockheed Takes Another Shot at Multi Domain War

    By COLIN CLARK SUFFOLK, VA: Multi-domain command and control, one of the most important efforts the Pentagon is pursuing, is getting plumbed again by Lockheed Martin at its fourth wargame this week where the company will be testing four systems it believes can fuse data from sensors around the world and allow rapid communications to troops. “Integrated teams” of air, space, and cyber experts representing the transparently named country of “Pacifica” will be planning missions and creating kinetic and non-kinetic effects. That's a major shift from the war game I attend a year ago, when separate groups of space, cyber and air tried to work together through a command and control unit. As Breaking D readers may remember, it didn't work quite as planned. During the war game, the organizers separated the air, cyber and space teams, forcing them to communicate directly with the MDC2 leaders. While central coordination was necessary, so was close consultation between those managing both the conventional attacks and the silent strikes using cyber, electronic warfare and satellites as weapons. Hence the change. Here'a a quick summary of the systems Lockheed will be putting through their paces. Common Mission Software Baseline (CMSB): An open systems architecture, CMSB is a cluster of automated decision aids that link operational planning to tactical execution — in a multi-domain context. Most interestingly, it reaches all the way down to the tactical level and includes tactical decision aides and tools. Cyber Attack Network Simulator (CANS): This is an internal Lockheed system that simulates cyber-attacks over a network. After all, you don't want Lockheed networks crashing when the teams launch a simulated attack. Full article: https://breakingdefense.com/2018/08/lockheed-takes-another-shot-at-multi-domain-war

  • Sprint toward new missile-warning satellites begins with first contract award to Lockheed

    16 août 2018 | International, C4ISR

    Sprint toward new missile-warning satellites begins with first contract award to Lockheed

    By: Valerie Insinna WASHINGTON — The U.S. Air Force is racing to kick-start its new accelerated program to buy next-generation missile warning satellites, awarding a contract on Aug. 14 to Lockheed Martin for the first three satellites in the Next-Generation Overhead Persistent Infrared program. The award, which has a value of up to $2.9 billion, will allow Lockheed to do the design work, flight hardware procurement, early manufacturing and risk-reduction work necessary for a critical design review, the service said in a statement. Lockheed is set to provide the three geosynchronous Earth orbit satellites in the Next-Gen OPIR constellation. "As we develop these new systems, speed matters," Air Force Secretary Heather Wilson said in a statement. "We are focused on providing a missile warning capability survivable in a contested environment by the mid-2020s." More specifically, the Air Force has said it plans to launch its first Next Gen OPIR satellite in 2023, two years earlier than its original plan to begin fielding the replacement for the Space Based Infrared System, or SBIRS, which called for first launches in 2025. Gen. John Hyten, commander of U.S. Strategic Command, was one of the biggest critics of the Air Force's original procurement strategy for a next generation SBIRS. In December, he called the service's plan to field the new constellation by fiscal 2029 “ridiculous” and said it could be done faster. Full article: https://www.defensenews.com/space/2018/08/15/sprint-towards-new-missile-warning-satellites-begins-with-first-contract-award-to-lockheed

  • Here’s what an intel chief thinks industry needs to know

    16 août 2018 | International, C4ISR

    Here’s what an intel chief thinks industry needs to know

    By: Mark Pomerleau The director of the Defense Intelligence Agency had a pointed message for members of industry; whatever solution is pitched, it has to be understood in the context of how it will be used. Like many top defense leaders giving presentations nowadays, Lt. Gen. Robert Ashely, speaking Aug. 13 at the DoDIIS conference in Omaha, Nebraska, stressed the need for industry's help going forward to solve DIA's tough problems. However, solutions must not work just in the lab, but also in the operating environment military and intelligence leaders believe forces will be conducting operations in the future. “Through my career I've seen too many times the technology looks great in the lab ... but it doesn't scale to the battlefield,” he said. Full Article: https://www.c4isrnet.com/show-reporter/dodiis/2018/08/15/heres-what-the-dia-director-wants-industry-to-know/

  • DARPA Wants to Make Underground Maps on the Fly

    16 août 2018 | International, C4ISR

    DARPA Wants to Make Underground Maps on the Fly

    The agency is challenging teams to build systems that chart caves, tunnels and underground urban infrastructure. Finding your way through caves and tunnels is both difficult and extremely dangerous, but the Pentagon's research office wants to build technology that can navigate underground environments while humans stay on the surface. The Defense Advanced Research Projects Agency is finalizing teams for its Subterranean Challenge, or SubT, a three-year competition to build systems that can rapidly map and search often treacherous underground areas. The agency on Thursday awarded a $4.5 million contract to Virginia-based iRobot Defense Holdings and a $750,000 contract to Michigan Technological University to participate in the challenge. A third team, Scientific Systems Company Inc., joined the program on July 31 with a $492,000 contract. “Even under ideal conditions, these complex environments present significant challenges for subterranean situational awareness,” DARPA wrote in the program announcement. “However, in time-sensitive scenarios, whether in active combat operations or disaster response settings, warfighters and first responders alike are faced with a range of increased technical challenges, including difficult and dynamic terrains ... severe communication constraints, and expansive areas of operation.” Full Article: https://www.defenseone.com/technology/2018/08/darpa-wants-make-underground-maps-fly/150554/

  • Cost Isn’t Everything. Pentagon Should Judge Contractors on Cybersecurity, Report Says

    15 août 2018 | International, C4ISR

    Cost Isn’t Everything. Pentagon Should Judge Contractors on Cybersecurity, Report Says

    Security would be ‘fourth pillar' in weapons purchase decisions The Pentagon should take into account the cybersecurity capabilities of defense contractors in addition to cost and performance measures when awarding contracts, a U.S. government-funded think tank recommended in a report published Monday. Through its buying process, the Pentagon “can influence and shape the conduct of its suppliers,” the Mitre Corp. said in a report titled “Deliver Uncompromised: A Strategy for Supply Chain Security and Resilience in Response to the Changing Character of War.” The Defense Department “can define requirements to incorporate new security measures, reward superior security measures in the source selection process, include contract terms that impose security obligations, and use contractual oversight to monitor contractor accomplishments,” the report said. The Pentagon must consider new measures because the very nature of war is changing, the Mitre report said. Adversaries no longer have to engage the United States in direct conflict using weapons but can respond to American military strikes “through blended operations that take place through supply chain, cyber domain, and human elements,” the report noted. The report recommends that security be made a “primary metric” in Pentagon weapons purchase and sustainment decisions and that the Defense Department increase awareness of risks associated with its supply chains. It also calls for a National Supply Chain Intelligence Center that would include officials from the FBI, Homeland Security, the Pentagon and intelligence agencies to track risks and advise agencies. When choosing current or new contractors, in addition to considering cost, performance and schedule, the Pentagon must also make security a so-called “fourth pillar,” the report said. Contractors should be continuously monitored and assessed for the degree of risk they pose, the report said. In addition to measuring a contractor's ongoing performance on a contract, an independent, federally-funded research agency could develop a risk rating similar to credit ratings done by agencies like Moody's, the report said. Mitre is a federally-funded research and development center. The Pentagon did not respond to an email seeking comment on the report. The report and its recommendations come as U.S. intelligence officials have become increasingly alarmed at potential cybersecurity risks that may be embedded in vast computer networks and systems that power government agencies as well as weapon systems. Last year the Trump administration banned federal agencies from using a popular anti-virus software made by Kaspersky Labs, which was alleged to have close ties with Russian intelligence services. Full Article: https://www.rollcall.com/news/politics/pentagon-judge-contractors-cybersecurity

  • Experts predict countries will use smart devices to launch cyberattacks

    15 août 2018 | International, C4ISR

    Experts predict countries will use smart devices to launch cyberattacks

    By: Justin Lynch A vast majority of security professionals and experts who attended the Black Hat conference in Las Vegas predict that nation-states will target smart devices in the next year, according to a survey. Ninety-three percent of respondents told Armis, a security platform, that they expected governments to exploit connected devices during a hack or cyberattack. Twenty-three percent of respondents said that the energy and utility sector were most at risk of being attacked through smart devices, the survey found. Hackers are using connected devices as intermediaries to attack computer networks, the FBI warned Aug. 2. Examples of previous hacks using smart devices include an attack on a Las Vegas casino through the thermometer of an aquarium. Full Article: https://www.fifthdomain.com/critical-infrastructure/2018/08/14/experts-predict-countries-will-use-smart-devices-to-launch-cyberattacks/

  • HOW HACKED WATER HEATERS COULD TRIGGER MASS BLACKOUTS

    14 août 2018 | International, C4ISR

    HOW HACKED WATER HEATERS COULD TRIGGER MASS BLACKOUTS

    WHEN THE CYBERSECURITY industry warns about the nightmare of hackers causing blackouts, the scenario they describe typically entails an elite team of hackers breaking into the inner sanctum of a power utility to start flipping switches. But one group of researchers has imagined how an entire power grid could be taken down by hacking a less centralized and protected class of targets: home air conditioners and water heaters. Lots of them. At the Usenix Security conference this week, a group of Princeton University security researchers will present a study that considers a little-examined question in power grid cybersecurity: What if hackers attacked not the supply side of the power grid, but the demand side? In a series of simulations, the researchers imagined what might happen if hackers controlled a botnet composed of thousands of silently hacked consumer internet of things devices, particularly power-hungry ones like air conditioners, water heaters, and space heaters. Then they ran a series of software simulations to see how many of those devices an attacker would need to simultaneously hijack to disrupt the stability of the power grid. Their answers point to a disturbing, if not quite yet practical scenario: In a power network large enough to serve an area of 38 million people—a population roughly equal to Canada or California—the researchers estimate that just a one percent bump in demand might be enough to take down the majority of the grid. That demand increase could be created by a botnet as small as a few tens of thousands of hacked electric water heaters or a couple hundred thousand air conditioners. "Power grids are stable as long as supply is equal to demand," says Saleh Soltan, a researcher in Princeton's Department of Electrical Engineering, who led the study. "If you have a very large botnet of IoT devices, you can really manipulate the demand, changing it abruptly, any time you want." The result of that botnet-induced imbalance, Soltan says, could be cascading blackouts. When demand in one part of the grid rapidly increases, it can overload the current on certain power lines, damaging them or more likely triggering devices called protective relays, which turn off the power when they sense dangerous conditions. Switching off those lines puts more load on the remaining ones, potentially leading to a chain reaction. "Fewer lines need to carry the same flows and they get overloaded, so then the next one will be disconnected and the next one," says Soltan. "In the worst case, most or all of them are disconnected, and you have a blackout in most of your grid." Power utility engineers, of course, expertly forecast fluctuations in electric demand on a daily basis. They plan for everything from heat waves that predictably cause spikes in air conditioner usage to the moment at the end of British soap opera episodes when hundreds of thousands of viewers all switch on their tea kettles. But the Princeton researchers' study suggests that hackers could make those demand spikes not only unpredictable, but maliciously timed. The researchers don't actually point to any vulnerabilities in specific household devices, or suggest how exactly they might be hacked. Instead, they start from the premise that a large number of those devices could somehow be compromised and silently controlled by a hacker. That's arguably a realistic assumption, given the myriad vulnerabilities other security researchers and hackers have found in the internet of things. One talk at the Kaspersky Analyst Summit in 2016 described security flaws in air conditioners that could be used to pull off the sort of grid disturbance that the Princeton researchers describe. And real-world malicious hackers have compromised everything from refrigerators to fish tanks. Given that assumption, the researchers ran simulations in power grid software MATPOWER and Power World to determine what sort of botnet would could disrupt what size grid. They ran most of their simulations on models of the Polish power grid from 2004 and 2008, a rare country-sized electrical system whose architecture is described in publicly available records. They found they could cause a cascading blackout of 86 percent of the power lines in the 2008 Poland grid model with just a one percent increase in demand. That would require the equivalent of 210,000 hacked air conditioners, or 42,000 electric water heaters. The notion of an internet of things botnet large enough to pull off one of those attacks isn't entirely farfetched. The Princeton researchers point to the Mirai botnet of 600,000 hacked IoT devices, including security cameras and home routers. That zombie horde hit DNS provider Dyn with an unprecedented denial of service attack in late 2016, taking down a broad collection of websites. Building a botnet of the same size out of more power-hungry IoT devices is probably impossible today, says Ben Miller, a former cybersecurity engineer at electric utility Constellation Energy and now the director of the threat operations center at industrial security firm Dragos. There simply aren't enough high-power smart devices in homes, he says, especially since the entire botnet would have to be within the geographic area of the target electrical grid, not distributed across the world like the Mirai botnet. But as internet-connected air conditioners, heaters, and the smart thermostats that control them increasingly show up in homes for convenience and efficiency, a demand-based attack like the one the Princeton researchers describes could become more practical than one that targets grid operators. "It's as simple as running a botnet. When a botnet is successful, it can scale by itself. That makes the attack easier," Miller says. "It's really hard to attack all the generation sites on a grid all at once. But with a botnet you could attack all these end user devices at once and have some sort of impact." The Princeton researchers modeled more devious techniques their imaginary IoT botnet might use to mess with power grids, too. They found it was possible to increase demand in one area while decreasing it in another, so that the total load on a system's generators remains constant while the attack overloads certain lines. That could make it even harder for utility operators to figure out the source of the disruption. If a botnet did succeed in taking down a grid, the researchers' models showed it would be even easier to keepit down as operators attempted to bring it back online, triggering smaller scale versions of their attack in the sections or "islands" of the grid that recover first. And smaller scale attacks could force utility operators to pay for expensive backup power supplies, even if they fall short of causing actual blackouts. And the researchers point out that since the source of the demand spikes would be largely hidden from utilities, attackers could simply try them again and again, experimenting until they had the desired effect. The owners of the actual air conditioners and water heaters might notice that their equipment was suddenly behaving strangely. But that still wouldn't immediately be apparent to the target energy utility. "Where do the consumers report it?" asks Princeton's Soltan. "They don't report it to Con Edison, they report it to the manufacturer of the smart device. But the real impact is on the power system that doesn't have any of this data." That disconnect represents the root of the security vulnerability that utility operators need to fix, Soltan argues. Just as utilities carefully model heat waves and British tea times and keep a stock of energy in reserve to cover those demands, they now need to account for the number of potentially hackable high-powered devices on their grids, too. As high-power smart-home gadgets multiply, the consequences of IoT insecurity could someday be more than just a haywire thermostat, but entire portions of a country going dark. https://www.wired.com/story/water-heaters-power-grid-hack-blackout/

  • Pentagon is rethinking its multibillion-dollar relationship with U.S. defense contractors to boost supply chain security

    14 août 2018 | International, Aérospatial, Naval, Terrestre, C4ISR

    Pentagon is rethinking its multibillion-dollar relationship with U.S. defense contractors to boost supply chain security

    By Ellen Nakashima The Pentagon has a new goal aimed at protecting its $100 billion supply chain from foreign theft and sabotage: to base its weapons contract awards on security assessments — not just cost and performance — a move that would mark a fundamental shift in department culture. The goal, based on a strategy called Deliver Uncompromised, comes as U.S. defense firms are increasingly vulnerable to data breaches, a risk highlighted earlier this year by China's alleged theft of sensitive information related to undersea warfare, and the Pentagon's decision last year to ban software made by the Russian firm Kaspersky Lab. On Monday, President Trump signed into a law a provision that would bar the federal government from buying equipment from Chinese telecommunications firms Huawei and ZTE Corp., a measure spurred by lawmakers' concerns about Chinese espionage. “The department is examining ways to designate security as a metric within the acquisition process,” Maj. Audricia Harris, a Pentagon spokeswoman, said in a statement. “Determinations [currently] are based on cost, schedule and performance. The department's goal is to elevate security to be on par with cost, schedule and performance.” The strategy was written by Mitre Corp., a nonprofit company that runs federally funded research centers, and the firm released a copy of its reportMonday. “The major goal is to move our suppliers, the defense industrial base and the rest of the private sector who contribute to the supply chain, beyond a posture of compliance — to owning the problem with us,” said Chris Nissen, director of asymmetric-threat response at Mitre. Harris said the Pentagon will review Mitre's recommendations before proceeding. She added that the Department of Defense, working with Congress and industry, “is already advancing to elevate security within the supply chain.” Testifying to Congress in June, Kari Bingen, the Pentagon's deputy undersecretary for intelligence, said: “We must have confidence that industry is delivering capabilities, technologies and weapon systems that are uncompromised by our adversaries, secure from cradle to grave.” Security should be seen not as a “cost burden,” she told the House Armed Services Committee, “but as a major factor in their competitiveness for U.S. government business.” The new strategy is necessary, officials say, because U.S. adversaries can degrade the military's battlefield and technological advantage by using “blended operations” — hacking and stealing valuable data, manipulating software to sabotage command and control systems or cause weapons to fail, and potentially inducing a defense firm employee to insert a faulty component or chip into a system. “A modern aircraft may have more than 10 million lines of code,” Mitre's report said. “Combat systems of all types increasingly employ sensors, actuators and software-activated control devices.” The term “Deliver Uncompromised” grew out of a 2010 meeting of senior counterintelligence policy officials, some of whom lamented that the Defense Department was tolerating contractors repeatedly delivering compromised capabilities to the Pentagon and the intelligence community. Addressing the security issue requires greater participation by counterintelligence agencies, which can detect threats against defense firms, the report said, and ideally, the government should establish a National Supply Chain Intelligence Center to monitor threats and issue warnings to all government agencies. Ultimately, the military's senior leaders bear responsibility for securing the supply chain and must be held accountable for it, the report said. The Defense Department, although one of the world's largest equipment purchasers, cannot control all parts of the supplier base. Nonetheless, it has influence over the companies it contracts with as it is the principal source of business for thousands of companies. It can shape behavior through its contracts to enhance supply-chain security, the report said. Legislation will be needed to provide incentives to defense and other private-sector companies to boost security, Mitre said. Congress should pass laws that shield firms from being sued if they share information about their vulnerabilities that could help protect other firms against cyberattacks; or if they are hacked by a foreign adversary despite using advanced cybersecurity technologies, the report said. Contractors should be given incentives such as tax breaks to embrace supply chain security, the report suggested. The Department of Homeland Security is addressing the security of the information technology supply chain through its newly established National Risk Management Center. “What we're saying is you should be looking at what vendors are doing to shore up their cybersecurity practices to protect the supply chain,” said Christopher Krebs, DHS undersecretary for the National Protection and Programs Directorate. The National Counterintelligence and Security Center, an agency of the Office of the Director of National Intelligence that coordinates the government's counterintelligence strategy, said in a report last month that software-supply-chain infiltration has already threatened critical infrastructure and is poised to endanger other sectors. According to the NCSC, last year “represented a watershed in the reporting of software supply chain” attacks. There were “numerous events involving hackers targeting software supply chains with back doors for cyber espionage, organizational disruption or demonstrable financial impact,” the agency found. https://www.washingtonpost.com/world/national-security/the-pentagon-is-rethinking-its-multibillion-dollar-relationship-with-us-defense-contractors-to-stress-supply-chain-security/2018/08/12/31d63a06-9a79-11e8-b60b-1c897f17e185_story.html?noredirect=on&utm_term=.265ce85b6eb1

  • Pentagon invites researchers to hack the Marine Corps

    14 août 2018 | International, C4ISR

    Pentagon invites researchers to hack the Marine Corps

    By: Jessie Bur The Department of Defense kicked off its sixth bug bounty program Aug.12 with Hack the Marine Corps, a challenge focusing on the Corps' public-facing websites and services. “Hack the Marine Corps allows us to leverage the talents of the global ethical hacker community to take an honest, hard look at our current cybersecurity posture," said Maj.Gen. Matthew Glavy, the head of the U.S. Marine Corps Forces Cyberspace Command, in a news release. “Our Marines need to operate against the best. What we learn from this program will assist the Marine Corps in improving our war-fighting platform, the Marine Corps Enterprise Network. Working with the ethical hacker community provides us with a large return on investment to identify and mitigate current critical vulnerabilities, reduce attack surfaces and minimize future vulnerabilities. It will make us more combat ready.” The DoD launched its first bug bounty, Hack the Pentagon, in May 2016, which was considered one of the first major successes for the then-newly minted Defense Digital Service. Since then the DoD has held bug bounties for the Army, the Air Force, the Air Force again and the Defense Travel System. The combined programs resulted in over 600 resolved vulnerabilities with approximately $500,000 awarded to the ethical hackers participating in the program. “Information security is a challenge unlike any other for our military. Our adversaries are working to exploit networks and cripple our operations without ever firing a weapon," said Chris Lynch, the director of the Defense Digital Service. "Sometimes, the best line of defense is a skilled hacker working together with our men and women in uniform to better secure our systems. We're excited to see Hack the Pentagon continue to build momentum and bring together nerds who want to make a difference and help protect our nation.” Hack the Marine Corps was launched with HackerOne, which partners with the hacker community to help businesses and government conduct bug bounties, and kicked off with a live hacking event coinciding with the Black Hat USA, DefCon and BSides conferences in Las Vegas. The live hack resulted in 75 unique vulnerability reports and more than $80,000 in awards. “Success in cybersecurity is about harnessing human ingenuity,” said Marten Mickos, CEO at HackerOne. “There is no tool, scanner or software that detects critical security vulnerabilities faster or more completely than hackers. The Marine Corps, one of the most secure organizations in the world, is the latest government agency to benefit from diverse hacker perspectives to protect Americans on and off the battlefield.” The bug bounty program ends Aug. 26. https://www.fifthdomain.com/dod/marine-corps/2018/08/13/pentagon-invites-researchers-to-hack-the-marine-corps/

Partagé par les membres

  • Partager une nouvelle avec la communauté

    C'est très simple, il suffit de copier/coller le lien dans le champ ci-dessous.

Abonnez-vous à l'infolettre

pour ne manquer aucune nouvelle de l'industrie

Vous pourrez personnaliser vos abonnements dans le courriel de confirmation.