Monday, July 21, 2014

Vulnerabilities in LZO and LZ4 compression libraries



Original release date: July 21, 2014

Recently disclosed vulnerabilities in the LZO and LZ4 compression libraries could allow remote code execution under certain circumstances. While these libraries are used by a large number of platforms and applications, not all programs may be vulnerable to exploitation.

US-CERT recommends that all developers who either implement or import the LZO or LZ4 libraries into their software check for susceptibility to CVE-2014-4608, CVE-2014-4715, and CVE-2014-4611.

Users and administrators should apply software security updates as they become available.

Air Force will provide assured access to space

by Staff Sgt. Torri Ingalsbe
Air Force Public Affairs Agency, Operating Location - P


7/21/2014 - WASHINGTON -- Gen. William L. Shelton, Air Force Space Command commander, stressed the importance of maintaining assured access to space to the Senate Subcommittee on Strategic Forces and Committee on Commerce, Science and Transportation during a hearing on the options for assuring domestic access to space, July 16.

"Space assets have been a key element of warfighting for over 30 years, providing a unique vantage to observe activity around the globe, relay terrestrial communications and provide precision position information," Shelton said.

He explained the challenge is ensuring space services continue to be available, even as the space domain continues to change and evolve. The first step in this process is to assure access to space for national security payloads.

"The loss of even one national security payload - both in terms of financial loss and operations impact - would make our mission assurance costs look like cheap insurance," he said. "We will continue to place emphasis on tough mission assurance principles to do all that is humanly possible to guard against launch failure."

Shelton was joined by Principal Deputy Under Secretary of Defense for Acquisition, Technology and Logistics the Honorable Alan F. Estevez; National Aeronautics and Space Administration Associate Administrator Robert M. Lightfoot Jr.; Acquisition and Sourcing Management, Government Accountability Office Director Cristina T. Chaplain; Aerospace Corporation Vice President of Program Assessments retired Air Force Maj. Gen. Howard J. Mitchell; Purdue University Department of Aeronautics and Aerospace Engineering Professor of Practice Daniel L. Dumbacher and RAND Corporation Senior Engineer Dr. Yool Kim.

"The nation requires robust, responsive and resilient space transportation capabilities that enable and advance our space operations," Estevez said. "The Evolved Expendable Launch Vehicle program has provided launch services for critical national security payloads since 2002 with an unprecedented record of success."

The growing costs of the EELV program caused the Air Force and the Office of the Secretary of Defense to look at restructuring options, to provide the best capabilities at the lowest cost to the American taxpayer.

"The Air Force devised a strategy that balances efficient procurement of launch services, maintains mission assurance and reintroduces competition into the EELV program," Estevez said. "Since restructuring the program, we have stopped the burgeoning cost of maintain a domestic launch capability, without sacrificing the rigor required to maintain mission success, then concurrently achieving the program's two most important goals."
The restructure allowed the Air Force to find savings within the program, without sacrificing quality.

"This year's budget reduces the (EELV) program by $1.2 ," Shelton said. "Combined with prior-year Air Force reductions and savings for the National Reconnaissance Office, we have reduced the total program by $4.4 billion from the baseline in the fiscal year '12 budget."

The strategy focuses on driving competition between private companies for the award of space launch contracts.

"The commercial space launch industry has made substantial progress over the last year," Shelton said. "As a result, we are managing change in the EELV program from a single-provider environment to a multi-provider environment through a certification process. The phased introduction of competition through deliberate certification is the approach chosen to help lower launch costs while maintain a laser-like focus on mission assurance."

One concern members of congress had for the panel of witnesses is the perceived reliance on the Russian RD-180 Rocket Engine, which fuels the Atlas V launch vehicle.
"The United States is not dependent or reliant on Russian technology to launch our critical space assets," Estevez said. "The Delta IV launch vehicle has a domestically produced propulsion system that is capable of lifting all national security payloads."
The alternative launch vehicle is more expensive, but the stockpile of RD-180 engines is expected to last up to two years in the event of supply disruption.

"While the RD-180 has served us well, current uncertainty highlights the need to consider other options for assured access to space," Shelton said. "A domestically produced new engine program would revitalize the liquid rocket propulsion industrial base, end reliance on a foreign supplier and aid the competitive outlook for the entire domestic launch industry."

The goal of the DoD remains assuring America's access to space, while still providing economical decisions and processes to provide savings to the taxpayers.

"Air Force payloads provide foundational space capabilities to the joint warfighter and the nation, who collectively rely on these systems across a range of civil and military operations," Shelton said. "We are committed to sustaining the highest levels of mission assurance, and our ultimate objective is to safely and reliably launch national security payloads on a schedule determined by the needs of the national security space enterprise. We look forward to continuing to provide resilient, capable and affordable space capabilities for the joint force and the nation."

Thursday, July 17, 2014

Cyber Guard Exercise Tests People, Partnerships



From a U.S. Cyber Command News Release

FORT MEADE, Md., July 17, 2014 – Partners from across government, academia, industry and the international coalition recently completed Cyber Guard 14-1, a two-week exercise designed to test operational and interagency coordination as well as tactical-level operations in response to a domestic cyberspace incident.

Elements of the National Guard, reserves, National Security Agency and U.S. Cyber Command exercised their support to Department of Homeland Security and FBI responses to foreign-based attacks on simulated critical infrastructure networks, promoting collaboration and critical information sharing in support of a “whole-of-nation” effort.

“Citizens of our nation are counting on us to generate the necessary capacity and capability to meet the challenges of this problem set,” Navy Adm. Michael S. Rogers, Cybercom commander and NSA director, said in remarks to more than 70 distinguished visitors to the exercise. “We are continuing to learn and mature. We have to build a construct to work seamlessly and effectively with our partners, and not just within the government, but also with industry and academia – outside [the Defense Department].”

Building and ensuring partnerships, processes, and human and technical capabilities were common themes during the exercise.

“We talk all the time about physical networks connecting computers and communications,” said Robert Anderson, executive assistant director of the FBI’s criminal, cyber response and services branch, in remarks to exercise participants. “But we must remember that on both ends of that computer network, there is a network of people working toward a common goal: to defeat our adversaries. Cyber Guard helps us get better at using the network of warriors on the front lines — like you — to achieve our goal.”

The event, executed by Cybercom and hosted by the FBI at the National Academy in Quantico, Virginia, was the largest yet, hosting more than 550 participants, roughly double the number who participated last year. Continuing the event’s evolution into a holistic, whole-of-nation effort, observers from academia, private industry and state utilities were on hand to observe.

In the event of a domestic cyber incident, federal agencies have specific, complementary roles, officials said.

DHS is the lead for coordinating the protection, prevention, mitigation of, and recovery from a cyber incident. The Justice Department and the FBI are responsible for the investigation, attribution, disruption and prosecution of domestic cyber crimes, as well as the collection, analysis and dissemination of domestic cyber threat intelligence. DoD is responsible for defending the nation from attack, collecting, analyzing and distributing foreign threat intelligence, and supporting DHS in their protection, prevention and recovery role.

Wednesday, July 16, 2014

45th Space Wing launches 6 second-generation ORBCOMM satellites

by 45th Space Wing
Public Affairs Office


7/15/2014 - CAPE CANAVERAL AIR FORCE STATION, Fla. -- The 45th Space Wing supported Space Exploration Technologies' (SpaceX) successful launch of their Falcon 9 rocket carrying six second-generation ORBCOMM communications satellites from Space Launch Complex 40 here at 11 a.m. EDT July 14.

The rocket flew in the Falcon 9 v1.1 configuration with upgraded Merlin 1D engines, stretched fuel tanks, and a payload fairing.

A combined team of military members, government civilians and contractors from across the 45th Space Wing provided vital launch support to the SpaceX mission, including weather forecasts, launch and range operations, security, safety and public affairs.

"The 45th Space Wing is proud of what we do here on the Space Coast, and we couldn't do what we do without the support of our entire team," said Brig. Gen. Nina Armagno, 45th Space Wing commander, who also served as the Launch Decision Authority for the launch.

According to ORBCOMM, these next generation OG2 satellites have advanced communications technologies and are significantly larger with an "X Factor" that makes them even more powerful, efficient and cutting-edge.

Built by Sierra Nevada Corporation, the 170 kg satellites will provide a much needed boost in their service capacity. Another will be launched later this year.

Each OG2 satellite is the equivalent of six OG1 satellites, providing quicker service, enhancing coverage at higher latitudes and allowing for larger message sizes and increased data rates, they reported.

Hanscom's cyber initiatives

by Justin Oakes
66th Air Base Group Public Affairs


7/15/2014 - HANSCOM AIR FORCE BASE, Mass. -- Today's battlefield is full of ever-changing and constantly evolving threats. In this environment, the Air Force not only defends against enemies in air and space, but also against adversaries within the cyber domain.

Hanscom Air Force Base may not have fighter jets, helicopters or remotely piloted aircraft flying from its runways, but it has a mission all its own. It is a hub for developing the Service's leading cyber programs and other systems that allow U.S. warfighters to collect, process and distribute critical information.

The Command, Control, Communications, Intelligence, also known as C3I, Infrastructure Division is one of several units on base responsible for bringing these cyberspace capabilities to the field.

"Hanscom is host to some of the latest technologies and advancements on the cyber frontier," said Col. Bill Polakowski, C3I Infrastructure senior materiel leader. "The systems and products, which are acquired and tested through our program offices here, safeguard our nation and keep us on the forefront of cyber warfare."

Massachusetts' local and state representatives also recognize the innovation that takes place on base.

A military bond bill was approved in March that authorizes the state to support advancements in cyber and IT testing and integration. A prime example includes improvements being made to the CIEF -- a Hanscom facility that provides a secure environment for testing and integrating IT products.

While the base is home to cyber security centers like the CEIF and an Intranet Control Weapons System Gateway Integration Facility, the majority of cyberspace innovations are in the form of hardware and software technology.

The C3I Division works to acquire, integrate and support products such as the Air Force Portal, cyber weapons systems, theater deployable communications, base IT infrastructure and a cloud brokering service.

Other efforts include fielding an Assured Compliance Assessment Solution, a network scanner that searches for computer threats; Installation Processing Nodes, data centers that can host local applications and services, and Joint Regional Security Stacks, a multi-service/agency effort focused on providing a boundary solution that is common across all services.

Over the course of the next several months, Hanscom will be highlighting many of these initiatives individually.

"When dealing with cyber weapons and defenses, it can be a bit hard to explain," Polakowski said. "But, I look forward to showcasing the great advancements that take place here to the community. I want them to understand exactly what Hanscom brings to the fight."

Editor's note: This is the first of a series depicting Air Force cyberspace initiatives.

Air Force to highlight S&T priorities at industry event

by Derek Kaufman
88th Air Base Wing Public Affairs


7/15/2014 - WRIGHT-PATTERSON AIR FORCE BASE, Ohio -- Creating tomorrow's Air Force is a delicate balance. It requires a mix of science and technology investment to meet current warfighter needs, as well as cutting-edge research to develop revolutionary capabilities which today's Airmen can only imagine, and may not see fielded this decade.

That is one important message Maj. Gen. Tom Masiello intends to share with academic and defense industry partners during the Wright Dialogue with Industry, July 22-24. The industry-hosted collaboration event will be held at the Hope Hotel and Richard C. Holbrooke Conference Center at Wright-Patterson Air Force Base.

Masiello, who commands the Air Force Research Laboratory, said 60 percent of the Air Force's science and technology research and development is performed by universities and industry, including many high-tech small businesses.

"It is vitally important that AFRL engage with our industry and academia partners to highlight our requirements and research interests," Masiello said. "We need to communicate our S&T priorities and where there are gaps and opportunities in areas like cyber, autonomy and next-generation aerospace. We also get valuable feedback on industry capabilities and emerging technologies that show promise."

Masiello and Lt. Gen. C.D. Moore II, Air Force Life Cycle Management Center commander, will each deliver keynote presentations during the Dialogue with Industry.

Officials said a unique aspect to this year's dialogue is the ability for those seeking to do business with the Air Force to get detailed information about the Air Force Research Laboratory's "Technology Focus Areas" and specific S&T challenges. This information will be shared via the Defense Innovation Marketplace website and an event-specific portal hosted by DaytonDefense. All materials are restricted to U.S. citizens and government contractors. For registration and other event details, the Defense Innovation Marketplace weblink is http://www.defenseinnovationmarketplace.mil/AFRL.html.

Giovanni Pagán, AFRL's program manager for the Air Force Independent Research and Development program, said this year's dialogue will feature two full days devoted to technical discussions on eight key Technology Focus Areas, including:

· Next Gen Aerospace
· Space & Nuclear
· Weapons
· ISR (Intelligence Surveillance & Reconnaissance)
· Human Performance
· C4 (Command, Control, Cyber & Communications)
· Affordability & Sustainment
· Electronic Warfare/Electronic Protection

Masiello said his team of AFRL scientists and engineers have "frequent contact with warfighters at all levels of command" to learn about challenges that urgently need solving and to share solutions that can be rapidly fielded, such as advanced airborne sensors to identify threats like improvised explosive devices. Just as important though is investment today in technologies that he called "the real game changers."

"At AFRL we really do turn science fiction into science fact. And it's the diversity of our government, industry and academic team that makes it possible," Masiello said. "In this uncertain funding environment, we need to work together to make every dollar count."

Small business is an important source of technology innovation and transition for the Air Force, Masiello said. Growing that portion of the industrial base both benefits the nation and strengthens defense, he added. At industry outreach events like the dialogue, representatives from AFRL's Small Business Office present topics on enabling small businesses to successfully compete for research grants and technology development contract awards.

"We defend America by unleashing the power of innovative air and space technology. It's the combined ecosystem of Government, academia, small business and large business, working in collaboration which enables that," Masiello said.

Tuesday, July 15, 2014

ARPA Robots to Face Final Challenge in California



By Cheryl Pellerin
DoD News, Defense Media Activity

WASHINGTON, July 15, 2014 – The Defense Advanced Research Projects Agency’s third and final challenge among 24 or so U.S. and international human-robot teams will take place in California next June, ending with a $2 million prize and robots that for the first time may be capable of helping first responders save lives when a disaster strikes anywhere in the world.

The main goal of the DARPA Robotics Challenge program is to develop ground-robotics capabilities for executing complex tasks in the dangerous, degraded human-engineered environments created when disasters strike cities.

“The purpose is to protect lives during manmade and natural disasters,” DARPA program manager Dr. Gill Pratt told reporters during a recent media call. The program began in 2012, but DARPA has been trying to use robots to help in disasters since 2001.

In the days after 9/11, DARPA sent to New York City robots whose development the agency had funded. But those robots found no survivors, Pratt recalled in an analytic piece published last Dec. 3 in The Bulletin of Atomic Scientists.

DARPA officials tried again in March 2011 when a magnitude 9.0 earthquake centered off the coast of Sendai on the eastern coast of Honshu Island, Japan, produced a 49-foot tsunami that killed 19,000 people, destroyed a million buildings and flooded Tokyo Electric Power Co.'s Fukushima Daiichi nuclear plant.

In the plant, the reactor cores of three operating units melted, and a fourth was damaged. Japanese officials declared a nuclear emergency and ultimately evacuated people within 12 miles of the plant.

Humanitarian assistance and disaster relief is a primary DOD mission, Pratt wrote in the Dec. 3 Bulletin, and as the disaster unfolded in Japan, “DARPA officials contacted researchers who had designed robots for the Three Mile Island and Chernobyl [nuclear] disasters and coordinated with companies that DARPA had funded to develop other robots.”

Each company already was making plans to send its robots and training personnel to Japan, he added, and others around the world sent robots, but it took weeks for power-plant personnel to complete the training they needed to operate the robots.

By then, Pratt said, it was too late for the robots to help.

“A key idea here is that these robots don't operate on their own,” Pratt said during the media call. “In fact, the state of the art is not capable of having a robot do useful work on its own in these very difficult environments. So we partner them with operators who supervise the robots … at a distance from the disaster zone, connected through a communication link to the robot in the disaster zone.”

In such a team, he added, “a robot does what it's best at, which is surviving difficult conditions in the disaster, and the human being does what they're best at, which is using human perception, planning and experience to tell the robot what to do.”

The DARPA Robotics Challenge launched in October 2012 and held two competitions in 2013 -– a virtual event in June and a two-day event in December at the Homestead-Miami Speedway in Florida.

The first competition tested software teams’ abilities to guide a simulated robot through three sample tasks in a virtual environment. In December, teams had to guide real robots through as many as eight individual physical tasks that tested robot mobility, manipulation, dexterity, perception and operator-control mechanisms.

At the trials in Miami, Pratt said, “we started with 16 teams and … went through eight different tasks, from cutting a hole in a wall using a tool, climbing a ladder and traveling over rough terrain, and even driving a small vehicle that a robot might be called on [to use] to go back and forth between [a safe area] and a disaster zone.”

DARPA officials developed the tasks in consultation with the teams, other experts and first responders, the program manager explained, adding that DARPA is not trying to match team skills to a particular kind of disaster.

“We try to use inspiration from one disaster, like Fukushima or the ferry disaster in [South] Korea, and abstract away and talk to first responders -- we've done that quite a bit now -- and say, ‘What's the common thread?’”

Bad communications almost always are a common thread, Pratt said, along with large areas of rubble and debris. First responders describe what bad comms or debris are like in a disaster zone, and DARPA comes up with a model for the robots.

“Often, what happens is that what we come up with is too hard for the robots,” Pratt said. “So if you look at the trials, you say, ‘Did the rubble in the trials disaster look like rubble in Fukushima?’ And the answer is, ‘Not even close.’ But we have to get there, and this is the slope we're trying to climb in terms of difficulty.”

But something did happen at the trials in Miami that no one, not even Pratt, expected.

“It turned out that things went better than we expected,” he said, adding that the robots were more reliable than expected, with better mobility, grasping and manipulation ability.

Because of that success and other factors, he said, DARPA officials are changing the scope of the program to raise the bar at the finals even more than they had planned.

Pratt said the other factors include a significant upswing in commercial investment in robotics, decisions by the governments of Japan, South Korea and countries in the European Union to sponsor and fund teams to participate in the finals, and a new concept in robotic autonomy called “cloud robotics.”

In cloud robotics, he explained, the robot is able to exploit remote information and remote computing capability on the Internet through a high-speed link and share information to increase their effectiveness by reusing information that's provided from past sources.

“We think that particular technical advance has a lot of promise, and we believe the commercial world is going to take off with it,” Pratt said. “But we want to exploit cloud robotics and the investment that's coming from other parts of the world in a way that is applicable to disaster response.”

That means doing work DARPA officials believe the commercial sector will not do, the program manager said -- “in particular, problems that are unique to disaster response.”

One of these is operation without the possibility of physical human intervention if something goes wrong.

“In a disaster, the reason you use a robot in the first place is because the environment is very harsh, and you can't send a person in,” he explained. “So we have to make sure the robot will continue to work well even if there's no way a human being can physically go there to help out.”

Such an environment will be more austere than it is in a home environment or a factory, or even on a farm, he added, so the robots must be more capable in locomotion and manipulation than under normal circumstances. Maybe most importantly, the connection to the cloud will be intermittent, Pratt said.

“In disasters typically communications … suffer most, so we are going to purposefully try to emulate the very degraded communication environments that happen in real disasters,” he said. “We don't think that's something the commercial world will try to tackle in the near term.”

But for the robots’ human supervisors during the finals, DARPA will provide high-bandwidth links that go between the operators and their computers and the Internet, and teams will be able to use as much cloud computing power and computer disk storage, and also may use as many other experts as they like to help them help their robots.

To accommodate such evolutionary changes in the program, DARPA has added six months to the original timeline for the finals – moving from December 2014 out to June 2015.

Total funding for the DARPA program, from October 2012 to June 2015, is $95 million. DARPA-funded teams will receive $1.5 million between now and June -- other teams are self-funded -- and the team that wins will receive $2 million.

Tasks for the finals are not yet solidified, but Pratt said they will be similar to tasks in the Miami trials, with some modifications.

“Instead of being eight separate tasks, each one of them done pretty slowly, we're going to put all the tasks together into a sequence that is much more authentic to a real disaster,” he said. “For instance, you have to drive the vehicle to the site, get out of the vehicle, climb up the stairs, go over the rough ground, and each one follows the next, and the robot doesn't have a choice,” he added. “It must keep managing to make it through the next challenge, and each one happens … right after the other one.”

Other differences include the following, Pratt said:

-- The robots will not be connected to any kind of physical tethers or wires. Communication will be wireless, power sources will be onboard the robot and must allow the robot to run for one hour, and the human supervisor won’t be allowed to physically intervene. “If a robot falls or gets stuck, the fall will have to occur without breaking something on the robot that is vital for its continued operation,” Pratt said, “and the robot will have to be able to get up without assistance.”

-- All eight tasks must be completed in less than an hour, meaning that robots in the finals will be asked to go at least four times faster than they did at the Miami trials.

-- Communications will be degraded to a greater degree than they were during the Miami trials, to be more authentic to real disasters. “We think it's going to require quite a bit of innovation from the teams to adapt to our adjustment of the goal,” Pratt said. “We're sort of raising the bar, so … we're going to give them more time and more funding to get that done,” Pratt said.

-- One of the tasks will be a surprise to all teams.

In general, Pratt said, “we’ll give teams less prior information as to the specifics of the tasks. We're trying to slowly move things so that we're closer to a more authentic test of what a real disaster would be like.”