Monday, November 24, 2014

DoD Agency Offers Public Geospatial Intel to Help Ebola Fight

By Cheryl Pellerin
DoD News, Defense Media Activity

WASHINGTON, Nov. 24, 2014 – In a contribution to the Defense Department’s fight against West Africa’s deadly Ebola virus disease outbreak, the National Geospatial-Intelligence Agency has launched its first public website of unclassified geospatial intelligence data.

NGA’s mission in support of national security is to visually depict and assess situations on the ground using satellite imagery and other geographically referenced information.

The public website, covering the West African countries affected by the Ebola outbreak, is a new venture for the necessarily secretive intelligence organization. Still, NGA has for years provided geographical intelligence to first responders during most major natural disasters.

“My group regularly supports humanitarian assistance and disaster relief efforts, as well as special security events that are driven by the FBI,” Timothy J. Peplaw, director of the NGA Readiness, Response and Recovery Office, told DoD News during a recent interview.

Supporting the Disaster Supporters

“NGA is not necessarily in the business of providing unclassified data,” he added, “but my customer set is very open, so my group is the one exception where we have to provide unclassified data and products to people who support these disasters.”

The office always works through a lead federal agency, Peplaw explained.

During wildfires, earthquakes or hurricanes, that agency is FEMA, the Federal Emergency Management Agency. For the Ebola support, Peplaw’s office works through the State Department. For special security events such as the presidential address or the Super Bowl, it's the FBI or the Office of the Director of National Intelligence.

“My group has in the past supported these events through unclassified means,” he said, “but it's usually not through the World Wide Web and unclassified. It's usually through things like data encryption or special access with a need to know.”

Unclassified NGA Ebola Website

For the Ebola Support website, there is no NGA control, Peplaw said, because his office wants its data and products to be available to a variety of users, especially nongovernmental organizations, or NGOs, who need help in their work in West Africa -- organizations such as Doctors Without Borders and the United Nations’ World Food Program.

But the general public can use it, nongovernmental organizations can use it, and even foreign countries can use it, he said, adding that some recent website statistics indicated that people from 77 foreign countries had accessed the site.

“We have a partnership with the State Department through the World Wide Human Geography Data Working Group, formed in 2011 to focus on the need for human geography global foundation data as a basis better understanding cultures, activities and attitudes , Peplaw said. “Through that partnership, we have access to a wide variety of unclassified publicly available data. So NGA pulls that data together and offers it up as a service.”

Readiness, Response and Recovery

The Readiness, Response and Recovery Office provides data and products and makes them available as a service using an online common operating environment called ArcGIS from a California-based company called Esri. Products include map atlases that Peplaw describes as maps and commercial imagery rolled into one.

The service part, Peplaw added, includes atlas maps that have different kinds of layers of data that users can turn on and turn off, based on their needs.

“Let's say that I'm an NGO working with people who are out at the Ebola treatment units, and we're trying to figure out how to get a patient from a local hospital to one of these units,” he said. The NGO might want to see transportation data, medical facilities, Ebola treatment units and other data layers related to transporting that patient from a hospital to an Ebola treatment unit, he explained.

Other Practical Uses of Geospatial Data

Another practical use of the website might be to determine helicopter landing zones, Peplaw said.

“Let's say that we have to transport a critical patient via helicopter to an Ebola treatment unit,” he said. “I can go in as a user and turn on and off these different layers, so for a helicopter landing zone I'd be interested in terrain [and] in critical infrastructure so I can see if there are power lines in the area, and I can see if there are roads to get to that helicopter landing zone.”

Latest and Greatest Data

The other service aspect of the website is that it’s live, Peplaw said. “That means that as we, NGA, get different layers of data or updates to that data, we update it in real time,” he explained. “Whenever [users] access it, that's the latest and greatest data that's out there.”

NGA has an analyst in Monrovia deployed with the 101st Airborne Division to support the Army, but the analyst also is helping the Liberian government update the country’s essential maps through its Institute of Statistics and Geoinformation Services. Other countries in the region, Peplaw said, will be able to benefit from the public data available on the NGA Ebola Support site.

The widespread nature of the Ebola outbreak has been a technical and workforce challenge for the NGA office, he added.

“Usually when we support these kinds of things, it's in a very concentrated area, and this is spread throughout several countries in western Africa. The challenge is to provide geospatial intelligence support over a huge swath of land,” Peplaw said.

NGA, WWW and the Future

The NGA office’s foray onto the World Wide Web will take the agency in new directions in several ways moving forward.

“I think it means we spread ourselves globally,” Peplaw said. “Our expertise is really in natural disasters and special security events, but now all of a sudden we're involved in a health issue, so I think [the direction] is only limited by the imagination.

“We can do so much with our data,” he continued, “and pushing [it] out there as a service I think really gets it into a different domain. … It's hard to say really where this is going to go in another five years, but it certainly isn't going away.”

Friday, November 21, 2014

Cybercom Chief Details U.S. Cyber Threats, Trends

By Cheryl Pellerin
DoD News, Defense Media Activity

WASHINGTON, Nov. 21, 2014 – Cyber threats are real, hurting the nation and its allies and partners, costing hundreds of billions, and potentially leading to a catastrophic failure if not addressed, Navy Adm. Michael S. Rogers told a House panel yesterday.

Rogers, the commander of U.S. Cyber Command, director of the National Security Agency and chief of the Central Security Service, testified before members of the House Permanent Select Committee on Intelligence on advanced cybersecurity threats facing the United States.

Cyber Challenges ‘Not Theoretical’

“There should be [no] doubt in anybody's mind that the cyber challenges we're talking about are not theoretical. This is something real that is impacting our nation and those of our allies and friends every day,” Rogers said.

Such incidents are costing hundreds of billions of dollars, leading to a reduced sense of security and potentially to “some truly significant, almost catastrophic failures if we don't take action,” the admiral added.

In recent weeks, cyber-related incidents have struck the White House, the State Department, the U.S. Postal Service and the National Oceanic and Atmospheric Administration.

The Defense Department, the U.S. Sentencing Commission and the U.S. Treasury also have had cyber intrusions.

Sophisticated malware has been found on industrial control systems used to operate U.S. critical infrastructure, and other major intrusions have been reported by J.P. Morgan Chase, Target, Neiman Marcus, Michaels, Yahoo! Mail, AT&T, Google, Apple and many more companies.

Intrusions Seek to Acquire Capability

“We have … observed intrusions into industrial control systems,” Rogers said. “What concerns us is that … capability can be used by nation-states, groups or individuals to take down” the capability of the control systems.

And “we clearly are seeing instances where nation-states, groups and individuals are aggressively looking to acquire that capability,” he added.

Rogers said his team thinks they’re seeing reconnaissance by many actors to ensure they understand U.S. systems in advance of exploiting vulnerabilities in the control systems.

“We see them attempting to steal information on how our systems are configured, the specific schematics of most of our control systems down to the engineering level of detail so they [see] … the vulnerabilities, how they are constructed [and] how [to] get in and defeat them,” the admiral said.

“Those control systems are fundamental to how we work most of our infrastructure across this nation,” Rogers added, “and it's not just the United States -- it’s on a global basis.”

Growth Areas of Vulnerability

When he’s asked about coming trends, Rogers said, industry control systems and supervisory control and data acquisition systems, called SCADA systems, come to mind as “big growth areas of vulnerability and action that we're going to see in the coming 12 months.”

“It’s among the things that concern me the most,” he added, “because this will be truly destructive if someone decides that's what they want to do.”

What it means, he said, is that malware is on some of those systems and attackers may already have the capability to flip a switch and disrupt the activity the switch controls.

“Once you're into the system … it enables you to do things like, if I want to tell power turbines to go offline and stop generating power, you can do that,” he explained. “If I want to segment the transmission system so you couldn't distribute the power coming out of power stations, this would enable you to do that.”

Criminals as Surrogates for Nation-states

The next trend Rogers sees near-term is for some criminal actors now stealing information designed to generate revenue to begin acting as surrogates for other groups or nations.

“I'm watching nation-states attempt to obscure, if you will, their fingerprints,” he said. “And one way to do that is to use surrogate groups to attempt to execute these things for you.”

That’s one reason criminal actors are starting to use tools that only nation-states historically have used, the admiral said.

“Now you're starting to see criminal gangs in some instances using those tools,” he added, “which suggests to us that increasingly in some scenarios we're going to see more linkages between the nation-state and some of these groups. That's a troubling development for us.”

Such activities across the cyberscape, he said, make it difficult for private-sector companies to try to defend themselves against rapidly changing threats.

A Legal Framework for Cyber Sharing

But before Cybercom can help commercial companies deal with cyber criminals and adversarial nation-states, Rogers said the command needs a legal framework “that enables us to rapidly share information, machine-to-machine and at machine speed, between the private sector and the government.”

The framework, he added, must be fashioned in a way that provides liability protection for the corporate sector and addresses valid concerns about privacy and civil liberties.

Such legislation has passed in the House but not in the Senate, and the Senate has created its own similar legislation that has not yet passed the full Senate.

Rogers says there are several ways Cybercom can share what it knows about malicious source code with the private sector so companies can protect their own networks, and assure Americans that NSA isn’t collecting or using their personal information while sharing information with private companies.

What the Private Sector Needs

With private-sector companies, Cybercom and NSA must publicly “sit down and define just what elements of information we want to pass to each other,” he said, specifying what the private sector needs and what the government needs, and also areas that neither wants to talk about.

“I'm not in that private-sector network, therefore I am counting on the private sector to share with us,” the admiral said.

What he thinks the government owes the private sector is this -- Here are the specifics of the threats we think are coming at you. Here’s what it's going to look like. Here’s the precursor kinds of activities we think you're going to see before the actual attack. Here’s the composition of the malware we think you're going to see. Here’s how we think you can defeat it.

What Rogers says he’s interested in learning from the private sector is this -- Tell me what you actually saw. Was the malware you detected written along the lines that we anticipated? Was it different and how was it different? When you responded to this, what worked for you and what didn't? How did you configure your networks? What was effective? What can we share with others so the insights of one come to the aid of many?

“That's the kind of back-and-forth we need with each other,” Rogers said, and legislation is the only thing that will make it happen.

Helping Defend Critical Infrastructure

Rogers says he tells his organization that he fully expects during his time as Cybercom commander to be tasked to help defend critical infrastructure in the United States because it is under attack by some foreign nation or some individual or group.

“I say that because we see multiple nation-states and in some cases individuals in groups that have the capability to engage in this behavior,” the admiral said, adding that the United States has seen this destructive behavior acted on and observed physical destruction within the corporate sector, although largely outside the nation’s borders.

“We have seen individuals, groups inside critical U.S. infrastructure. That suggests to us that this vulnerability is an area others want to exploit,” the admiral said. “All of that leads me to believe it is only a matter of time when, not if, we are going to see something traumatic.”

Rogers says he’s “pretty comfortable” that there is broad agreement and good delineation within the federal government as to who has what responsibilities if Cybercom is called on during a major cyberattack in the United States.

“The challenge to me is we've got to … get down to the execution level of detail,” he said. “I come from a military culture [which] teaches us to take those broad concepts and agreements and then you train and you exercise. And you do it over and over. That's what we've got to do next.”

Thursday, November 20, 2014

DARPA’s Synthetic Biology Work Targets Diseases, New Materials

By Cheryl Pellerin
DoD News, Defense Media Activity

WASHINGTON, Nov. 20, 2014 – Soldiers, military scientists and Defense Department civilians are on the ground in West Africa to help stop history’s largest Ebola outbreak, and now innovators at the Defense Advanced Research Projects Agency are turning their job of changing what’s possible to the fight against infectious diseases.

During an interview at the Defense One Summit here yesterday, DARPA Director Dr. Arati Prabhakar spoke with Defense One technology editor Patrick Tucker about the potential of synthetic biology to contribute to national security.

“What’s happening today broadly in biology is the intersection of this scientific field with physical science and engineering and information technology,” Prabhakar explained, adding that DARPA itself is doing “a handful of things” in biology.

Synthetic Biology

Synthetic biology is an emerging interdisciplinary field that uses advanced science and engineering to make or redesign living organisms such as bacteria or cells so they can carry out specific functions. Synthetic biology involves making new DNA, or genetic code, that doesn’t naturally exist in nature.

Prabhakar calls synthetic biology a dream that people in the field have had for several years.

“Because of the advances in areas like genetic sequencing, we are now starting to have the ability to engineer microorganisms so that cells in culture can do new things, produce whole new chemistries -- whole new materials,” she said.

And when biologists dream of the potential of synthetic biology, “what we dream about is highly energetic materials or new fuels, new therapeutics, new ways to deal with infectious disease, materials with new mechanical properties that we've never been able to invent before,” Prabhakar added, noting that the technological capability to do such work is rudimentary today.

Building Tools and Capabilities

It can cost hundreds of millions of dollars to do even simple genetic modifications of cells, she said, so a major focus of the synthetic biology work at DARPA is to build tools and capabilities to accelerate the field.

“One part of our program is called 1000 Molecules, and it's really a challenge for the community to show us brand-new chemistries -- new molecules that no one's been able to make before,” she said.

During a 1000 Molecules Proposers’ Day in July 2013, DARPA encouraged potential proposers to “enable transformative and currently inaccessible projects across chemicals, materials, sensing capabilities and therapeutics.”

“We're going to find out [if they can],” Prabhakar said, “but it’s very early.”

Applications for Infectious Disease

The director said some of the earliest real applications in synthetic biology will involve infectious diseases.

“As an example, our work on infectious disease harvests from the work that's going on in synthetic biology, and applies it to this problem,” she said.

Today everyone is aware of what’s going on with Ebola virus disease, Prabhakar said, “but in fact, that's just one example in a long series of infectious diseases that flare up in some part of the world.”

“Today when [an infectious disease] flares up, it globalizes because of travel and the world we live in,” she added. “That's just going to be part of our future.”

The Dark Side of Synthetic Biology

Prabhakar said the question DARPA researchers have been asking is for naturally occurring infectious disease threats, but that it also recognizes there’s a darker side of synthetic biology.

“Over time, [synthetic biology] is going to become a tool I think that adversaries can use or terrorists might be able to use to engineer microorganisms to do bad things,” the director added.

The 1000 Molecules effort is part of a DARPA program called Living Foundries, whose goal is to leverage the synthetic and functional capabilities of biology to create a revolutionary, biologically based manufacturing platform for novel materials, sensing capabilities and therapeutics.

Transforming Biology

Living Foundries, DARPA officials said, seeks to transform biology into an engineering practice by developing the tools, technologies, methodologies and infrastructure to speed the biological design-build-test-learn cycle and expand the complexity of systems that can be engineered.

Another part of Living Foundries, called Advanced Tools and Capabilities for Generalizable Platforms, began in 2012 and focuses on developing next-generation tools and technologies for engineering biological systems. Its goal is to compress the biological design-build-test-learn cycle by at least 10 times in time and cost as it creates more complex systems.

For the Defense Department, synthetic biology and its promise for infectious diseases are tools for national security and readiness, officials said.

Who You Gonna Call?

Prabhakar said the Army understands the need for such tools because soldiers are on the ground dealing with Ebola, and that it matters to DoD for several reasons, No. 1 being that “when there are problems in the world, guess who often gets called on to go deal with them?”

Dealing with infectious diseases also is a readiness issue, she said.

When pandemic H1N1 was sweeping the world in 2009, the director said, “people were trying to figure out what it meant for readiness -- just the fact that we didn't know who was infected with H1N1 or [a milder] seasonal flu. We’re living in a fog about that.”

In the future, whether it's naturally occurring or a manipulated threat, she said, “we want the ability to collapse the time it takes for us to respond to an infectious disease and outpace its spread.”