Saturday, October 31, 2015

DoD Needs to Improve Cyber Culture, CIO Says

By Lisa Ferdinando DoD News, Defense Media Activity

WASHINGTON, October 29, 2015 — The Defense Department needs to change its cyber culture to protect its networks from the relentless threat from hackers, the department's chief information officer said today.

"I get a question all the time: 'What keeps me awake?' I think most people expect me to answer it's security or it's dollars. It's neither of those things. It's culture," Terry Halvorsen told a reporters breakfast here hosted by The Christian Science Monitor.

The Internet is an "important part of our business, an important part of our culture, but you have to go there with the right rules and right understandings," he said.

DoD has to establish a "culture of cyber discipline," he said, because the attacks against the agency networks are constant. "There’s not a time when I’m not being attacked somewhere in the world," he said.

With hackers generally out of the public's view, he explained, "I think it's easy for people to forget that there are bad actors out there."

Understanding Cyber Economics

Good cyber defenses include a combination of tools, culture, and training and education, Halvorsen said. "It's really also educating leaders at every level what their responsibilities are and what they need to know," he added.

The Defense Department needs to change its cyber economics as well, Halvorsen said.

"It is much less expensive for someone to attack us than it is for us to defend, and we got to turn that around,” he explained. “Today, we are really on the wrong side of that piece."

Cyber is a relatively new warfare, he noted. As with any domain, such as aviation or nuclear, it takes time to build and secure, he said. A big difference in cyber, he told the reporters, is that it moves faster than any other warfare area.

"That's a challenge," he said. "We're in the midst of having to make some major culture changes."

DoD is working to automate as much of its cyber security as it can, to get to where the defenses “self-learn” and take actions to stop or quarantine an attack, he said.

An enterprise culture is also needed, the Pentagon’s CIO said. "Cyber is forcing us to think different about that," he added. "Unlike other areas, cyber truly is enterprise, because it's connected."

Industry Partnership

For the first time, the Defense Department is putting civilians in private information technology companies for six months, and private IT company personnel are doing tours at DoD, Halvorsen said. During World War II it was not uncommon, he said, for people to move back and forth between private and government jobs, and to have industry partners working on government projects.

The government could benefit greatly from a partnership with private IT firms, he said. Smaller companies could partner up with larger firms to help with scalability for government projects, the CIO noted.

A constant issue Halvorsen said he faces is that people will present him with a computer technology that has been tested for 25,000 people. "They get mad when I say, 'Well that's good. Now you have to test it for about a million, so I can know that it will scale.'"

DoD’s Silicon Valley Innovation Experiment Begins

By Cheryl Pellerin DoD News, Defense Media Activity

WASHINGTON, October 29, 2015 — Two months after Defense Secretary Ash Carter officially opened the doors of the Defense Innovation Unit-Experimental in California’s Silicon Valley, the new director and his early team members already are engaging with potential innovators.

During a one-on-one interview before giving a presentation at the Association for Unmanned Vehicle Systems International “Unmanned Systems: Defense 2015” meeting in Arlington, Virginia, DIUx Director Dr. George Duchak, formerly director of the Air Force Research Laboratory’s information directorate and a Defense Advanced Research Projects Agency program manager, told DoD News the new unit is in full startup mode.

“We have a building right outside the gate at Moffett Field … called the Army Reserve Support Center, and we have an agreement with them for 12,000 square feet of space. Currently, we occupy 3,000 square feet,” Duchak said.

When the office is complete, the space will be open and collegial, the director added, and, like a business incubator, people will work together in a collaborative environment where all can coordinate and share ideas and opportunities.

“We’re opening up that space so we can get a lot of cross-pollination and cross-collaboration among the services,” Duchak said, as well as among the Silicon Valley companies.

Working on Basics

The DIUx team is authorized to hire a director and a deputy, a lawyer and four highly qualified experts, or HQEs. To date they’ve filled one of the HQE billets, Duchak said, and the team is working on basics, such as getting the office space built out and furnished and crafting the DIUx governance and engagement models and its concept of operations.

The final DIUx team will consist of six to 10 people -- civilians, active-duty military, and Guard and Reserve service members -- augmented by contractor support in areas where they need expertise, the director said.

Under the government team will be personnel from each service and from defense agencies, and potentially from the combatant commands, he said.

“Right now, we have an Air Force element, a U.S. Cyber Command element, and Army and Navy elements that are on their way, but not yet officially stood up there,” Duchak said.

Service Elements

Each element, depending on the service’s requirements, will have six to 10 people who will be there specifically, the director said, to address the needs of their services. Companies seeking opportunities with the Defense Department also will be able to work directly with the services, he added.

Carter announced the creation of DIUx in April at Stanford University during a speech titled "Rewiring the Pentagon: Charting a New Path on Innovation and Cybersecurity."

The DIUx mission is to strengthen relationships and build new ones, scout for breakthrough and emerging technologies, and serve as a local presence for the department in Silicon Valley.

Tech Matchmakers

“Our instruction is to be matchmakers,” Duchak explained, adding that DIUx will be a hub for increasing DoD’s access to leading-edge technologies from high-tech and startup companies and entrepreneurs.

“[DIUx will] find an interesting technology and connect that with the warfighter. And by the warfighter, I broadly mean the science and technology community, the acquisition community or the combatant commands -- the warfighters themselves,” he said.

“DIUx has no funds to see interesting technology, Duchak noted. Rather, it will make the connection with the lab or program executive office, and it's up to that organization to seek more information about a technology. DIUx’s job, essentially, is to help Silicon Valley companies navigate through DoD acquisition rules and regulations, he added.

Innovation Targets

During an Aug. 5 visit to Silicon Valley, Deputy Defense Secretary Bob Work said the department is interested in innovation in areas such as big data analytics, autonomy and robotics.

“I wouldn't necessarily go to Silicon Valley to find new materials for jet engines or stealth technologies, … but the whole world is going in the direction of doing big data analytics. The whole world is moving in the direction of autonomy,” Duchak said.

The department also is looking at novel technologies in the extremes: such as underwater capabilities and small satellites.

“We have spoken with a company that does underwater mapping primarily for the oil and gas industry, but the capability also aligns with DoD missions,” Duchak said.

The department also is looking at the half-dozen or so companies that are putting into orbit small, but capable, satellites to serve commercial needs, Duchak said.

“They’re doing things that I think caught DoD by surprise -- launching tens if not hundreds of small satellites that can shoot video from space, … networking the satellites and then selling them to commercial industry,” the director added.

“They’re really living on the edge and … making advances not just in the technology but in the concept of operations, the business model, all things that are very synergistic with DoD,” he said.

Duchak said the Silicon Valley DIUx team works not only with local companies, but also with companies from all over the country. And once the local unit has determined the best ways to engage the innovation community, he said, DIUx-like units could open in other major tech innovation hubs such as Boston, Austin, Cincinnati, Seattle and others.

X is for Experiment

The DIUx team isn’t looking only at small tech companies for innovation, the director said.

DIUx  and its efforts do not  replace the large system integrators, he added, referring to companies such as Northrop, Boeing, L3 or Raytheon, for example, which already make up the defense industrial base, but will accentuate and complement their efforts and serve as a connector for the industrial base as well. “We're agnostic,” Duchak said.

“If the warfighter benefits, I don't think we care if the technology's adopted by the system integrator and incorporated into their offering for the government, or if it goes direct through a program executive officer and then to a system integrator, or from lab to market,” he said.

About the experimental nature of the DIUx effort, Duchak said building and operating the unit will be a long journey. “We've got to constantly be refining our business model,” he said, “and we've got to constantly be refining what our value is to both DoD and the innovation community.”

Friday, October 30, 2015

Cybersecurity program shapes mission assurance for AF core missions

Task Force Cyber Secure / Published October 29, 2015

WASHINGTON (AFNS) -- Task Force Cyber Secure has made progress in addressing mission assurance and cybersecurity challenges for Air Force core missions, according to Air Force leaders.

The initiative, originally enacted by Air Force Chief of Staff Gen. Mark A. Welsh III, aims to synchronize cybersecurity efforts across the Air Force enterprise to improve the security of information and warfighting systems with a special focus on the five core missions.

“With close partnership from key cyber and core mission stakeholders across the Air Force, we've jump started, and will continue to lead, many efforts that will eventually provide Air Force commanders with the personnel and TTPs (tactics, techniques and procedures) who will assure their missions in and through cyberspace," said Peter Kim, the TFCS director.

Although October’s National Cyber Security Awareness Month is coming to a close, it is still important to keep in mind the majority of cybersecurity breaches within the Air Force systems due to poor cyber hygiene habits.

TFCS and the Air Force are measuring cyber hygiene to identify how Airmen can better protect themselves and the mission. Providing commanders with the tools to understand their cyberspace readiness and make necessary changes is an important part of this process.

The task force developed a process to fund and execute critical short-term projects focused on assuring core missions in, through and from cyberspace. TFCS has fully funded and executed the first round of these investments, called near-term initiatives (NTIs), which deliver cyber capabilities focused on enhancing cybersecurity of mission systems.

These investments included improvements to cyber force development, enhancements to the communications infrastructure for rapid global mobility at Scott Air Force Base, Illinois, and an insider threat project for user activity monitoring and pilot programs at Air Force Material Command that would improve the cybersecurity of operational flight programs and portable maintenance aids.

The second round resulted in additional NTIs being fully funded. Some of the initiatives included a cyber-defense operating concept for space superiority that will be applied across all Air Force missions, development of team cyber assure and the cyber awareness assessment, development of the cyber squadron of the future, development of the director of cyber forces concept, and initiatives to protect industrial control systems and pave the way for AFMC to increase the cyber resiliency of weapons systems.

"We must continue to focus on enhancing the security of our Air Force core missions and weapon systems, not just the traditional networks, and continue to institute that culture change in our Airmen to understand the cybersecurity impacts to mission,” said Air Force Chief Information Officer Lt. Gen. William J. Bender.