CyberCatch Sponsors Webinar on New Compliance Requirements

Sponsored:
Cyber security firm CyberCatch will host a free webinar on November 18 to review current threats and soon-to-be-required compliance requirements.

Counterfeit Chinese Electronics Redux; AESA & GBU-39 Suspect

On Sept 30/08, “The USA’s National Cybersecurity Initiative” focused on the belated but growing reaction to recent uses of cyber-attacks as an adjunct to warfare, and by the growing rate of attempted intrusions into American systems from countries like China. “Secure Semiconductors: Sensible, or Sisiphyean?” discussed the growing realization within the US military that massive use of commercial electronics, coupled with the complexity of modern chip designs, made it very difficult to be sure that “backdoors” and other security flaws weren’t being inserted into high-end American defense equipment. It’s a difficult conundrum, because commercial chips offer orders of magnitude improvements in cost and performance. Hence DARPA’s “Trust in IC” program, which hopes to crack the problem and offer the best of both worlds.

On Oct 2/08, Business Week’s in-depth article “Dangerous Fakes” claimed that a key component of the silicon security threat might be even simpler:

“The American military faces a growing threat of potentially fatal equipment failure – and even foreign espionage – because of counterfeit computer components used in warplanes, ships, and communication networks. Fake microchips flow from unruly bazaars in rural China to dubious kitchen-table brokers in the U.S. and into complex weapons. Senior Pentagon officials publicly play down the danger, but government documents, as well as interviews with insiders, suggest possible connections between phony parts and breakdowns… Potentially more alarming than either of the two aircraft episodes are hundreds of counterfeit routers made in China and sold to the Army, Navy, Air Force, and Marines over the past four years. These fakes could facilitate foreign espionage, as well as cause accidents. The U.S. Justice Dept. is prosecuting the operators of an electronics distributor in Texas – and last year obtained guilty pleas from the proprietors of a company in Washington State – for allegedly selling the military dozens of falsely labeled routers… Referring to the seizure of more than 400 fake routers so far, Melissa E. Hathaway, head of cyber security in the Office of the Director of National Intelligence, says: “Counterfeit products have been linked to the crash of mission-critical networks, and may also contain hidden ‘back doors’ enabling network security to be bypassed and sensitive data accessed…”

Update

August 19/15: A Chinese company has been accused of selling counterfeit Active Electronically Scanned Array (AESA) radar systems, using a design taken from Israel’s Elta Systems. NAV Technology Company is believed to be selling a version of Elta Systems’ EL/M-2052 system, an airborne fire control radar capable of tracking dozens of targets simultaneously. The company also offers other products thought to be taken from US designs, including a copy of the GBU-39 precision munition.

Treat, or Trick? The US Military Orders “Multi-Function” Printer/Fax Machines

Ricoh MFC

Treat, or trick? Both, it seems. The key question is whether the machines are color – and whether they contain a widespread anti-feature that few people know about.

At the end of October 2013, Army Contracting Command in Fort Huachuca, AZ issued a $498 million firm-fixed-price, multiple award task order contract to provide the Army with commercial-off-the-shelf “multi-functional devices” (all-in-one printer, fax. etc.), associated refills, and related services. “Equipment under this program will be available for lease or purchase, and shall be compliant with current Army security standards.”

On the topic of printer security…

Secure Semiconductors: Sensible, or Sisyphean?

Latest updates[?]: IRIS Program contract for test articles.

The May 2008 IEEE spectrum magazine, in “The Hunt for the Kill Switch“:

“Feeding those dreams is the Pentagon’s realization that it no longer controls who manufactures the components that go into its increasingly complex systems. A single plane like the DOD’s next generation F-35 Joint Strike Fighter, can contain an “insane number” of chips, says one semiconductor expert familiar with that aircraft’s design. Estimates from other sources put the total at several hundred to more than a thousand. And tracing a part back to its source is not always straightforward. The dwindling of domestic chip and electronics manufacturing in the United States, combined with the phenomenal growth of suppliers in countries like China, has only deepened the U.S. military’s concern.”

Schrodinger’s Contracts: US Explores Quantum Computing

US ORNL laser test

Readers who follow the tech press may be familiar with the concept of quantum computing. Computers use binary bits: on/off, yes/no, represented by 0 or 1. A quantum bit, or qubit, can be 1, or 0… or both. Whereas 111 = 7 in binary, and each number is a single choice among all the possibilities in the number of binary digits, 3 qubits can hold all 8 possibilities (0-7), which means you can do calculations on all of them at once. The more qubits used, the more computation, so 32 qubits theoretically gets you 2 to the 32nd power computations (about 4.3 billion) at once – much more power than conventional computing, and it keeps on rising exponentially.

It’s worth noting that quantum computing has limits, and areas where it will not be suitable for computing tasks. They are not fully understood yet, but have been shown to exist at the theoretical level. So far, all we can say is that certain kinds of problems will be solved much, much more quickly. The uses of such a system for searching large domains of information, cracking codes, creating codes, or running simulations that include the quantum level (as a number of modern physical and medical science applications do) are clear. As an additional benefit, quantum cryptography methods benefit from quantum principles. Eavesdropping is not only incredibly difficult, it will create noticeable interference.

Various American agencies continue to be interested in the field, which has also begun finding commercial applications.

$12M to Improve Security for Nukes in Europe

Atlantic CommTech Corp. in Virginia Beach, VA received a $12 million firm-fixed-price contract. They’ll provide interior intrusion detection systems for protective aircraft shelters, and redundant cable, for the 498th Nuclear Systems Wing. Atlantic CommTech will be performing 100% of the work throughout 6 NATO installations in Europe. This is not surprising. Back in February 2008, “The Blue Ribbon Review of Nuclear Weapons Policies and Procedures” raised concerns about security practices at nuclear-capable facilities in Europe, and recommended a number of steps to improve the situation. Meanwhile, European countries’ waning desire to even host such weapons has become a subject of high-level debate among NATO members.

The 498th Nuclear Systems Wing is part of USAF Materiel Command, and handles nuclear maintenance projects, programs, & systems integration, advocacy, and oversight. The wing’s groups and divisions include the 498th Missile Sustainment Division based at Tinker AFB, OK, the 498th Nuclear Systems Division at Kirtland AFB, NM; the 498th Munitions Maintenance Group at Whiteman AFB, MO, and the 798th Munitions Maintenance Group at Minot AFB, ND. The USAF Nuclear Weapons Center/PKE at Kirtland AFB, NM, manages the contract (FA9422-12-F-0001).

SAIC’s WikiCaulking Research: Do Insider Threats Leave Routine Clues?

Science Applications International Corp. (SAIC) in McLean, VA recently won a $9 million cost-plus-fixed-fee contract for an unusual effort:

“…research in the detection of insider threats based on sensor data from routine activities of members of a group, and possibly social networks.”

Call it the WikiCaulking contract. Work will be performed in McLean, VA; Amherst, MA; Corvallis, OR; Pittsburgh, PA; and Atlanta, GA, with an estimated completion date of May 31/13. Bids were solicited through a broad agency announcement, with 7 bids received by U.S. Army Contracting Command in Durham, NC (W911NF-11-C-0088).

M24 Sniper Rifles for Afghanistan’s Military

M24 sniper system

Snipers have become critical assets in the current wars, and enemies who routinely use human shields have changed their profession from a group that was stigmatized even in their own armies, to widely appreciated specialists. In Afghanistan, the rifles’ 7.62mm or heavier calibers, and long range in an environment that routinely sees engagements beyond 300 meters, makes snipers very desirable in regular engagements, as well as special missions.

Remington Arms Company Inc. in Ilion, NY recently received an $8.9 million firm-fixed-price contract from the Afghan government for M24 sniper rifles (and see weapon review), with bipods for stable shooting. Work will be performed in Ilion, NY, and is expected to be complete by Sept 30/14. One bid was solicited with one bid received by the U.S. Army TACOM LCMC in Rock Island, IL (W56HZV-11-D-0049).

Sniper rifles are tracked more closely than other weapons, and American forces in Iraq and beyond have consistently pushed for general weapon tracking programs that allow tight monitoring of access and use. One hopes this is enough to avoid having this order end up as a de facto delivery to the Taliban and al-Qaeda, for use in Afghanistan and Pakistan.

F-35 Joint Strike Fighter: 2009-2010

F-35A: incoming…

The $382 billion F-35 Joint Strike fighter program may well be the largest single global defense program in history. This major multinational program is intended to produce an “affordably stealthy” multi-role fighter that will have 3 variants: the F-35A conventional version for the US Air Force et. al.; the F-35B Short Take-Off, Vertical Landing for the US Marines, British Royal Navy, et. al.; and the F-35C conventional carrier-launched version for the US Navy. The aircraft is named after Lockheed’s famous WW2 P-38 Lightning, and the Mach 2, stacked-engine English Electric (now BAE) Lightning jet. Lightning II system development partners included The USA & Britain (Tier 1), Italy and the Netherlands (Tier 2), and Australia, Canada, Denmark, Norway and Turkey (Tier 3), with Singapore and Israel as “Security Cooperation Partners.” Now the challenge is agreeing on production phase membership and arrangements, to be followed by initial purchase commitments in 2009-2010.

This updated article has expanded to feature more detail regarding the F-35 program, including contracts, sub-contracts, and notable events and reports. Recent events and major programs shifts have been added to this article, in order to ensure maximum continuity and context. 2012 developments are covered in this follow-up article.

Carnegie Mellon Contracted for Software R&D

Carnegie Mellon has long been one of the USA’s best universities for computer science, and was well known in those circles long before Prof. Randy Pausch’s Last Lecture made it more broadly famous around the world. Platforms like Alice are gaining wide traction for teaching computer science, and their Capability Maturity Model for software development has become a certification goal for many defense industry systems integrators. On the security side, their Software Engineering Institute’s Computer Emergency Response (CERT) group remains one of top public resources in the world for computer security, and their CyLab is a multi-disciplinary cybersecurity education and research center, involving 6 colleges from Carnegie Mellon, over 50 faculty, and over 130 graduate students.

The SEI was established in 1984 at Carnegie Mellon University as a federally funded research and development center (FFRDC) dedicated to advancing the practice of software engineering and improving the quality of systems that depend on software. Their CMMI defines 5 levels of proficiency under a Total Quality Management approach; most commercial organizations are at Level 1 or Level 2. Through its sponsor, the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics, the SEI carries out its mission by focusing on software engineering management and technical practices.