MIT 16.6 (July 2012)

www.MIT-kmi.com

C4July 2012

Volume 16, Issue 6

The Voice of Military Communications and Computing

Electronics Commander

Maj. Gen. Robert S. Ferrell

Commanding GeneralArmy CECOM

Storage Virtualization O Leave-Behind Comms Real Time Operating Systems O Software Engineering Center

At your service since 1947

36,000 Active-duty students. on bAse. on-site. online.

877-275-UMUC • military.umuc.edu/servesyou • enroll now

University of Maryland University College is the nation’s largest public university.

Wherever your mission takes you, anywhere in the world, you’ll find University of Maryland University College (UMUC). We offer courses on base or on-site in more than 25 countries—and over 100 bachelor’s and master’s programs entirely online. That’s our mission, because since 1947, UMUC has been educating America’s armed forces.

UMUC14854 MIT_OnBase_OnSite-April_8.375x10.875.indd 1 3/30/12 3:07 PM

Military inforMation technology July 2012 VoluMe 16 • issue 6

features coVer / Q&a

16

DepartMents

inDustry interView

28

Major General Robert S. FerrellCommanding General

Army Communications-Electronics Command (CECOM)

Sasi MurthySenior Director

Product Marketing for SecurityBlue Coat

2

4

5

14

27

Editor’s Perspective

Program Notes

People

Data Bytes

Resource Center

21

Software Center Fights Cyber-ThreatsThe Army Communications-Electronics Command’s Software Engineering Center specializes in information assurance engineering, certification and accreditation, and provides independent software quality assessments.By Andricka Thomas

6

Taming the Storage JungleMilitary organizations are exploring how virtualization can be used to centrally manage and rationalize proliferating storage infrastructures.By Peter Buxbaum

10

Real-Time OperationsEmbedded real-time operating systems are expanding their military reach with the highest levels of security where there is a need to reduce costs by using virtualization.By Cheryl Gerber

24

After They Are GoneAs it continues its pullout from Southwest Asia, the U.S. military is working with industry to select the communications equipment it will provide local forces to support their fight against insurgents and international terror.By Adam Baddeley

At your service since 1947

36,000 Active-duty students. on bAse. on-site. online.

877-275-UMUC • military.umuc.edu/servesyou • enroll now

University of Maryland University College is the nation’s largest public university.

Wherever your mission takes you, anywhere in the world, you’ll find University of Maryland University College (UMUC). We offer courses on base or on-site in more than 25 countries—and over 100 bachelor’s and master’s programs entirely online. That’s our mission, because since 1947, UMUC has been educating America’s armed forces.

UMUC14854 MIT_OnBase_OnSite-April_8.375x10.875.indd 1 3/30/12 3:07 PM

It’s been a long journey to get there, but the latest and most complete embodiment of the Army’s vision of networked operations recently had its public debut in the Pentagon courtyard.

Army officials in late June unveiled Capability Set 13, which represents the first package of networking equipment to be created under the Network Integration Evaluation (NIE) process. The collection comprises some 15 systems covering a wide range of communications needs down to the level of the individual soldier.

Although the NIE tests have been designed to be as realistic as possible, the package will soon its first test in true operational conditions. It will be deployed with two brigade combat teams this fall as they beginning training for deployment in Southwest Asia in 2013. The Army plans to expand that over time to include eight teams.

The package addresses a total of 10 operational set needs, with a focus on mission command on the move and connecting the dismounted warfighter.

Army leaders emphasized that the new system array represented fundamental changes in the way they conduct the business of development and procurement. Not only will they be shifting to the approach of buying “what we need, when we need it, for those who need it,” rather than the old one-size-fits-all-the-Army approach, but also they will also be sending out equipment that has already been extensively tested and integrated in field conditions.

“We’re making sure we’ve got it integrated from a technical perspective, but just as important, we’ve made sure we have the operational integration set,” said Brigadier General John Morrison, director, LandWarNet/Mission Command, Army G3/5/7. “Deploying units are not just getting a box, but an integrated network, and all the tactics, techniques and procedures that have already been learned in an operational setting.”

By aligning efforts and forcing integration at the front end, the Army to date has avoided some $6 billion in costs, Morrison said.

Harrison DonnellyEditor

EDITOR’S PERSPECTIVE

The Voice of Military Communications and Computing

eDitorial

Managing EditorHarrison Donnelly [email protected]

Online Editorial ManagerLaura Davis [email protected]

Copy EditorLaural Hobbes [email protected]

CorrespondentsAdam Baddeley • Peter Buxbaum Cheryl Gerber • Karen E. Thuermer

art & Design

Art DirectorJennifer Owers [email protected]

Senior Graphic DesignerJittima Saiwongnuan [email protected]

Graphic Designers Amanda Kirsch [email protected] Morris [email protected] Waring [email protected]

aDVertising

Account ExecutiveCheri Anderson [email protected]

KMi MeDia groupPublisherKirk Brown [email protected]

Chief Executive OfficerJack Kerrigan [email protected]

Chief Financial OfficerConstance Kerrigan [email protected]

Executive Vice PresidentDavid Leaf [email protected]

Editor-In-ChiefJeff McKaughan [email protected]

ControllerGigi Castro [email protected]

Operations AssistantCasandra Jones [email protected]

Trade Show CoordinatorHolly Foster [email protected]

operations, circulation & proDuction

Circulation & Marketing AdministratorDuane Ebanks [email protected]

Data SpecialistsArielle Hill [email protected] Johnson [email protected] Walker [email protected] Villanueva [email protected] Winston [email protected]

a prouD MeMber of

subscription inforMationMilitary Information Technology

ISSN 1097-1041is published 11 times a year by KMI Media Group.

All Rights Reserved. Reproduction without permission is strictly forbidden.

© Copyright 2012. Military Information Technology is free

to qualified members of the U.S. military, employees of the U.S. government and

non-U.S. foreign service based in the U.S. All others: $65 per year.Foreign: $149 per year.

corporate offices

KMI Media Group15800 Crabbs Branch Way, Suite 300

Rockville, MD 20855-2604 USATelephone: (301) 670-5700

Fax: (301) 670-5701Web: www.MIT-kmi.com

Military inforMation technology

Volume 16, Issue 6 • July 2012

KMi MeDia group Magazines anD websites

www.GIF-kmi.com

Geospatial Intelligence

Forum

www.BCD-kmi.com

June 2012Volume 1, Issue 1

www.BCD-kmi.com

Border Threat Prevention and CBRNE Response

Border Protector

Michael J. Fisher

ChiefU.S. Border PatrolU.S. Customs and Border Protection

Wide Area Aerial Surveillance O Hazmat Disaster ResponseTactical Communications O P-3 Program

SPECIAL SECTION:Integrated Fixed Towers

Leadership Insight:Robert S. BrayAssistant Administrator for Law Enforcement/Director of the Federal Air Marshal Service

Border & CBRNE Defense

www.MAE-kmi.com

Military AdvancedEducation

www.MIT-kmi.com

Military Information Technology

www.GCT-kmi.com

Ground Combat

Technology

www.MLF-kmi.com

Military Logistics Forum

www.M2VA-kmi.com

Military Medical & Veterans

Affairs Forum

www.MT2-kmi.com

Military Training Technology

www.SOTECH-kmi.com

Special Operations Technology

www.TISR-kmi.com

Tactical ISR Technology

www.USCGF-kmi.com

U.S. Coast Guard Forum

GSA offers a full suite of services to help optimize the performance, increase the security, and improve the efficiency of your data center.

As the leading source for government solutions, GSA is ready to help you make smart decisions to achieve your cost savings, environmental sustainability, cybersecurity, and consolidation goals. We provide easy access to a customizable suite of commercial IT products and services and end-to-end IT solutions through established contract vehicles and world-class vendors. We also offer customized and scalable assisted acquisition services ranging from small and specific jobs to large, complex, and sensitive projects to help you where and when you need it most. Best of all, we’re here to help you focus on your mission, even during an emergency.

We make it easy. We’re GSA — delivering great government through technology.

For more information, visit gsa.gov/datacentersad or speak to a GSA customer representative at (888) 377-0070.

Do More With Lessto optimize your IT infrastructure

Business Continuity & Disaster Recovery

Data Center Architecture

Data Center Operations

Data Storage

Hosting & Warehousing

…and much more.

To read this code, download a free QR reader app on your smartphone and scan.

www.MIT-kmi.com4 | MIT 16.6

Compiled by KMi Media Group staffPROGRAM NOTES

Responding to the explosive growth in the military’s use of smartphones and other mobile devices, the Department of Defense has released policy guidelines designed to encourage new uses of the technology while ensuring that its development follows common rules and standards and makes sense within the department’s broader IT strategy.

The policy, released in June by Chief Information Officer Teri M. Takai, lays the ground-work for the three key areas of mobile operations: the wireless infrastructure, the devices themselves, and the applications used on them.

The policy when issued applied to an estimated 250,000 commercial mobile devices used by depart-ment employees, as well as several thousand Apple and Android operating systems, including pilots. But analysts predict that the numbers will continue to grow as the handy devices work their way into every aspect of the department’s executive, business and tactical operations.

Although the proliferation of mobile devices has spurred security concerns, the policy lays more emphasis on their potential benefits than the vulnerabilities they could pose to networks.

“The DoD is taking a leadership role in lever-aging mobile device technology to improve infor-mation sharing, collaboration and efficiencies,” said Takai. “As today’s DoD personnel become increasingly mobile, a wide variety of devices offers unprecedented opportunities to advance the opera-tional effectiveness of the DoD workforce. This strategy will allow mobile activities across the department to converge towards a common vision and approach.

“This strategy is not simply about embracing the newest technology—it is about keeping the DoD workforce relevant in an era when informa-tion and cyberspace play a critical role in mission success,” she added.

In pursuit of its vision of a highly mobile work-force equipped with secure access to information and computing power, the policy statement lays out three goals, along with some of the specific steps needed to bring them about.

Advance and evolve the DoD information enterprise infrastructure to support mobile devices.

• Evolve spectrum management to accommodate new demands on a finite resource, while also supporting research to maximize use of available spectrum.

• Expand infrastructure to support wireless capabilities, including 4G/LTE and virtual private network technologies.

• Establish a mobile device security architecture that protects the interfaces between DoD and commercial networks and makes use of existing security controls at the network, device and application level.

Institute mobile device policies and standards.

• Guide the secure but rapid adoption of commercial mobile devices that support security and interoperability requirements. Also, continue to explore the risks and benefits of using personally owned mobile devices.

• Establish a federated mobile device management service to optimize operations and maintenance and ensure security compliance.

• Train users to understand and use appropriate security controls on their devices.

Promote the development and use of DoD mobile and web-enabled applications.

• Establish a common framework for mobile application development, with developer tools, documentation and automated processes to help build and test mobile apps.

• Create a process for certifying applications for enterprise networthiness.

• Provide federated and centralized hosting, a certification and approval process, and distribution and management services for mobile apps.

• Web-enable current and future IT capabilities to facilitate their use on mobile devices.

Looking ahead, the strategy calls for trying out various parts of the strategy in small user popula-tions, in order that “a business case can be devel-oped that may support scaling to an enterprisewide solution.” In addition, it urges development of a communication strategy to address “the acquisi-tion and cultural challenges associated with enter-prisewide mobile device adoption and deployment.”

The DoD CIO Commercial Mobile Device Working Group will oversee further development and implementation of the policy, while keeping in mind “the notion that tomorrow’s informa-tion enterprise may look very different from today’s.”

Mobile Device Policy Lays Groundwork for Wireless Future

The Defense Information Systems Agency (DISA) has chosen Lockheed Martin to manage the transformation of the Department of Defense’s global data network. The work will take place under an innovative, seven-year Global Systems Management Operations (GSM-O) contract.

The contract would run for three years and includes two two-year options, with a total contract ceiling of $4.6 billion. The contract includes a mix of firm-fixed-price, fixed-price with incentive, cost-plus-incen-tive-fee, cost-plus and fixed-fee pricing plans. GSM-O is headquartered at Fort Meade, Md., with multiple support locations worldwide.

“Lockheed Martin is honored to be selected for this critical responsibility, which we regard as a singular opportu-nity to coordinate with DISA to improve the speed and efficiency of information exchange between our joint warfighters around the world and their commanders and allies,” said Gerry Fasano, president of Lockheed Martin Information Systems & Global Solutions-Defense.

GSM-O is the largest of three DISA Global Systems Management contracts. It provides programmatic, operations and engineering services; material; equipment; and facilities to support the life cycle management of the network. Lockheed Martin teammates include AT&T, ACS, Serco, BAE Systems, ManTech, and other specialized and small businesses.

“In addition to being committed to managing a smooth transition of GSM-O responsibilities to the Lockheed Martin team, we’re excited to use our team’s commercial best practices to evolve the network into one that supports new communications capabili-ties and technologies that directly affect war-fighters’ ability to achieve mission success,” Fasano said. “As information is produced and consumed at speeds and volumes that were once unimaginable, our warfighters need an enterprise architecture that can be quickly adapted and enhanced for new tech-nologies while effectively managing costs.”

The Lockheed Martin team was selected after a competition with SAIC, which previ-ously held the contract.

DISA Selects New Network Manager

www.MIT-kmi.com MIT 16.6 | 5

Brigadier General Frederick A. Henry, who has been serving as deputy commanding general, Army Network Enterprise Technology Command, Fort Huachuca, Ariz., has been assigned as chief of staff, Defense Information Systems Agency, Fort Meade, Md.

Major General Alan R. Lynn, who has been serving as commanding general, Signal Center of Excellence and Fort Gordon, Ga., has been assigned as commanding general, Army Network Enterprise Technology Command, Fort Huachuca, Ariz.

Brigadier General John B. Morrison Jr., who has been serving as director, LandWarNet/Mission Command, Office of the Deputy Chief of Staff, Army, has been assigned as commanding general, 7th Signal Command (Theater), Fort Gordon, Ga.

Major General Jennifer L. Napper, who has been serving as commanding general, Army Network Enterprise Technology Command, has been assigned as director of plans and policy, J-5, U.S. Cyber Command, Fort Meade, Md.

Rear Admiral (lower half) Diane E. H. Webber will be assigned as deputy commander, Fleet Cyber Command/deputy commander, Tenth Fleet, Fort Meade, Md. Webber is currently serving as director, communi-cations and networks, N2/N6F1, Office of the Chief of Naval Operations.

Brigadier General LaWarren V. Patterson, who

has been serving as commanding general, 7th Signal Command (Theater), has been selected for the rank of major general and assigned as commanding general, Signal Center of Excellence and Fort Gordon, Ga.

Air Force Major General Robert E. Wheeler, who has been serving as deputy director, nuclear operations, Headquarters U.S. Strategic Command, has been assigned as military deputy to the Department of Defense chief information officer.

STG has appointed Steven Bouchard as vice president for integrated capture management services. He previously served as director of advanced solutions and integrated capture at Harris’ information technology services unit.

DeEtte Gray is joining BAE Systems

as president of the Intelligence and Security sector, succeeding John Gannon, who has retired. Gray spent 13 years at Lockheed Martin, most recently serving as vice presi-dent for the company’s enterprise information technology solutions business.

IGate, an integrated technology and operations solutions provider, has spun off its government division as a separate, wholly owned subsidiary, and promoted Timothy Coffin to the post of president of iGate Government Solutions.

EIQnetworks, a provider of a unified situational awareness solution, has named Michael D. Paquette as chief strategy

officer, responsible for marketing, product management and strategic technology partnerships.

ManTech International has appointed Chris Goodrich as senior vice president of the signals intelligence solutions and cyber-operations business unit.

Vizada, a provider of global satellite-based mobility services, has appointed Ed Spitler as senior vice president of operations. Spitler previously served as vice president of managed network services for Artel.

MTN Government Services, a subsid-iary of MTN Satellite Communications, a provider of communi-cations, connectivity and content services to remote locations around the world, has added Robert Turner as vice president of business develop-ment and government contract compliance.

Compiled by KMi Media Group staffPEOPLE

Maj. Gen. Alan R. Lynn

Maj. Gen. Jennifer L. Napper

Robert Turner

Timothy Coffin

Brig. Gen.LaWarren V. Patterson

Maj. Gen. Robert E. Wheeler

Michael D. Paquette


Virtualization can be used to centrally manage and rationalize proliferating storage infrastructures.

The Army Product Director Acquisition, Logistics and Technol-ogy Enterprise Systems and Services (PD ALTESS) manages storage systems utilized by several dozen Department of Defense and Army organizations encompassing nearly 700 petabytes of storage capacity spread across 50 storage subsystems running five different operating systems from at least four storage vendors. The shared ALTESS infra-structures’ formatted capacity has increased over 800 percent in the last four years, and, given trends in the growth of storage capacity, is likely to continue to grow robustly.

That’s why ALTESS recently announced that it is looking into storage virtualization technologies. A request for information in April said ALTESS is performing market research for a product that would “help the Army better manage the life cycles of its storage subsys-tems” and “decrease storage subsystem brand dependency.”

“One reason storage virtualization has become important in the last five years is because the cost of storage has been a boat anchor for almost every IT project that has to be deployed. Storage comes in at 55 cents of every dollar being spent on these projects. Does stor-age provide 55 percent of the value? We think it provides about 23 cents worth,” said Carl Wright, an executive vice president at storage vendor Coraid.

“What the Army is trying to do is to look at the big storage pic-ture,” said Augie Gonzalez, director of product marketing at DataCore Software. “There are lots of places where they can combine data cen-ter assets, get a better bang for their buck, and manage them more effectively. That is the big effort they have under way.”

There is also a similar DoD-wide initiative being considered, according to Gonzalez.

Storage virtualization has become an IT buzzword of late, caus-ing confusion because it means different things to different people.

Different virtualization vendors take different approaches to the prob-lem and apply technologies in different ways and at different levels.

It is safe to say, however, that all of these approaches have at least one key thing in common, in that they seek to manage the complex-ity of a proliferating storage infrastructure. The coming trend is to combine storage and server virtualization.

Storage capacity within enterprises has tended to grow on an ad hoc basis. Different organizations have acquired differing storage capabilities depending on their individual needs. With storage alone accounting for more than half of the IT spend, virtualization can be used to centrally manage and rationalize an unwieldy storage jungle.

“The Army understands the budget constraints that they are about to hit,” said Wright. “Starting next fiscal year, they have to start looking at saving a lot of money. When that type of massive budget decrease is telegraphed, the Army wants to look at its storage require-ments over the next five to six years and consolidate acquisition and capabilities. This type of contract is the first step in a journey that puts the Army in the right direction to consolidate acquisitions, data centers and capabilities that they can provide to warfighters and other folks who need it in a more centralized computing framework.”

“We have strapped lot of complexity onto the storage array,” said Joe Brown, president of Accelera Solutions. “In many cases, organiza-tions have many different storage vendors as part of their data centers. Virtualization technologies are able to interface to all storage devices and manage storage capacity from a single location.”

“Virtualization at a high level is the ability to manage physi-cal things by abstracting them at a logical level,” said Lee Caswell, founder and chief strategy officer at Pivot 3. “Storage is becoming such a big part of things that if you can virtualize storage you can start to manage everything in the data center at scale.”

Taming

by peter buxbaum

mit correspondent

the Storage Jungle


pooling resources

There are actually four aspects to storage virtualization, accord-ing to Gaetan Castelein, director of product management at VMWare. “Abstracting is about pooling resources,” he explained. “You’re taking separate physical assets and combining them into one big pool of capacity. Virtualization is also about automating the placement of applications across physical devices. A virtualization solution should put applications on the right physical device. The third aspect is about the mobility of applications between devices, and the last point is load balancing across the physical devices.”

Storage virtualization also “creates distance between what con-sumers of storage require and how it is provided,” said Gonzalez. “Administrators can interchange equipment under-neath without impacting applications or users. Users on work stations have no idea of the infrastructure that is working behind the scenes.”

Storage virtualization has proceeded through two stages, according to Caswell, and is now on the brink of a third iteration. The first phase was redundant array of independent disks, which combined multiple disk drive components inside a box into a single logical unit so they don’t have to be managed individually.

Storage virtualization 2.0 involves “managing dis-similar heterogeneous systems from a common inter-face to manage storage in different boxes together,” said Caswell.

Storage virtualization 3.0 asks whether “there is a way to pull server virtualization and storage virtualization together,” said Cas-well. “Companies are taking storage and integrating virtual stor-age into the server itself. Storage has historically been managed

separately, and now there is a move afoot to combine storage and serv-ers. We are finding that storage is such a big part of all these systems that if you can virtualize storage, then you can manage everything at scale.”

The key technology development that has enabled storage virtu-alization has been the advent of fast networks. “One thing that has accelerated the adoption of storage virtualization has been the move toward a converged Ethernet network infrastructure,” said Caswell. “This has made it cost-effective to interconnect storage devices and get all of them to talk to each other. Without that fast interconnect, you won’t have very interesting performance.”

All of these capabilities are designed to bring “elasticity and fluid-ity to storage,” said Wright.

They should also “reduce administrative costs and wring more capability and capacity out of storage subsystems,” Brown said.

Military and intelligence organizations face the same storage issues as those in the commercial sector, according to Castelein. But “defense organizations have massive scales,” he noted. “The bigger the scale, the more an organization can benefit from the effi-ciencies of virtualization.”

consolidated silos

Hitachi Data Systems virtualizes storage subsystems through a device called an enterprise control unit. “The control unit attaches to the storage devices, and this allows storage silos to be consolidated,” said Hu Yoshida, the company’s vice president and chief technology officer.

Hu Yoshida


“The control unit becomes the brains of the operation, and all functionality relating to the management of data and capacity are managed through it, so you don’t have to have those functions rep-licated in external storage. In this way we are able to eliminate silos and move data across different platforms that are virtualized behind the control unit,” he added.

The Air Force Capabilities Integration Environment (CIE) revamped its data center using Hitachi Universal Storage Platform VM in order to stay ahead of its rapid data storage requirements. CIE is the Air Force organization that supports software development and testing.

Over the years, CIE’s data storage had rapidly multiplied, lead-ing to performance issues and affecting the ability of the IT team to manage the infrastructure. CIE currently has 1,500 systems and 600 terabytes under management.

Hitachi’s Universal Storage Platform VM promotes a unified data infrastructure and massive scalability by virtualizing internal and external heterogeneous storage into one common pool and integrat-ing thin provisioning for flexible volume expansion.

Thin provisioning refers to the practice of allocating storage capacity incrementally based on the actual require-ments of an organization. Storage administrators tend to request much more capacity than they currently require, thinking about future growth requirements.

“As CIE’s infrastructure was growing, they were creating silos of processing and storage from different vendors,” said Mike Tanner, federal vice president, Hit-achi Data Systems. “There was excess capacity in one silo and not enough in another. They were trying to achieve better storage capacity utility rates to meet the growing demand without increasing physical capacity. CIE can perform load balances across systems, and if there is a need to refresh the technology, data can be moved from the old storage to the new storage nondisruptively.”

With the Hitachi platform, CIE can source and attach any existing storage systems as needed. Virtualized behind the USP VM are four Hitachi Universal Storage Platforms for Tier 1 storage, used primarily for Oracle database files and mission-critical applications. Virtualized behind the USP VM as Tier 2 are numerous Sun StorageTek 6140 arrays.

Built-in Hitachi software exploits virtualization and management capabilities across the storage environment. “Dynamic provisioning allows allocation of virtual storage as needed without the upfront requisite of dedicated physical disk storage,” sometimes referred to as fat provisioning, said Tanner.

“Dynamic provisioning eliminates the need for over-provisioning storage, which can quickly become expensive, to directly address the capacity utilization issue of allocated but unused space. Dynamic provisioning contributes to a lower total cost of ownership and helps the CIE with just-in-time, on-demand provisioning functionality,” Tanner added.

Today’s storage virtualization technologies allow users to create partitions within the virtualized capacity that aid both security and provisioning. “What vendors call secure tenancies create security enclaves on the storage array so that you can carve it out for use by different organizations or users,” said Brown.

“Users can keep the virtual spaces separate so that there is no data leakage and no denials of service because one user is using far more than his allocated resources,” said Yoshida.

multi-tiered systems

Some vendors that offer multi-tiered storage systems feature automatic virtualization within that subsystem that assign data to the appropriate tier—from tape to disks to solid state—depending on the capacity and performance requirements of the data in ques-tion. “Storage manufacturers build in virtualization capabilities into their products,” said Brown, “so that the array itself manages where the data would reside to optimize end-use applications.”

These features typically include de-duplication functionality that links users to a single source of stored data instead of having the data duplicated and stored on different systems around the network.

Users can expect a number of benefits through the use of storage virtualization. “It simplifies operations because you don’t have to deal with as many provisioning applications,” said Castelein. “Stor-age, like any physical asset, tends to get fragmented. Virtualization helps drive better efficiency in the utilization of storage capacity.”

“Storage arrays’ built-in clusters can be operated as one logi-cal pool of storage,” said Brown. “Information can be exchanged

between storage components and information can be staged and stored at the most appropriate location within the pools.”

Hitachi Data Systems measured the benefits of one of its clients of the specific virtualization feature that automatically assigned data to the correct stor-age tier. According to Castelein, provisioning deci-sions were made three times per year per application, and each such procedure took an average of 27 min-utes. Each application also required an additional 25 minutes per year of general maintenance, for a total of 106 minutes per year.

“For a customer with a thousand applications, not unusual in a military organization, that adds up to 220 days spent on provisioning activity,” said Castelein. “That is the equiva-lent of one year’s annual salary for an administrator.”

Hitachi’s customer CIE conducted a return on investment analysis on its deployment of USP VM and found that it had indeed saved nearly half a million dollars by using dynamic provisioning across its data center. “Within one year, the CIE had recouped more than the purchase price and had expanded its storage environment without incurring any additional software or hardware costs,” said Tanner.

Storage virtualization is also having the effect of allowing non-experts to manage storage, according to Brown. “Storage arrays are becoming highly sophisticated devices that essentially minimize any real requirement to have what I call a ‘certified smart person’ to operate it,” he said. “They are becoming very point and click and graphic interface driven. A lot of intelligence is being built into these platforms, and this is dramatically reducing the administrative capabilities required to operate them.”

One recent trend involves combining storage virtualization with server virtualization. Server virtualization allows multiple applica-tions and operating systems to run independently on a single server to increase asset utilization.

“There is a lot of integration being performed between virtual servers directly into storage arrays,” said Brown. “This allows for some very interesting capabilities related to higher availability and fast recovery.”

Mike Tanner


“There are more virtual servers being sold today than physical servers,” said Caswell. “That is how prevalent server virtualization has become.”

multiple management

The server virtualization concept posits that today’s servers are fast enough to run multiple operating systems. “If you can multi-task on the application level, why not at the operating system level?” asked Caswell. Today virtual servers can run eight or 12 operating systems at the same time.

“The next question becomes, ‘Why not run virtual severs and run storage virtualization that aggregates storage across a set of servers?’” said Caswell. “Basically, you’re pulling the physical stor-age area network into the servers by using storage virtualization on server appliances. That way, you can consolidate and manage stor-age on the server stack in a very highly available system. You’re run-ning virtual servers in the same appliance supplying the storage.”

The benefit of such an approach is to consolidate the manage-ment of servers and storage. “Servers are always accessing storage, yet they have been managed as separate entities that have to be separately powered, cooled and protected,” said Caswell. “This way you can bring storage and servers back together. If you take all those virtual servers and bring storage virtualization into the same appli-ances, you are consolidating infrastructure and saving on power, cooling and rack space. It is a sophisticated concept, because now

you have server fail-over and storage fail-over all within the same element, and you have a very high system level availability product at that point.”

Pivot 3 has a customer using the combined storage and server virtualization for a video surveillance application, which is able to save 40 percent on power, cooling and rack space, and 25 percent on costs. “They are using around the same number of disks at the end of the day and using about the same amount of compute power,” said Caswell, “but they are consolidating the power supply and sav-ing there. In the case of military training facility putting in half a petabyte of storage, they can eliminate a complete rack by combin-ing servers and storage.”

The future of storage, like much of the rest of IT, is likely to be in a cloud environment. “Storage vendors are developing virtual appli-ances that can run in the cloud,” said Brown. “They can take advan-tage of large pools of storage in the cloud and do some interesting things like replicating the content of local storage arrays right up the cloud directly and easily. That is a different type of virtualiza-tion, for sure, because you’re virtualizing the operating system of the storage array into the cloud, but it is something that is pretty interesting and exciting.” O

EnhancE Your carEEr With an online Software Engineering Master’s Degree

This master’s degree covers the application

of engineering principles to the design,

development, and production of computer

software for all disciplines. Applicants with

a degree in computer science, computer

engineering, or a related engineering or science

area can earn their MSE completely online.

Visit www.dce.k-state.edu/engineeringor Call 1-800-622-2578

6244

ON

LINE

RinaldoDistance Engineering Student

For more information, contact MIT Editor Harrison Donnelly at [email protected] or search our online archives

for related stories at www.mit-kmi.com.

Thriving in dedicated environments, embedded real-time operating systems (RTOS) are growing more connected and omnipresent as they add functionality and the highest levels of security to their range.

From a trusted foundation controlling avionics, aerospace, industrial process control and telecommu-nications, embedded RTOSs are expanding their reach with the highest levels of security where there is a need to reduce costs by using virtualization.

RTOS are the “real deal” when it comes to real time. “Hard” real-time, safety-critical systems have the least latency possible, serving application requests and switching tasks in a matter of microseconds. If the need for speed is not as great, milliseconds in soft real time will suffice. To achieve FAA certification for safety-critical flight control systems, hard real-time operat-ing systems must be deterministic, or consistently predictable.

“Real-time operating systems support building real-time hardware and software with microsecond, not millisecond, deterministic response time. It could be fatal if they don’t handle it, so it has to be 100 percent guaranteed,” said David Kleidermacher, chief technol-ogy officer of Green Hills Software.

Embedded RTOS play a vital role on the battle-field, providing encrypted information in hard real time to joint warfighters. The Joint Tactical Radio System (JTRS) uses the Integrity RTOS from Green Hills Soft-ware as the engine behind many tactical radios at the edge of

the network, managed by the Network Enterprise Domain (NED).

Green Hills’ products and services are the basis for the secure, reliable interoperation between networking and legacy waveforms as well as critical radio network management and services. The devices can route and retransmit services between networking and legacy waveforms without interruption or denial of service.

Beyond the battlefield, embedded RTOS man-age safety-critical operations from flight control sys-tems to nuclear power plants and traffic lights. “An RTOS has to be simultaneous, like anti-lock brakes,” noted John Blevins, director, product marketing, LynuxWorks.

To meet real-time requirements, embedded RTOS guarantee consistent performance serving real-time application requests. As such, RTOS contain sophis-ticated scheduling algorithms for preemptive prior-ity. Smaller than general purpose operating systems, RTOS are compact and highly efficient.

Two crucial design qualities in safe and secure RTOS are the separation kernel and the hypervisor. The separation kernel, or a similar design called the parti-tioning kernel, allocates resources into high assurance partitions with information flow controls that cannot be bypassed, meaning no component can use another’s communication path. This limits the damage that

could be caused by viruses or bugs. Built-in security monitors check each access point individually.

by cheryl gerber

mit correspondent

[email protected]

David Kleidermacher

[email protected]

John Blevins


Real-Time Operationsembedded real-time operating systems are expanding their reach with the highest leVels of security.


The hypervisor provides multiple virtual machines support-ing multiple operating systems on a single processor. However, the operational reality is usually two operating systems. “The technology supports a three-domain system, but it’s usually two domains in the military today,” noted Robert Day, LynuxWorks vice president of marketing.

Most real-time operating systems are embedded, but not all embedded systems are real time. As their name suggests, embedded systems are implanted in hardware.

leVels of security

A case in point is the Navy’s Common Display System (CDS), part of the service’s Open Architecture Computing Environment. The Navy CDS uses the LynuxWorks LynxSecure separation kernel and hyper-visor in its display console to provide an environment in which multiple operating systems running at differ-ent security levels—from Top Secret to unclassified—execute concurrently.

“The Navy CDS is a multi-domain, ship-based con-sole that is tactically deployed and requires multiple, independent levels of security,” said Robert Day, Lynux-Works vice president of marketing.

“Safety-critical operating systems in the avionics world deal with fault conditions in FAA certification. They are designed to look at errors and faults, but they have been physically separate and not connected. Now that more connections like WiFi are being added, one has to worry about not only safety but security. The convergence of safety and secu-rity hits our sweet spot,” he said.

The CDS is a configurable, high assurance workstation that pro-vides users with access to multiple shipboard applications at once. LynxSecure supports 64-bit addressing for high-end scalability and is now undergoing National Security Agency certification evaluation.

“A military customer is currently conducting a system level certification and accreditation for SABI/TSABI, as the NSA shifts its EAL [Evaluation Assurance Level] program,” said Blevins. TSABI is Top Secret and Below Interoperability while SABI is Secret and Below Interoperability.

LynuxWorks technology is POSIX-compliant. The Portable Oper-ating System Interface (POSIX) is a set of standards specified by the Institute of Electrical and Electronics Engineers for compatibility between operating systems.

Another LynuxWorks embedded-RTOS product that complies with the POSIX standard, the LynxOS-178 family, received FAA approval for DO-178b Level A reusable software components. This allows develop-ers to reuse the software across multiple safety-critical systems with-out the need for recertification.

LynxSecure conforms to the Multiple Independent Levels of Secu-rity/Safety (MILS) architecture, adhering to the data isolation, damage limitation and information flow policies identified in MILS. Most of the high security functions are performed by the separation kernel. The partitions and information flow policies are defined by the ker-nel’s configuration. “The total source code base of LynxSecure is only 128KB, a tiny dynamic memory footprint,” noted Blevins.

To build fast, small RTOS software code, the JTRS program uses Green Hills MULTI Integrated Development Environment (IDE) tools.

The MULTI IDE provides third party integration and the ability to gen-erate fast, small code for 32- and 64-bit processors. The program also

uses Green Hills’ GateD family of routing, switching and network management solutions. In addition, there is a debugger for multi-core systems to prevent the most common causes of software bugs. The tools are processor and platform-neutral.

The Green Hills technology used by the JTRS has achieved POSIX-conformance and much of it is NSA Type 1 certified for military grade cryptography, used to secure classified information. Type 1 certification is not a published standard. Type 2 products endorsed by the NSA deal only with unclassified information.

“As you build more sophistication into virtualiza-tion and RTOS, NSA Type 1 certified cryptography comes into play. Green Hills is a subcontractor to General Dynamics, Rockwell Collins and other major defense contractors. JTRS is also a direct customer of Green Hills,” noted Kleidermacher.

secure linux

The JTRS program is developing an open archi-tecture to allow multiple radio types—including handheld, ground-mobile, airborne and maritime—to communicate with each other and link warfighters to the Global Information Grid. The goal is to produce

a family of interoperable, modular, software-defined radios that operate as nodes in a network for secure

wireless communication. JTRS includes integrated encryption and wideband networking software to create mobile ad hoc networks.

JTRS developments illustrate the growth of the Linux operating system in embedded systems. “JTRS wanted to deploy secure Linux in radio. Green Hills won that with the Integrity 178B operating system for flight safety,” said Kleidermacher.

“The Integrity 178B operating system is the highest safety- and security-certified commercial operating system today, as it has been certified by the NSA-managed NIAP lab to EAL6+/High Robustness—the highest Common Criteria security level ever achieved for soft-ware—and the FAA’s highest certification for safety-critical avionics, DO 178b, Level A. No other operating system has achieved both of the highest-level safety and security certifications,” said Kleidermacher.

Lockheed Martin is using Green Hill’s Integrity 178B RTOS and AdaMulti IDE (Ada programming language) to develop safety and security-critical software for the F-35 Joint Strike Fighter. The Integ-rity 178B is running in multiple airborne, Power Architecture-based systems.

As if to highlight the persistent growth of embedded RTOS, in 2009 Intel Corp. acquired Wind River, a leading embedded RTOS provider. Intel’s publicly stated intention was to grow its processor and software presence beyond the PC and server market into embedded systems and mobile handheld devices. Wind River retained the right to operate with processor-neutrality under the purview of Intel’s Software and Services Group.

Wind River’s flagship embedded RTOS, VxWorks, is a key tech-nology for the X47B in the Navy’s Unmanned Combat Air System Carrier Demonstration (UCAS-D) program. Northrop Grumman chose VxWorks as the safety-critical software platform for the UCAS-D while GE Aviation chose VxWorks for the Common Core System,

Robert Day

[email protected]

Chip Downing

[email protected]


the backbone of the UCAS-D computers, networks and interfacing electronics.

The X-47B demonstrated that an unmanned, tailless aircraft could operate refuel in flight.

“All systems of this nature, not just the UCAS, assure that the highest priority task or thread that is ready to run in the queue will run. They are designed for interrupt-driven systems responding in deterministic real time. With this foundation, you can build complex systems on top of it,” said Chip Downing, senior director, Wind River aerospace and defense.

interrupt driVen

Interrupt-driven systems are used for scheduling efficient multi-tasking in real time operating systems. There are both hardware and software interrupt-driven systems, interrupt requests, handlers and masking, to assure the highest degree of reliability and predictability. While interrupts are masked, the current task has exclusive control of the CPU and is protected from any other task or interrupt from taking control.

VxWorks MILS is MILS-certified and under evaluation by NSA now for EAL 6+ certification, Downing said. Wind River’s Linux Secure is Common Criteria EAL 4+ certified and FIPS 140-2 certified for secure cryptography.

Intel has given Wind River the ability to expand the reach of its technology. “The Intel acquisition allowed us to go into the lower-power embedded chip market in handheld devices. We are now putting our RTOS on more Intel chips. And as chips get more powerful, they run not just an application but an application environment—like an operating system,” said Downing.

As embedded developers use virtualization to run multiple operating systems, to simplify the porting of legacy applications onto new platforms, they can get a little help from Intel’s Virtualization Technology (VT). As part of Intel’s vPro technology, Intel VT provides hardware-assist by performing some virtualization tasks in hardware to reduce the overhead and improve the performance of virtualization software. For example, switching between two operating systems is faster when memory address translation is performed in hardware rather than software.

LynuxWorks is eyeing the military mobile and IT enterprise mar-kets to expand its embedded RTOS reach. “We see the equivalent of Intel VT now going into mobile devices, such as an Advanced RISC Machine (ARM) processor with virtualization in the next generation of chips. Since smartphones, including Android phones, are already 90 percent ARM, the addition of virtualization in ARM processors will make mobile devices look more like laptops. So what remains is a mat-ter of security. And there is a huge potential market for secure, mobile Department of Defense applications,” said Day.

“The warfighters have to carry about 10 cell phones with them now, but DoD wants to equip them with one device with multiple levels of security. The problem is that the architecture for cell phones is not designed for multiple security domains, so the market has to get to the point where mobile devices have the same hardware and virtu-alization technology that will enable multi-domain security,” Day said.

ARM is a 32-bit reduced instruction set computer (RISC) devel-oped by ARM Holdings. It is now the most widely used processor in mobile phones and other common embedded processors.

As if to gear up for the broadening embedded RTOS mobile mar-ket, Wind River recently exercised its chip-neutral diversity, adding

support for a new ARM system-on-chip (SoC) on its VxWorks RTOS and Wind River Workbench development tools.

The Xilinix Zynq-7000 Extensible Processing Platform combines an ARM Cortex-A9 processor based SoC with a field programmable gate array (FPGA), which is designed to be configured by the customer after manufacturing. Wind River is also working with Xilinx on Linux efforts

“In the FPGA fabric, we can put extra things in the hardware in a customized chip to support Android on one core and a military com-munications channel in another core running VxWorks, for a nonse-cure side and a secure side respectively,” said Downing.

LynuxWorks is moving toward the IT enterprise with its long-proven safe, and now highly secure, RTOS. “Our software now runs on Intel dual core and quad core i3, i5 and i7 chips with Intel VTX virtual-ization support,” said Blevins. “We can move to enterprise IT since it’s the same hardware.”

However, much of the installed base in the IT enterprise does not have the same real-time, high security requirements for virtualization as safety-critical embedded RTOS. “It really is in the eye of the beholder where the line between hard and soft real time is drawn. It depends on the application requirements,” said Stephen Balacco, director, embed-ded software and tools practice, VDC Research Group.

cloud security

Despite its popularity, cloud computing has received criticism for a lack of security in its virtualization. As a result, VMware, a leading DoD IT enterprise cloud provider, has boosted security in its EXSi virtualiza-tion technology with a family of products called vShield.

“VMware has made great strides in the security space in the last few years with virtualization-aware security products like the vShield Edge, a virtualized firewall, and vShield App, which protects applica-tions in the virtual data center against network-based threats,” said Rob Randell, principal security and compliance solutions architect at VMware. “VShield Endpoint provides file system protections, such as antivirus, file integrity monitoring, application whitelisting and data loss prevention.”

“The enterprise data center does not generally have an embedded or real time requirement. It has historically been driven by a need to reduce costs and consolidate multiple systems onto a single piece of hardware using virtualization technology. However, due to an increase in cyber-crime, network connectivity and multi-tenancy cloud com-puting, we see the military IT enterprise market evolving towards a requirement for very strict security,” said Blevins.

Security remains an obstacle to the growth of the military mobile RTOS market. However, early this year a much-needed boost arrived for Android security when NSA released Security Enhanced (SE) Android, which provides stricter access control policies.

Since Android is based on Linux, it made sense when the NSA ported its SE Linux to Android. However, to build SE Android, develop-ers need to download the Open Source Project source code and sync it up.

“Fundamentally, you can’t retrofit a high level of security to Android or any other operating system that wasn’t designed for it. But you can retrofit at the system level by inserting software of trust under-neath Android. We develop Android in a virtual machine partitioned in its own area. This could be used by a military service asking for a dual persona handheld device with two Androids. One would be used for sen-sitive information and situational awareness and other for the soldier’s personal quality of life,” said Kleidermacher.


“Integrity creates memory and time partitions with memory areas exclusively owned by each application and guaranteed resource avail-ability. In addition, the encryption component always gets what it needs so there is no risk of leaking information. However, not every RTOS does partitioning. The microprocessor must have an MMU to do parti-tioning, and we have found that the military is most interested in the MMU, he said. “We are also looking at how to use off-the-shelf mobile devices that we tailor to military missions.”

MMU is a memory management unit, a hardware component that is responsible for managing access to memory requested by the CPU.

Clearly, there is much work underway to render Android military-grade secure. “There needs to be expert testing of the Android security implementation on the target device. Of course, some testing can be done manually. However, using industry-leading automated test tools such as Wind River Framework for Automated Software Test for Android can deliver significant gains in test efficiency,” said Chris

Buerger, a Wind River-employed technology blogger on the company’s website.

As embedded, secure RTOS-based mobile devices—such as the Green Hills’ JTRS tactical radios—populate the edge of the cloud, they will continue to pull the cloud out until they have created an embedded cloud. That is already a term in use for a highly reliable, lightweight computing structure with web services and applications dedicated to serving embedded RTOS.

“We’re starting to see embedded RTOS mobile devices connected to the cloud on the edge of networks. Because of the types of devices—smartphones, controllers and sensors with small compact RTOS and iPads—we see them going through the cloud back to enterprise sys-tems. And that will take the forefront,” said Balacco. O



Surface ship and submarine combat systems count on real-time data distribution to assure timely target accuracy. These systems and communications interfaces are continuously upgraded and refined to keep pace with hardware improve-ments. To integrate technology upgrades rapidly into legacy systems, Real Time Innovations (RTI) deploys its highly flexible, standards-based software called the Connext product family.

“RTI Connext is currently deployed in most naval surface combat systems. We are in the SSDS, Aegis and LCS combat systems as well as the LPD ship system network,” said Gordon Hunt, RTI chief applications engineer.

The SSDS is Ship Self-Defense Systems, a Raytheon combat management system deployed on carriers and other amphibi-ous flat tops. Aegis, now a Lockheed Martin program, is the combat system on destroyers and cruisers. The LCS is the littoral combat ship and the LPD is the landing platform dock.

At the heart of the RTI Connext family is the company’s dis-tributed networking, standards-based DataBus connecting data across systems, networks and devices, whether on embedded real-time platforms or enterprise servers.

“These are infrastructure systems of scale that understand the context and the expected behavior of data. With legacy systems, the management of data is built into the application. When you bring new capability to the table, our infrastructure makes sense of, describes and manages data behaviors as part of the infrastructure on the bus and it is all standards-based,” said Hunt. “The binary protocols are rigorously defined as open but are as efficient as proprietary binary protocols.”

Connext DDS is a distributed real-time bus with an appli-cation programming interface that complies with the Object Management Group’s Data Distribution Service (DDS) speci-fication. The high performance product also provides quality of service support for both real-time and enterprise systems.

Connext Integrator is a flexible infrastructure for building integration with real-time performance across diverse proto-cols and legacy applications. “These are peer-to-peer systems with no server or central hub. We leverage every bit of hard-ware capability we have. Before we send the data, we are aware of what is important to the receiver. It’s about understanding data and its behavior relevant to an application’s use,” said Hunt.

The Integrator provides support for various standards, including Java Messaging Service, SQL databases and others. The database service integration includes Oracle, MySQL and other relational databases. There are also tools for visualizing, debugging and managing systems in real time, protocol con-version and an adapter software development kit.

In addition, Connext Integrator offers data transformation, content-based routing as well as bridging between local and wide area networks, unsecured and secured networks, and IPv4 and IPv6. The Integrator provides bidirectional integra-tion between a relational database, Connext DDS or another RTI product called Connext Messaging, which is messaging middleware with tools and scalability extensions for devel-oping applications that leverage embedded and enterprise design.

Real-Time Sailing


DATA BYTES

With Cisco TelePresence VX Tactical, high-definition video collab-oration is possible from anywhere. This rugged and lightweight mobile telepresence product features Cisco’s superior codec tech-nology in a portable, briefcase-style form factor. Specifically designed for remote field locations, the VX Tactical is ideal for use by military, emergency response and other field-based industries. It is water, sand, impact, chemical and corrosion resistant to provide portability, durability and functionality, and its 17.5-inch screen is optimized for use in full sunlight. It offers easy provisioning and self-configuration with Cisco Unified Communications Manager, Cisco TelePresence Video Communications Server, or Cisco Callway, as well as the ability to connect secondary microphone, camera and display to create a conference room environment in the field.

Tactical System Offers Video Collaboration From Anywhere

ITT Exelis has upgraded its handheld SpearNet radio with enhancements that further extend its capabilities. SpearNet is a high-throughput radio that provides large amounts of voice, data and video communi-cations over a self-forming and self-healing ad hoc network. The first enhancement allows the radio to move around the battlefield in a cellular-like fashion while maintaining communications without recon-figuration or dropped calls. Well-known for its ability to move large amounts of data, Exelis also improved on this already strong SpearNet capability in the second enhance-ment by greatly increasing its data transfer rate. When compared to fielded dismounted

technology, SpearNet—using wideband direct sequence spread spectrum—provides users with two to eight times the amount of voice, data and video that can be moved from the dismounted soldier to the commander. This is more throughput than any other mili-tary radio used by dismounted forces today. The new roaming feature will enhance the capabilities of this radio that has already been battle-proven in Afghanistan. It will now be able to perform in a cellular manner for mobility and data rates, but still retains required military characteristics such as resistance to jamming, encryption, and the absence of a single point of failure for the network.

Roaming Feature Enhances High-Throughput Radio

NETCENTS-2 Contracts Awarded

to 12 Small Businesses

The Air Force’s Network Centric Solutions-2 (NETCENTS-2) team has awarded its application services small busi-ness companion contract. This is the first of two application services contracts that will be available for use by the Air Force (the other is a full and open competition still in source selection). The contracts have an aggregate ceiling of $960 million with a three-year base ordering period and four 12-month options, and are expected to be available for ordering in August. The multiple award indefinite delivery/indefinite quantity contracts were awarded to 12 small businesses: ActioNet; Array Information Technology; Datum Software; Digital Management; Diligent Consulting; Diversified Technical Services; DSD Laboratories; Exeter Government Services; Excellus Solutions; IndraSoft; Segue Technologies; and SI Systems Technologies. The NETCENTS-2 application services acquisi-tion provides a vehicle for customers to access a wide range of services such as sustainment, migration, integration, training, help desk support, testing and operational support. Other services include, but are not limited to, exposing data from authoritative data sources to support web-services or service oriented architecture constructs in Air Force enterprise environments.


Compiled by KMi Media Group staff

A series of test flights in May have demonstrated the transmission of imagery, video, voice and digital messages using a pod-based airborne communications system. The Northrop Grumman-developed SmartNode Pod is based on the Battlefield Airborne Communications Node tech-nology that allows real-time information to be exchanged among many different military and commercial radios and relays full-motion video. Northrop Grumman’s Firebird aircraft flew the pod during the demonstration effort at Mojave, Calif. Firebird is an optionally piloted aircraft that operates multiple ISR payloads simultane-ously. The SmartNode Pod flight tests demonstrated how encrypted digital data and voice connectivity are provided directly to mobile ground units and command centers. It provides critical range extension and gateway capability in a form factor controlled by the lowest level commanders.

The SmartNode Pod is designed for use on a variety of aircraft needed to support the Joint Aerial Layer Network, a high-capacity communications network management system planned by the Department of Defense.

The Intelsat Epic satellite platform, a new series of satellites based upon a high performance, open architecture design, will be deployed for wireless and fixed telecommunications, enterprise, mobility, video and government applica-tions requiring broadband infrastructure across the major continents. The Intelsat Epic platform is an innovative approach to satellite and network archi-tecture utilizing multiple frequency bands, wide beams, spot beams and frequency reuse technology. A complementary overlay, Intelsat Epic will be fully integrated with Intelsat’s existing satellite fleet and global IntelsatONE terrestrial network.

Combining Intelsat’s spectral rights in the C-, Ku- and Ka-bands with the technical advantages of high throughput technology, the Intelsat Epic platform will be fully open architecture. Intelsat’s customers will be able to use existing hardware and network topologies, and in many cases, define their own service characteristics, enabling them to offer customized solutions to their end users. Benefits include higher performance and lower cost per-bit, wide beams and spot beams to provide the benefits of broadcast and high throughput, and multi-band frequencies aligned to region- and application-specific requirements.

New Satellite Platform Offers Broadband Infrastructure

After conducting some market research, the master of software engi-neering (MSE) program at Kansas State University has reorganized its curriculum to provide students with more specialized fields and companies with more skilled soft-ware engineers. The reorganization divides the program into distinct sequences and broadens students’ options for specializing in specific areas of software engineering, such as bioinformatics, data mining, web-based systems and computer security, among others. Scott DeLoach, professor of computing and information sciences and head of the MSE program, and other MSE program leaders contacted numerous software engineering companies to deter-mine which specialized skills they seek

most in potential employees. They then based the program’s new structure on the skills most desired by those companies. The content for each sequence existed previ-ously, but the structure was confusing for some students. Now, the program’s formal-ized organization makes it easy for students to plan their course schedules, particu-larly for students taking classes online. Although the program does contain some on-campus students, the majority of those enrolled are off-campus students who take courses online through K-State’s Division of Continuing Education. The online MSE program’s flexibility caters especially to students in the military, even those on active duty, and some students have taken it while serving in Iraq or Afghanistan.

Software Engineering Program Caters to Military Students Tests Back

Pod-Based Airborne Communications System

The National Security Agency has certified General Dynamics C4 Systems’ new ProtecD@R PC encryptor, which secures data, imagery, video and other information stored on computer hard drives, to protect information classified at the Secret level and below. The new Suite B encryptor prevents unauthorized access to classified information if a computer is lost, stolen, or susceptible to insider threat. About the size of an external hard drive, the ProtecD@R PC encryptor connects to a computer using an industry standard inter-face. Once connected, the encryptor automatically secures the data as it moves between the computer’s processor and the hard drive, leaving the stored information encrypted and secure without reducing the computer’s processing speed. The ProtecD@R PC encryptor is desig-nated by NSA as a cryptographic high value product, non-controlled cryptographic item. That enables relaxed handling and accounting of the device and makes it ideal for use in environments where there is a high risk of equipment loss.

Encryptor Secures Data on Stolen or Lost Hard Drives


Electronics CommanderIntegrating Life-Cycle Management of C4ISR Systems

Q&AQ&A

Major General Robert S. Ferrell serves as commanding gen-eral, Communications-Electronics Command (CECOM). As com-mander, he leads a worldwide organization of over 11,000 military and civilian personnel responsible for coordinating, integrating and synchronizing the entire life-cycle management of the C4ISR systems for all of the Army’s battlefield mission areas—maneuver control, fire support, air defense, intelligence, combat services sup-port, tactical radios, satellite communications, and the warfighter information network.

Prior to assuming command, Ferrell served as director, com-mand and control, communications and computer systems (J6) and chief information officer, U.S. Africa Command, Stuttgart, Germany.

A native of Anniston, Ala., Ferrell enlisted in the Army and attained the rank of sergeant. He completed his undergraduate degree at Hampton University and was commissioned in 1983 as an Army Signal Corps officer. He holds a Master of Science degree in administration from Central Michigan University and a Master of Science degree in strategy from the Army War College.

Ferrell has served in Army units in the United States, Korea and Europe, and has deployed to Bosnia and Iraq. In addition to the traditional company and field grade level assignments, he has also served as the aide-de-camp to the secretary of the Army; assistant division signal officer, 82nd Airborne Division; battalion executive officer, 82nd Signal Battalion; brigade S3, 7th Signal Brigade, 5th Signal Command; aide-de-camp to the commanding general, V Corps, U.S. Army Europe and Seventh Army; commander, 13th Signal Battalion, 1st Cavalry Division; military assistant to the executive secretary, Office of the Secretary of Defense; and military assistant to the director, Program Management Office at the Coali-tion Provisional Authority in Baghdad, Iraq. Ferrell commanded the 2d Signal Brigade, 5th Signal Command; served as chief, Programs Division in the Office of the Congressional Legislative Liaison; senior Army fellow on the Council on Foreign Relations; and director, Army modernization, strategic communication, in Arlington, Va.

Ferrell was interviewed by MIT Editor Harrison Donnelly.

Q: CECOM has shifted its home and responsibilities in recent years. How would you describe its mission today?

A: Since I took command this past February, I’ve made it a prior-ity to define, articulate and plan the way ahead for CECOM and its

role in the Army of 2020. The Army is in transition. The operational Army has undergone its most significant change in a generation. So, CECOM is preparing for the challenges that lie ahead by revising our command vision and mission.

Our new CECOM vision is to be the life cycle provider of choice for supporting joint war fighting superiority through world-class globally networked C4ISR systems. In the current joint, inter-agency, intergovernmental and multinational environment, we realize that our customers, which include all branches of U.S. armed forces, joint and coalition partners, have a plethora of choices … and we want them to choose CECOM.

To reach that end-state, we have also revised our mission state-ment to align the focus of the command to support warfighters’ needs today and tomorrow. CECOM’s mission is to develop, provide, integrate and sustain the logistics and readiness of C4ISR systems and mission command capabilities for joint, interagency and multi-national forces worldwide. Simply put, we provide hardware, soft-ware and technical services and capabilities, including embedded field support, to ensure the readiness and support of communica-tions and electronic systems to meet the warfighter’s needs.

Our key operating entities supporting that vision and mission are Tobyhanna Army Depot, Pa.; the Software Engineering Center [SEC] at Aberdeen Proving Ground, Md.; the Logistics and Readi-ness Center [LRC] at Aberdeen Proving Ground; the Information Systems Engineering Center at Fort Huachuca, Ariz.; and the

Major General Robert S. FerrellCommanding General

Army Communications-Electronics Command


Central Technical Support Facility [CTSF] at Fort Hood, Texas. With these elements working collaboratively, CECOM serves as a one-stop shop providing unique capabilities in software appli-cations, electronics maintenance, sustainment, manufacturing and repair.

Q: What goals are you working toward?

A: We have developed five strategic goals. First, we are going to identify a single manager of com-mon, joint tactical C4ISR systems. Second, we must provide a responsive industrial base capa-bility to enable that decisive combat edge across a wide spectrum of operations. CECOM has become even more involved in rapid response in software engineering by responding to and creat-ing real-time software solutions to the field. So, ultimately our goal is to develop the next gen-eration of software support and streamline our delivery of field support as we continue our goal to build our strategic partners and relationships. We cannot achieve success on our own.

And to reach those goals, we have what I call a set of “must do” requirements. We must first and foremost provide continuous top-quality support to the warfighters and our customers. We must enable the network from the strategic level to the tactical edge, down to the company command post. We must acquire and develop the future workforce. By that I mean we must develop and fully utilize our human capital potential. Our strength and agility comes from the synergy of the intellectual capital throughout CECOM and our part-ner PEOs, contracting center, and R&D center that will bring about game-changing, innovative solutions. We must define and execute our core mission, an effort we have recently undertaken. We must also divest ourselves of legacy systems that the Army no longer needs and focus our efforts on sustaining the critical systems our Army needs as resources decline. And finally, we must execute more efficiently across the command. I want us to routinely do routine things in an outstanding manner. We will eliminate our organiza-tional stovepipes and lean forward together to develop new solutions for our business practices in this constrained fiscal environment.

Q: What role is CECOM playing in developing and implementing the Army’s Network Integration Evaluation (NIE)/Agile software development strategy, and how will its results be integrated into acquisition decisions?

A: I see a huge role in the NIE process for CECOM. The NIE is a process the Army has committed to for bringing the operational test, acquisition and requirements communities together to syn-chronize, streamline, evaluate and provide feedback on allowing for more useable test data and direct user feedback for the acquisition and requirements communities. We are looking at new, off-the-shelf, emerging technology in the C4ISR arena, placing it in the Agile process, and providing feedback to ensure that we get the right products in the system for our soldiers. The key to the process is that it gives industry a chance to have their products evaluated by the Army and to assess whether the technology may contribute to

the modernization of our networks before the acquisition process begins. This helps lessen the in-the-field integration burden on our operational units, by providing relevant operational environ-ments in which to evaluate new technologies and capabilities that make up the capability packages and sets prior to fielding the new systems to the operational units.

CECOM provides a variety of efforts to help ensure successful execution for NIE. Our principal effort is to provide sustainment support for the equipment utilized by the evaluation brigade. The LRC and SEC provide field support and technical personnel to ensure the sustainment of legacy systems that are indoctri-nated into our inventory, maintenance support and software services, including early integration of systems, upgrades and configurations, and training support. We also provide techni-cal support in the form of safety assessments, system integra-tion support, and Army interoperability accreditation through Army Materiel Command and CTSF, the Army’s interoperability certification agent.

CECOM is a necessary and vital part of support to the NIE as the Army explores new innovative industry technologies for poten-tial deployment by our soldiers. While acquiring and integrating these new systems is essential, it is just as vital to consider what it will take to sustain and maintain these systems once fielded. I feel strongly that CECOM’s engagement throughout the process helps to inform decision-makers on the implication of new technolo-gies on field support and sustainment prior to making acquisition decisions, and to shape the sustainment strategies once a decision to acquire has been made. If we have the discussion during the development state, CECOM can best position itself to respond to the needs of future soldiers.

Q: What are some of the key activities and accomplishments of your command in supporting overseas operations?

Major General Robert S. Ferrell got a first-hand view of a new satellite-based technology during a recent visit to Network Integration Evaluation 12.2. [Photo courtesy of Army CECOM]


A: I’d like to look at the supporting commands within CECOM to highlight some of our accomplishments, beginning with the CTSF, which started with the Coalition Interoperability Assessment and Validation lab. Their efforts helped to set new standards to enable Army systems to interoperate and share information with our coalition, interagency and joint partners. The lab continues to add several NATO member nation connections. As we speak, we are looking at that network at Fort Hood, evaluating how we integrate our partners into this environment. It looks for communications interoperability solutions. The CTSF has also certified all network-ing systems that were deployed in support of Iraq and Afghanistan missions over the past decade, and provides configuration control of automated systems used in theater.

The SEC has provided direct support worldwide to soldiers for 35 major exercises, 430 training events, and supported nearly 300 units going through their ARFORGEN cycle in preparation for deployment. SEC deploys field service representatives forward with soldiers and systems, to provide direct, intermediate software support, and ensure systems and mission success for units across Southwest Asia. SEC field support is embedded in deployed units and averages 232 personnel on the ground in harm’s way each day. They also developed and distributed 380 software licenses world-wide, on or ahead of schedule, to provide more than 10,700 new or upgraded capabilities to the field.

Out of 380 software releases, 171 were direct fieldings for 25 programs of record, encompassing more than 25,000 individual systems deployed in theater. Among these were 56 critical force protection system releases directly supporting ongoing combat and contingency operations and helping maintain soldiers’ safety. They also distributed 351,230 software products to fielded systems, and responded to 94,856 help desk or call center work order requests. That’s the level of service we provide to our customers, and the sole reason we continue to aim to be the provider of choice for C4ISR systems services. We are there with our customers to help them train, utilize and troubleshoot these systems to ensure readiness and soldiers’ ability to execute the mission on these systems when needed.

Their accomplishments continue. They have also ensured responsive, reactive reprogramming for the critical force protection systems protecting warfighters by deployment overseas of the only organic U.S. government capabilities to reprogram the radar signal detection set operational flight program; the user data model for a common missile warning system; and the ability to respond imme-diately to new emerging threats to aviators worldwide. In addition, systems developed in support of security operations have proven to be incredibly versatile in meeting other needs of the nation.

For example, the Joint, Unified Multi-Capable Protection System [JUMPS] for monitoring maritime traffic is now being considered for a possible railroad security solution with the Department of Trans-portation. Recently, JUMPS was adapted to respond to an oil spill at a refinery in New Jersey. The SEC repositioned a JUMPS remote sensor node from monitoring Delaware River traffic to monitor an emergency containment area holding some approximately 157,000 barrels, or 6.6 million gallons of spilled oil. The JUMPS remote sensor nodes, GPS, weather, automated identification systems and cameras are powered by a windmill and solar panels. This allows for safe positioning close to the containment areas, providing effective monitoring and showing its versatility to respond to various sce-narios. So as you can see, the work SEC does not only aids in our

military operations, but also has domestic emergency response and homeland security applications as well.

Q: What role are the LRC and Tobyhanna Army Depot playing?

A: The LRC quickly engaged and took the lead as the C4ISR mana-gerial enterprise for all CECOM product lines in executing respon-sible drawdown and reset overseas from Iraq and Afghanistan. The LRC provided more than 1,200 field service representatives and 33 locations throughout Southwest Asia, and 74 locations worldwide. These field service representatives are a strategic multiplier for CECOM through their technical assistance operations and repair support to combat forces. In fiscal year 2011, the LRC processed and returned more than 2,064 rolling stock, 40,000 non-rolling stock and 90,934 repairable parts from Southwest Asia to a source of repair in CONUS.

To date in FY12, the center has processed more than 2,021 roll-ing stock, 31,241 non-rolling stock and 53,905 repairable parts. CECOM LRC also serves as a strategic element in providing C4ISR combat capabilities to our coalition partners, to the tune of $857 million in foreign military sales. In addition, they have conducted 341 reset missions in FY11, by resetting 33 BCTs and 62,224 pieces of equipment.

Tobyhanna Army Depot executes CECOM’s primary mainte-nance and depot repair mission. Last September, they reached a milestone of $1 billion in new work orders. The depot finished FY11 with $1.36 billion in new orders, and began the new fis-cal year with $600 million in work orders. A new mission for Tobyhanna began in April, with the arrival of the advanced GPS receivers. Technicians have begun to test and upgrade more than 1,000 Defense Advanced Global Positioning Receivers [DAGRs]. Technicians test and inspect the DAGRs, and then upgrade the software. The secure handheld receivers give soldiers very precise GPS position information at military standard accuracy. This pilot program could lead to supporting more than 300,000 of the sys-tems. In addition, they received a Pennsylvania technology award in 2012 for best application of technology, topping 56 competitors in the category for their innovative use of modeling, simulation and mapping technology to transform an available depot moun-tain ridge into a web of radar test sites.

The depot has won seven Shingo medallions, including one gold, two silver, and four bronze. This month, the depot won the Shingo silver medallion for the entire communications systems division. That’s a big deal, because the Shingo awards reflect the efficiency, readiness and excellence that the workforce provides. In FY10, the depot received the Army Chief of Staff’s Combined Logistics Excellence Award, in the depot category for superior performance of duty. They have truly been doing yeoman’s work, providing not just the Army but all of the services with depot management support.

Q: According to reports, CECOM networks were hacked this spring. Is that true, and can you talk about your overall response strategy?

A: CECOM servers were not hacked. The server in question belonged to a company that used it to store information for com-peting for a government contract several years ago. The server contained references to CECOM and Fort Monmouth, but the


ARIZONA . NEW MEXICO PENNSYLVANIA . MARYLAND

Scan to visit our website

www.nova-dine.com

Join NOVA at the DISA Mission Partner ConferenceMay 7-10 in Tampa, FL Visit Booth #429

For more information: visit www.nova-dine.com or contact Chris Pereschuk at 717.262.9725 or via email at [email protected]

SHAREPOINT • ITIL • CYBER SECURITY • NETWORK OPS • DATA CENTER OPTIMIZATION • MANAGED SERVICES

The Navajo Code Talkers of WWII proved communication solutions to be mission critical. Nearly 70 years later, the storied tradition of Navajos providing mission critical solutions to our warfighters lives on through NOVA Corporation, a Navajo Nation Tribally-Owned 8(a) Small Disadvantaged Business. From CENTRIXS ISAF support to DISA DECC and TECC support, NOVA plays just as important a role as our predecessors did many years ago.

• GSA 8(a) STARS II PRIME: GS-06F-1098Z

• EXCELLENT CPARS RATINGS

• CONUS & OCONUS PAST PERFORMANCE

• FINANCIALLY SOLVENT COMPANY

• SOLID PRIME CONTRACT EXPERIENCE

data was old and no longer relevant. Once alerted to the incident, the command quickly implemented its incidence response plan, notifying 7th Signal Command, which serves our network here in CONUS. The command was able to determine that none of our servers had been compromised. As we look at cyber, our first line of defense is 7th Signal Command, which is part of Army Network Command. Our G-6 office works very closely with them in the areas of information assurance and how we’re protecting our network on a daily basis—looking at all of the security boundaries and making sure that if we get any indicators of an attack, we respond automati-cally to the first line of defense.

Q: What initiatives do you have underway to improve contracting and business processes at CECOM?

A: We have several initiatives ongoing in the small business area of contracting, and among the most important—our outreach efforts. The Small Business Office is conducting training for small businesses on how to do business with CECOM, where our experts offer advice to businesses on their presentations to program managers. We have found that in the past, information on how to engage and work with our partners was lacking in small com-panies in industry. As we look at declining dollars and resources, we’re reviewing our internal processes and searching for potential improvements to streamline the contracting process to ensure increased responsiveness as we work with industry partners.

We hope this effort makes it simpler for contractors to respond and for us to award contracts faster. We are also looking at better busi-ness practices, including the justification and approval process and market research activities as well as finding ways to track our com-mand’s efficiencies. Another outreach effort is our annual advance planning briefing for industry and small business conference, a venue here at the C4ISR Center of Excellence where we share future program information with industry and small businesses in an effort to facilitate their planning for our needs when they arise. We’re also educating businesses on how to work together to more efficiently identify the requirements the government needs.

In another initiative, the SEC’s Army Contracting Business Intelligence System [ACBIS] is an integral and primary business intelligence process for data queries and statistical metrics analy-sis for all Army contracting data. The ACBIS provides rapid and accurate contracting information by analyzing data in minutes for anything from routine data calls in support of day to day opera-tions to more complex congressional inquiries that would normally take weeks to answer. The SEC was recently recognized for efforts in developing and serving the ACBIS by the DoD e-Business Team Excellence Award. So we’re looking at how to turn information quickly and make sure that the analytical data required is provided on a rapid basis.

Q: CECOM is part of the six-organization Army C4ISR Materiel Enterprise. How does that work to ensure coordinated policies?


A: I have been blessed with the opportunity to command CECOM and have the privilege to oversee, from a senior leadership per-spective, the installation here at APG. I have the opportunity to work with a great team consisting of three program executive offices, the R&D command, and the contracting command to enable the development, acquisition and sustainment of critical C4ISR capabilities. I see myself as enabling, facilitating and com-municating—not controlling—the C4ISR activities to both Army and external audiences. This C4ISR team and community were recently relocated to APG from Fort Monmouth, N.J. By the way, I grew up at Fort Monmouth, and my dad worked at CECOM. So I had a chance to see how it worked early in the process. Here at APG we find ourselves in a tight-knit community contained within a dozen facilities, all within walking distance of each other. Not only does this make it easier for C4ISR to collaborate, but this relocation also brought us closer to the testing and acquisition community with which we also now collaborate.

Team C4ISR includes six leaders: Mr. Doug Wiltsie, from the Program Executive Office for Enterprise Information Systems at Fort Belvoir, Va.; Mr. Stephen Kreider, acting PEO for Infor-mation, Electronic Warfare and Systems; Major General N. Lee S. Price, PEO for command, control, communications-tactical; Mr. Brian Young, who is responsible for the Army Contracting Command functions at APG; Ms. Jill Smith, director of the Army Communications-Electronics Research, Development and Engi-neering Command; and me, the commander of CECOM. With the advent of the Army’s Agile acquisition process supported by the NIE activities, we have added a seventh member of the team; Brigadier General Dan Hughes, director of ASA[ALT]’s System of System Integration office, who has responsibility for integration of the systems employed at NIE. General Hughes and his team are also collocated with us within the C4ISR campus.

The partnership between AMC and ASA[ALT] has allowed us to combine all of those C4ISR portfolios under one umbrella at one location, to facilitate the coordination of multiple layers of C4ISR support to include the targeting aspect, denying spectrum to the enemy, knowing the enemy, enabling net-centric command

and control operations, and protecting the force. We are trying to bring that all together so we can see, hear, disrupt, deny, com-municate, protect our force and survive on today’s and tomorrow’s battlefield. Bringing that from Fort Monmouth where it was dis-persed to this location has provided incredible synergy.

Q: Is there anything else you would like to add?

A: As the United States winds down current operations in Afghani-stan, our chief, General Odierno, has said in several forums that we’re going to be in a resource-constrained environment. The Army is going to be reduced in size as we pull out of Afghanistan. As we plan for a smaller, more agile and flexible force, we will con-tinue to depend on and expect a reliable, considerable, deployable and secure network to enable the Army’s future mission in a joint, interagency, intergovernmental and multi-national environment. It will take the entire team at APG, to include the R&D, acquisi-tion, contracting, sustainment and test communities, to deliver the emerging technology that we need to integrate to provide the smaller, more capable Army of the future.

When you look at our IT environment, the Army and our joint partners will rely on the network that will enable DoD’s mission to meet the expectations of our military and commanders. Every facet of our expeditionary Army’s operations, from home station to the tactical edge, will depend on network connectivity—its functional-ity, reliability, agility and security. There are some key challenges that must be addressed in order to achieve our desired future IT environment. They include the areas of enhancing joint and coali-tion interoperability; quickly adapting emerging IT capabilities developed by the commercial marketplace; and reducing the costs of data centers, application development and sustainment. That’s what I see from the CECOM side of the house. In addition, we also need to enable our U.S. military installations to serve as docking stations by modernizing our network across posts, camps and sta-tions. The final challenge we need to address in order to meet our desired future IT environment is to reduce the risk of cyber-threats by ensuring that our networks remain secure. O

Forward thinking. World ready.

OVER 34 ONLINE DEGREE PROGRAMS AVAILABLEApply Online Now • Financial Aid Available

www.fhsu.edu/virtualcollege • 785.628.4291

NOBODY DOES“MILITARY-FRIENDLY”BETTER THAN FHSU.

Fully Accredited

MyCAA

Partnered with GoArmyEdTroops to Teachers

Easy Transferability of Credits

LOI Institution

Ranked a National Best Buy

Yellow Ribbon

Recognized for Excellence by the Sloan-C Foundation

Accepts DANTES and CLEP Exams


After more than a decade of conflict, the nature of war in the information age has evolved. No longer does the Army solely rely on fighting battles with the “Big Five” equipment systems (M1 Abrams tank, Brad-ley fighting vehicle, Apache and Black Hawk helicopters, and Patriot air defense missile systems).

The Army is focusing efforts on its capabilities to do battle in cyberspace, the new “front line” of the battle, as Colo-nel Kirk Johnson, military deputy director for the Army Communications-Electronics Command’s Software Engineering Center (CECOM SEC) described it.

Servicing Army and Department of Defense agencies, CECOM SEC specializes in information assurance (IA) engineering and certification and accreditation (C&A), and provides independent software quality assessments in addition to some software and software safety engineering services.

Since the White House announced the national defense strategy plan in January, “President Barack Obama has identified

cybersecurity as one of the most serious economic and national security challenges we face as a nation today,” as explained in the Comprehensive National Cybersecurity Initiative, which was originally launched by President George W. Bush in 2008.

In response to the national focus on defending against these heightened cyber-threats, the CECOM SEC at Aberdeen Prov-ing Ground, Md., has adjusted professional training opportunities for its workforce to derive new and innovative procedures to combat our enemies in the cyber-domain, said Johnson.

CECOM SEC is part of the burgeon-ing nexus of cyber- and homeland secu-rity activity going on in the Interstate 95 corridor in Maryland. This includes Army Cyber Command, located at Fort Meade, CECOM, and the Army Test and Evaluation Commands.

The decision to make the nation’s mili-tary leaner is not an indication of decreased security efforts, but rather an effort to “look ahead to the force that we are going to need

in the future,” Obama said in the defense strategy review made public in January.

Although its military will be leaner, the United States will maintain its military superiority by being agile, flexible and ready for the full range of contingencies and threats, Obama explained.

Part of that agility will include response and defense against cyber-threats on the Army’s network, said Johnson. During the war, CECOM and the Army’s C4ISR Materiel Enterprise have played an integral role in supporting the Afghan Mission Network, enabling U.S. and coalition forces to share theater-related information and operational guidance, information and intelligence on a common network, creating an environment of information sharing and increased col-laboration capabilities, said Johnson.

Since the start of the conflicts in Iraq and Afghanistan, information warfare and C4ISR technologies such as IED jammers and unmanned ground and aerial vehicles have served as yet another line of defense putting distance between the soldier on

by andricka thomas

Software Center Fights Cyber-Threatsarmy cecom software engineering center specializes in information assurance engineering and certification and accreditation.

the ground and evolving threats, Johnson explained.

This new cyber-environment calls for adjustments in the nation’s defense strate-gies, to include making defense against cyber-attacks a higher priority—so much so, as Johnson noted, that new career fields sprung up across the military and universities around the country. Informa-tion assurance and cyber-defense engi-neering positions are among these new fields expected to be at the forefront of the nation’s new defense strategies.

software assurance

A little more than 10 years ago, CECOM SEC formed the Software Assurance Divi-sion as the new focal point of C&A IA ser-vices provided to SEC’s customers.

Today, SEC’s software assurance capa-bility has grown to be one of the leading DoD IA and C&A service providers, holding more than 20 functional support agree-ments with program executive offices, pro-gram managers and product managers to provide IA engineering and C&A services, according to Frank Mayer, deputy director for the Software Support Services Director-ate with CECOM SEC.

SEC accredits hundreds of system ver-sions each year.

“The threat has grown to be world-class and bold,” said Mayer. “Our adversaries, both nation state and non-nation state, have the means, motivation and opportunity to attack us vigorously,” said Mayer. “SEC is focusing more on software assurance and building security in, rather than overly relying on reactive compliance to meet the challenge.”

To be the best-value option, the center has positioned itself for operations within what Johnson calls “the new battlespace”—the cyber-realm. SEC personnel are ready and trained to combat the malicious minds of our nation’s adversaries.

“We deliver results,” said Johnson. The SEC, which relocated to Maryland as part of the 2005 BRAC process, has had an influx of younger personnel joining the workforce.

“We’re grooming a new generation of engineers with advanced skills who possess software and mission assurance mindsets in order to meet today’s challenges and to pro-vide our soldiers the systems they deserve so they can survive in the cyber battlespace,” said Mayer.

These personnel hold specialized degrees and certifications in disciplines that didn’t exist in industry or as fields of study at the university level even just 10-15 years ago, Johnson explained.

“We have an optimal mix of experience and innovation on our team, which has helped us think outside the box as we work to defend the network,” said Johnson.

The SEC team is staffed with experts in a variety of realms, including Windows, Linux and Apple computing environments, who hold certifications as Certified Information Systems Security Professionals (CISSP), while meeting DoD baseline requirements by having Comp TIA distinction.

One team member, Brian Drummond, chief of the Information Assurance Branch of the SEC, is CISSP certified, giving him global recognized distinctions for his exper-tise in the information security realm, just as many of SEC’s information technology and software assurance professionals are so credentialed.

“By being fully certified in-house, SEC can offer a well-rounded team of experts who are capable and ready to validate any operating system to accomplish the certifi-cation and accreditation process that DoD requires,” said Mayer.

In addition to increased training oppor-tunities within the center, SEC employs some best business practices learned as a result of defending the network against attacks in this new information warfare age, according to Johnson.

“Our goal is to be fast, accurate, cost-effective and easy to do business with, while providing services and staying true to our values of dedication, integrity, loyalty and respect,” said Johnson.

The SEC looks at the Army’s existing applications and assesses its vulnerabilities to improve its security.

“We’ve learned to think proactively in a cybersecurity realm that is rapidly changing and evolving,” said Drummond.

Part of that security lies in SEC’s “baked-in security” approach to assist Army devel-opers and maintainers in securing their systems from the technology’s inception, as opposed to a reactive response.

network modernization

The Army operates within six computing operating environments: real-time safety critical systems; sensors; mobile hand-held for the dismounted soldier; mounted

systems; command posts; and cloud-based data center technologies, all of which require SEC’s services in some form.

“There is nothing that affects our Army more than software; it’s pervasive and ubiq-uitous,” said Johnson. “If you take a look at picture of any soldier, in any venue, doing anything, I challenge you to identify an ele-ment that isn’t impacted, in some way, by software.”

“The uniform I’m wearing was designed digitally, on a computer that is run by soft-ware; the boots I’m wearing were measured and sized digitally with software,” he con-tinued. “The tanks soldiers drive, manned and unmanned ground and aerial vehicles, and even the meals our soldiers eat, are all planned, managed or operated using soft-ware,” he said.

SEC leadership realizes the sensitive nature of its specialized business services. Johnson refers to the Army as being a network-centric software-dependent Army.

Johnson said SEC’s efforts are driven by a philosophy that software is an important aspect of military power. “If we don’t do our job in IA, and be the best at what we do, then the consequences will be felt Army-wide,” said Johnson. “Technology is a force multiplier.”

SEC’s IA engineers are working in all aspects of network modernization, from supporting current network development efforts for short-term improvements to work with advanced Defense Advanced Research Projects Agency to tackle network problems that don’t yet exist, but will exist in the fully networked battlefield, according to Mayer.

“With the support of Army and DoD policymakers to help restructure our IA methodologies to cope with changing threats, information gathered can become more actionable,” said Mayer. “We not only need to be able to efficiently and effectively take action in real time to handle situa-tions as they arise, we also need advanced techniques to discover and remove defective software and software components from our systems.”

Mayer pointed to SEC’s most recent technology development effort with the Natick Soldier Research, Development and Engineering Center, the Wireless Personal Area Network, which will allow soldiers to wear their system components in addition to smartphone technology.

“Through our support to Army Natick Soldier Research, Development and Engi-neering Center, we are helping to bake


security into the technology that will ulti-mately be incorporated into the mobile handheld computing environment,” Mayer said as one example of pre-emptive IA support.

Another example is the SEC’s support to the discovery, virtualization and IA of the Army’s network consolidation effort. SEC personnel provides IA engineering to improve the security of systems such as cloud computing, and the three layers of ser-vice including software, platforms and infra-structure. SEC has addressed the software application security layer with a multi-layer approach to ultimately reduce the system’s overall life cycle cost and security operations risk reduction.

In its early phases, SEC provided dis-covery services and IA engineering input for Army Data Center Consolidation Plan (ADCCP). The ADCCP mission is to provide enterprise hosting as a managed service, improve the security of Army information assets, and consolidate the Army’s data cen-ter inventory by 75 percent, while meeting green IT initiatives and achieving Army efficiencies, explained Mayer.

baked-in security

SEC faces cyber-threats that are growing more elaborate every day, said Drummond. As a result, the center has made it a prior-ity to build in security for all programs it supports throughout the Army to achieve a strong security posture, explained Drum-mond.

Before this shift in approach, SEC and others used the denial of service (DoS) attack defense strategy, which enabled a fail-safe instruction code feature that essentially shut down computers in response to a cyber-attack as a defense measure. This DoS vector feature had potential to slow productivity and later became a hindrance, Drummond explained.

Now, with SEC’s “baked-in” approach, SEC security codes instruct the computer to adjust security levels with minimal impact on productivity, rather than instituting a system shutdown.

SEC instituted a Software Assurance Capability Enterprise that takes tools developed by the Army Communications-Electronics Research, Development and Engineering Center’s Space and Terrestrial Communications Directorate, and then transitions them into a set of tools and processes that will help system owners and

project managers build security in at the technology’s inception.

“One of the biggest issues we’re working is software assurance and focusing on the mission applications themselves, to include malicious code analysis of the mission source code itself, not the simple anti-virus/malware scans provided by typical tools,” explained Mayer.

“We know software assurance isn’t just reactive … and if you’re doing it right, it’s proactive, predictive and intuitive. That’s what we’ve done with educating our work-force to think like our adversaries,” said Johnson.

Instead of the traditional periodic “dip-stick” testing approach, SEC has shifted focus to a system of constant monitor-ing, said Mayer. This new methodology will require advanced techniques to discover and remove defective software and components from our systems.

SEC’s new operating environment is one of combating and anticipating constant and elaborate cyber-attacks. These elaborate attacks call for a proactive strategy to stay ahead of adversaries, said Johnson.

Some rising world powers that are pos-ing cyber-threats consider cyber as an ele-ment of national power. “If we ever have to do battle with a superpower, we will likely fight part of that war in cyberspace,” said Johnson. “Information assurance services are vital to successfully defending our net-work. It’s a matter of national security.”

“Our enemies, in some cases, are just as good as we are. But we must be better,” said Drummond, explaining that as the threat changes, so does the software to defend against those threats.

“SEC often embarks on revolutionary processes to combat those threats, often in real time. We provide IA security expertise as systems are being developed, not as an afterthought. That’s the value of baked-in security. It’s secure, maintainable and cost-effective,” said Drummond.

As a pre-emptive strike to combat emerging threats, SEC information assur-ance professionals can now attend the Cer-tified Ethical Hacker training, conducted by the International Council of Electronic Commerce Consultants.

In the past, IA operations were predomi-nately reactive and didn’t take into account the malicious mind at the inception of IA procedure development as they resolved software assurance issues. “But now, our folks are trained to think like the enemy and

devise ways to assess opponents’ capability in the midst of an attempted attack,” said Johnson.

“We have personnel who can be trusted to proactively test systems to gain insight in our vulnerability to defend against our enemies,” explained Drummond. “Our per-sonnel are scrutinized during the selection process and have obtained top-level secu-rity clearances, allowing for an element of trust that other companies may not offer. We’ve made an investment in their profes-sional development and that is evident in the services we are able to provide to our customers.”

leVeraging efficiencies

In a time of limited resources, finding efficient ways to conduct business is a top organizational priority, said Johnson.

In order to reduce repetition and increase productivity, SEC developed a tool known as the DoD Information Assurance Certification and Accreditation Process Gen-erator Tool, which enables the center to expedite package generation time by 36 percent, or 19 business days, compared to the previous timeline of 30 to 45 days, Mayer explained. As a result, SEC has reduced user errors and created a consistent automated product that satisfies the needs of certifica-tion and accreditation requirements to meet DoD standards.

This system allows SEC to collect and evaluate data; generate a scorecard for the customer and provide results-based guid-ance, in coordination with the Army Chief Information Office.

“We’ve learned to leverage efficiencies through the skill sets our workforce pro-vides the customer,” said Johnson. “We are competitively priced, especially considering the level of expertise, talent and resources made available to our customers.”

“I’ve been in this field for 26 years and never have I been part of a team that has this depth and breadth of expertise. SEC’s workforce is truly one comprised of experts in their fields,” said Johnson. O

Andricka Thomas is a public affairs specialist with CECOM G3/5, Public and Communications Media Branch.

For more information, contact MIT Editor Harrison Donnelly at [email protected]

or search our online archives for related stories at www.mit-kmi.com.

MIT 16.6 | 23www.MIT-kmi.com

While the United States has withdrawn from Iraq and is slated to pull out of Afghanistan in 2014, aid to the modernized militaries in the region will continue to support the fight against insurgents and international terror.

Providing the communications and networking technology that local police, army and paramilitary organizations need has required a different mix of systems than simply replicating the current U.S. ground network. Decisions on the origin of these systems are depen-dent on a range of considerations, including ensuring appropriate technology both in costs and complexity for users with often low levels of education and training, achieving a level of interoperability with U.S. forces to support contingency operations, and providing long-term contractor support.

In addition, the U.S. is expected to support similar capabilities in other countries, notably in Africa and Asia, where a large U.S. ground presence is absent but that also require modern communications to pursue common enemies and conduct nation building and peace-keeping.

In Afghanistan, U.S. funding has seen Afghan National Secu-rity Forces equipped by three main radios suppliers: Datron World Communications with the Afghan National Army, Codan for the Afghan National Police (ANP), and Harris RF Communications. The latter company has supplied special forces and units with particular interoperability requirements, such as the Afghan border security force’s need to communicate with Pakistan counterparts already using Harris radios.

Plans are now being made for sustainment of networks includ-ing these systems after 2014. Some of the work is done by the Kabul Regional Contracting Center, which is tasked with payroll and infra-structure. All other acquisitions are being undertaken via foreign military sales (FMS) channels, although as the contract vehicles within FMS are varied, the exact details of how future acquisition will take place is unclear. The current focus is firmly on the sustainment of legacy radios.

This mixture of radios has lead to interoperability issues that are slowly being addressed, with the big hurdle being effective ground interoperability between the Afghan Army and the Afghan national police. This has been addressed in part through the establishment of Operational Command Centers with representation from both the Army and police.

installed radio base

One company active in the region is ITT Exelis, which has delivered more than $300 million in orders of the RT1702 Advanced Tactical Communications System (ATCS), the export version of Single Channel Ground and Airborne Radio System (SINCGARS) VHF radios, to the Iraqi military since 2007, with deliveries and support ongoing. The radios have also been sold widely among U.S. allies in the Gulf.

“ITT Exelis has an extensive installed SINCGARS base in Iraq that is uniquely securely interoperable only with Exelis radios.

by adam baddeley

mit correspondent

After They Are Gone

industry offers a wide range of tactical comms for local security forces as the u.s. conducts middle east drawdown.

24 | MIT 16.6 www.MIT-kmi.com

The radio is essentially identical in function and features to the SINCGARS used by U.S. forces, it just has Iraqi crypto. It is the tried and true U.S. gold standard for line-of-sight VHF communications,” said Dave Prater, vice president, networked communications.

“We are very conscious of the particular countries we sell to who want to have their own product key, loading capability and key management capability, and that is what we sell them,” he added.

The use of Iraqi crypto means that fun-damentally, the radios are only interoperable with other units in plain text single channel. Although that means it is not possible to be interoperable in fully secure mode, the fact that the two radios share the same ancillaries and vehicle mounts would, for example, allow U.S. forces to drop one of their SINCGARS radio into an existing Iraqi vehicle mount if encrypted interoperability were necessary.

“The easier way to do this is to release the two thumbscrews, pull that ATCS radio out and put a U.S. radio in, then tighten the thumb-screws and load it up,” Prater explained. “The loading part and the key management part is the hard part, not the equipment, and you can install a U.S. radio on top and an Iraqi radio on the bottom of your VRC configuration. All the ancillaries and all the antennas work. It is all the same.”

Supporting the installed base in Iraq and elsewhere is done via field service representatives and a regular flow of parts and supplies. In Iraq, the company site used to support the radios of U.S. users has now been adapted to meet the needs of Iraqi armed forces. That approach is not unique to Iraq, however, with the company having permanent installations with personnel on the ground in several countries.

That presence, Prater believes, gives ITT Exelis an advantage in supporting a range of other products, including its new SpearNet multi-band line of products. “Our key effort there is that we offer a full suite of communications capabilities that are all interoperable on the VHF channel side. There are radios beyond ATCS allowing command-ers to interoperate across the whole division with different products, with handheld and multi-band product as well as SINCGARS. It is all interoperable with our installed base. Nobody else can do that.

“In addition to that, we have portable networking products that we can take in, and we also have extended capabilities like microwave and our SpearNet product, which is the best in the world in terms of handheld mobile ad hoc networking. We have shown the SpearNet in many countries, and its capability exceeds any mobile ad hoc radio,” Prater said.

A range of other radios for markets such as Afghanistan has also been developed by the company in conjunction with a partner. The Bastion product line bridges the gap between complex military radios and the less rugged APCO P25 radios.

demonstrated interoperability

Codan radios have been operated by Afghan security forces since 2004, primarily the ANP, which has standardized on the design. Codan solutions have also been adopted by other countries for a range of defense and security roles.

“Codan’s key focus is towards the security and peacekeeping side of the industry in addition to military customers,” said Andrew Shep-pard, vice-president, Radio Communications Division. “These needs are different from a full military radio platform. We have for example been providing radios for a number of counter-narcotics programs in Central Asia.”

In the Philippines, Codan have also demonstrated interoperability between their radios and the Harris RF5800H-MP and PRC-150(C) HF radios using two Codan interoperability devices, the 3590 for voice and RM50E for data. “Basically with those two devices, we can then communicate secure voice and secure data using the Harris wave-form to a Codan HF radio and vice versa,” Sheppard said.

Africa is a major focus for the company, with a substantial installed base in the continent which has also led to co-operation with USAFRICOM. To a large degree, this has been focused on a need to buttress weak and failing states, preventing them becoming hubs for al-Qaida and other terrorist groups. USAFRICOM is supporting this through supporting regional peacekeeping and providing enabling capabilities such as networking.

“There are a lot of countries in Africa where it is difficult to deploy and support radio systems,” said Sheppard. “That is where Codan comes in. We have proven that our radios work with existing Harris HF radios that are deployed in the ground. That shows the customer that this is a cost-effective radio platform that is simple to use, able to be supported on the ground and works with existing deployed Harris assets.”

Sheppard explained that to meet many national requirements in Africa, there is a demand for absolute simplicity and robustness, while the same time reducing the burden of maintenance and opera-tion on the signaler. To meet this need, Codan has supplied its 125W NGT HF base station and vehicle-mounted radio, which comes with an integrated antenna-tuner coupler. It is an efficient, cost-effective radio that uses a handset that mimics a cell phone for ease of use by operators.

Codan recently launched its new Envoy radio. A full processor-based software-defined radio (SDR), Envoy is targeted at humani-tarian security and peacekeeping missions. “It has some very neat features and supports multiple languages, and has a full handset and can send full color images. It is Linux-based so we can put applica-tions in the handset and have it operate the same way as a smart-phone,” Sheppard said.

“It has standard features such as an internal modem for email as well as chat modes. It comes with AES encryption, and is fully

Harris scored a key win in the Middle East market with a $51 million order from the government of Iraq for Falcon II and Falcon III radios. [Photo courtesy of Harris]

MIT 16.6 | 25www.MIT-kmi.com

upgradeable based on its SDR design and architecture,” he added. “The main focus of the radio is not as a standalone HF radio, but as a system radio that can be embedded within vehicles and headquarters-type scenarios and can intelligently support HF when required.”

security leVels

A key win in this market for Harris has been a $51 million order from the government of Iraq for its Falcon II and Falcon III families, covering the Falcon III RF-7800S wideband Secure Personal Radios, Falcon II RF-5800M-HH multiband handheld radios and RF-5800H high-frequency manpack radios.

“The Falcon family of Harris radios will provide Iraqi security forces with field-proven, secure communications for a broad range of challenging missions. Harris offers the most complete portfolio of combat-proven tactical radios and related mission-critical products that address current and emerging needs of forces operating in harsh environments,” Brendan O’Connell, president, international busi-ness, Harris RF Communications commented at the time of the deal’s announcement.

In February, Harris secured a $26.4 million order for Falcon III tactical vehicular and handheld communication systems from Jordan.

Several companies already offer international versions of Type 1 products currently in U.S. service. Thales Communications’ PRC6809 is an offshoot of the original AN/PRC-148 Multiband Inter/Intra Team Radio (MBITR) providing a multi-band option for those countries without access to Type 1, or for those that have access but are seek-ing to use a radio in a scenario or mission where Type 1 encryption might be unsuitable or unnecessary, such as remote rebroadcast or border patrol.

“Countries buy the PRC6809 for a number of reasons, but the fact that it is not a Type 1 radio gives them flexibility in how they use it. Other than in encrypted modes or certain specialist modes, the MBITR and JTRS Enhanced MBITR (JEM) are fully interoperable with the PRC6809. Unlike the JEM, however, we can offer the PRC6809 to most of the world. Another important feature of the PRC6809 is that it also works with all the same ancillary devices like the vehicle adapter, base station and repeater as the JEM and the MBITR,” said Ed Calhoun, director of international business development.

The technology roadmap for the radio includes refreshing the RF and upgrading the control board to provide more processing power.

In addition to the multi-band PRC6809, VHF- and UHF-only ver-sions are also offered. If required, however, the single frequency radios can be upgraded to multi-band.

Encryption on the PRC-6809 is to the commercial AES or DES standards. HAVE QUICK, a frequency hopping program that is subject to U.S. government clearance, is an available waveform on the radio. A software-based ECCM capability that works through the whole V/UHF band has also been added and is available via software upgrade.

“It is an exportable waveform for those countries that can’t use SINCGARS or HAVE QUICK, and it works through the whole V/UHF band,” Calhoun explained.

In-country support depends on the requirements of each cus-tomer with multiple options available. “Obviously, warranties are taken care of at our home sites, but we do have users that have established in-country maintenance and repair facilities either at the government level or at the private industry level,” he said. “Thales Communications also has some repair facilities in the Middle East, and all our customers who are working beside U.S. forces can utilize

the same maintenance sites. We don’t have any other regional depots, but that doesn’t mean we haven’t talked about it with countries that are interested in doing that. Turning a national facility into regional hub would be a fairly simple process.”

As a complement to the PRC6809 and other narrowband offer-ings, Thales recently launched the Wideband Networking Radio, which uses a COTS based waveform from Trellisware to support throughput of 1.4Mbps, sufficient to support features such as full motion video directly from soldiers on patrol. In addition to overseas customers, the radios are also in operation with U.S. forces.

cost of ownership

Barrett Communications, an HF and VHF radio communications provider, continues to support programs in several Central Asian countries. While their acquisitions were originally U.S.-funded, the nations have subsequently acquired a substantial number, often by local money rather than overseas military aid.

In Africa, Barrett has sold more than 25,000 radios to agencies over the past 12 years. Company executive Andrew Burt explained that the peacekeeping and African Union forces have deployed 6,000 Barrett radios in their missions in North East Africa, more than any other radio.

In the U.S., Barrett supplies radios to users within the homeland security domain, such as FEMA. It is this market that has been the driver for meeting interoperability standards.

The core solutions are the company’s PRC-2090 manpack, 2050 base station, and 2050 Mobile HF radios, which share common soft-ware and hardware.

“The U.S. military maintains responsibility for all Tier 1 radio products it delivers to coalition partners into the field for life of the deployment. The control and audit trail of these systems is perma-nent. They have to monitor and know where they are at all times,” Burt said. “One of the key benefits of our FMS product is that it is non-CCI. We have our own crypto systems, some in house and some third party sourced, all with varying levels of export control, including export-license-exempt low-level voice scramblers.

“Do you want to give [every military partner or coalition member] Tier 1 level security? Does the perceived threat you are protecting against have the necessary level of sophistication to break sub Tier 1 security systems?” Burt asked.

“If the answer is no,” he continued, “the security total cost of ownership to the provider can be reduced. There is also a significant difference in actual cost, which is of particular importance to donors in the current economic climate. Do you want to take a $40,000 radio and give it away when you can do it with a $10,000 radio and maintain the required basic voice communication with interoperable ALE and data networks?”

Burt added that further interoperability between different forces and radio networks can be achieved via strategic placement of interoperability switches and tactical voice bridges that are waveform, protocol and encryption agnostic. O





The

adve

rtise

rs in

dex

is pr

ovid

ed a

s a se

rvic

e to

our

read

ers.

KMI c

anno

t be

held

resp

onsib

le fo

r disc

repa

ncie

s due

to la

st-m

inut

e ch

ange

s or a

ltera

tions

.

aDVertisers inDex

calenDar

Blue Coat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C3www.bluecoat.comCapitol College . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27www.capitol-college.edu/mitFort Hays State University Virtual College . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20www.fhsu.edu/virtualcollegeGSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3www.gsa.gov/datacentersadITT Exelis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C4www.exelisinc.com/gnomad-domKansas State University . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9www.dce.k-state.edu/engineeringNOVA Corporation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19www.nova-dine.comUniversity of Maryland University College . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C2http://military.umuc.edu/servesyou

July 10-12, 2012TechNet Land Forces—SouthTampa, Fla.www.afcea.org

August 14-16, 2012TechNet Land Forces—EastBaltimore, Md.www.afcea.org

MIT RESOURCE CENTER

A LEADER IN CYBERSECURITY EDUCATION SINCE 2001

Capitol College offers affordable, live, online master’s and doctorate programs in information assurance.

www.capitol-college.edu/mit

Lieutenant General Michael J. BaslaChief, Information DominanceChief Information OfficerU.S. Air Force

Cover and In-Depth Interview with:

Insertion Order Deadline: July 24, 2012 | Ad Materials Deadline: July 31, 2012

Special Feature:2012 Air Force Enterprise Services Reference Guide

Features• Airborne Networks• Bring Your Own Device• Cyber Situational Awareness• Network Integration Evaluation

August 2012Volume 16, Issue 7

NEXTISSUE


Q: What types of products and services does your company offer to military and other government customers?

A: Blue Coat has been delivering its web security solutions to military and defense organizations for more than 15 years. The solution delivers protection against web-based threats and acts as a granular point of control for all Internet traffic. This control is crucial because it gives these organizations the ability to consis-tently enforce content, application and access policies. To give the military intel-ligence about the web content on their networks, Blue Coat also provides in-depth reporting on web usage that allows them to understand how usage patterns are impacting the network or exposing the organization to risk. The reporting also allows government organizations to identify potentially infected systems and gives them the detailed information they need to look more deeply into potential targeted threats. So the Blue Coat solu-tion gives a lot of intelligence as well as protection and control.

Q: What unique benefits does your company offer in comparison with others in your field?

A: Blue Coat is really at the forefront of delivering the comprehensive pro-tection and granular control that the military and other government agencies require to safely use the Internet. With our Negative Day Defense, we are now blocking attacks before they launch. This

really changes the game in how we can protect our customers. With advanced controls, we are able not only to inspect all web traffic, including encrypted traf-fic, but also to offer robust control. For example, you may choose to set a policy that all encrypted Internet traffic can be intercepted except for the chief of staff. We give you the ability to do that. Other agencies may have different policy requirements, so we give granularity of control. Do you want field agents to have their traffic inspected and protected, but not that of the head of the bureau? That kind of granularity and performance around encryption is very important.

We’ve not only been able to offer robust security controls around encrypted traffic, but we’ve also been working over the past few years to main-tain that capability for our customers without any performance degradations. When you start dealing with encrypted content, it’s quite complex, so you see dramatic drops in throughput in most other solutions. Through hardware-assisted analysis, Blue Coat uniquely can deliver the same security without com-promising performance.

We were the first vendor to offer this level of control over encrypted traf-fic, and that came out of our strategic relationships with the military and large financial companies that are on the fore-front of needing cryptographic controls.

In addition to the protection and con-trol, the Blue Coat solution also deliv-ers optimization in the same appliance. Some of our government agency cus-

tomers deploy security and optimization together. This means that at a headquar-ters location, the defense agencies now have web security controls, active intel-ligence to look at any potential threats, and protection for all of their users. For bases, camps or remote offices, they can now not only extend the security con-trols and protection, but also ensure fast application performance. That’s unique to Blue Coat, and it matters a lot to the military, where every second is critical.

Q: What about social media?

A: Also very important is controlling web applications and the operations within those applications, the most popular example of which is social media. The open access to social media that govern-ment agencies must now provide creates some security risks. Blue Coat produces a report each year based on research from our security labs. We showed in this year’s report that one in 16 of the malware attacks we saw in 2011 started on a social networking site.

We know that social networking today is an imperative. These are not simply recreational users, and for the defense agencies a lot of it revolves around intel-ligence. The unique capability we offer is robust protection against malicious links, downloads or executables. You can click on anything you want on a social networking site, and a Blue Coat solution will be looking layers deep into that. We look ahead and block any links to mali-cious sites. O

Sasi MurthySenior Director

Product Marketing for SecurityBlue Coat

INDUSTRY INTERVIEW Military Information Technology

Blue Coat is a leading provider of Web security and WAN optimization solutions. We offer solutions that provide the visibility, acceleration and security required to optimize and secure the flow of information to any user, on any network, anywhere.

ALWAYS ON. ALWAYS FAST. ALWAYS SAFE.

SECURE THE WEB while giving government visibility and control

Accelerate agency networks with WANOPTIMIZATION

Implement manageable, flexible and mobile CLOUD SERVICES – anywhere in the world

WEB: bluecoat.comBLOG: federalblueprint.com

Exelis and “The Power of Ingenuity” are trademarks of Exelis Inc. ITT is a trademark of ITT Manufacturing Enterprises, LLC., and is used under license. Copyright © 2012 Exelis Inc. All rights reserved. Photo courtesy of the U.S. Army and Sgt. Ken Scar.

www.exelisinc.com

Remote mission.Proven broadband.Cost-effective solution.

In the world of satellite communications, GNOMAD stands apart. Combat-proven by the U.S. Army in Northern Iraq and Kuwait, GNOMAD equips forces with reliable broadband communications by extending Wi-Fi and 3G/4G cellular networks into harsh environments.

Modular by design, GNOMAD delivers affordable networking beyond line-of-sight while on the move. To learn more about GNOMAD’s innovative capabilities, visit www.exelisinc.com/gnomad-dom.

IDS11008Km_MilitaryInfoTech_GNomad_8.375x10.875_Ad.indd 1 6/29/12 4:36 PM

Documents

MIT 16.6 (July 2012)