Industry officials don’t anticipate any surprises Wednesday when the Obama administration is expected to release the final version of a voluntary set of cyber security best practices and standards that will help guide private sector entities in bolstering their defenses against cyber attacks.
Version 1.0 of the Cybersecurity Framework is just a “beginning,” Kent Landfield, director of Content Strategy, Architecture and Standards at McAfee, said. "From that point forward then industry is really going to have to take a look at how to integrate this and how it will be used.” McAfee is a subsidiary of Intel [INTC].
A year in the making, the framework has been crafted through an open, iterative process with the National Institute of Standards and Technology (NIST) coordinating participation of and gathering inputs from hundreds of stakeholder in the private sector, at multiple levels of government and academia. Several draft versions of the document were developed, published and commented on since the administration’s Executive Order 13636 on cyber security last February directed the creation of the forthcoming framework.
NIST has maintained all along that the framework will be a “living document” and said in a status update on Jan. 15 that it will be updated “based on lessons learned through use as well as integration of new standards, guidelines, and practices that become available.” It said another workshop may be held in the next four to six months and added that it will continue to coordinate work around the framework until it can be transitioned to a non-government organization.
Given the voluntary nature of the framework, the administration and others have talked about the need for incentives to entice owners and operators of the nation’s critical infrastructure to use the framework to guide their actions in improving their cyber risk posture. However, while the administration has published a list of potential incentives, such as liability protections, technical assistance, rate adjustments for utilities to recover investments, cyber security insurance and others, it hasn't provided any specifics on the direction it may take here or what it may want Congress to do.
Some of these incentives, such as liability protection, will require congressional legislation, which has been hard to come by. But there are also free market incentives.
Eventually the government and private companies may refer to the framework for their procurement and supplier requirements, Harriet Pearson, a partner with the privacy and information management section of the law firm Hogan Lovells, said on Monday.
“Without legislation, it’s the free market’s problem to begin with and the administration is trying to be a…spark to help us improve the national cyber security posture so we do need to take this on ourselves,” Landfield said.
However, Pearson also said that as a lawyer, she will be “counseling care” to what any organization says about its use of the framework so as to not increase their “potential liability for not implementing it perfectly or something like that.”
McAfee's Landfield said that the structure of the framework with five core functions—identify, protect, detect, respond and recover—and related categories and subcategories, will improve risk-based decision making about cyber security within companies and help the technical and non-technical executives more easily communicate with each other about cyber security in managing the company.
Landfield and Pearson both expect an extensive outreach campaign by the federal government and many of the stakeholders involved in putting together the framework so that it becomes better understood within the critical infrastructures of the country.
It needs to go “viral,” Landfield said.
U.S. Special Operations Command’s (USSOCOM) Tactical Assault Light Operator Suit (TALOS) program, where partners within the Defense Department, industry and academia work together to solve an operational challenge and earn prestige and prize money, is the future of doing business with industry, according to head of the command.
USSOCOM chief Adm. William McRaven said Tuesday the command is teaming with 56 corporations, 16 government agencies, 13 universities and 10 national labs on the TALOS program to leverage the expertise from leading minds throughout the nation and redefine state-of-the-art in survivability and operational capability. TALOS, also known as the “Iron Man Suit,” is McRaven’s vision to provide operators lighter, more efficient full-body ballistics protection and super-human strength, according to a DoD statement.
Antennas and computers embedded into the suit should increase the wearer’s situational awareness by providing user-friendly and real-time battlefield information. Integrated heaters and coolers would regulate the temperature inside the suit. Embedded sensors would monitor the operator’s core body temperature, skin temperature, heart rate, body position and hydration levels. In the event the operator is wounded, the suit could feasibly start administering the first life-saving oxygen or hemorrhage controls.
McRaven said three unpowered prototype suits are currently being assembled and will be delivered to USSOCOM in June. The command is also shooting for a deployable suit in August 2018. USSOCOM is the only combatant command with acquisition authority.
McRaven said the concept for TALOS procurement came from a perceived reluctance from industry to share ideas with others. McRaven challenged industry and defense representatives at a USSOCOM conference in May to come up with the concepts and technologies to make the suit a reality.
“I have personally gone out to industry and challenged them to figure out how to work more collaboratively on this particular TALOS suit,” McRaven said at the National Defense Industrial Association’s (NDIA) special operations/low-intensity conflict (SO/LIC) conference in Washington. “I think that is important because, invariably, you get the kind of ‘big industry’ who has the big ideas, but as always, they’re a bit reluctant to share some of their intellectual capital with others, and that becomes a problem…I want a way of coming together.”
McRaven wants to use the “carrot” approach to generating greater interest by requesting permission from Under Secretary of Defense for Acquisition, Technology and Logistics (AT&L) Frank Kendall to award a prize for TALOS. McRaven said he’d like to award a $10 million prize, but Maureen Schumann, spokesman for Kendall’s office, said DoD has not yet received a formal request from USSOCOM. According to law, the defense secretary, acting through the assistant secretary of defense for research and engineering and the service acquisition executive for each military department, may award cash prizes that do not exceed a total of $10 million for one fiscal year. The fiscal year 2014 National Defense Authorization Act (NDAA) extended DoD’s authority to award cash prizes through Sept. 30, 2018.
McRaven said power is the biggest technological challenge with TALOS as the exoskeleton needs a power supply and can’t be hooked up to a generator. Though he can’t get deep into the capabilities of TALOS to preserve an operational advantage, McRaven said USSOCOM will remain “pretty transparent” about the suit and its progress, citing a handful of public hearings and presentations he’s already given.
The command is working with the Defense Advanced Research Projects Agency (DARPA), as well as the Army and other DoD organizations, to tap into projects already underway. DARPA, for example, is working on its Warrior Web project, which is designed to boost troops’ stamina and carrying capacity without sacrificing speed or agility. The concept includes a lightweight undersuit that would augment the efforts of the wearer’s own muscles.
USSOCOM has also invited those who have never before worked with the command to participate. McRaven said USSOCOM will host a “monster garage” type of event to pair the creativity and ingenuity of local garage “tinkerers” with the expertise of professional engineers to build components, or potentially a complete suit, in a collaborative environment.
Another departure from a traditional procurement project is that the command’s acquisition center staff established an innovation cell to lead the effort, advised by operators and focused on transforming business practices to solve the extreme integration challenges associated with TALOS. USSOCOM’s TALOS project manager, Michael Fieldson, said the government is going to take more ownership than it typically takes.
“We are going to go in and make some decisions that we sometimes rely on industry partners to make for us,” Fieldson said in a December statement.
Lockheed Martin [LMT] spokeswoman Melissa Hilliard declined Tuesday to say if the company was participating in the TELOS program, but said Lockheed Martin continues to meet with potential customers to evaluate their needs and provide prototype exoskeleton systems for concept demonstration purposes.
McRaven said simply if TALOS is done right, it will be a huge competitive advantage over enemies and provide additional financial incentives for participants. Readers can view the request for information (RFI) at Federal Business Opportunities (FBO).
“This unique collaboration effort is the future of how we should do business,” he said.
Despite the pledge of support from some lawmakers, the amphibious warfare community is trying to drive down the cost of building and maintaining its amphibious ship fleet in the hopes that the money saved could be funneled toward building more ships.
During the kickoff event for the Amphibious Warship Industrial Base Coalition, industry representatives came to the Cannon House Office Building to meet with lawmakers and congressional and military staffs to discuss the state of the amphib fleet–as industry and some members of Congress are pushing for the Navy to build a 12th amphibious transport dock ship in a planned 11-LPD class, and the Marine Corps hopes to use the LPD design for its dock landing ship replacement despite pressure in the Navy’s shipbuilding budget to find a cheaper alternative.
Rep. Ander Crenshaw (R-Fla.), who represents the region around Naval Station Mayport, assured the attendees during his keynote speech that limiting the number of new amphibs to be constructed is bad for national security and bad for the industrial base.
He said, in his view, it is hard to prioritize one ship in the Navy’s plan over another, but it is easy to prioritize national defense over other spending--essentially arguing for a higher topline for the Defense Department, something that some lawmakers have pushed for given that the Navy is looking at spending about $19 billion a year in upcoming years in its shipbuilding account compared to a historical average of closer to $14 billion a year.
“I’m going to continue to make the case with my colleagues as a senior member of the defense appropriations–I’ll work with my chairman, Rodney Frelinghuysen, and we’ll make the case that we’ve got to stay strong, that we can’t afford to lose the industrial base that we have,” he said.
Still, Maj. Gen. Robert Walsh, the director of amphibious warfare on the chief of naval operations’ staff (OPNAV N95), spoke of the need to control costs wherever possible.
On the new construction side, Walsh said that the industrial base keeping its costs down would help the Marine Corps in its push to use a higher-end design, such as the LPD design, instead of caving to budget pressures and choosing a lower-capability, lower-cost alternative. He urged suppliers large and small to “really work to try to drive out cost and look at the best ways, all the way down to the subsystem level, and [look at] how you would do things differently to reduce the costs of the ships. That’s critical for us to be able to afford the warship that that the Marine Corps needs.”
On the ship maintenance and modernization side, he argued that finding efficiencies in how the service maintains a ready fleet would not only provide more presence, but it would also save money--that the Marines could argue should be used to buy additional ships.
“The smarter we can be in doing things right on our maintenance and our availabilities, getting these things scheduled in the shipyards correctly--there’s a lot of inefficiencies on our part,” Walsh said. “Some of that inefficiency on our part is because the ships are high-demand and they’re run hard. I think in the last two years every [Amphibious Ready Group/Marine Expeditionary Unit] we sent out has either gone out early or stayed late...What that affects is maintenance.”
He said the Army and Marine Corps ground forces had slowed the pace of operations coming out of Iraq and Afghanistan and could therefore reset their equipment, but the Navy has not been given the same slow in tempo to reset its ship fleet.
Adm. William Gortney, commander of U.S. Fleet Forces Command, announced last month the Navy’s Carrier Strike Groups would move to a new Optimized Fleet Response Plan, which would consist of an 8-month deployment and a 26-month maintenance and training cycle at home. Maintenance would be planned well in advanced and not altered when combatant commanders inevitably ask for more overseas presence--the O-FRP would be a supply-based system rather than a demand-based system for readiness.
Walsh said the current O-FRP only applied to CSGs and that a separate schedule would be developed to meet both Navy and Marine Corps personnel and training schedules, as well as maintenance schedules for both the ships and the Marines’ aviation and ground platforms.
“Right now, Fleet Forces Command and MARFORCOM, Marine Forces Command down in Norfolk, are starting discussions on what that would look like,” he told Defense Daily. “But the intent of Adm. Gortney is to get after that, let’s lock these [maintenance] periods in, we don’t mess around with them, and give these shipbuilders” more predictability.
Asked if that predictability, and therefore lowered cost, would be sufficient to pay for his hopes of buying more ships, Walsh responded, “potentially. I think so. I think there’s a lot to be said that we can squeeze a lot more money and get more readiness. Get more readiness, get more ships deployed–trained and deployed–that’s one. Or save money to put it in other areas. And my thing is, if you don’t do this, you’re not going to be able to buy more ships.”
For industry, though, the idea of lowering costs for the Navy and Marine Corps hinges on whether military officials can follow through on their promises of more predictable schedules. Phil Jiannine, the Norfolk branch manager for W&O Supply, Inc., spoke at the event and noted several industry challenges, including the risk of relying on Navy shipbuilding plans in an environment when long-term plans never seem to stick.
“Inventory is about turning over materials and materials movement,” he said. “So if you’re going to make a capital investment to put product on the shelf, then you have to know that that product is going to turn...Today, with all the unknowns, everybody is kind of hesitant to carry that inventory on the shelves.”
The first of four of the Navy's Arleigh Burke-class (DDG-51) destroyers equipped with the Aegis ballistic missile defense system arrived in Spain on Tuesday as part of NATO’s plan for protecting Europe from the proliferation of ballistic missile in the Middle East.
USS Donald Cook (DDG-75) ported at Naval Station Rota to join the U.S. Sixth Fleet and mark the beginning of the European Phased Adaptive Approach (EPAA) adopted by Washington and its NATO allies for protecting Europe from missile threats--namely from Iran. The Cook will be joined by a second guided-missile destroyer this year and two more in 2015.
The Navy ship carries the Lockheed Martin [LMT]-built Aegis Ballistic Missile Defense system, which can identify, track, target and take out an enemy missile with Raytheon’s [RTN] SM-3 interceptor. The sea-based system is one of the more proven missile defense capabilities developed by the Pentagon.
The NATO plan calls for installing a land-based version of Aegis, known as Aegis Ashore, in Romania by 2015 as part of the second phase of the EPAA.
In addition to missile defense, the four vessels will participate in maritime security, training exercises with the Spanish Navy, and other NATO operations and deployments, the Navy said.
"These destroyers will help ensure we are here with our friends and allies when it counts, not just in the right place at the right time, but all the time," Navy Secretary Ray Mabus said.
The EPAA was adopted by NATO during the 2010 alliance summit in Lisbon, Portugal. The Obama administration developed the approach to replace the Bush White House’s plans to deploy long-range, ground-based ballistic missile interceptors in Poland, a policy that drew a sharp rebuke from Moscow.
The Kremlin, however, has also criticized the EPAA, saying it--like the long-range interceptor plan--marginalizes its strategic nuclear deterrent. The United States has maintained that the EPAA is not designed to counter a nuclear strike from Russia, but to fend off threats originating in the Middle East.
HID Global, the United States-based division of Sweden’s Assa Abloy, on Monday said it has acquired fingerprint sensor developer and provider Lumidigm, extending its portfolio of authentication products and allowing it to deliver new solutions into more applications.
Terms of the deal were not disclosed although the Albuquerque Journal cited a Lumidigm investor as saying that Assa Abloy paid more than $60 million for the 13-year-old company. Lumidigm, which is based in New Mexico, is expected to have more than $25 million in sales this year and be immediately accretive to Assa Abloy’s earnings.
Lumidigm develops and sells fingerprint sensors based on multispectral imaging technology, which works well with damaged fingerprints and in adverse environmental conditions.
California-based HID Global, which provides secure identity solutions, offers a variety of access control readers for smart cards and biometrics, smart credentials, card printers, RFID tags, software, and other related technology. HID Global says its goal is to extend Lumidigm’s imaging technology beyond fingerprint and hand-based applications into other applications such as iris, facial and other smart imaging systems.
“Lumidigm’s proven product portfolio will enhance our current strong authentication offerings, especially for healthcare, financial institutions and other high-security environments,” Denis Hebert, president of HID Global, said in a statement. “The company has unique technology protected by a large patent portfolio and proprietary algorithms and has achieved a strong penetration in key emerging markets including South America and Brazil.”
HID Global says that demand is growing for biometric solutions across various vertical markets such as banking and healthcare. The company says its global reach and product development strengths will be used to exploit a variety of new market opportunities for Lumidigm’s technology and product portfolio.
Lumidigm has 33 employees. Imperial Capital served as Lumidigm’s financial adviser on the deal.
With strong free cash flow, L-3 Communications [LLL] on Tuesday said its board has increased the company’s quarterly dividend by nine percent, the 10th consecutive annual dividend increase by the company.
The quarterly cash dividend is going from 55 cents to 60 cents earnings per share to shareholders of record at the close of business on March 3.
“L-3 is committed to a balanced program of returning cash to shareholders, and we are pleased that the company’s strong financial position enables us to increase the yield of our dividend,” Michael Strianese, L-3’s chairman, president and CEO, said in a statement. “We remain focused on delivering shareholder value through a prudent capital allocation strategy that includes cash dividends, a stork repurchase program and making niche acquisitions that enhance and expand our existing business base.”
L-3 posted solid financial results in 2013 with net income relatively flat despite a decline in sales. The company’s per share earnings were up nearly 7 percent as a result of its stock repurchase program that reduced the number of shares outstanding.
L-3 also posted strong free cash flow for the year, nearly $1.1 billion, well above the $778 million in net income. In its year-end results, L-3 said it returned 94 percent of free cash to shareholders in 2013 and 102 percent in 2012.
Free cash flow this year is expected to be $1 billion.
Three years after the White House released the Federal Cloud Computing Strategy, agencies are still struggling to make the move to virtualization, according to new research from consulting firm Accenture.
The top concerns for federal agencies are staffing cloud experts in their IT departments and the procurement process. Only a third of respondents to Accenture’s survey said they were confident their agency had the appropriate staff expertise to implement cloud computing and 41 percent said employees need further cloud training. Almost half of respondents did not know how the lengthy procurement process affects their cloud adoption, which suggests that cloud procurement is found in pockets throughout the government, Accenture said.
Annette Peterson, the firm’s managing director for technology solutions, said the most important factor going forward with federal cloud is adapting the procurement process for services that can be acquired in minutes versus months.
“Today, the procurement structure isn’t put together in a way for services to be purchased in this manner: ‘as-a-Service.’ That’s really the destination we need to get to,” she said.
The primary solution to the procurement process, she said, is cloud brokerages in which an outside firm negotiates terms of agreement among the agency, the cloud service provider and potentially a third company tasked with integrating the new system. Brokerages, which have been widely discussed throughout the cloud policy community, are still an enigma to many agency IT employees. More than half (58 percent) of respondents said they were unsure which brokerage services could be helpful to them.
Peterson said security also remains a top priority for federal agencies. Uncertainty surrounding the cloud and what it means for cybersecurity has caused some alarm, but Peterson said the move to the cloud will actually enhance security. As agencies adopt cloud under the same security regulations, they will create a “blueprint” for future cloud projects. Standardization will make the IT environment safer government-wide. Currently, agencies are facing challenges with rectifying diverse IT systems internally, let alone across various departments and bureaus. The process for becoming an approved cloud service provider to the government--FedRAMP--is also aiding the blueprint.
Peterson said Accenture’s findings apply to both civilian and defense agencies, but the two are approaching the cloud differently.
“Defense agencies are still consciously looking at how they can move to private clouds,” she said.
Private clouds use the same virtualization and scalable technology as other clouds, but they are only used by the particular agency and are often built in-house. Civilian agencies, on the other hand, are beginning to experiment with public clouds that they may share with any of the cloud service provider’s clients.
Although private clouds can be slightly more costly and work intensive than signing up for a public cloud, Peterson said intelligence and defense agencies may avoid some procurement pitfalls.
“They may in fact be able to move to a model that allows them to be more efficient with those technologies than going through consumption process like civilian agencies,” she said.
Since 2002, the Army Corps of Engineers (USACE) has worked on some 1,000 major construction projects in Afghanistan valued at more than $10 billion, but they're not done so Corps personnel will still be there to finish projects still under way in December when U.S. troops are expected to leave, the commanding general said.
“We will be there beyond December ’14,” Lt. Gen. Thomas Bostick, Army Chief of Engineers and Commanding General U.S. Army Corps of Engineers said Tuesday during a roundtable. “The challenge is to complete all the work in the time that we have.”
That means USACE employees would be there with or without a status of forces agreement (SOFA). If there is no SOFA, “I suspect there would be some sort of embassy just like we have in Iraq and through the State Department we would execute our mission using these Quality Assurance engineers who are Afghans,” Bostick said.
When combat troops leave in December, the engineers would not be able to rely on some of the security it has today from soldiers and civilian security companies.
After December there would be a smaller number of USACE civilian and military personnel who would guide the remainder of the construction program.
As that happens, the corps will rely on about 400 Quality Assurance Afghan engineers, he said, who will work in remote locations on ongoing projects where USACE employees cannot go without significant amounts of transportation or security. The corps will ensure these engineers are “protected and confident” as they work.
Quality Assurance engineers go through training and an assessment to check they’re capable of doing the work needed, he said. These engineers may initially go out with USACE engineers until there is a certain level of confidence in their ability, but then they operate independently to assess projects that must meet high standards, be of high quality and be done at a fairly rapid rate
“These are critical projects that we will be working on for a period of time,” he said. For example, key infrastructure projects such as the Dahla Dam improvement project and electricity power line projects.
The political and military leadership are aware of this, he said, and “it is work that really must be done for us to complete our mission.”
Once projects are completed in Afghanistan, the next big challenge is to ensure Afghans can maintain and operate them, Bostick said. The projects were constructed with Afghans and their culture in mind, knowing the projects weren’t built for “New York or Peoria,” they won’t have the bells and whistles that might be found in similar U.S. facilities.
Lockheed Martin [LMT] Tuesday said it received a three-year $22 million contract from the Army to provide Modernized Target Acquisition Designation Sight/Pilot Night Vision Sensor (M-TADS/PNVS) Special Repair Activities for the Royal Saudi Land Forces Aviation Command’s Apache attack helicopters.
Lockheed Martin will provide tools and test equipment to maintain components of the M-TADS/PNVS system.
The Royal Saudi Land Forces Aviation Command will receive in-country support beginning in the first quarter of 2014. The period of performance under this contract extends through 2017.
“Saudi Arabia is the second international customer to establish an M-TADS/PNVS in-country Special Repair Activity,” said Mike Taylor, M-TADS/PNVS international and fleet support director at Lockheed Martin Missiles and Fire Control. “Providing test and repair capabilities for international customers greatly increases supply availability and maximizes Apache mission effectiveness.”
Earlier this month, Lockheed Martin received a $60 million sustainment and support contract for M-TADS/PNVS on U.K. AH-64 Apaches from Finmeccanica's AgustaWestland.(Defense Daily, Feb. 6).
Fielded in 2005, the M-TADS/PNVS system provides Apache attack helicopter pilots with long-range, precision engagement and pilotage capabilities for mission success and flight safety in day, night and adverse weather missions. Forward-looking infrared sensors provide enhanced image resolution that enables Apache aircrews to prosecute targets and provide situational awareness in support of ground troops outside detection ranges.
Lockheed Martin has delivered more than 1,200 M-TADS/PNVS systems to the U.S. Army and international customers.
Lockheed Martin [LMT] has signed a contract with Victorian Wave Partners Ltd. for the world’s largest wave energy project off the coast of Australia, the company said Tuesday.
“This is a significant step toward making ocean energy commercially available,” a statement said.
Once completed, the project will peak at 62.5 megawatts, enough to power roughly 10,000 homes. The project will harvest energy generated by the surface motion of ocean waves, which are more predictable than other renewable energy sources such as wind or solar. Lockheed Martin will employ the PowerBuoy wave converter technology from Ocean Power Technologies (OPT). The PowerBuoys are 30 feet high and will be stationed three miles off the coast of Victoria, Australia.
The wave project will also further the country’s goal of 20 percent renewable energy by 2020.
“This project extends our established relationship with OPT and Australian industry and enables us to demonstrate a clean, efficient energy source for Australia and the world,” said Tim Fuhr, director of ocean energy for Lockheed Martin’s Mission Systems and Training business.
Lockheed Martin will provide project management, design support for the manufacturing of the PowerBuoys, components production and system integration for the duration of the contract.