CYBERCOM starts to wield acquisition power

Discussion in 'Cyber' started by AMDR, Oct 7, 2015.

Share This Page

  1. AMDR

    AMDR Captain Staff Member Administrator

    Joined:
    Oct 7, 2015
    Messages:
    376
    Likes Received:
    868
    Occupation:
    Student
    Location:
    United-States
    CYBERCOM starts to wield acquisition power
    http://www.c4isrnet.com/story/milit...m-starts-to-wield-acquisition-power/73528950/

    The Pentagon wants to make it easier for U.S. Cyber Command to quickly acquire the tools and services it needs to support cyber operations, according to the Defense Department's chief weapons buyer. The support reinforces measures in the 2016 National Defense Authorization Act that — if it passes — will give special procurement authorities to drive cyber-focused rapid acquisition.

    "I think in the cyber world — first of all, the acquisition, so to speak, in development programs tend to be very small in dollars and short in duration. I don't have a personal problem…with CYBERCOM having some acquisition authority so that they can do some of the things that they need to do, quickly," Frank Kendall, under secretary of Defense for acquisition, technology and logistics, on Oct. 6 told reporters at the Defense One State of Defense Acquisition event in Arlington, Virginia.

    Kendall said he's taking steps at the Pentagon to steer cyber acquisition where it needs to go — away from the conventional weapons-buying processes at the DoD.

    "I have a group called the Cyber Investment Management Board, which oversees cyber investments, and it was set up partly because of the need to have very rapid and agile investments in cyber in some areas. And, to not use the traditional system," Kendall said.

    In the meantime, though, the command is already exercising buying power with a new $460 million contract.

    The agreement would cover mission support in cyber operations, including providing "cyber joint munitions effectiveness," according to the draft documents released Sept. 30.

    According to the draft task order, the vendor that wins the contract will be expected to handle key areas that include:



    • Provide mission essential coverage to support cyberspace operations.
    • Identify requirements and concept of operations that focus on the execution of DoD Information Network (DODIN) operations and Defensive Cyberspace Operations Internal Defensive Measures (DCO-IDM) and assist in the development, synchronization, integration and assessment of operational standards ISO achieving the Joint Information Environment end-state.
    • Contribute to efforts to secure, operate, and defend the DODIN and its critical dependencies in order to provide full spectrum cyberspace operations, ensuring freedom of maneuver in that domain and denying our adversaries the same.
    • Contribute to CYBERCOM strengthening relationships with key partner nations, coordinating, synchronizing, deconflicting and integrating operational planning efforts for full spectrum cyberspace operations.
    • Plan, coordinate, and deconflict offensive cyberspace operations, DCO and DODIN Operations throughout the entire joint operational planning process.
    • Identify requirements to fill gaps and identify capabilities in order to achieve an effect in accordance with tactical objectives, operational goals and strategic end-states.
    • Prepare courses of action, to include advanced level targeting, capabilities pairing and operational assessments.
     
    Technofox and F-22 like this.
  2. AMDR

    AMDR Captain Staff Member Administrator

    Joined:
    Oct 7, 2015
    Messages:
    376
    Likes Received:
    868
    Occupation:
    Student
    Location:
    United-States
    $460M CYBERCOM Contract Will Create Digital Munitions
    http://www.defenseone.com/technolog...te-digital-munitions/122556/?oref=d-river&&&&

    The first job under a forthcoming $460 million U.S. Cyber Command contract to outsource all mission support involves, among other activities, a lot of digital munitions-making.

    An 84-page draft task order released Sept. 30 runs the gamut of hacking and counterhacking work, plus traditional ITsupport activities.

    The proposed solicitation was accompanied by a 114-page draft of the full 5-year contract. In May,CYBERCOM officials cancelled a similar $475 million project announced earlier that month. At the time, officials explained a reorganized request for bids with more details would be out in the fall.

    The initial work order will support “cyber joint munitions effectiveness” — by developing and deploying — “cyber weapons” and coordinating with “tool developers” in the spy community, the documents state. In addition, the prospective vendor will plan and execute joint “cyber fires.”

    CYBERCOM is in the midst of recruiting 6,200 cyberwarriors for teams positioned around the world. The command’s duty is to thwart foreign hackers targeting the United States, aid U.S. combat troops overseas and protect the dot-mil network.

    In the past, some military academics have voiced concerns about the unintended outcomes of such maneuvers. Malicious code released into networks could backfire and harm U.S.individuals or allies, they warned.

    “Due to the ‘system of systems’ nature” of cyberspace, it is very difficult to know exactly what effect” defensive or offensive actions will have on U.S. and ally assets “since we can’t be sure exactly how far out the cyber action might spread,” Dee Andrews and Kamal Jabbour wrote in a 2011 article for Air Force Space Command’s Journal for Space & Missile Professionals. “The difficulty in doing a damage estimate before cyber action is taken makes cyber friendly fire difficult to identify and mitigate.”

    There are dozens of bullet points on training support work in the contracting documents.

    For example, the hired contractor will run exercises on “USCYBERCOM Fires processes” with the Joint Advanced Cyber Warfare Course, the Army Cyberspace Operations Course, the Air Force Weapons School, the Joint Targeting School and other outside groups, the documents state.

    Certain contract personnel supporting these so-called cyber fires will be subjected to additional background reviews and will have to comply with “need-to-know” classification rules, according to officials.

    Beyond unleashing malware, the chosen contract employees will help repel attacks on Defense Department smartphones housing sensitive data, according to the government. This assignment involves analyzing forensics reports on hacked mobile devices and conducting security assessments of mobile apps, among other things.

    There also is some cyber espionage work entailed. The selected contractor will aid the “fusion,” or correlation of clues, from “reliable sources,” network sensors, network scans, open source information, and “situational awareness of known adversary activities,” the documents state

    The professionals hired will probe lurking, well-resourced threats inside military networks and identify ”signatures” of the hacker footprints discovered, they add. The signatures, such asIP addresses and strings of code, will be used to determine if there is malicious activity elsewhere inside Pentagon and defense industry networks, according to officials.

    Another CYBERCOM duty will be proposing procedures for facilitating “all-source intelligence analysis of the foreign threat picture” — information collected from spies, data surveillance, public information and other inputs.

    A final comprehensive solicitation and task order are scheduled to be released later this month. The government is accepting questions about the drafts from companies until Oct. 7.[​IMG]
     
    Technofox and F-22 like this.
  3. Technofox

    Technofox That Norwegian girl Staff Member Ret. Military Developer

    Joined:
    Oct 8, 2015
    Messages:
    900
    Likes Received:
    3,206
    Occupation:
    Professional "Doer" of "Things"
    Location:
    Norway
    Hobby:
    Being a geek
    AMDR, how'd the NSA leaks impact recruiting? The private sector has a lot of qualified people, some of whom are less inclined to support the military or mass surveillance due to a prevalent liberal or libertarian ideology, this manifests a lot in Silicon Valley where some of the industries best reside. These are the people that are targeted for recruitment into these new cyber warfare capabilities.

    Vox has a nice feature on the political alignment of Silicon Valley:

    http://www.vox.com/2015/9/29/9411117/silicon-valley-politics-charts

    Have we seen any downturn in recruiting following the NSA leaks, it was expected that there'd be a decline due impart to political alignment of experienced tech professionals (this being coupled with the amount of money to be made in the private sector).

    ...

    According to Navy Vice Adm. Jan Tighe recruitment is on track, though she gives no figures or estimations:

    Navy Vice Adm. Jan Tighe, commander of U.S. Fleet Cyber Command, believes the Defense Department is on track toward its goal of hiring the right number of cyber workforce, Nextgov reported Monday.

    Aliya Sternstein writes the U.S. Cyber Command seeks to complete the creation of 133 cyber teams across the military and plans to achieve a 6,200-strong cyber workforce by 2016.

    “As we have continued to grow the cyber mission force, we’re getting the right numbers of people,” Tighe told the Billington Cybersecurity Summit in Washington.

    “Whether we are getting the right people is still yet to be determined,” Tighe said at the event.
     
    Last edited: Oct 9, 2015
  4. AMDR

    AMDR Captain Staff Member Administrator

    Joined:
    Oct 7, 2015
    Messages:
    376
    Likes Received:
    868
    Occupation:
    Student
    Location:
    United-States

    So far it sounds like recruiting for the NSA hasn't been a problem, but in the future they expect it to be. Like you said, money is also a significant factor.

    from: http://www.npr.org/2015/03/31/395829446/after-snowden-the-nsa-faces-recruitment-challenge

    "When I was a senior in high school I thought I would end up working for a defense contractor or the NSA itself," Swann says. Then, in 2013, NSA contractor Edward Snowden leaked a treasure-trove of top-secret documents. They showed that the agency's programs to collect intelligence were far more sweeping than Americans realized.

    After Snowden's revelations, Swann's thinking changed. The NSA's tactics, which include retaining data from American citizens, raise too many questions in his mind: "I can't see myself working there," he says, "partially because of these moral reasons."

    This year, the NSA needs to find 1,600 recruits. Hundreds of them must come from highly specialized fields like computer science and mathematics. So far, it says, the agency has been successful. But with its popularity down, and pay from wealthy Silicon Valley companies way up, agency officials concede that recruitment is a worry. If enough students follow Daniel Swann, then one of the world's most powerful spy agencies could lose its edge."

    The question "Why join the NSA when I can get paid 5 times as much to do the same thing for a corporation?" is a big problem that the NSA will absolutely have to contend with as the "cyber-arms race" heats up. At the end of the day money I think this will be the bigger factor rather than public opinion of the NSA, but that's my own personal opinion.
     
  5. AMDR

    AMDR Captain Staff Member Administrator

    Joined:
    Oct 7, 2015
    Messages:
    376
    Likes Received:
    868
    Occupation:
    Student
    Location:
    United-States

    Here is another great article on CYBERCOM acquisition:


    CYBERCOM Writes Own Software: Accelerating Acquisition


    [​IMG]

    WASHINGTON: A Pentagon procurement process that takes a decade to deliver can’t keep up with fast-advancing frontline of cyberwar. US Cyber Command needs more agile ways to get technology, top officials said today. For now, its nascent Cyber National Mission Force is actually building some key tools in-house.

    “For us at the cutting edge,” said the Mission Force commander, Maj. Gen. Paul Nakasone, “we have developers on our teams.” Those developers are working in close partnership with well-informed partners — in the intelligence community, in industry, and elsewhere — and “helping us develop our effects,” he said. (Presumably this is military-speak for “software that does stuff.”)

    “We need to be more nimble” in acquisitions in general, said Aaron Hughes, speaking alongside Nakasone and others at the Center for Strategic and International Studies. Hughes is deputy assistant secretary of defense for cyber policy and former vice-president of In-Q-Tel, an intelligence community-backed venture that’s often touted as a model for accelerating private sector innovation into government hands. CYBERCOM can’t just bypass the entire acquisition system, he said, but it might find shortcuts.

    “I don’t think we can go from zero to 100 immediately, but I think some sort of pilot or trial that provides Cyber Command with those exquisite acquisition authorities might be relevant,” Hughes said. “We could potentially see that in the coming years.”

    One model might be the acquisition authorities of Special Operations Command, which blends the legal status of a service — empowered to “train, organize, and equip” — with that of an operational headquarters. SOCOM’s budget is small, but it is famous for quickly getting a lot of innovative bang for its buck. There are provisions in the defense policy bill for 2016 to give such authorities to CYBERCOM.

    SOCOM is a model in other ways, Nakasone said. “There were some really interesting things [when] we looked at Special Operations Command, particularly as we looked at training,” he said. “They really do that well.”

    What do computer geeks have in common with special operators? For one thing, both specialties draw on every service: Of the 113 planned cyber mission teams, half of which are now in some form of operation, roughly one-third each come from the Army, Air Force, and Navy Departments (the latter encompassing the Marines). CYBERCOM decided early on that “there was only going to be one joint standard and it was going to make sure that all the services met that joint standard,” said Nakasone. “We learned that lesson from Special Operations.”

    Just training the teams requires creating an entire high-tech infrastructure of virtual “ranges,” said CYBERCOM’s deputy commander, Lt. Gen. Kevin McLaughlin. “We’re spending a lot of resources on… are generating the ability to then train and exercise and ensure the readiness of these teams,” he said.

    Just as tank brigades go to the National Training Center at Fort Irwin and fighter pilots go to Red Flag wargames at Ellis Air Force Base (both in California), cyber teams need a realistic, challenging environment in which they can face off against an opposing force (OPFOR) run by real, live humans, McLaughlin said. “We already have parts of it in place,” McLaughlin said, but they can’t train enough teams simultaneously to wargame a major crisis, nor can teams access the virtual ranges 24-7-365.

    CYBERCOM’s “Persistent Training Environment” initiative is under discussion as the Pentagon builds its budget request for 2017, McLaughlin said, but “it’s still too early to determine how much funding we’ll get.”
     
  6. F-22

    F-22 2nd Lieutenant

    Joined:
    Oct 7, 2015
    Messages:
    69
    Likes Received:
    186
    Location:
    United_States
    Pentagon Halfway to Reaching Cyber Team Goal

    WASHINGTON — The Department of Defense (DoD) is halfway to its goal of creating 130 cyber teams to man the future cyber mission force, Air Force Lt Gen James K. McLaughlin, deputy commander of U.S. Cyber Command (USCYBERCOM), said during his keynote address Oct. 9 at the Center for Strategic and International Studies.

    “Our top priority is protecting the data on the DoD network,” he said.

    The goal, which is part of the Pentagon’s new cyber strategy that was released earlier this year, is to have all the teams in place by 2018.

    In a wide-ranging speech, McLaughlin discussed the makeup of his force, what the department is doing to prepare for attacks, and the importance of working and collaborating with industry.

    “We have that ability to train both defensive and offensive forces, but we just lack capacity to do it as often as we’d like,” he said.

    There is a need to understanding cyber vulnerabilities, and it’s a key to focus on improving systems, the deputy commander said.

    As cyber attacks on government agencies have increased over the last year, lawmakers have voiced their concern about what DoD is doing to address the issue.

    A main issue has been terrorist organizations, such as the Islamic State of Iraq and Syria (ISIS), using the web as a means to disseminate information and create mass hysteria. McLaughlin said his team is closely monitoring ISIS, or any affiliated groups.

    “We are building the capacity to defend against an attack versus critical infrastructure and respond appropriately,” McLaughlin said during “The Role of the U.S. Military in Cyberspace” event.

    He spoke at length about how crucial it was to have a good partnership with the cyber industry in order to maintain readiness, noting that the Pentagon is creating an environment where it is able to train its cyber workforce in a realistic and efficient manner.

    “We have a lot of work to do with industry [in terms of] how to share talent and how to get the most up to date technology,” he said.

    Working closely with other agencies also is a critical part of keeping government networks secure, he said.

    Aaron Hughes, the DoD’s deputy assistant secretary of defense for cyber policy, added that the department does not need a new strategy for deterrence but rather it needs to implement the existing strategy.

    http://www.seapowermagazine.org/stories/20151009-cyber.html
     
    AMDR likes this.
Loading...