Prepared by the CyberWire (Friday, May 5, 2017). This month's news includes a great deal of wishful thinking about missile-hacking, US Air Force upgrades of its cyber capabilities, and uncertainty at NASA about the space agency's cybersecurity plans.
North Korea's Failure to Launch
An April 16 attempt by Pyongyang to test-fly a long-range strike missile failed, with the system crashing shortly after launch. The North Korean regime has been undaunted, promising shortly after the failure that it had the ability to wage all-out war against South Korea and (especially) the United States, and that it intended to test a missile every week. Weekly testing has apparently been gasconade, but North Korea's neighbors are uneasy about missile development, the DPRK's nuclear weapons program, and its bellicose talk. The US and China are both concerned, and have implemented tighter sanctions as they play, respectively, the bad-cop, good-cop roles in the crisis. Japan, South Korea, and Russia are also looking to their defenses.
There's a great deal of interesting but unfounded speculation, much of it originating in the United Kingdom,that the US has developed and used a cyberattack capability against North Korean missile systems. There's no positive evidence that this is so, and the speculation appears to turn on wishful thinking and a forced interpretation of routine US refusals to confirm or deny the existence of a cyber operation against Pyongyang. Refusing to confirm or deny a covert operation is of course not evidence that there is any such operation, but sections of the press (again, especially in the UK) persist in viewing disinclination to talk as a "hint" that, yes indeed, the US is hacking away. But as many informed observers are pointing out, there are many explanations for failure to launch, most of them more probable than hacking.
Uncertainty Surrounds NASA's Cybersecurity Plans
NASA's chief information officer for IT security, Jeannette Hanna-Ruiz, who assumed her post in August of last year, told Bloomberg in an interview published April 12th that the agency was concerned about space mission hacking. "It's a matter of time before someone hacks into something in space," she said. "We see ourselves as a very attractive target." She went on to describe NASA's efforts to get control of its internal networks, establish itself as a cybersecurity leader, and head off cyberattacks against space missions.
The future of those plans, however, was called into question by Hanna-Ruiz's resignation on April 17th, effective April 28th. She'll be succeeded on an interim basis by acting CISO Mike Witt, who joined NASA from a position as deputy director of US-CERT at the Department of Homeland Security.
Some of that uncertainly, at least with respect to independent verification and validation, was resolved on May 1st, when it was announced that Engility had won the recompete of a $170 million contract to perform IV&V of NASA missions.
US Air Force Moves to Increase Cybersecurity Capabilities
The Air Force is opening a Cyberspace Threat Intelligence Center at Joint Base San Antonio. Its parent organization, the 35th Intelligence Squadron, will support Air Force operations worldwide.
The Air Force has also adopted its own version of the hack-the-Pentagon crowdsourced approach to vulnerability research that's been widely applauded. But in this case, at least, the word is that Russian hackers are disinvited. "Vetted" hackers from the Five Eyes, yes, but ochi chornyye need not apply.
National Geospatial Agency Describes Push for Agility in Cyberdefenses
The National Geospatial Agency (NGA) is seeking more agility in defending itself against cyberattacks by bringing on developers for shorter periods. Instead of long-term hires, the agency is now bringing developers on for periods as short as a week. This approach has moved NGA toward closer collaboration with the private sector. NGA's Xperience Directorate is serving as the agency's broker with industry.
Three significant contracts have been awarded to longtime Air Force performers. Raytheon has received an $8.5 million contract to build the Service's Cyber Command and Control Mission System (C3MS) operating location at Lackland Air Force Base, Texas. C3MS will, once it becomes fully operational at the end of April 2018, be responsible for operating and defending USAF networks.
Northrop Grumman received a $9.4 million contract to develop the Cyber Mission Platform (CMP) also at Lackland Air Force Base. The CMP is focused on development of offensive cyber capabilities.
And in March Booz Allen Hamilton won a $10 million contract for research into high-power electromagnetics for cyber and electronic warfare applications.
Raytheon announced that its OCX work modernizing GPS ground stations has met the standards laid out in the Department of Defense Cybersecurity Discipline Implementation Plan (October 2015, as amended in February 2016). The milestone is seen as significant not only for GPS security, but for Raytheon's prospects of significantly expanding into other cybersecurity markets.
The US Army has given BAE a place in an eight-year, $3 billion IDIQ contract to support Space and Missile Defense Command/Army Forces Strategic Command; the work will inevitably have a significant cybersecurity dimension.
Lockheed Martin, which also has announced plans to consolidate its commercial and civil satellite business into a single line of business, conducted a multi-domain exercise at its facilities in Suffolk, Virginia. The three-day, tabletop wargame explored the intersection of kinetic and cyber effects. Results are being provided to the US Air Force Multi-Domain Command and Control (MDC2) Enterprise Capability Collaboration Team.
Today's edition of the CyberWire reports events affecting China, the Democratic Peoples Republic of Korea, Malaysia, the United Kingdom, and the United States.
OCX May Pave Way For 'Huge' Raytheon Cyber Business(Breaking Defense) OCX, for the last two years the most troubled space acquisition program and a watchword for the high risks of being the first program to try and meet the Pentagon's highest cyber security standards, may now open the way for Raytheon to plow its way deep into the rich fields of the cyber security market.
Northrop Wins $49M Air Force Deal for Technical Services(NASDAQ.com) Falls Church, VA-based Northrop Grumman Corp. 's NOC unit, Mission Systems, has won a modification contract from the U.S. Air Force. The contract is valued at $49.3 million and is awarded by the Air Force Life Cycle Management Center, Robins Air Force Base, GA...Per the contract, Northrop Grumman will provide maturation and risk reduction technical services for the Embedded Global Positioning System and Inertial Navigation System-Modernization (EGI-M) technology.
U.S. Air Force invests millions this month on cyberweapons projects(Cyberscoop) Three of the United States' largest military contractors each won multimillion-dollar projects in the last month to boost American offensive power in the cyber domain. Raytheon, Northrop Grunman, and Booz Allen Hamilton have all seen their stock prices rise 10 to 20 percent since the November 2016 U.S. election.
Engility Wins $170 Million National Aeronautics and Space Administration Contract(Yahoo! Finance) Engility Holdings, Inc. won the re-compete of the Systems and Software Assurance Services contract from NASA's Goddard Space Flight Center. Engility will help NASA's Independent Verification and Validation program support missions to explore earth and the universe, including future moon and Mars expeditions
Dan Geer: Cybersecurity is 'paramount national security risk'(CSO Online) Cybersecurity and the future of humanity "are conjoined now," according to In-Q-Tel's Dan Geer. The cybersecurity futurist, in the closing keynote at SOURCE Boston 2017, gave a sobering look at what is likely to come in a world where change and growing interdependence is happening faster than anyone's ability to manage it
Getting Tough on North Korea(Foreign Affairs) A quarter-century of negotiations and sanctions have failed to change North Korea's behavior. It's time to crack down on Pyongyang's foreign financial dealings,and the states that abet it.
NASA's chief cyber executive to leave(FederalNewsRadio.com) Jeannette Hanna-Ruiz, NASA associate CIO for IT security and senior agency information security official, is leaving after only eight months.
Service Vice Chiefs Press the Need for Funding Certainty, Expanding Cyber Security(Seapower) The pressing needs for the three naval services and the maritime industry are greater budget certainty, reversing the erosion in their readiness to meet global challenges, and expanding and modernizing their shrunken and badly aged forces, all of which would be made much harder if Congress relies on a continuing resolution (CR) for the rest of the fiscal year, their senior leaders said April 3.