Tag Archives: Approach

Cyber failures spark search for new security approach

With cybersecurity’s most glaring failures in the limelight, many experts say it’s time for a new approach.

In recent weeks, the security community has been rocked by news of a massive breach at online giant eBay affecting as many as 145 million customers, following another that hit as many as 110 million at retailer Target.

A US indictment earlier this month accused members of a shadowy Chinese military unit for allegedly hacking US companies for trade secrets, a charge denied by Beijing.

The incidents highlight huge gaps in cybersecurity, or the ease in which malicious actors can break into a single computer and subsequently penetrate a network or cloud.

“The old model (for cybersecurity) doesn’t work,” said James Lewis of the Center for Strategic and International Studies.

“It is getting worse and getting out of control… One of the dilemmas is that when people have a choice between security and utility, they often choose utility.”

A survey released Wednesday by the security firm Trustwave said it identified 691 breaches across 24 countries last year, with the number of incidents up 53.6 percent over 2012.

“As long as criminals can make money by stealing data and selling that sensitive information on the black market, we don’t expect data compromises to subside,” the report said.

Much of the problem stems from so-called “phishing” attacks in which emails are disguised as coming from a trusted person.

When links are opened, hackers can install malicious software allowing them to control a computer, and potentially an entire network.

A report by security firm Symantec found a 91 percent increase in targeted “spearphishing” attacks in 2013 and said more than 552 million identities were exposed via breaches.

IBM recently unveiled a new cyber defense system aimed at thwarting attacks before they happen, with predictive analytics.

Symantec suggests a similar approach touting its platform “that aggregates and correlates unfiltered alerts from a diverse set of technologies, harnessing global threat intelligence to detect traffic patterns associated with malicious activity,” according to a blog post by Symantec’s James Hanlon.

Hardware security approach
But others in the cybersecurity community dispute that approach.

The idea of predicting and halting attacks “is utter nonsense,” said Simon Crosby co-founder of the security firm Bromium, which uses a hardware-based solution that isolates computers to prevent the spread of an infection.

Crosby told AFP he views as unlikely “the ability to pick through the noise to find a bad guy before he does bad thing.”

He said Bromium offers a better solution “by making the system defend itself by design.”

Johannes Ullrich, a researcher with the SANS Institute, said hardware isolation “is a solid approach,” but just one of many new options being explored.

Ullrich said that in hunting for malware, “you cannot come up with a list of everything that is bad, but what you can do is enumerate what is supposed to be there.”

This “white list” approach has a higher chance of success, Ullrich said.

‘Hunting ghosts’

The old notion of using anti-virus software, which updates itself based on new malware “signatures,” is rapidly losing credence.

A 2012 study by the security firm Imperva said most software only detected around five percent of malware. Another firm, FireEye, concluded last year that 82 percent of malware disappears after one hour and 70 percent exists just once.

“With the half-life of malware being so short, we can draw the conclusion that the function signature-based AV (anti-virus) serves has become more akin to ghost hunting than threat detection and prevention,” said a blog post by FireEye’s Zheng Bu and Rob Rachwald.

Ullrich said that over time, companies need to invest more in information security and develop strategies before the problems subside.

“Security will never prevent every single breach,” he said. “You want to keep it at a manageable level, to stay in business. That’s what security is all about.”

Related Topic Tags

Related Defense, Military & Aerospace Forum Discussions

View the Original article


Comments Off on Cyber failures spark search for new security approach

Filed under Defence Talk

Pentagon Revamps Approach to Industrial Base

By on Friday, February 22nd, 2013

The Defense Department has revamped its approach to communicating and interacting with the defense industrial base after applying lessons learned from previous economic downturns, a senior defense official said here today.

Brett B. Lambert, deputy assistant secretary of defense for manufacturing and industrial base, spoke during an Atlantic Council panel session.

Lambert said he was asked in 2009 to figure out a perception that DOD’s communication with the defense industry was lacking.

A lot of people thought it was political, he said, but that proved not to be the case.

“It became obvious to me very, very quickly it had nothing to do with politics or parties,” he said. “It had everything to do with 10 years of double-digit, year-over-year growth. There was no need to talk to each other. Everyone was happy. When we had a program that was bleeding, we cauterized the wound with money, because we had it. Expediency was the most important thing.”

Lambert said the defense industry delivered what was asked of it, but that over time, the interaction between DOD and the industrial base broke down.

“So we came in with strategic guidance to try to re-establish, if you will, communications — specifically with industry,” he said. “But I came in with another specific task.”

The deputy assistant secretary said then-Defense Secretary Robert M. Gates was aware of the coming downturn. “He knew well the times of double digit growth were over,” Lambert said. “And so we knew we were entering a time of downturn.”

With that in mind, Lambert said, officials reviewed the four previous downturns’ effects on the industrial base.

“Basically we were 0-4,” he said. “We got it wrong in every case. We got it wrong for a variety of different reasons, so we went back to look at what we could do better.”

That effort made clear the need to engage industry up front, Lambert said. “And we needed to understand how dramatically the industry has changed since the last downturn — the post-Cold War downturn,” he added.

Lambert said the department reviewed lessons learned and crafted a plan, agreed to by Deputy Defense Secretary Ashton B. Carter, and Frank Kendall, undersecretary of defense for acquisition, technology and logistics, to act on those lessons.

“One: better communications,” he said. “We’re doing that through outreach — through working with organizations like the Atlantic Council to communicate, to get our ideas out, and to get feedback.”

The Defense Department received more than 500 inputs from industry from the “Better Buying Power 1.0” initiative, Lambert said.

“Many were implemented,” he added. “We have even more industry inputs for Better Buying Power 2.0. And they are being reviewed, and many of our changes you’ll see coming out in the final document will reflect the industry’s comments.”

The second element, he said, places more emphasis on internal mechanisms and what the Defense Department could do better in working with industry partners, such as educating the DOD workforce on what those partners are all about.

“The third thing I was asked to take on was policies that were both enduring and flexible,” Lambert said, noting that a new Defense Department acquisition instruction will be issued in the coming weeks. Lambert said the new instruction represents a new way to look at industrial base analysis and policy, and that every major program will be affected.

“Instead of thinking about industrial base as an afterthought once program decisions are made,” he added, “industrial base will now be … part of major decisions.”

Lambert said he believes the department now is well prepared, despite changes in the defense industrial base over the past decade.

“Moving forward, I feel comfortable that we have the tools to deal with some of the more complicated industrial base issues, including the transaction issues we’re going to see,” Lambert said.

“At the same time,” he added, “cuts are coming across the board, or likely to come across the board to the whole department,” referring to a mechanism in budget law that will take effect March 1 unless Congress comes up with an alternative plan.

“Those cuts will also come to the very institutions we’re trying to set up to mitigate the effects of those cuts,” Lambert said, “so on that regard, I’m not terribly optimistic right now.”

Related Topic Tags

Related Defense, Military & Aerospace Forum Discussions

View the Original article

Leave a comment

Filed under Defence Talk

New Flight Control Mode Improves F-35C Handling on Landing Approach

Flying approaches for a carrier landing just might be a little easier in the future. The F-35 Integrated Test Force at Patuxent River completed the first dedicated test flight May 4 to evaluate the F-35C Lightning II Joint Strike Fighter’s approach handling characteristics with new flight control laws. Part of software version 2A the new flight control software, called Integrated Direct Lift Control (IDLC), translates pilot commands into choreographed changes to engine power and control surface movement, greatly improving glide path control, according to one test pilot.

“I’ve landed [F/A-18] Hornets on a carrier, and I can tell you there is a lot less lag in the F-35C with the IDLC,” said Marine Corps Lt. Col. Matthew Taylor, an F-35 test pilot. “I would have been comfortable making the approaches in the carrier environment after just two to three passes.” Precise glide path control is critical to landing safely on the carrier as a pilot concentrates on maintaining glide slope, angle of attack and lineup.

“Landing on a carrier with current fleet aircraft requires the pilot to make dozens of precise three-part power corrections,” said Lt. Cmdr. Robert Bibeau, carrier suitability department head for Air Test and Evaluation Squadron (VX) 23. “It’s an acquired skill, needs practice and intense concentration, like hitting a baseball.”

Pilots typically qualify to land on a carrier by completing around 30 landings while in initial flight training and at their fleet replacement squadrons. “We have to spend a significant amount of training time on carrier landings, especially night landings,” Bibeau said. “To make all the little high-pressure adjustments takes headwork, intellect and reflexes. It’s unforgiving.” But with the new flight control software IDLC in the F-35, Taylor sees “the potential to reduce the training burden for new pilots going to the ship.”

The F-35C carrier variant of the Joint Strike Fighter is distinct from the F-35A and F-35B variants with its larger wing surfaces and reinforced landing gear to withstand catapult launches and deck landing impacts associated with the demanding aircraft carrier environment. The F-35C is undergoing test and evaluation at NAS Patuxent River prior to delivery to the fleet.

Another change to the F-35C is the redesigned tail hook. Lockheed Martin is confident the redesigned tailhook will be ready for the planned carrier flight tests currently scheduled for 2014. The original hook did not perform well and casued the aircraft to miss the arresting cable too often.

The carrier variant of the F-35 Joint Strike Fighter has been flying with new flight control modes improving final approach and landing on an aircraft carrier. Photo: Lockheed Martin

View the Original article

Leave a comment

Filed under Defense Update

MBDA Introduces Futuristic UAV Weapon Approach

MBDA unveiled today a new member of its ‘Concept Vision’ system ideas, a futuristic weapon systems for Unmanned Aerial Vehicles (UAV) the company’s scientists consider could mature in the next 20 year timeframe. The innovative concept MBDA presented today is a concept weapon system designed specifically for Medium Altitude Long Endurance (MALE) UAV. This weapon suite enables MALE UAVs to deliver close air support directly assisting ground forces over long periods of time, without lengthy and complex command and control cycles limiting such activities today. The system as a whole is designed for ‘persistent engagement’ in mind, deploying dedicated sensors low above the enemy area for hours, allowing the unmanned platform to maintain stand-off distance from the target, thus remaining relatively safely for longer missions.

The company’s successful introduction of ‘Concept Vision’ plans in 2010 and 2011, have helped harnessing the imagination and innovation of its European workforce through the creation of inspirational and ambitious concepts for future weapon systems. “As in previous years, MBDA will use the concepts generated to stimulate our customers, suppliers, shape our markets and challenge our own assumptions about the possibilities for the future.” Wadey said.

The Concept Vision CVS301 ‘Vigilus’ system comprises a common ‘intelligent launcher’ and several types of effectors (guided weapons) – the first two include a rocket boosted glider and electrically powered, ducted fan propelled optionally armed expendable loitering ‘scout’. Both weapons will be designed to enable direct (man in the loop) control from the ground, by the UAV operator or by the supported element.

The Vigilus weapon system comprises an integrated launcher and communications unit called ‘Armatus’. Each such carrier weighs 70 – 100 kg and will be configured to be carried by platforms flying at low to medium speed carrying any combination of small, medium or large weapons. MBDA visionary scientists see Armatus as an ‘intelligence launcher’ providing a seamless interface between the platform and weapons. Among the unique approaches MBDA is working on are connectionless interface between the launcher and weapons, and live, on-board mission planning capability. MBDA envisions employing an innovative new 3D model generation for target identification and tracking as part of its futuristic ‘intelligent launcher’ concept.

The basic Armatus configuration can also carry a single medium weight ‘Caelus’ loitering scout missile, weighing about 30 kg. Its wingspan will be about two meters, the length will be about 1.80 meters. This electrically propelled vehicle is designed as ‘persistent target identification and tracking system’, flying low above enemy area undetected, thanks to its low acoustic and thermal signatures. It will be able to throttle from loiter speed to high dash or attack velocity, and tune its warhead to match the type of target to be engaged (armored vehicles, soft targets etc.) Caelus will provide close-in view of targets,supporting the UAV operator by descending below clouds, and loiter for up to two hours. It will have a payload capacity of one kilogram, comprising of extra battery, enhanced ISTAR payload or a small warhead.

The weapon of the CVS301 system is the 80mm ‘Gladius’ type miniature gliders weapons. The Armatus launcher will be able to carry eight Gladius weapons along with a single Caelus. After being released from the launcher, the 80 cm long Gladius will be boosted to subsonic speed and expand the wings over 44 cm span, to continue on an unpowered glide to the target up to 30 km range. Each Gladius will weigh up to seven kg and be equipped with an Explosively Formed Projectile (EFP) weighing up to one kilogram. Up to four Gladius weapons would be targeted simultaneously from each Armatus launcher, at different targets (a MALE platform will be able to carry multiple launchers with different weapon configurations).The missiles will be controlled from the UAV mission control center (GCS) or directly by the supported element calling the attack (and often having the target in sight). For such control ground forces will be equipped with a standard console that will employ the CVS301 target engagement software. The weapon will employ a jam-resistant Global Navigation System (GNSS), enabling the weapon to home in on the target’s coordinates with high level of precision.

The Armatus launcher will also have room to carry up to three relatively heavier guided missiles (yet unnamed), each weighing about 100 kg.

View the Original article

Leave a comment

Filed under Defense Update