Even today’s best sonar technology doesn’t give a sub captain a very good sense of the battlespace. “What the submariners get is a low-dimensional picture. So if you are towing an array, you get information like bearing and sometimes frequency information.
There’s a lot of potentially valuable data that towed sonar doesn’t capture because it’s only collecting one type of data and only at one point. If you could collect and properly analyze sound and wave data from other points in the ocean, you could develop a much better sense of what an adversary is doing.
We want to explore “analytic techniques linking physical oceanographic variability with acoustic propagation, including field efforts to collect relevant data sets. Analysis of large oceanographic and acoustic data sets, including the development and use of artificial intelligence and machine learning techniques.”
We need to turn all that new undersea-sound-propagation data into 3D pictures that submarine crews could use to immediately see where they were in relation to other objects and figure out how they might move to get a better picture or hide their activities.
3D battlespace enables submariners to understand where they are, geologically in terms of ocean topography, geographically, what the radiated noise levels were…which is something Navy is very concerned about because they don’t want their adversary to know they can hear them.”
“If we know this adversary is located along a certain bearing angle, then where might we go to optimise our ability to localize them? Those are decisions that submariners are making all the time. “They’re really playing a game. They want to find the bad guy without the bad guy knowing that we know where they are.”
If you can take that data and use reinforcement learning— essentially, showing the software lots of examples of submarine captains executing missions — you could train an AI that would outperform a human crew on some of these decisions.
“We can watch them while they are making these decisions and then the reinforcement algorithm will learn what they’re doing in order to minimise ambiguities and understand what the results are.”
The rule that we're using at battle management system is we don't start talking platforms until the end. That's probably going to be paramount for us, for the first few years of the program. It is so easy to start talking about satellites and airplanes and forget what battle system is going to have to uniquely champion. That's the data architecture that will connect them.
The team is doing great job of starting to write down requirements for our data architecture, leveraging a lot of work that’s already underway in our space-development portfolio. There’s an initiative no one’s heard of called Unified Data Library.
It’s not a very exciting name, but it’s a great system. Unified Data Library is used currently for space situational awareness. Data pipes in through a variety of sources, it’s able to be addressed in multiple layers of classification and we do microservices on top of it that are used by different users.
Step one, the thing we got to get right first, is that data architecture because people need to build systems that populate according to whatever standards we’ve fixed.
Step two, once we get the data architecture defined, will be the requirements for the population of the data. Maybe one sensor needs to be able to fill a gap that others are creating. We’re going to have to look at requirements at the system level and then tell satellites: “You need to be able to provide this level of data at this refresh rate. UAVs need to be able to meet this rate" and so on.
Once we do that, then we'll be into the traditional part of the acquisition, which is building those satellites, building those UAVs.
We’ve got to do demonstrations along the way, so expect to do yearly demonstrations. The first one we want to get to is ad hoc mesh networking so that we get the same kind of advanced connection effect where things start working together without humans having to control them.
So we don’t have to wait for the full architecture to be fielded. And it really will never be done; battle system merge over time as we put up satellites and UAVs. More things connecting to the network will make the system of systems better.
Battle System will soon be well definitized in terms of the lines of effort, the data architecture, you know we’ll have to have a line for artificial intelligence because we are not going to be able to pass all the data collected across the networks, a networking component, and then at the end, the platforms that provided.
This has got to be about the highway, not the trucks that are on it. Step one is getting the highway paved. Now we’re able to get this kind of data architecture, analysis and demonstration work done. and when there are more funds we’ll ramp up fuller-scale prototyping.
it can’t start by going to build a drone or satellite. We’ve got to focus on the basic stuff, which is that data architecture. We’re going to have to be able to do tool development at multiple levels of classification and do it securely: All those are things that are hard to get people energized about but they’re going to be what makes or breaks for this program.
The strike group commander knows the strike group best. We know what we did here during deployment, and this was a lot of air-to-ground, but we didn’t do a lot of air-to-air, and we didn’t do a lot of war at sea, and we didn’t defend myself against missiles.
So we develop a scenario that will get the training required. … They did a live missile ex, shooting at supersonic targets with jamming and all high-end types of things here, to do that, the missile shot.
And there was a lot of air-to-air fighting, both live, but we also inserted virtual. So now the sailor on the scope sees five aircraft coming in, but there’s only one real one coming in for our guys to fight against.
And commander will see missiles coming in, constructive missiles. So we are pushing our live, virtual, constructive – that’s how we are accelerating along here the capability curve. “We put in that investment and that got their training up, and their readiness ratings were all green.
Network security technologies of yesterday are too large and expensive to deploy, leaving tactical networks unequipped with the mobility and scalability needed in a networked warfighting environment. Without the right technologies in place, Soldiers' views into the threat landscape can be restricted and even at times inaccurate, as real-time situational awareness of network threats is impaired.
Responses to network security threats on the battlefield must come in real time, as the difference between waiting hours and days versus seconds and minutes to respond could have dire consequences. Yet, the shortage of network specialists readily deployed and available in tactical environments makes real-time response difficult if not impossible. And even for tactical operators in the field, maintaining multiple systems can be overwhelming.
More vulnerability at the tactical networks-The electronic footprints of current tactical networks are often easy to discover, and the closeness of adversaries in battlefield environments makes it easier for communications to be intercepted, which is all the more heightened given how tactical networks are traditionally dispersed. Internal and external threats at the edge of the network challenge DoD when it comes to rapid detection and response
.
Once you have identified your list of targeted resources to be profiled, you are ready to begin creating a profile for each one. The idea is for the resource owner to rate the resource's importance to the organisation from an information-security perspective and relative to all other assets in the organisation.
The profile tracks information at a mission and function level and is not necessarily specific to implementation decisions. For example, if you are designing a new system, you should know what types of data will be processed and what the basic functions being performed will be before you decide on technologies or placement in the network.
When you are designing your profile questionnaire, it is important to note that not every question needs to be used in the calculation of the risk sensitivity. Some questions are meant to capture other pertinent information about the resource for reporting purposes and do not directly contribute to the risk-sensitivity score.
For example, you may ask a question about where the system is hosted. The answer to this question doesn't affect the sensitivity of the asset, but you may want to prioritise assessments of third-party hosted systems because of increased risk exposure, and the answer to this item will give you the desired information about which systems are hosted internally versus externally.
You may also want to ask a couple of high-level questions about whether basic security controls are in place for example, roles-based access, encryption, and audit logging. The answers to these questions may help you to focus your efforts on resources that don't meet the most basic security control requirements.
Similarly, you may want to ask if the system uses a common or central infrastructure for authentication and authorisation or logging to eliminate the need for assessing those areas any further. Systems using one-off solutions for these core security services may have more potential for risk exposure.
Factors do not change the sensitivity of the resource, but they can help with prioritisation. For example, whether or not a vulnerability test has been performed on the resource does not affect its sensitivity, but this knowledge is important for identifying resources that may have undiscovered vulnerabilities that are readily exploitable.
You will often find yourself trying to choose between several high-sensitivity resources to assess, and these other factors can help you decide which ones to focus on first.
The security risk profile questionnaire should include several questions about the resource to help determine the sensitivity and criticality of the application in comparison to others. It is essential to evaluate a resource's sensitivity on a relative scale.
Start by identifying the resource that is most crucial to the organisation, and use this as a reference point. This is important because the tendency is to rate resources too high. If you end up with all resources being rated as high sensitivity and none as moderate or low, then the scale becomes worthless.
At the time of this review, Directorate Site Visit Executive for network operations had not established letters of delegation to provide surveillance over units that were designing and building automated /network supply system components. The Commander had begun negotiations for delegations but were delayed because the Directorate Site Visit Executive, who was seeking to maintain positive relations with the project office, granted request from project teams to delay surveillance of units until after the start of initial production, to allow processes to develop.
As a result, Directorate did not have access to unit staff and facilities to perform surveillance functions and could not report directly to the team issues impeding unit progress in assessing risk, designing and building equipment supply system field level supply of critical equipment components.
Negotiations for delegations for units were ongoing based on risk questionnaire . Letters of delegation for unit surveillance are supposed to identify and address operational problems that can cause reductions to technical performance, cost increases, and schedule delays.
Units are responsible for designing and building System components to include an installation unit to integrate with aircraft, pointer-trackers with processor units to scan the air and identify signals. These components make up equipment supply kits to be assembled.
Unit surveillance is a critical part of the overall administration of services Directorate provides teams with to support decision-making events with objective and actionable task, technical, risk, schedule, and performance metrics through a programme support team consisting of multifunctional specialists to include and quality/value assurance.
DoD policy mandates that the programme integrator, with support from the programme support teams at unit locations, independently assess task performance and execution in in the risk assessment questionnaire to be approved for release to programme stakeholders.
Key stakeholders include milestone decision authority and the project administrator uses the questionnaire to monitor mission schedule, and performance, and highlight problems in unit processes that could increase risk, delay schedule, and reduce performance.
DoD mandates Directorate must perform specific actions to determine and document programme risk prior to establishing letters of delegation: First review the mission requirements; Second, determine programme support team requirements for the unit, and establish a programme support team. Third, establish an initial programme risk rating based on technical,and schedule risk;.
Must develop programme support plan to outline planned surveillance events at location of mission execution and establish agreement, if required, with the programme office.
There was no technical reason behind the decision to delay direct surveillance of units to allow their risk assessment processes to develop. More specifically, the program integrator told investigators that Directorate wanted to maintain a positive working relationship with the project office and therefore agreed to delay surveillance of units
But effective team planning and action, such as establishing delegation of risk questionnaire to oversee system design and development, can minimise potential risk increases, schedule delays, and technical performance that may be associated with deficits in programme maturity.
Directorate surveillance is critical to help programme stakeholders monitor and proactively identify and address programme risks. and surveillance is even more critical when unit processes are not fully developed.
Without delegation or risk questionnaire, there was not direct access to the units to help in providing the project team with timely, value-added surveillance and progress assessments in designing and building systems components.
With direct and continuing access to units Directorate could have given the project team more timely and insightful advice and evaluation relating to delays, which would have allowed teams to take earlier action.
You may not have defined the specifics of how the functions will be performed, but having mission and functional requirements defined is enough to complete the security risk profile.
The best way to profile a resource is with a simple questionnaire. This questionnaire uses a series of targeted questions to measure the potential impact to the organisation of a generic security violation for the target resource. It should include questions that are designed to identify the following:
1. Resource ownership
2. Function data processed, stored, and/or transmitted
3. Sensitive functions performed
4. User community
5. Support and hosting model
6. Access administration model
7. Audit trail and maker/checker controls
8. Overall confidentiality, integrity, availability, and accountability
9. History of previous risk assessments
10. Requirements for future assessments