Archive for DoD

DoD granting network access to Android and Blackberry… !?!?!

Multiple media outlets, including FederalNewsRadio.com and Reuters are reporting today on a DoD announcement that it has granted permission for use of Samsung’s Android Knox and Research in Motion (RIM)’s Blackberry 10 and Playbook tablets.

The sad news is that no one told any IT implementers within the DoD, so essentially nothing has changed (yet).  Use of any IT device is subject to applying the DoDs Security Technical Implementation Guides, or STIGs.  As of this writing, the STIGs needed to actually deploy these devices are not available… so they are “approved” but no regulation-compliant means to put them into service exists at this point.

Additionally, the service components (Departments of the Army, Navy and Air Force) typically need to put their specific “spin” on guidance issued at the DoD department level.  This means that for most of the DoD, nothing has changed for the time being… though the department’s gears seem to be turning in the right direction.

It should be noted that use of Android on DoD networks is not really new.  A STIG for Android 2.2 on Dell devices was released in December of 2011.

LinkedInTwitterDeliciousShare

DARPA Targeting Limited Future Dollars to Cyber

In an interview with FederalNewsRadio.com, the director of the Defense Advanced Research Projects Agency (DARPA) — most famous for the creation of ARPANET (also called DARPANET), which formed the initial core of what we consider to be the Internet — says that the agency is targeting limited future dollars in part to the exploration of expanding Cyber capabilities.

Firstly, it’s worth noting that the DoD has struggled with use of the term Cyber.  The doctrine to back the term’s use up was a long time in coming to some, and in the interim a host of non-doctrinal definitions have developed in that vacuum.  Now that doctrinal terms exist, the DoD has struggled with getting everyone back on “the same sheet” of doctrinal “music.”  This was a significant enough problem to warrant creation of a U.S. Government Accountability Office (GAO) report on the lack of focus.

From a doctrine standpoint, the DoD divides “cyber” computer network operations into three categories:  attack, defense, and exploitation (to include activities that enable that exploitation).

In the interview, Dr. Arati Prabhakar, DARPA director, discusses that even in a fiscally challenging environment in which we find ourselves — some of those limited funds to “cyber” efforts is a priority, using DARPA’s “Plan X” (which is in the “attack” portion of the attack/defense/exploit “three-legged stool” mentioned above) as an example of that prioritization:

“…Plan X, is a program that is specifically working toward building really the technology infrastructure that would allow cyber offense to move from the world we’re in today, where it’s a fine, handcrafted capability that requires exquisite authorities to do anything with it, that when you launch it into the world, you hope that it’s going to do what you think it’s gonna do, but you don’t really know.

We need to move from there to a future where cyber is a capability like other weapons capabilities, meaning that a military operator can design and deploy a cyber effect, know what it’s going to accomplish, do battle damage assessment and measure what it has accomplished, and, with that, build in the graduated authorities that allow an appropriate individual to take an appropriate level of action. That’s the vision.”

Plan X is only one of a number of programs that fit into DARPA’s newly-published operational framework entitled Driving Technological Surprise: DARPA’s Mission in a Changing World.  The new framework… only 16 pages in length… is available at http://www.darpa.mil/WorkArea/DownloadAsset.aspx?id=2147486475.

LinkedInTwitterDeliciousShare