As a result, they now need to perform at higher levels, work more closely together, comply with challenging new mandates, and modernize legacy systems. Additionally, organizations must do this in the face of a confusing array of choices, and in a rapidly evolving landscape of emerging technologies like blockchain, robotics and artificial intelligence.

AI-powered surveillance sought for US Central Command

One of the emerging technologies already affecting the sector is digital twins, particularly in supply chain management. A combination of enabling technologies and analytic capabilities, digital twins produce a virtual model of a process, system, or object, informed by real-time data.

A new report from Accenture, based on interviews with senior military, defense and aerospace officials, acknowledges the benefits of digital twins for defense supply chains, including cost efficiency, situational awareness, force readiness, fleet management and sustainability.

Digital twins tap real-time and historical data sources to enable learning, reasoning, and dynamic recalibration for improved decision-making. These emerging predictive capabilities can help reduce risk and empower leaders to make more informed decisions, faster.

However, the same report also found four primary barriers to successful digital twin deployment by defense organizations seeking to explore digital twins on a path to more advanced management of their supply chain challenges. Only by identifying and adapting to these challenges can success by guaranteed.

The knowledge deficit

The value of digital twins is in combining the power of technology and human ingenuity to support decision making. Unfortunately, the global defense community currently has a relatively low level of awareness around digital twins, even at the leadership level. Defense organizations should work to ensure senior leaders know about their effectiveness and understand that adoption is led by them, not their IT organization.

Skill deficits can also be addressed through internal learning, new on-demand talent models and through strategic partnerships with vendors and academic and research institutions.

The data dilemma

Real-time data is the oxygen for digital twins, and often, organizations allow their concerns over the quality, volume and complexity of data and the time and costs involved in managing it to supersede its deployment. Many do not realize they can build digital twins with the data they have today and evolve models and inputs over time.

The security paradox

Digital twins deliver more value to the military ecosystem when they extend beyond one organization and integrate with the entire supply chain. However, security concerns can make this difficult to do. Given this and the nascency of digital twin applications in defense supply chains, governance is lagging and perpetuates fears around security and compliance.

The way around this is to update policies and agreements on data security to ensure they also support supply chain data sharing. It also requires refining data security accreditation standards to clarify compliance with sharing rules, and ultimately prioritizing cloud adoption to connect and protect data in a consolidated manner.

The supplier gap

As momentum for digital twins grows, defense organizations will need additional criteria around digitalization and data literacy, as well as modernized contracting protocols, to select suitable suppliers. They will need agreements on data ownership and sharing to provide end-to-end visibility while enabling suppliers to protect intellectual property.

Digital twins can support a process of continuous reinvention, as organizations leading the effort strive to improve data literacy through coaching, commercial incentives, adoption of learnings and modern technologies and tools for supply chain management.

As the world adapts to volatility around markets, the environment and geopolitical events, defense organizations must prepare for more dynamic, informed management of supply chains. Digital twins will become central to supply chain management in defense and are likely to set apart leaders and laggards in military readiness and effectiveness in the years ahead. Tomorrow’s defense leaders are today forging ahead to harness the strategic value of digital twins.

Matthew Gollings is Accenture’s Global Defense Industry Lead. He also leads Accenture’s Defence & National Security Team in Australia and New Zealand.

Have an opinion?

This article is an Op-Ed and the opinions expressed are those of the author. If you would like to respond, or have an editorial of your own you would like to submit, please email C4ISRNET and Federal Times Senior Managing Editor Cary O’Reilly.

Despite the heavy toll of Russia’s missile war on Ukraine, the attacks have, in the aggregate, failed to produce the kind of decisive strategic effects Moscow likely expected would bring about Ukrainian capitulation. My recently released report, Putin’s Missile War, attributes Russia’s underperformance to incompetency within its military and to Ukraine’s skillful use of air defenses and passive measures like dispersion and deception.

Although our understanding of what has transpired in the air war over Ukraine remains incomplete, some things are becoming clearer. More than a year into the war, the Ukrainian military’s command-and-control apparatus remains intact.

Ukraine’s air force and air defenses continue to frustrate Russian air and missile operations. Western weaponry continues to flow to the front lines, and the morale of the Ukrainian people remains steadfast despite enormous hardships.

As we enter spring, Ukraine’s electric grid remains fragile, but functional. And while Discord leaks indicate Ukraine is running low on air defense interceptors, new Western air defense systems continue to arrive to mitigate a future shortfall.

Meanwhile, Russian missile attacks against Ukraine’s civilian infrastructure are becoming less frequent. Pre-war Russian missile stocks are largely diminished, and Moscow is likely now reliant on smaller numbers of newly produced missiles.

The results of Russia’s long-range strike campaign in Ukraine contrasts with those waged by the United States and coalition military forces during Operation Desert Storm and Operation Iraqi Freedom. In those wars, U.S. cruise missiles and other precision-guided munitions played a pivotal role in fracturing Iraq’s military from its political leadership, suppressing enemy air defenses and achieving coalition air supremacy.

Russia’s inability to achieve similar strategic effects with its early air campaigns gave Ukraine the time and breathing room to disperse and reconstitute its forces. And Russia’s continued inability to achieve air superiority and significantly disrupt Ukrainian logistics has permitted the Ukrainian Armed Forces to prosecute aggressive counteroffensives with increasingly sophisticated weaponry.

In a successful strike campaign, one would expect a belligerent to become less dependent on stand-off strike assets over time as it wore down its adversary’s air force and air defenses. Yet Russia has experienced the opposite. Its failure to achieve air superiority in the early phases has caused an increasing dependence on missiles and other stand-off weapons, such as one-way attack drones, to strike targets anywhere beyond the front lines. In this way, Russia has become a victim of the kind of anti-access/area denial strategies it has sought to develop over many years.

In the broadest sense, one cannot separate Russia’s haphazard missile campaign against Ukraine from wider strategic failures that have plagued nearly all aspects of Moscow’s war effort. Yet some unique factors have contributed to the underperformance of Russian missile forces. Russia’s intelligence and targeting capabilities have been too slow and inflexible to keep pace with the dynamic, fast-changing battlespace.

Russia also underestimated the scale of strike operations needed to accomplish its initial war goals. Effective Ukrainian air defenses too have limited the number of Russian missiles successfully reaching their targets. Although the impact of Ukrainian air defenses is difficult to independently confirm, the general trend lines suggest the force is growing more efficient and capable of thinning out Russian missile and drone salvos.

At the start of the conflict, for instance, Ukraine was intercepting no more than 10% of incoming Russian cruise missiles. By early fall, Ukraine was claiming to intercept around half of Russian cruise missile salvos. By the end of 2022, after the arrival of longer-range Western air defenses like NASAMS and IRIS-T, Ukraine regularly claims to intercept 75%-80% of cruise missile salvos.

Russia’s missile strikes against Ukraine have nevertheless taken a tragic toll. Since failing to reach its initial military objectives, Russia has focused its missile attacks on Ukraine’s civilian infrastructure and industry, including the electric grid and transportation infrastructure.

In the longer term, the damage Russian missiles have inflicted will likely weigh down Ukraine’s economic recovery and make additional foreign assistance critical to rebuilding. The continued provision of air defenses now will mitigate these future costs and reinforce a sense of security that could encourage Ukrainian refugees to return home. Such refugee repatriations will be important to Ukraine’s post-war economic recovery and future self-sufficiency.

In its struggle against Russian missile attacks, Ukraine has shown that Russian missiles are dangerous but not unstoppable. Even under harrowing circumstances, Ukraine has defeated advanced Russian cruise missiles with high-tech counters such as active air defenses and low-tech practices such as dispersion, mobility, deception, and camouflage.

One cannot assume Russia or others would repeat the same operational blunders in a future war. Still, Ukraine’s experience illustrates that air and missile defense works, and when combined with passive measures like dispersion and deception, can mitigate even numerous and advanced missile threats from a near-peer adversary.

Ian Williams is a fellow in the International Security Program at the Center for Strategic and International Studies and deputy director of the Missile Defense Project.

On April 11, the Biden Administration met with Balkan leaders to pledge support for their efforts to shut down Russian news sites disseminating disinformation. U.S. support could go a long way toward helping Balkan countries in their attempts to remain autonomous from Russia, which uses disinformation to try to undermine democratic governments in the post-Soviet space.

For the past three years, intelligence analysts and disinformation researchers at my company have been closely following the tactics and strategies of Russian disinformation operations. Here are some suggestions that the U.S. could take that would make even more of an impact in countering the anti-Ukraine disinformation being disseminated by Russia.

The State Department’s suggestions to block websites are a start, but will likely only impact the low-hanging fruit and activities of unsophisticated actors. Countries should not only be targeting the IP addresses and domain names of sites spreading falsehoods, but also the companies that host and support those web addresses. Other State Department-recommended efforts – such as labeling foreign government accounts, and enacting regulations that require transparency around foreign ownership of media properties – will take time to implement. There are some other steps that the U.S. could take in order to help counter the effects of Russian disinformation in the Balkans.

We know that Russia routinely uses bots – computers that pose as humans for disinformation campaigns – to exaggerate the “impact” of its messaging. A lot of Russian disinformation is actually remarkably crude and unconvincing for increasingly skeptical internet audiences, so they want to create the illusion of impact. In today’s hyper-networked media environment, having a “successful” comms strategy is an important component of great power status.

Therefore, it would be worthwhile to increase our capacity to detect bots and trolls by investing in the development of resources, personnel and software that can find the bots. Fact-checkers can use AI-based tools and large language models to recognize disinformation, however the lack of automation and the increasing sophistication of Generative AI-created disinformation makes it challenging to keep up.

Current U.S. resources are insufficient to be competitive in the fight against disinformation. Meanwhile, Russia has invested heavily in state-aligned international broadcasters, RT (Russia Today), RT Balkan and Sputnik News, purveyors of disinformation, as well as social media manipulation and hacking. Although the U.S. created the Global Engagement Center dedicated to fighting disinformation in 2016, countering disinformation has not been a budgetary priority.

Paid ‘influencers’

For the past few years, the Kremlin has paid “influencers” and popular bloggers to spread propaganda and disinformation. Although major social media platforms restricted many official Russian government accounts, these so-called “influencers” are still operational. Social media accounts owned by the Russian government, lawmakers, affiliated media, and influencers should be deleted to block this propaganda channel.

Another important policy the U.S. should consider pursuing, is to sanction fake news outlets and pro-Russian disinformation actors who are spreading propaganda under the guise of journalism. The EU has sanctioned RT and Sputnik News, but U.S. sanctions would hold even more sway. Sanctions are one of the most powerful tools the U.S. has in fighting disinformation.

The U.S. and European governments should urge all Western allies and partners, especially eastern European countries like Georgia and Moldova, to take similar steps as those listed above.

It’s important to understand that many of the disinformation narratives pertaining to Ukraine that are circulating in the U.S. don’t originate from Russia, but come from far-right actors living in the U.S. who are anti-Biden and anti-Ukraine. Thus, U.S. officials need to recognize that pro-Russian disinformation is not purely a foreign policy issue, but also a domestic one for them.

With its global influence and resources, the U.S. has the capability to make a significant difference in the battle against Russian disinformation and establish a model for other world leaders to follow. These recommendations would go a long way toward leveling the disinformation playing field.

Noam Schwartz is CEO and co-founder of ActiveFence, a global trust and safety company.

Have an opinion?

This article is an Op-Ed and the opinions expressed are those of the author. If you would like to respond, or have an editorial of your own you would like to submit, please email C4ISRNET and Federal Times Senior Managing Editor Cary O’Reilly.

Under the Biden administration, the U.S. has taken a stricter stance on the CCP’s economic and political activities. From executive orders limiting trade on semiconductors to sanctions on foreign companies with military ties to the CCP’s Military-Civil Fusion initiatives to strengthening regional alliances within the Association of Southeast Asian Nations.

One of the propellants for this hawkish security approach is the development of artificial intelligence. Unsurprisingly, many critics believe the world is in a tech cold war with the Chinese leading. Although this competition is, by all accounts, only getting started, the U.S. should work to develop safety practices for AI regardless of the pace of the race.

In 2017, the CCP announced the A New Generation Artificial Intelligence Development Plan. The elaborate program sought to expand the Party’s investment in AI research and development, train talent, and construct a world-leading AI ecosystem within China. This strategic effort intends to place China as a major technological superpower and overtake the US in certain sectors. Washington rightfully sees this as a realignment in the global order and a national security threat that minimizes competition and increases potential conflict.

The Chinese state-directed economic model repositioned the country as an economic juggernaut and global influencer in emerging technology development. China has become the world’s second-largest economy while maintaining a large state sector, accounting for forty percent of its economy. Furthermore, it has changed the global balance between the public and private sectors. The Chinese financial industry is central to the operations of state capitalism, and the channels of state influence over the private sector are multiplying.

AI ecosystem

China has managed to create an ecosystem conducive to developing cutting-edge AI capabilities faster than what may have otherwise been possible under purely free market conditions. Whether these same tactics will pay off long term remains unclear; however, if current trends continue, there is no doubt that this type of economic example will be considered a model to emulate among other non-democratic nations seeking rapid technological advancement.

The competition over access markets is a larger area of worry for the U.S., which is increasingly concerned about Chinese companies gaining market share in critical sectors like semiconductors through unfair trade practices. China exploits state subsidies and manipulates currency exchange rates to gain leverage over American firms competing abroad. Similarly, Beijing worries that Washington will continue to use its economic power by blocking Chinese investments into sensitive industries like telecommunications or defense-related tech development within the US. President Biden has signed multiple executive orders limiting foreign investment in US companies, banned the sale of sensitive semiconductors to China by NVIDIA and AMD, and forged stronger alliances with Taiwan, Japan, and South Korea.

Conflicting geopolitical interests embroil the relationship between the U.S. and China. With China vying for power and influence on the global stage, competition has also extended beyond economics into geopolitics. The U.S. is wary of Chinese expansion in the Asia-Pacific region, its potential blockade of the South China Sea, and the possibility of a Taiwan invasion. At the same time, Beijing feels encircled by America with a permanent military presence in South Korea and Japan and bilateral training agreements like those with Mongolia, Japan, and Taiwan. Air and sea collisions have historically ensnared the two countries in tension. These escalating issues lead to tense standoffs with freedom of navigation through the South China Sea—potentially leading to armed conflict only adds to the list of issues.

Prelude to war?

As AI technology develops, its potential implications on U.S.-China tensions are immense. China’s growing presence within global technology innovation will threaten American dominance in certain areas, particularly when developing new AI technology applications that are being used militarily. The CCP’s control of data structures plays a major role in the AI race. Training models on large datasets is easier when the state can leverage its citizens and private industry to develop dual-use tech and share its data.

The U.S. government, however, is legally and morally restricted from unjustly imposing its will on its citizens or forcing companies to surrender data to a competitor. This makes it more difficult to acquire large datasets, thus making the training of AI more challenging. The U.S. will need to do more with private industry to find creative ways to compete in this field with China.

As both countries continue to invest heavily in the R&D of emerging technologies, there is an increased risk that one country might gain control of crucial IP-related assets before the other, creating even more significant economic disparities that could lead to heightened geopolitical issues down the line. Additionally, if either nation could leverage their respective technological advantages against each other through espionage activities (e.g., stealing trade secrets), we would likely see an escalation in current U.S.-China tensions due solely to developments surrounding AI technology alone.

The Chinese government has recognized AI as a critical priority in its national development plan. It invests heavily in AI research, development, and deployment to achieve economic and technological advancement, with social stability and control remaining a vital aspect of its development. The rush to adopt AI by companies worldwide and the absence of standard AI safety regulations will result in unintended consequences that developers should have anticipated had the pressure of competition not created a proverbial ‘Black Box’ of issues.

Cross-pollination

We have already seen the consequence of the lack of regulation regarding cybersecurity which led to globally impacting security breaches and malicious attacks. Most neural networks for machine learning are opaque and difficult to understand, making identifying and addressing potential safety concerns challenging. This belief parallels the idea that many people use their cars without understanding how they function. So long as it gets them where they need to go, the condition under the hood is left to the experts.

This lack of transparency can erode public trust in AI and limit its adoption. If an AI system is compromised, it could be used to spread misinformation or launch cyberattacks. Therefore, it is crucial to develop standard AI safety regulations and policies to mitigate the risks associated with AI use.

On the other hand, policymakers should only impart restrictions with an understanding of the consequences. Too many governmental barriers can hinder innovation in emerging technologies and AI. By breaking down these barriers, it may become possible to combine different perspectives and areas of expertise, leading to new insights and solutions to complex problems. In some cases, collaboration with Chinese developers could build better understanding of AI challenges.

Instead of conflict, cross-pollination of ideas between the two nations could result in novel approaches and applications that have the potential to benefit a more significant number of people than either group could achieve individually. By fostering collaboration and sharing knowledge, both countries could better equip themselves to meet the challenges posed by emerging technologies and AI.

Maj. Nicholas Dockery is a Downing Scholar at Yale University’s Jackson School of Global Affairs and an active-duty Special Forces Officer.

Have an opinion?

This article is an Op-Ed and the opinions expressed are those of the author. If you would like to respond, or have an editorial of your own you would like to submit, please email C4ISRNET and Federal Times Senior Managing Editor Cary O’Reilly.

What does this look like in practice, and how is this going to affect the federal government’s software procurement policies? Those are the types of questions that federal agencies and their software providers alike are asking as they brace for the new world of “software bills of materials” (aka “SBOMs”) and their disclosure requirements.

If you want a front-row seat to watch the federal government’s effort to make software “secure by default” in the next two years, memory safety is a great class of software vulnerability to watch. Let’s take a look.

What is memory safety?

Memory safety is a particularly ripe domain for software vulnerabilities. So much so that back in November, the National Security Agency issued guidance to “help software developers and operators prevent and mitigate software memory safety issues, which account for a large portion of exploitable vulnerabilities.”

Most low-level programming languages--like C++ and C--are memory unsafe. Developers have to manually configure and allocate the machine’s memory. If you make a mistake, your program can read or write data from the wrong type of memory. And that leads to bugs, crashes, data leaks and all kinds of potential exploits.

Dealing with memory safety in these low-level languages is something that gets taught in programming classes, but it’s tedious, error prone and time-intensive work.

Memory safety vulnerabilities include buffer overflows and use-after-free errors and have accounted for the majority of application security issues disclosed by software companies. Back in 2019, Microsoft revealed that 70% of its common vulnerabilities and exposures, or CVEs, were caused by developers making memory corruption mistakes in their C and C++ code.

Memory unsafe

According to Consumer Reports’ Future of Memory Safety report, “60 to 70 percent of browser and kernel vulnerabilities—and security bugs found in C/C++ code bases—are due to memory unsafety, many of which can be solved by using memory-safe languages.”

Memory-safe languages have been around for a long time. But up until recently, they weren’t performant or scalable enough for low-level programming at the kernel or firmware level. And so a whole class of developers continued to use memory unsafe languages.

The Rust programming language really burst onto the scene as the language that nailed developer primitives for memory and performance, and has radically changed how developers can approach low-level programming with memory safety guardrails.

The Rust community has already reached 2 million developers and has become one of the most-loved of all programming languages. Major players in the industry including Google have completed major rewrites in Rust, in the name of memory safety, including much of the critical backend infrastructure (HTTP and TLS) for Android.

But what about all that other legacy code out there in production in the world’s systems?

Rewriting software is hard. It takes a lot of time, and it takes effort to convince management that it’s a worthwhile investment. It’s one thing for publicly funded government agencies and the world’s largest tech companies with their deep pockets to rewrite for memory safety. But convincing the rest of the market, and under resourced open-source maintainers, to do the right thing is a major challenge.

In its Cybersecurity Information Sheet on Software Memory Safety released late last year, the NSA described this key challenge of driving the “culture of software development towards utilizing memory safe languages.”

The power of SBOMs

The real power of SBOMs is their up-front value to the software procurement process. They provide the “list of ingredients” that has always been missing for software consumers to be able to make informed decisions on how a technology will affect their security posture.

When we can attest to what’s inside our software before we purchase it, now the laws of supply and demand economics should drive down our overall usage of software that is memory un-safe. If you are choosing which software to adopt and have multiple options, you are going to favor the software that wasn’t written in a memory unsafe language like COBOL, because you want to avoid a weakened security posture.

The NSA’s National Cybersecurity Strategy report described the federal commitment to SBOMs as central to an overall “software supply chain risk mitigation objective.” It also described its efforts to develop an “adaptable safe harbor framework to shield from liability companies that securely develop and maintain their software products and services” like the NIST Secure Software Development Framework, or SSDF.

The read-between-the-lines message here is that the federal government — the country’s largest purchaser of software — will itself be using SBOMs to instruct security compliance for procurement, and then will pressure industry with the carrot of legal indemnity if they follow similar precautions.

As SBOMs give first the government, then industry at large, the standard method to inspect software packages, markets will be able to galvanize much faster to weed out critical software vulnerabilities. Memory safety may be SBOMs first killer use case, but it will be equally interesting to watch how SBOMs play a role in the government’s carrot-and-stick measures with legal indemnities and safe harbors.

Dan Lorenc is CEO and co-founder of Chainguard. Previously he was staff software engineer and lead for Google’s Open Source Security Team (GOSST). He has founded projects like Minikube, Skaffold, TektonCD, and Sigstore.

Today, though, most mobile communications rely on radio frequency signals, often enhanced with digital technology. Yet, despite many technology advances, effective communication can be difficult, depending on the environment. Systems need to sense, process and communicate information quickly, accurately, reliably, and securely, even in challenging environments.

The challenge grows with increasing dependence on ever larger volumes of data, often combined with near real time requirements. For the U.S. Department of Defense, this is one key challenge to effective command and control in the denied, degraded, intermittent or limited environments expected at the tactical edge.

Efficient and robust communications are foundational to the DoD’s Joint All-Domain Command and Control initiative. The goal is to ensure effective C2 across all domains and echelons – orchestrating all resources, such as sensors, platforms, and weapon systems, to achieve desired outcomes as quickly and efficiently as possible. Doing so requires maximizing the value of every piece of data communicated, and to as many parts of the C2 network as possible.

Think of this as creating compact data packages, or “edge semaphores” – concise, precise, interoperable, and secure.

Powered by increased compute and analytics available at the edge, to create or interpret these messages, such lightweight communications can enable exchange of mission-critical information across all domains – while reducing overall communications requirements and minimizing the impact of DDIL environments. The result would be more effective distributed C2, with better-informed decisions and faster, more accurate actions by mission stakeholders across echelons.

Purpose-built but problematic

Historically, the DoD developed systems for specific needs. Dedicated sensors feeding a customized tracking system, which in turn services a dedicated mission platform. Single purpose “stove-pipe” systems maximized effectiveness of available technology, but only for a specific application.

However, stove-piped systems don’t interoperate. Data formats from one sensor are most often not understood by others, even though the basic nature – location, track, time – is much the same. We need a far more distributed and agile approach to address the realities of the world today. A single mission may involve multiple military units and coalition partners, each with a varied and changing array of available sensors and systems at any given moment. Mission leaders and teams need to integrate these resources, make decisions and act, sometimes in mere milliseconds, to include operating in DDIL environments.

Current technologies, particularly in storage and compute, present far more capable and versatile options to support a vast range of application requirements. Thus, the solution to lack of interoperability as a critical hurdle to all-domain operations is well within reach. The ability to collaborate and combine resources across multiple systems offers far greater flexibility and mission effectiveness; exactly what JADC2 envisions.

Stovepipes aren’t the only problem. While our networks have grown more robust, our communications have become more verbose. Sensor systems can generate enormous quantities of data. Transmitting all that information for analysis can be slow or unreliable, particularly when operating in DDIL environments.

Standardizing at the edge

Designing with an edge semaphore concept helps solve these challenges. Lightweight protocols with standardized data formats across otherwise disparate sensors and systems enable efficiency and interoperability.

Lightweight protocols can minimize the quantity of data transmitted by leveraging compute and analytics to maximize the value of that data. Just as a single maritime semaphore set can encode a complex message based on prestored information, so could edge semaphores be standardized system messages, indexing richer content, whether calculated or stored locally.

Ensuring interoperability of messages requires a common taxonomy of information types to address how critical characteristics are understood, such as accuracy and precision for track data. Without this, translating information from one system to another risks unacceptable unknown errors in accuracy and precision. Introducing enhanced compute and analytics at the edge, given a common taxonomy, ensures shared data is not only lightweight and efficient, but also understood in context of both the source and the target application, thereby mitigating translation errors.

Localizing compute

A key element of the sense-track-execute process is the analysis that brings together decisions and actions. Localizing compute resources at the mission edge can optimize these analytics and amplify the advantages of lightweight protocols.

New system-on-chip processors integrate multiple system components – CPU, memory, data storage, and specialized software – into a single component. The result is higher performance, lower power consumption, greater reliability, and smaller size – addressing the size, weight, power, and cost (SWaP-C) requirements of the edge.

Today’s enhanced processors can power deeper analytics at the edge, including artificial intelligence (AI). In the past, large datasets had to be transferred from edge devices to centralized datacenters to perform higher analytics. However, a highly centralized capability is not conducive to the dynamic and distributed operational vision of JADC2. Through edge compute, highly enriched information and insights can be used locally and shared with the larger C2 network through lightweight protocols, decreasing response time to threats.

The technology to deploy edge compute and edge semaphores is available today. This approach will enable the DoD to make its C2 networks more interoperable, responsive, and resilient in the dynamic mission environments of today and the future. The result will be more effective joint all-domain distributed command and control, and with it, faster and better informed decision-making to support mission success.

Retired U.S. Navy Rear Adm. Ron Fritzemeier is director of Mission Solutions for Intel, Defense and National Security group.

Have an opinion?

This article is an Op-Ed and the opinions expressed are those of the author. If you would like to respond, or have an editorial of your own you would like to submit, please email C4ISRNET and Federal Times Senior Managing Editor Cary O’Reilly.

In recent years, advances in technology, coupled with the ease of digital connection, have greatly increased the convergence of IT and OT across critical infrastructure sectors and even within the federal government. In fact, 56 out of 90 agencies report using Internet of Things technologies to control, monitor, access, or track equipment, systems, facilities, or physical assets.

Convergence brings significant benefits, from increased visibility to user-centric capabilities. Unfortunately, it also greatly increases agencies’ attack surface, so now must be included under the NCS.

IT and OT are not created equal

Lessons learned from modernizing IT unfortunately won’t apply to OT because of OT’s unique operating requirements. Efforts taken under the NCS must first consider each individually and then together.

For instance, when an IT system reaches end-of-life, an agency must decide to either continue using it at risk, pay for extended manufacturer service, or sunset and replace it all together. Each option has pros and cons, but agencies at least have options and can usually plan accordingly—sunset dates will be known in advance, diminishing potential impacts of the time variable.

However, timing is actually critical for approaching OT modernization. Gartner predicts that by 2025 cyber attackers will have weaponized OT environments to successfully harm or even kill humans. Ramifications of an attack on IT could be devastating, but might pale in comparison to the long-term human safety and critical infrastructure impacts of a well-executed attack on OT. We simply lack the luxury of time to modernize OT security that has been given to securing IT over many years.

Additionally, it is often feasible and more cost effective to simply rip-and-replace an IT system at its end-of-life. Because of how OT systems were designed, rip-and-replace isn’t a viable approach for them. Legacy OT systems were built on the engineering paradigm of twenty years ago—to be long-lasting and achieve the functional goals of monitoring and controlling critical processes.

Connectivity wasn’t a functional requirement, so neither was security. Times have changed since these systems were put in place and security risks must now be a consideration.

Further, because of the nature of what OT systems do, continuity requires that they can’t just be turned off and replaced with a new, more secure system. Unlike VoIP phones in an office, airplanes and tanks, for example, aren’t mass produced or easy to replace. When replacement of OT systems deployed in-field is possible, such efforts would take years and the required costs would be prohibitive.

Three tenets for OT security

Instead, OT security modernization should focus on improving security by augmentation, particularly for defense and weapons systems. Here are a few tips for agency decision-makers to consider when assessing OT modernization approaches:

— Any given defense or weapons system has up to hundreds of different types of hardware, components and ‘standard’ protocols in use. Tooling for cyber modernization efforts should not be limited to addressing only a subset of them. Instead, chosen solutions should be hardware and protocol agnostic. The tool must accommodate the platform rather than trying to force the platform to conform to the tool’s limitations.

— As data is the building block of IT network security, so it should be within OT systems as well. Defense and weapons systems continually produce tremendous amounts of valuable data that in its raw form isn’t of much use. But when captured, enriched and translated, it could be turned into information, when coupled with historical data and context, that can become actionable intelligence for critical security decision-making.

— “You can’t protect what you can’t see” is a common IT security maxim that also holds true for OT. The aim of OT security modernization should be complete observability—the ability to understand what is happening inside a system based on external data that the system produces and exposes. Observability can enable decision-making to be based not on backward-looking indicators and uncertain predictions, but on leading indicators providing facts, knowledge and understanding.

As the interconnection between IT and OT in onboard weapon systems increases, digital threats now put previously isolated OT at unprecedented risk. Meeting the objectives of the NCS will require a skillful approach to protecting each separately and both together to protect our warfighters and preserve American battlefield dominance.

Colby Proffitt is a cybersecurity strategist at Shift5, an Arlington, Virginia-based supplier of computer security services.

Have an opinion?

This article is an Op-Ed and the opinions expressed are those of the author. If you would like to respond, or have an editorial of your own you would like to submit, please email C4ISRNET and Federal Times Senior Managing Editor Cary O’Reilly.

Today, the U.S. faces increasingly complex and sophisticated threats from foreign governments exerting malign influence—covert actions to influence public sentiment and public discourse.

As recently as July 2022, the Justice Department unsealed an indictment against an individual working on behalf of Russian intelligence for “allegedly orchestrating a years-long foreign malign influence campaign that used various U.S. political groups to sow discord, spread pro-Russian propaganda, and interfere in elections within the United States.”

Foreign influence operations rose dramatically throughout the COVID-19 pandemic, according to the 2022 Digital Defense Report from Microsoft. The report highlighted that nation states most frequently targeted social media platforms controlled by U.S. technology companies to “distribute propaganda” to “erode trust, increase polarization, and threaten democratic processes.”

The report also explained how think tanks and NGOs, universities and academics, and government officials were the next most frequently targeted.

“These are desirable ‘soft targets’ for espionage to collect intelligence on geopolitical issues,” the report concluded.

On a technical level, many major U.S. technology companies already work together to support U.S. government efforts to counter foreign cyber intrusions. To combat foreign malign influence, the U.S. and its allies could take a page from this cyber strategy.

Cyberattacks in the digital space grew dramatically over the last two decades. Global ransomware costs have ballooned from $325 million in 2015 to $20 billion in 2021, a 57-fold increase in just six years, according to a June 2022 report from Cybersecurity Ventures, the publisher of Cybercrime Magazine.

To meet this threat, the U.S. government evolved and adapted. A key strategy was an early effort to develop institutional capabilities where businesses—which are often competitors—could share near real-time threats in the cyber domain. This development included the creation of Information Sharing and Analysis Centers in 1998. An Executive Order in 2015 expanded this to non-sector-specific Information Sharing and Analysis Organizations.

The success of these information sharing models led to the 2021 creation of the Joint Cyber Defense Collaborative within the Cybersecurity and Infrastructure Agency, which is part of the Department of Homeland Security.

The JCDC leads “integrated public-private sector cyber defense planning” by creating a “cybersecurity information fusion.” The collaborative has become an active information-sharing environment enabling cyber cooperation between the private sector, government (federal, state, local, tribal, and territorial) and international allies.

This cooperative model seemed a logical step because most attacks are against infrastructure created and owned by private companies, and these companies naturally have deeper technical knowledge of their software and systems.

Similarly, foreign influence operations also take place in public spaces that are privately-owned, primarily social media platforms. Despite this reality, however, no information-sharing space exists for private companies and the U.S. government to work together against the spread of disinformation on these networks.

The U.S. government needs a place to share information with the private sector on the tactics and techniques used by malign actors. While tech and social media companies compete against each other to build audience influence, they all suffer the burden of malicious actors trying to hijack that influence.

Efforts by foreign powers to spread disinformation generally occur across platforms simultaneously. A safe space for private companies to cooperate with each other would bolster their ability to collective thwart foreign influence operations and preserve the security of their networks.

Cyberspace Solarium Commission

The Cyberspace Solarium Commission, created by Congress to develop a strategic approach to defend against cyber attacks, published a report in 2020 calling for the formation of a Joint Collaborative Environment. The JCE is described as “a common and interoperable environment for the sharing and fusing of threat information, insight, and other relevant data across the federal government and between the public and private sectors.”

The JCE would create the dynamic environment to help facilitate information-sharing, while a JCDC branch devoted to foreign malign influence could organize stakeholders to respond to the threat.

All too often, analyses of cyberattacks focus strictly on the technical components of what is happening, while ignoring the broader context of why the attack is happening. By integrating foreign malign influence into existing cybersecurity infrastructure, the U.S. government can produce a comprehensive approach to the challenge.

David Rubin is a managing director for Deloitte Transactions and Business Analytics LLP, where he assists clients within the U.S. Intelligence Community, Department of Homeland Security and law enforcement.

Chris Weggeman is a retired U.S. Air Force Lieutenant General, where he led cyber mission forces at the U.S. Cyber Command (USCYBERCOM). He is a managing director for Deloitte & Touche LLP serving government and the public sector in cyber and strategic risk.

Have an opinion?

This article is an Op-Ed and the opinions expressed are those of the author. If you would like to respond, or have an editorial of your own you would like to submit, please email C4ISRNET and Federal Times Senior Managing Editor Cary O’Reilly.

Over the past eight sessions of Congress, there have been no fewer than 14 different Pentagon efficiency drills. The names are familiar to budget watchers: Better Buying Power 1.0 (and 2.0 … and 3.0), the Weapon Systems Acquisition Reform Act, night court, fourth-estate reform, and others. Some of these efforts were successful; others not so much.

While well-intentioned, a common theme was that these were short-term, budget-bogey exercises that yielded few new dollars for reinvestment into higher priorities. This is due in part to defense reform being over-focused on the acquisition of things. However, the majority of what the military purchases is no longer weapons systems but rather services and technology. Zealous reformers continue to over-focus on weapons buys when hardware is increasingly the commodity.

Moreover, the U.S. military is no longer a monopsony buyer able to move markets due to smaller bets, nor is the organization an original inventor changing the American economy. Rather, the military must increasingly innovate with mostly commercial products and give them a unique defense application.

In addition, the Pentagon finds itself in a new and uncomfortable position: that of needing to work to attract and entice new companies to want to do business with the armed forces. Tech and commercial companies know of the Defense Department’s low appetite for risk-taking and long timelines to take ideas from the lab to the field when compared to the private sector.

Change and modernization are needed, but not simply the rinse-and-repeat acquisition reforms of the past. Instead reform should fall into two categories:

1. Change with respect to reduction — whether of mission, rules, head count, regulations, laws, provisions, workload and more.
2. Modifications that increase accountability for passing appropriations on time and highlighting the true costs of running the U.S. military.

That means accountability, like sequestering congressional paychecks until appropriations are enacted each day after the start of the fiscal year. Appropriators must also revise rules established at a time when the defense budget was a fraction of its size today, and let the Defense Department move more money around after being approved to react in real time to changing technology.

It also means greater transparency on the costs of doing business. As former Rep. Anthony Brown, D-Md., highlighted — but few seem to be aware — Washington spends “$1 billion more on Medicare in the defense budget than we do on new tactical vehicles. We spend more on the Defense Health Program than we do on new ships. In total, some $200 billion in the defense budget are essentially for nondefense purposes — from salaries to health care to basic research.”

Congress should focus on combining the pay and benefits of defense workforces — uniformed and civilian — and their health care into one new account. Such a change should launch a broader discussion of moving certain costs, primarily people and paychecks, out of discretionary and into mandatory federal spending. That will energize a needed debate on how much the United States is spending on direct military capability, compared to expenses beyond the scope of the Defense Department that have little impact on warfighting or belong in the domain of another agency.

When it comes to slashing the barnacles of bureaucracy and taking away mission and work, Pentagon contracting is overdue for a refresh. As the American Enterprise Institute’s Bill Greenwalt has highlighted, federal acquisition regulation clauses mandate companies doing business with the Defense Department must operate in ways that they may not otherwise have to in their commercial operations.

Some of these regulations, such as those in the Truth in Negotiations Act, are undoubtedly necessary as they prevent the taxpayer from being ripped off. Others, while well-intentioned, are simply onerous and drive up compliance costs. Paring back regulations would start updating our Soviet-style acquisition system and allow greater speed and urgency in bolstering deterrence.

In addition to regulatory refresh, the Pentagon should also review whether the work of Space Command is now duplicative or redundant given that the U.S. Space Force has stood up. Congress is poised to debate the future of Space Command as an organization that has potentially outlived its usefulness and should be sunsetted if appropriate — and then statutory work reassigned if needed.

Change doesn’t come overnight at the Pentagon. Rather, defense reform is the patient, hard work of many years, which both requires leadership and doggedness of implementation.

By pursuing these reforms (and straying away from harmful ideas like capping spending at arbitrary levels disconnected from the real world), Congress can begin this essential but difficult job of reform through reduction rather than the addition of new laws and rules that further slow down an already glacial organization. Moreover, policymakers will demonstrate their seriousness about needed defense rehabilitation, while skipping the defense-reform theater that has plagued the military for too long.

Mackenzie Eaglen is a senior fellow at the American Enterprise Institute think tank. She also serves on the U.S. Army Science Board.

Our military stresses access to space is vital to America’s national security, intelligence efforts, treaty verification, and the economy. Allowing China and Russia to gain the upper hand would imperil our interests. This is why we must be vigilant in how we develop our military space capabilities and who we work with to fortify our security. We cannot risk wasting mission success and timeliness on unreliable technology can allow our enemies to gain an advantage over us.

US Space Force to simplify timelines, purchases as launches surge

The Ukraine war proves why space is critical to our national security. Our satellite technology has provided crucial assistance to Ukrainians on the battlefield, ensuring the Eastern European state can defend itself. Having this power provides the winning edge in modern warfare. This edge drives our enemies to develop counter-space offensive weapons, from ground-level orbital lasers to blind our satellites to missiles that take them out of the sky.

Russia, China, North Korea, and Iran are all developing this tech to counteract America’s space dominance. Just imagine if our enemies had the upper hand in low-earth orbit. The world would be a far more dangerous place for ordinary Americans.

The most crucial project ensuring America remains the world’s preeminent space power is the National Security Space Launch program. This initiative procures contracts–including for top military satellites–that make government space launches more inexpensive and more reliable. The program is designed to maintain our nation’s continued access to space–and it’s in greater demand than ever.

That is why it’s so concerning that the Space Force has loosened bidding restrictions for Phase 3 of this important program.

Following years of lobbying from billionaire Jeff Bezos’ Blue Origin and others, the Space Force recently converted the program into a dual-lane launch approach, with one lane of the program becoming more open to newer commercial companies.

I have always been a strong proponent of increasing competition in the American space industry. In fact, when in Congress, I aggressively pushed for passage of the bill that effectively stopped the government monopoly on space launches and created the new era of private spaceflight this country realizes today.

SpaceX, United Launch Alliance

However, the Space Force designed its Phase 3 changes to the NSSL to benefit companies that still need to finish developing their launch vehicles. With companies like SpaceX (one of the companies that our private spaceflight bill helped shepherd into the marketplace), and the United Launch Alliance already possessing reliable and effective launch vehicles, the federal government cannot in good conscience risk mission security by choosing companies that have promised but not yet delivered their competing products.

Some of the companies in question have already delayed their first launches by a matter of years. Given how common delays are in the industry, there is certainly no guaranteeing that these products will be ready to service the NSSL on time — and even if they are, there is no way of knowing how reliable they will be.

Everyone wants these companies to succeed, and we have every reason to believe they will. Their time will come, but that time is not now.

The space race is the great battle of the 21st century. America must win it. Our nation must be proactive in defending the final frontier. We can’t jeopardize America’s assured access to space by adding uncertainty and questions of reliability into the warfighting domain of the future. We must ensure we invest in the best options available to deliver the best results for the American people. It’s what the U.S.’s national security needs and demands.

Nick Lampson is a former Democratic Congressman from Texas who served as the Ranking Member of the Space and Aeronautics Subcommittee.

Have an opinion?

This article is an Op-Ed and the opinions expressed are those of the author. If you would like to respond, or have an editorial of your own you would like to submit, please email C4ISRNET and Federal Times Senior Managing Editor Cary O’Reilly.

Regardless, flaws in existing legislation, ideological divisions and the executive veto over foreign policy issues make enacting new laws that restrict arms transfers unlikely.

State Dept. approves US arms sales to Switzerland, Lithuania, Belgium

U.S. arms transfers are a foreign policy tool over which the executive branch has curiously managed to claim almost all authority. In fact, Congress has never successfully stopped an arms sale. While the president has the power to veto any legislation from Congress, the legislature has no ability to veto the president.

Members of Congress have introduced two pieces of legislation that would broadly restrict the president’s power over weapons transfers. First, Senators Chris Murphy (D-CT) and Mike Lee (R-UT) proposed a resolution that would use Section 502B of the Foreign Assistance Act of 1961 to force the State Department to issue a human rights report on Saudi Arabia.

Suspension provision

This little-known amendment allows Congress to request such a report and pass a joint resolution to end this aid if the arms transfer recipient abuses human rights. If the report is not provided in 30 days, then aid being delivered to the country in question is suspended. The current resolution’s goal is to stop sending military aid to Riyadh.

Success is unlikely, as a joint resolution needs a veto-proof majority. Because it is legislation, the president can still veto such a measure, which seems likely given his apparent desire to continue arming the Saudis.

Furthermore, the potential of the legislative veto found in Section 502B rests on shaky legal precedent that the Supreme Court has never reviewed. The Supreme Court has, however, ruled the president must be given the opportunity to use his veto power on a bill before it is enacted into law, rendering any legislative veto – including 502B’s 30-day legislative veto – unconstitutional.

The second piece of legislation was introduced by Representative Gregory Meeks (D-NY) and is known as the Safeguarding Human Rights in Arms Exports Act of 2023. This legislation would expand the “Leahy Laws,” which govern U.S. security assistance and prevent the U.S. from sending defense articles to individual military units within a country that commit gross violations of human rights. The expansion would place these restrictions on arms sales in addition to security assistance.

This legislation has a better chance of passing because much its language codifies elements already contained in Biden’s newly-released Conventional Arms Transfer (CAT) policy. It is therefore less likely for Biden to veto legislation that lines up with his previously stated policy goals.

Nonetheless, hawkish House Republicans will likely oppose the legislation. Thus, to succeed, members of Congress supporting the Safeguarding Human Rights in Arms Exports Act will likely need to moderate this legislation to restrict Biden, while not stopping arms transfers to countries that House Republicans view as key to their foreign policy.

Leahy Laws

The Leahy Laws themselves came into being in this way when former Senator Patrick Leahy (D-VT) limited his legislation to units rather than entire countries, which he initially proposed. By moderating the restrictions, Leahy allowed congressional Republicans to feel like they were restricting President Bill Clinton without changing their foreign policy.

There are two possible upcoming debates over executive authority on arms transfers that may also lead to legislation. The first involves the Biden administration attempting to avoid congressional opposition to funding Ukraine through Lend-Lease provisions passed last year. Republican control over the House, combined with executive overreach, may sour congressional opinion of this provision and lead to an overturn of the Lend-Lease provisions for Ukraine.

The second possible debate is that Egypt, who has purchased over $5.8 billion in U.S. weapons and received over $1.3 billion in security assistancesince January 2022, covertly produced weaponsfor Russia to use against Ukraine. In both cases, Congress has previously failed to legislate against the president.

Congress has shown through its recent actions that it wants to more power over the U.S. arms transfers. Regardless, flaws in the proposed legislation, ideological divisions, and executive power over foreign policy make enactment unlikely. As a result, those waiting for Congress to successfully restrict the president on arms transfers might want to pull up a comfy chair, pick out a few podcast series to listen to, and get ready to wait a while.

Jordan Cohen is a policy analyst at the Cato Institute and a Ph.D. candidate in political science at George Mason University.

Jonathan Ellis Allen is a research associate and producer at the Cato Institute.

Have an opinion?

This article is an Op-Ed and the opinions expressed are those of the author. If you would like to respond, or have an editorial of your own you would like to submit, please email C4ISRNET and Federal Times Senior Managing Editor Cary O’Reilly.

While, the private sector develops new technologies at a rapid pace, the Pentagon’s process for doing the same is dated and cumbersome. This prevents our military from having the best technology when facing a competitor such as China. This must change.

Calls for acquisition reform are nothing new. In fact, it has been on the agenda of government officials for decades since the Goldwater-Nichols Act of 1986. Indeed, promising steps have been taken to accelerate innovation, including the establishment of organizations like the Defense Innovation Unit and the Office of Strategic Capital. However, systemic barriers to innovation persist within the military’s acquisition system that prevent the adoption of emerging technology needed to deter and win in future conflicts.

For our part and to address this pressing challenge, we at the Atlantic Council launched a landmark Commission on Defense Innovation Adoption last year to tackle this challenge. After months of deliberation and 65-plus stakeholder interviews, we released our “Interim Report” this month, which provides 10 actionable steps that can be taken by Congress and the Department of Defense today to address these challenges.

The commission reiterates that the U.S. does not have an innovation problem, but an innovation adoption problem. The Pentagon is rigidly bound by lengthy budget cycles and bureaucratic hurdles. The commission found that, apart from regulatory barriers, a lack of consistency around requirements was crushing startups seeking to work with the military, even ones with sizable research and development grants.

Even then, if a company is fortunate enough to be selected to fill a requirement, it faces a lengthy and confusing military procurement process.

Finally, the military’s budget, which is controlled by Congress, lacks flexibility to quickly adapt to changes to the threat environment. This results in the delivery of yesterday’s capabilities, tomorrow.

Fortunately, the 10 recommendations that the commission identified are able to be implemented promptly with little bureaucratic growth. For example, the military can better align its budget and program planning by empowering five program executive officers to move away from strictly individual program management to broader capability portfolio management. Under this new model, PEOs would be charged with delivering a specific capability category such as integrated logistics — not just a program for a single type of equipment or software.

Congress should in turn revert reprogramming authorities to historical norms so that acquisition officials can exercise greater flexibility in spending within the fiscal year, instead of requiring them to wait until the next budget cycle.

Our commission also recommends that the military provide Congress with more simplified and streamlined reporting on spending, including on reprogramming activities. This will allow Congress to continue to effectively conduct oversight while also offering the flexibility to acquisition professionals to adopt critical technology at the speed of relevance. Implementing this recommendation will also improve the speed of communication between the Pentagon and Congress, reinforcing a crucial element of any reform: trust.

Another recommendation — already in progress — is to improve the military’s demand signal of intent to purchase from the private sector. The commission’s “Interim Report” recommends that with a promotion of the Defense Innovation Unit to report to the deputy secretary of defense, the organization must also receive increased resources in both funding and military personnel billets to coordinate and streamline the demand signal, Pentagon-wide.

Additionally, elevating the Office of Strategic Capital alongside DIU would enable the kind of cross-coordination to both identify and resource promising, emerging technology.

Innovation is a defining characteristic and competitive advantage of the United States — both of the vaunted private sector as well as the rich history of the U.S. military. Yet increasingly, our men and women in uniform are going to war with technology that lags behind not only Russia and China, but their civilian peers. To ensure we turn away from this precipice, the country needs solutions that tackle barriers to technology adoption, defense acquisition reforms and efficiencies in how Congress budgets money to the Pentagon. This is exactly how the Commission on Defense Innovation Adoption’s “Interim Report” has organized its recommendations.

We are in the “decisive decade,” as the president’s National Security Strategy has called out. Implementing these reforms will ensure we prevail in an era of strategic competition.

Clementine G. Starling is the director of the Forward Defense program within the Scowcroft Center for Strategy and Security at the Atlantic Council think tank. Stephen Rodriguez is the director of the Atlantic Council’s Commission on Defense Innovation Adoption.

While the availability of low-cost ground-based systems remains an important component, space-based domain awareness systems are increasingly vital. Investment in low-cost, space-based systems using rapid acquisition processes will create architectural coherency and take advantage of technology advances to satisfy the call to action for protection of U.S., allied and commercial space assets.

Historically, the U.S. and other space-faring nations have primarily relied upon ground-based surveillance for these missions. Only limited space-based options existed, and their size and cost allowed for few systems. Today, however, surveillance from and within space has become increasingly affordable.

Two key technology developments have underpinned this, while a third could make every space-based platform a sensor for SDA. Affordable access to space is the first enabler for rapidly fielding space-based domain awareness. Better designed rockets, availability of reusable launch vehicles and greater promotion of “rideshares” have in combination produced a significant downward spiral of costs for space access.

Space-X’s redesign of its rockets in the early 2000s to reduce their cost, followed by the splashy launch of Falcon 9 in 2010, shifted the paradigm towards lower overall launch cost by using fewer parts and additive manufacturing. Reusability further helps cut the total fleet investment required to access space.

In total, the cost of space launches has been reduced by nearly two-thirds compared with price levels prior to SpaceX’s market entry.

And thanks to the growth of the small launcher market, coupled with broader pursuit of rideshare opportunities by various companies, the cost of putting a satellite into Low Earth Orbit, or LEO, has decreased from hundreds of millions of dollars to hundreds of thousands of dollars. This low-cost access to space fundamentally changes the financial equation for space-based domain awareness and allows for the rapid deployment of systems.

Increased performance of smaller systems on-orbit is the second key development enabling space-based SDA. It is hard to decipher between chicken and egg in this case, but stronger interest in smaller space systems has increased the market for advanced space electronics, as well as higher performance and improved reliability of commercial off-the-shelf components.

This has enabled a stronger space industrial base and more commercial buying practices from the Department of Defense and Intelligence Community. This virtuous cycle of small satellite interest, technology advancement and agile business models has spurred a host of market participants, propelling overall performance of smaller systems as well as accelerating market delivery and customer adoption.

The increased performance of smaller radio frequency and electro-optical sensor packages and the corresponding smaller satellite buses, for example, have increased the missions and markets this class of satellite can serve. With commercial companies developing sensors and offering services such as on-orbit inspection capabilities that were only previously available to the Pentagon and the intelligence community, the value provided by space-based domain awareness systems has blossomed for LEO, geosynchronous orbit, or GEO, and cislunar space.

These companies are willing to invest their own money and are adept at leveraging new acquisition practices including Other Transaction Agreements. Similarly, the options now available to the military and intelligence communities via smaller systems extend well beyond previous customer expectations.

The concept of performing core missions such as communications and missile detection with small satellites was purely aspirational in 2006, as a part of the vision created by the Operationally Responsive Space organization. Today it is being realized through the leadership of the Space Development Agency’s Transport and Tracking layers.

The acceptance and use of hosted payloads presents the third key development for rapidly fielding space-based domain awareness capability. Here, for the purposes of SDA, it is critical to differentiate between the rapid price reductions in satellite buses and that for on-orbit payloads. Customers do not have to buy their own bus for space-based domain awareness, but they must buy affordable payloads.

With the strength and contribution of hosted payload offerings, customers have affordable options. Several innovative companies doing business in the ‘new space’ economy have cut the price of payloads to well below $10 million. A customer can use such a hosted secondary payload for system protection for a few percent of the entire cost of a primary system, and the cost is even less for larger programs.

Availability of these high-performing, hosted payloads enable new commercial business cases, empower new concepts of operations and could make every new satellite launched on-orbit a domain awareness data collector well before 2026.

In the future, we should expect the trends of affordability, access to space, agile business models and new concepts of operations to continue. We have an immediate opportunity to transform the nation’s space domain awareness capability, accelerating the timeline called for by U.S. Space Force leaders.

Given the progress of the small satellite market, proliferating a powerful space-based domain awareness architecture across LEO and GEO can be done quickly and affordably with the right leadership and initiative. Harnessing the advancements in performance and affordability in smaller systems is the best way to capture that opportunity before 2026.

Joshua Hartman is Chief Strategy and Growth Officer at LightRidge Solutions, and President of its operating unit, GEOST.

Ukraine’s military is not burdened with the U.S. Defense Department’s decades-old acquisition process and 20th century operational concepts. It is learning and adapting on the fly.

China has made the leap to a whole-of-nation approach. This has allowed the People’s Liberation Army to integrate private capital and commercial technology and use them as a force multiplier to dominate the South China Sea and prepare for a cross-strait invasion of Taiwan.

The DoD has not done either of these. It is currently organized and oriented to acquire traditional weapons systems and execute operational concepts with its traditional vendors and research centers, and it is woefully unprepared to integrate commercial technologies and private capital at scale.

Copying Defense Secretary Ash Carter’s 2015 strategy, China has been engaged in civil-military fusion that employs a whole-of-government, coordinated effort to harness disruptive commercial technologies for its national security needs. To fuel the development of technologies critical for defense, China has tapped into $900 billion of private capital in civil-military guidance (investment) funds and has taken public, state-owned enterprises to fund their new shipyards, aircraft and avionics. Worse, China will learn from and apply the lessons from Russia’s failures in Ukraine.

But unlike America’s arch strategic rival, the U.S. has been unwilling and unable to adapt and adopt new models of systems — attritable systems, autonomous systems, swarms, and other new, emerging defense platforms — and operational concepts — ones that threaten but look beyond legacy systems as well as incumbent vendors, organizations and cultures — at the speed of our adversaries.

Viewing the DoD budget as a zero-sum game has turned the major defense primes and K Street lobbyists into saboteurs for DoD organizational innovation that threaten their business models. Using private capital could be a force multiplier by adding hundreds of billions of dollars outside the DoD budget. The U.S. is on a collision course to experience catastrophic failure in a future conflict because of it. Only Congress can alter this equation.

For the U.S. to deter and prevail against China, the DoD must create both a strategy and a redesigned organization to embrace those untapped external resources — private capital and commercial innovation.

A reorganized and refocused DoD could acquire traditional weapons systems while simultaneously rapidly acquiring, deploying and integrating commercial technologies. It would create a national industrial policy that incentivizes the development of 21st century shipyards, drone and satellite factories, and a new industrial base along the lines of the CHIPS and the Innovation and Competition acts.

Congress must act to identify and implement changes. These include:

1. Creating a new defense ecosystem that uses the external commercial innovation ecosystem and private capital as a force multiplier. Leverage the expertise of prime contractors as integrators of advanced technology and complex systems, refocus federally funded research and development centers on areas not covered by commercial tech.
2. Reorganizing DoD research and engineering. Allocate its budget and resources equally between traditional sources of innovation and new commercial sources of innovation and capital. Split the Office of the Secretary of Defense’s research and engineering organization in half: Keep the current organization focused on the status quo; and create a peer organization, the “Under Secretary of Defense for Commercial Innovation and Private Capital.”
3. Scaling up the new Office of Strategic Capital and the Defense Innovation Unit to be the lead agencies in this new organization. Give them the budget and authority to do so, and provide the services the means to do the same.
4. Reorganizing DoD acquisition and sustainment. Allocate its budget and resources equally between traditional sources of production and the creation of new ones from 21st century arsenals — new shipyards, drone manufacturers, etc. — that can make thousands of low-cost, attritable systems.
5. Coordinating with allies. Expand the national security innovation base to an allied security innovation base. Source commercial technology from allies.

National power is ephemeral. Nations decline when they lose allies, economic power or interest in global affairs, or when they experience internal or civil conflicts, or miss disruptive technology transitions and new operational concepts.

The case can be made that these are happening to the U.S.

The 1986 Goldwater-Nichols Act is a precedent for Congress reorganizing the DoD. It created the combatant commands. Today, Congress must view the conflict in Ukraine and China’s actions in the South China Sea as a call for action. We urge it to establish a commission to determine what reforms and changes are needed to ensure the U.S. can fight and win our future wars.

While parts of the DoD understand we’re in a crisis, the DoD as a whole shows little urgency and misses a crucial point: China will not defer solving the Taiwan issue on our schedule. Russia will not defer its future plans for aggression to meet our dates. We need to act now.

We fail to do so at our peril and the peril of all those who depend on U.S. security to survive.

Joe Felter and Steve Blank are co-founders of Stanford University’s Gordian Knot Center for National Security Innovation. Pete Newell, former director of the U.S. Army’s Rapid Equipping Force, is the CEO of advisory firm BMNT.

The Defense Information Security Network, the backbone of DoDIN, is also reportedly subjected to nearly 800 million cybersecurity incidents per day, making the advancement of DoD’s cybersecurity strategy a vital and time sensitive priority.

Recent events – such as COVID-19 prompting security requirements to support a surge in virtual work, the evolving ransomware epidemic, and the Russian-Ukrainian clash – has further transformed the way that government has to approach security.

As a result, the zero trust framework has gained broad, if overdue, attention. Due to the complexity of zero trust supplemental guidance is critical to its successful widespread adoption.

For a network as complex and sensitive as the DoDIN, the task becomes all the more challenging. As such, the DoD launched Comply-to-Connect, a comprehensive framework that, unlike its predecessors, demands visibility of all assets (both non-traditional and traditional) across the DoDIN’s extensive enterprise.

Leveraging least privilege

C2C, which leverages zero trust’s least privilege principles to safeguard access to data resources and assets, provides the foundation of the DoD’s zero trust journey through its two main objectives:

— C2C fills existing capability gaps in currently fielded enterprise security solutions through complete device identification, device and user authentication, and security compliance assessment.

— C2C automates routine security administrative functions, remediation of noncompliant devices and incident response through the integration of multiple management and security products and real-time continuous monitoring.

The DoD has begun its journey toward a zero trust environment with C2C as a foundational element, and the impact of the C2C program on DoD operations is already apparent. For example, more bases are getting acceptable scores on their Command Cyber Readiness Inspections, which allows operators to focus on security operations and mission readiness instead of checklist-driven inspection preparation and paperwork.

And as the program’s implementation matures beyond office networks into industrial control systems, logistics systems and other operational technology environments, these scores will continue to improve, raising the cyber readiness of the Department’s entire information network.

In addition, C2C capabilities are making marked difference in the efficiency of daily operations. One Air Force Major command noted that now that they’ve implemented C2C, “simple information gathering tasks that used to take us two to three days to gather and coalesce data now takes us five minutes.”

Other service components are using the orchestration capabilities of C2C to automate patching of endpoints, saving countless admin hours and ensuring the software baseline is consistent across the enterprise, making it easier to identify and respond to anomalous activity.

Increased operator productivity

Ultimately, these efficiency gains enable increased operator productivity — enhancing protection of critical OT systems across logistics, transportation, and other control systems and sensors that need to be monitored to prevent unauthorized cyber access.

In his recent testimony to Congress,John Sherman, the DoD CIO, stated “We have the pieces to make [Zero Trust] work … [including] comply-to-connect.” Much of the faith in this program stems from the basic understanding of what and who are connecting to the network.

Building on this comprehensive visibility will take time, but through C2C, the basis for automated action through the orchestration of policy enforcement points are within reach. The five-step program is phased over four years and parallels the early stages of the DoD’s Zero Trust Strategy that wants to reach it desired end state by 2025.

Ultimately, with C2C as the foundation, the DoD will rapidly move forward in applying zero trust principles and be able to achieve their goal of a zero trust environment across the DoDIN.

Melissa Trace is vice president, global government solutions, at Forescout Technologies, a supplier of cybersecurity products and services.

Have an opinion?

This article is an Op-Ed and the opinions expressed are those of the author. If you would like to respond, or have an editorial of your own you would like to submit, please email C4ISRNET and Federal Times Senior Managing Editor Cary O’Reilly.

Progressives hate the lists because they can act as mechanisms to increase the defense budget. Thus, Sen. Elizabeth Warren, D-Mass., has made elimination of the wish lists a major theme. Pentagon political leadership hates the lists because what is requested may not align with the department’s strategic vision. The Defense Department comptroller just sent a letter agreeing with Sen. Warren. Deficit hawks have recently signed on as part of their effort to reduce government spending.

On the other hand, congressional defense hawks and the military services love them as a way to provide unfiltered advice to Congress and guide any additional funds that might become available.

Given that political drama, it is worth investigating what’s on these lists for fiscal 2024.

Pushback

Such lists have been around since the 1990s. Then-Defense Secretary Robert Gates tried but failed to abolish them in 2009, though he was able to review and shape them before transmission to Congress. He also changed the name from unfunded requirements list to unfunded priorities list in order to remove the sense of urgency.

Congress responded by making the lists a statutory requirement. The current DoD leadership has complied, but like Secretary Gates they have reviewed the lists before transmission to Congress.

A striking feature of the lists is the lack of a standard format. Although the congressional language specifies the required information, the DoD has apparently refrained from issuing formatting guidance, perhaps as a reflection of the political leadership’s opposition. Thus, some submissions, like those of the Army and Space Force, are just spreadsheets with items, appropriations and dollars. Others, like Southern Command and Central Command, have elaborate justifications in text.

The big picture

The DoD leadership’s review may be having an effect, beginning with a reduction in the total amount. This year’s submissions total just $16.4 billion (excluding Cyber Command, the National Guard Bureau, Strategic Command and the Missile Defense Agency, which have not made their lists public), down from $21.5 billion for FY23 and $23.8 billion for FY22.

Another effect is what’s not on the list: people. In the past, the military services have asked for more people to fill out existing units or build new units. Such requests have future funding requirements that the DoD likely does not want to commit to, thus none of the services asked for more people this year.

Also missing are major weapons. One might expect long lists of airplanes, ships and fighting vehicles, but those are mostly absent. Their presence would imply a warfighting gap that the DoD leadership does not recognize.

So what is on the lists? First, there is lots of military construction and facilities maintenance. For example, facilities comprise half of the Navy and Air Force lists and a third of the Army list. There is a general recognition that the DoD underinvests in its facilities, so seeing many such items on the lists is consistent with expectations.

Further, such items do not undermine the department’s strategic direction and so are acceptable when reviewed by the Office of the Secretary of Defense. There are also many readiness items like spare parts and enhancements to weapon systems.

What do the services want?

Although there are common themes, each service request has items that deserve discussion.

Army ($1.93 billion): Beyond facilities, the Army’s top priority is air defense, followed by helicopter enhancements. However, the largest item ($533 million) is for M1 Abrams tanks. Every year, the Army cuts its request for this program, and every year Congress adds money. Thus, this constitutes a brazen plea for Congress to provide money that the Army did not.

Navy ($2.533 billion): On the half of the list that is unrelated to facilities, there is money for spare parts and electronic warfare upgrades to ships. However, there are no ships and only one aircraft — a KC-130J for the reserves.

Marine Corps ($3.672 billion): Ironically, there is a ship on the Marine Corps list — an LPD Flight II. The reason this is on the Marine Corps list and not the Navy list arises from a feud between the two services about the nature of the amphibious fleet. Although the Office of the Secretary of Defense reportedly does not support the ship, it is a congressional interest item, so the DoD decided to let it go. Besides the ship, there are many prosaic items like trucks, trailers and spare parts for Force Design 2030. There is also the usual large request for military construction ($758 million).

Air Force ($2.453 billion): As with the Navy, half of the list is military construction. The major item on the other half is an acceleration of the E-7 airborne early warning aircraft program ($596 million), but no other aircraft, even though the Air Force is not buying enough aircraft to support its force structure.

Space Force ($477 million): The Space Force’s list might be characterized as “details available at a higher level of classification.” Only $43 million of the $477 million (9%) has an unclassified description. The other items are listed as classified programs A, B, C, D, E and F.

What do the combatant commands want?

The statutory language requires the combatant commands to submit lists. These lists include specialized procurement relevant to their region as well as additional exercises and allied engagement. The lists also reflect the needs of a global superpower, with items for enhancing capabilities in regions as diverse as the Arctic, the Middle East, Africa and South America.

European Command ($160 million): The request is split between air base defense — a reaction to the war in Ukraine — and upgrades to communications infrastructure. The request notes that European Command has received a lot of money through the European Deterrence Initiative and Ukraine supplementals, so the list is not as long as it might have been.

Indo-Pacific Command ($3.481 billion): Perhaps sensing that its strategic moment has arrived, and reflecting the department’s focus on the Pacific, INDOPACOM’s list is by far the largest from a combatant command. The administration is sending a message about China being “the pacing challenge.” The list covers a wide variety of capabilities from space to cyber to command and control. There is nearly $1 billion in munitions. The largest item ($511 million) is to increase “campaigning,” which means more exercises and activities.

Africa Command ($397 million): The largest amount is for persistent presence in Somalia ($152 million). Recognizing that it is a “posture limited theater,” AFRICOM also has a large request for intelligence, surveillance and reconnaissance ($224 million) as a substitute for boots on the ground.

Special Operations Command ($847 million): The list has 23 items covering various weapons and command-and-control systems. There are several large items of interest: acceleration of counter-drone systems ($91 million), likely driven by experience in Ukraine; development of an improved MQ-9 Reaper drone ($93 million), which is interesting since the Air Force is moving away from non-stealthy drones; military construction ($149 million); and cost overruns on the MH-47G block II helicopter production ($108 million).

Central Command ($291 million): The top priority is countering unmanned aerial systems, which is not surprising since Iran routinely conducts attacks using these systems. The most expensive item is pre-positioned war reserves ($125 million) to “compensate for the lack of forces and footprint in theater.” Such enhancements speed future deployments. In addition, there are a variety of theater-specific intelligence requirements.

Northern Command ($366 million): The enhancement of Arctic capabilities is at the top of the list. The most expensive item ($212 million) is nine long-range radars “to fill surveillance gaps caused by existing radar failures.” No doubt this arises from the embarrassing Chinese balloon intrusion.

Southern Command ($272 million): Because the theater lacks an immediate military threat or permanently stationed U.S. forces, the request has a different flavor: Half is for sensors to detect illegal mining, fishing and drug movements, and half is for enhancing engagement with allies and partners, mostly on nonlethal activities like disaster assistance and countering disinformation.

Transportation Command ($0): Alone among all the organizations, Transportation Command has no items on its list. “The FY 24 budget request supports the USTRANSCOM mission.” This lack of a Transportation Command priority list has been the case for several years, so it reflects an organizational policy decision, not the vagaries of the FY24 budget.

Looking ahead

The combination of progressive opposition to defense budgets, deficit hawks trying to squeeze the federal budget and opposition by DoD leadership may eliminate these lists in the future.

However, defense hawks, particularly those on the authorization committees, find such lists useful. So even if the statutory language goes away, some sort of list will likely be required in the future.

For the administration, it may be enough to review and shape the requests rather than suppress them entirely. The current lists might be a minor annoyance by implying inadequate resources, but they do not pose a political or strategic challenge to the administration’s chosen path.

Mark Cancian is a senior adviser for the International Security Program at the Center for Strategic and International Studies think tank.

However, though our eyes have been opened, we remain woefully underprepared.

This was made clear on March 28, when U.S. Navy Secretary Carlos del Toro admitted a disturbing imbalance of military resources to the Senate Committee on Appropriations: “By 2028, we will have approximately 291 ships or so. ... I can’t predict exactly what the Chinese will have, but estimates are upward of 440 or so.”

In other words, China is on a fast track to displace America as the world’s dominant naval power.

“Whoever rules the waves rules the world,” as naval theorist Alfred Mahan said. What’s more, China is ruled by the Chinese Communist Party, a tyrannical regime that commits literal genocide and actively seeks to enrich itself at America’s expense. If Beijing succeeds in overtaking the U.S., it will not just mean a change in global leadership; it will mean a change in the rules of international politics, and not one for the better.

This is true with regard to economics and diplomacy, but especially so with regard to our Navy. Too few people fully understand or appreciate the fact that our ships do more than defend allies and partners from invasion; they also guarantee freedom of navigation on the open seas.

For decades, the U.S. Navy has eliminated piracy, prohibited extortion and ensured that virtually every country on the planet has the ability to trade — and it has asked nothing in return. That will end if Beijing uses a more powerful force to overturn our maritime supremacy.

That Beijing seeks to do so is undeniable. Chinese Communist Party General Secretary Xi Jinping has emphasized the importance of a strong naval force that can project power, stating: “The strongest nations are victorious at sea; those in decline are weak.”

China’s 2015 defense whitepaper further suggested that the People’s Liberation Army focus on “maritime military struggle” to achieve China’s geopolitical objectives. Beijing has also challenged the law of the sea countless times, using everything from fishing boats and artificial islands to warships and fighter jets to advance its illegal claims and restrict innocent passage in the South and East China seas.

Meanwhile, just one of China’s 13 naval shipyards has greater productive capacity than all seven U.S. shipyards combined. That is not especially surprising given that some in our government seem content to export all domestic manufacturing.

Our resources are limited, but maritime supremacy is a possession of immense, almost invaluable benefit. Don’t the stakes in this conflict merit a response from the Biden administration?

The answer is obviously yes. According to Secretary del Toro, “we find ourselves at another such inflection point, one that demands we renew our commitment to naval primacy as we chart a course through this century of intense maritime competition.”

But President Joe Biden apparently didn’t get that memo because his budget request for the Navy and Marine Corps is about 2% below inflation. In other words, the White House wants to cut the Navy’s funding when it’s already losing ground. It makes no sense when the production of the Columbia-class submarine is 10% behind schedule and that of the Virginia-class submarine is “significantly behind.”

There’s another problem here, too, which is how the U.S. Department of Defense invests the money it does have. Instead of using funds for basic tasks like shipbuilding, the Pentagon has been spending more and more taxpayer dollars on obscure experiments conducted by third-party contractors under the guise of research and development.

In short, the government can and should invest in technological innovation, but not at the expense of production. America won World War II in large part because it outcompeted and outproduced the Axis on the factory floor. We shouldn’t fall into the trap of overspecialization that doomed our enemies in the past.

If our leaders want even the slightest chance of maintaining U.S. maritime supremacy — and all the benefits it brings to the American people and the world as a whole — they need to reorder their priorities and accelerate our nation’s shipbuilding.

President Theodore Roosevelt once said: “A good navy is not a provocation to war. It is the surest guaranty of peace.” If so, we are setting ourselves up for conflict. That needs to change.

Sen. Marco Rubio, R-Fla., is the vice chairman of the Senate Select Committee on Intelligence. He also serves on the Foreign Relations and Appropriations committees.

To address this unacceptable situation, a bipartisan group of House lawmakers last week introduced the Block the Use of Transatlantic Technology in Iranian Made Drones Act of 2023. The bill requires the Commerce Department and State Department to develop and submit to Congress strategies designed to stop the flow of components to Tehran used in the Iranian drones.

For its part, the Pentagon would be required to “develop a range of options that may be employed by the Armed Forces of the United States to counter or otherwise deny Iran the ability to acquire technologies” for its drones.

It is easy to see why Congress is motivated to act. As most know by now, Iran has provided hundreds of drones to Russia for use in Moscow’s war against Ukraine, with evidence of their use on the battlefield first surfacing in September.

Photos of the remains of an Iranian Shahed-136 loitering munition in Kupyansk. It appears Russia has named them the Geran-2.https://t.co/HbuyXInJlT pic.twitter.com/6zXPI3tSDI

— Rob Lee (@RALee85) September 13, 2022

In November 2022, the Conflict Armament Research group assessed that 82% of the components in downed Iranian drones and a precision-guided munition of Iranian origin recovered by Ukraine were produced by U.S.-based firms. Additionally, Ukrainian intelligence revealed that a whopping 40 of an estimated 52 components found in a downed Iranian drone were produced by 13 American firms.

Iranian drones have supplemented cruise and ballistic missile attacks on Ukraine’s critical infrastructure, as Russian stockpiles of traditional munitions have dwindled significantly since the war began. While the Iranian drone threat may have previously seemed distant for Europe, the appearance of these weapons in Ukraine has brought the problem home.

Unfortunately, attacks from Iranian drones are not a new reality in the Middle East, including against U.S. troops. On March 23, for example, Iran-backed groups used an Iranian-origin drone against a U.S. base in northern Syria, killing one U.S. contractor and injuring five service members.

That attack was hardly a one-off event. U.S. Defense Secretary Lloyd Austin recently told Congress that Iran-backed groups have struck U.S. positions in Syria and Iraq 83 times since January 2021. Many of these attacks involved Iranian drones.

U.S. partners in the Middle East have not been immune from attacks using Iranian drones, either. In September 2019, Tehran launched a combination of drones and low-flying cruise missiles at Saudi oil installations in Abqaiq and Khurais, knocking out 5.7 million barrels per day of oil production.

A U.N. Panel of Experts on Yemen investigated the debris from this and an earlier drone attack on Saudi oil installations. The panel discovered parts from the wreckage of a delta-wing drone originated in at least seven countries, including the United Kingdom and/or Poland, Sweden, Italy, Japan, Ireland, South Korea, and the United States.

In September 2022, Tehran launched a barrage of drones and close-range ballistic missiles at Kurdish regions of northern Iraq, killing one U.S. citizen. The Iran-backed Houthis in Yemen have launched hundreds of Iranian-made or Iranian-designed drones at Saudi Arabia over the past several years.

The body of evidence collected from downed Iranian-origin drones in Ukraine and the Middle East make it likely that many of the drones used to attack Americans and their partners in the Middle East contain parts made by American companies.

That should not happen. So what’s to be done?

To be fair, the Biden administration has established a task force to investigate how Iran has been able to acquire U.S. and Western components used in drones. But one thing is already clear: The task force’s actions are belated and thus far insufficient.

The first step is to ensure that Washington, Kyiv and U.S. partners in the Middle East are sharing as much information as possible regarding how Iran acquires drone components, the networks it uses to proliferate drones, and the best ways to detect and defeat Iranian drones once launched. That’s where the new legislation and increased interagency action and coordination could help.

Building a combined security architecture in the Middle East that prioritizes air defense — and includes the U.S. military, Gulf Cooperation Council partners and eventually Israel — would be an important additional step.

The Pentagon should also redouble and expedite efforts to strengthen American air defenses to detect and destroy Iranian drones. U.S. troops in harm’s way deserve nothing less.

The State and Defense departments should also work to expedite the deliveries of air defense assets to Arab partners, lest they be forced to procure similar systems from countries such as Russia or China, making the establishment of an effective regional security architecture more difficult or impossible.

Simultaneously, the United States and its partners must work together to map and block Iranian drone supply networks and plug any holes.

But if past is prologue, if the legislation becomes law, the strategies and options submitted to Congress will likely lack substance or specificity. To discourage such an outcome, the legislation’s sponsors may want to consider tasking the comptroller general at the Government Accountability Office to independently assess in written and unclassified form both the administration’s responses and the implementation of any recommendations.

Americans are right to expect that American-made technology and parts are not used by our enemies to attack our troops and our partners. Unfortunately, barring urgent additional action, we should expect more of the same in the future.

Ryan Brobst is a research analyst at the Foundation for Defense of Democracies, where Bradley Bowman is the senior director of its Center on Military and Political Power and Behnam Ben Taleblu is a senior fellow.

With the recent push of Large Language Model and Transformer AI, the federal workforce has become enthralled with the potential of AI and how it can empower them to effectively carry out agency missions.

One popular LLM tool is ChatGPT. Lawmakers are already using ChatGPT to help write speeches, and agencies have begun to investigate the countless other benefits of implementing the technology within existing processes, including assisting employees in communicating, streamlining workflows, and increasing employees’ access to information.

Amid the excitement, there are concerns that ChatGPT and other LLM tools could eliminate jobs, provide inaccurate information and perpetuate bias. While some fears may be unfounded, it’s crucial that federal agencies consider all the potential impacts a full-scale implementation of ChatGPT may have on the workforce and agency stakeholders.

To do so requires a thorough understanding of where ChatGPT can help serve the federal workforce and, more importantly, where it can’t.

ChatGPT is powerful, but not all-powerful

Traditionally, AI assists government employees with internal processes by helping at service desks, streamlining decisions, automating repetitive tasks, and more. While ChatGPT can fulfill those traditional roles, its large language model also enables a new dimension of capabilities.

The technology can provide the federal workforce enhanced training and professional development opportunities by creating online courses, tutorials, and other educational resources that federal employees can access anytime. Alternatively, it could improve employee access to information about policies, procedures, regulations, and work-relevant data and statistics.

ChatGPT also has the potential to assist in solving well-documented government-wide challenges. For example, it can help streamline the complex federal acquisition process by drafting a government contract that employees can edit instead of creating from scratch. The potential applications are not lost on agencies, as the Department of Defense is already in the process of creating a similar AI-powered contract-writing solution known as “AcqBot” to accelerate workflows.

What’s more, the applications of ChatGPT can easily be tailored for specific agency needs. The IRS could use ChatGPT to automate the process of categorizing incoming tax forms and routing them to the appropriate department for processing, while DoD could use it to automatically generate reports on equipment maintenance, streamlining the scheduling of repairs.

The applications of ChatGPT are limited only by imagination, creativity, and desired level of impact. However, the effects are not all positive, and relying too much on ChatGPT can bring significant risk to an organization without the proper guardrails. For example, certified ethical hacking community members have proven ways to jailbreak numerous LLM and Transformer-based tools like ChatGPT and trick them into inserting bias into answers, violating ethical policies, creating code for Distributed Denial-of-Service attacks and more.

ChatGPT can also occasionally provide responses or extract information from sources that do not exist to provide a prompt answer. This happens because ChatGPT uses probability-based guessing based on available information to generate its responses.

Therefore, while the original data it pulls from may be accurate, compressing and adjusting the data to answer the unique prompt may generate the most likely statement instead of an accurate one, resulting, at times, in entirely made-up sources. In the event of an error, it won’t acknowledge its mistake but reaffirm its response. This may lead to potential misinterpretations by federal employees relying on the tool to obtain information on benefits or formatting errors in contracts drafted using the tool.

Additionally, if an employee unknowingly uses the information to make a decision that results in a negative response, they may suffer a loss of time, resources, and even reputation. Therefore, it is essential to ensure that ChatGPT is properly tested and monitored, and that employees are trained to minimize the risk of errors before using the system.

Is it ethical to use ChatGPT?

Government agencies are responsible for protecting the safety and well-being of all citizens, including the federal workforce. Many fear that using ChatGPT to assist the workforce will lead to real humans losing their jobs or accidentally perpetuating biases.

These fears are not wholly unfounded, as ChatGPT is incapable of human or critical thought. Because it can’t make emotional decisions or determine when it’s being prejudiced, if the data used to inform its research is biased, the bias may be amplified in the responses provided, which can have profound implications and consequences for government agencies that are expected to provide impartial information to citizens. This means agencies with any citizen-facing interactions must be very careful with how they use the technology when interacting with the public or making decisions that have wide-reaching impacts.

These limitations also provide good news as it means that ChatGPT can’t replace humans. As with all technology, it has tasks in which it excels and tasks that it fails -- these lessons remind us that technology exists to empower, not replace, humans. The ultimate rule of technology holds true for ChatGPT: Don’t trust; always verify. It is human’s ability to question and confirm that AI can never replace.

Integrating ChatGPT into federal systems requires a considerable investment of time, resources, and education to ensure that it performs its tasks and responsibilities effectively without causing harm. Agencies must understand that ChatGPT is not a panacea for all challenges. To unlock its full potential, the government must carefully tailor the tool for specific applications while educating employees on its capabilities, applications and risks.

While more human involvement will be necessary in the short term to ensure that ChatGPT is used effectively and safely, the future benefits of ChatGPT are vast and will undoubtedly lead to a more efficient and effective government for all.

These regulations, some of which may begin appearing in RFPs as early as this spring, trace their roots back to early 2020 when the DoD, in partnership with Carnegie Mellon and John Hopkins, formed what is known today as the Cybersecurity Maturity Model Certification (CMMC) program, governed by the Cyber Accreditation Body (Cyber AB). The program requires all Defense prime and subcontractors who access, store and/or transmit Controlled Unclassified Information to implement a specified level of cybersecurity.

The upcoming contract requirement known as the DFARS 7021 clause adds a “trust but verify component” to existing federal contract data protection identified under DFARS 252.204-7012, Safeguarding Covered Defense Information & Cyber Incident Reporting. Prior to CMMC’s release, defense contractors were able to self-attest that the businesses were abiding by established contract security standard.

All that is changing now.

While these regulations will undoubtedly mean additional time and effort for defense contractors, they are essential to ensure that sensitive information is kept secure. With more than 500 government contractors in the Hampton Roads, Virginia, area alone, preparing for these new requirements is of utmost importance. Those who do so most efficiently and effectively are likely to come out on top in the highly competitive government contracting landscape.

To prepare for the new regulations, organizations should take proactive action to determine their gaps, prioritize resource allocation to address those gaps, and continually adjust to the moving target of cybersecurity compliance across the DoD contracting landscape.

Here are a few key steps for accomplishing those objectives:

— Review any existing (if applicable) or upcoming contracts to identify security requirements/DFARS clauses.

— Identify whether the business handles only FCI or more sensitive CUI (Controlled Unclassified Information). As a reference, a company’s contracting officer should be able to assist in determining this.

— Review NIST 800-171 controls in preparation for performing a security controls analysis.

— Ensure there is an established company-wide cybersecurity training program, to include initial and ongoing cybersecurity awareness and education. Continuous cyber training will empower and enable company personnel to identify threats and mitigate their business impact.

— Consider obtaining outside resources, either over the short-term or long-term, to supplement in-house resources to help identify gaps in the organization’s readiness posture, assist with drafting operational security policies, and to help position the organization for continued CMMC compliance.

Pentagon publishes zero-trust cyber strategy, eyes 2027 implementation

While these additional hurdles may mean additional time and effort for would-be contractors, they are in many ways sensible and attainable with the right amount of advance planning and resources. Since its inception, the CMMC Program has undergone multiple commentary periods, allowing for DIB contractors and cybersecurity leaders to provide constructive feedback.

The DoD and Cyber AB are committed to safeguarding important data, people, and systems from nefarious actors who would like nothing more than to execute a devastating cyberattack, so the hope is that the newer regulations will help eliminate confusion over the certification process while also easing the contractor burden of implementation.

The implementation of new and more strict information security regulations is causing anxiety among defense contractors in Hampton Roads and elsewhere across the country. These regulations require companies to face further scrutiny and pass additional hurdles, some of which may begin appearing in RFPs as early as this spring, before engaging in contract work with the DoD and its ancillary agencies.

However, while these regulations may mean additional time and effort for defense contractors, they are essential to ensure that sensitive information is kept secure. Those who prepare for these new requirements efficiently and effectively are likely to come out on top in the highly competitive government contracting landscape.

Greg Tomchick is CEO of Valor Cybersecurity, headquartered in Norfolk, Virginia, a provider of cybersecurity services to small to medium-sized businesses in technology, defense, and investment communities.

If a natural or manmade obstruction stalled an attack, combat engineers were called forward to breach the obstacle quickly and effectively or bridge the wet or dry gap.

But Marine Corps combat engineers are no longer capable of providing this essential support. If called upon today to breach a minefield, reduce an obstacle or bridge a gap, the combat engineers would have nothing acceptable to send forward.

The Marine Corps has dangerously divested all its assault breaching and bridging capabilities. The engineers are still willing but are no longer capable.

Marine Corps divestment of needed engineering structure and equipment coupled with other debilitating losses in tanks, artillery, assault amphibious vehicles, helicopters, tiltrotor aircraft and strike/fighter aircraft were part of an unwise “divest to invest” strategy, voluntarily pursued by the Marine Corps to self-fund future, experimental capabilities.

Marines remove scout sniper platoons from infantry battalions

The armored vehicle launched bridge, tank track width mine plow, armored combat earthmover and assault breacher vehicle were all jettisoned from the Marine Corps inventory over the past three years, apparently without consideration for future mobility requirements or for the protection of the individual Marine.

Marine Corps combat engineers no longer possess mobility and survivability equal to the force being supported. Without some armored protection, the engineers are exponentially more vulnerable to enemy small arms, mortars and artillery fires.

Unwise, or maybe better said, foolish divestments make it impossible for combat engineers to accomplish the essential missions of rapidly breaching minefields, barriers and obstacles; conducting route clearance under fire; rapidly laying down bridging for crossing streams and gaps and constructing roads and trails.

These engineering requirements are not limited to major land wars. Mines, damaged or destroyed bridges, and improvised explosive devices will inevitably confront Marine forces in any future conflict, small as well as large.

For those who think that U.S. Army or coalition forces will provide Marine forces the breaching and assault bridging capabilities needed is not just wishful thinking; it is dangerous thinking. We know of no service agreements that will support this assertion.

The rush to restructure and reequip the Marine Corps as an abstract regional force is codified in the Marine Corps concept document Force Design 2030. Prior to jettisoning needed structure and equipment, coupled with similar but external losses in the maritime prepositioning force and amphibious shipping, Marine air-ground task forces were trained and equipped to immediately deploy anywhere, across the spectrum of conflict. They were ready, relevant, and capable of responding to any crises or contingency as the nation’s premier 9-1-1 force.

Today, Marines remain ready to answer the call, but the capabilities needed for global response have been sacrificed as bill-payers for unproven organizations, equipment, and munitions narrowly tailored against one threat and in one location ― China’s navy in the western Pacific. The emasculation of Marine Corps capabilities and the myopic focus on a single enemy is a threat to national security.

The loss of all assault breaching and bridging capabilities significantly limits where Marine ground forces can be committed to combat, today and in the future.

Combat engineers no longer have the manpower and equipment to facilitate the unimpeded maneuver of Marine infantry through explosive and nonexplosive obstacles and across gaps.

The Marine Corps is gambling the mission and the lives of its Marines on the forlorn hope that someone else will answer the infantry’s call “engineers up” when pinned down and unable to maneuver through a minefield or across a river.

The recently published article by former Marine Corps Commandant Gen. Charles Krulak and former Commander United States Central Command General Anthony Zinni, offers a distinct alternative to Force Design 2030. Vision 2035 would restore the Marine Corps to its congressional mandated role as the Nation’s 9-1-1 force, capable of responding quickly and effectively to any threat worldwide.

A key component of the vision is a robust combat development process to determine the capabilities and requirements needed for global response in an age of precision munitions. Global response in “every clime and place” will require the restoration of assault breaching and bridging. The specific requirements will be determined through a rigorous combat development process.

United States Marines will encounter simple and complex obstacles, natural and man-made, when fighting a determined enemy, not just in the Indo-Pacific region but in all theaters.

Force Design 2030 has cheated Marine Corps combat engineers of the tools they need to breach these obstacles and ensure the freedom of movement Marine infantry and other elements of the force must have to fight and win.

The nation requires a Marine Corps ready, relevant, and capable of responding globally to any threat. The Marine Corps must have combat engineers with robust and effective assault breaching and bridging capabilities. Future battles, as past battles, will be decided by the combined elements of maneuver, fires, and information.

Lt. Gen. William Keys, retired, recipient of the Navy Cross for heroic actions in the Vietnam War, led the 2nd Marine Division when it had to breach explosive and non-explosive obstacles and bridge gaps to maintain the momentum of the attack into Kuwait during Operation Desert Storm.

Maj. Gen. Ronald Richard, retired, was the Operations Officer for the 2nd Marine Division during Operation Desert Storm.

This article is an Op-Ed and as such, the opinions expressed are those of the authors. If you would like to respond, or have an editorial of your own you would like to submit, please email Military Times Editor Andrea Scott.

Want more perspectives like this sent straight to you? Subscribe to get our Commentary & Opinion newsletter once a week.

Indeed the rifle seems cursed from birth. Even the naming has failed. Army recently allowed a third-party company to scare it off the military designation M5. The re-naming will certainly also help scupper bad public relations growing around ‘XM-5′ search results.

Civilian testing problems have, or should have, sunk the program already. The XM-5/7 as it turns out fails a single round into a mud test. Given the platform is a piston-driven rifle it now lacks gas, as the M-16 was originally designed, to blow away debris from the eject port. Possibly aiming to avoid long-term health and safety issues associated with rifle gas, Army has selected an operating system less hardy in battlefield environments. A choice understandable in certain respects, however, in the larger scheme the decision presents potentially war-losing cost/benefit analysis.

Civilian testing, testing Army either never did or is hiding, also only recently demonstrated that the rifle seemingly fails, at point-blank ranges, to meet its base criteria of penetrating Level 4 body armor (unassisted). True, the Army never explicitly set this goal, but it has nonetheless insinuated at every level, from media to Congress, that the rifle will penetrate said armor unassisted. Indeed, that was the entire point of the program. Of course, the rounds can penetrate body armor with Armor Piercing rounds, but so can 7.62x51mm NATO, even 5.56x45mm NATO.

The fundamental problem with the program is there remains not enough tungsten available from China, as Army knows, to make the goal of making every round armor piercing even remotely feasible. The plan also assumes that the world’s by far largest supplier will have zero problems selling tungsten to America only for it to be shot back at its troops during World War III. Even making steel core penetrators would be exceedingly difficult when the time came, adding layers of complexity and time to the most time-contingent of human endeavors. In any case, most large bullet manufacturers and even Army pre-program have moved to tungsten penetrators for a reason, despite the fact it increases the cost by an order of magnitude and supply seems troubled. Perhaps Army has a solution, perhaps.

The slight increase in ballistic coefficiency between the 6.8x51mm and 7.62x51mm cartridges neither justified the money pumped into the program nor does the slight increase in kinetic energy dumped on target. Itself a simple function of case pressurization within the bastardized 7.62mm case. Thus the net mechanical results of the program design-wise is a rifle still chambered in a 7.62x51 mm NATO base case (as the M-14), enjoying now two ways to charge the weapon and a folding stock. This is the limit of the touted generational design ‘leap’ under the program. And while the increased case pressure technology is very welcome the problem is, in terms of ballistics, the round is in no way a leap ahead compared to existing off-the-shelf options as those Army nearly went with under the now disavowed Interim Combat Service Rifle program, or it in fact did purchase schizophrenically just before the NGSW program began with the HK M110A1.

There is simply no rhyme or reason to Army rifle procurement programs. Problematic programmatic choices do not stop here, however. Another problem is the weapon sight. The Vortex XM-157, which may have critical components made in China, is most definitely not an ‘auto-aiming’ sight. For guaranteed hits, the shooter still must manually ‘ping’ the target. This takes back usable seconds and makes shooting 100% accurately on the fly, as envisioned under the program to justify the reduced available round count, an utter pipe dream. The scope is otherwise a normal scope.

Starting from a highly dubious intellectual, strategic and tactical baseline, the NGSW program is now failing mechanically and ballistically at once. Army came out hard with the program’s aims and expectations, unreasonably so, practically declaring a War on Physics from the outset. Unfortunately, like so many other antecedent programs Army has lost the war again, badly. In terms of weight, recoil, durability and ballistics, expectations vs reality are crashing down on Army right now, hard.

Dr. Allan Orr is a strategic studies specialist who focuses on asymmetric warfare. His current analytical interests include hostage rescue, where he developed an interest in small arms following the Lindt Cafe Siege in Sydney, Australia. He currently directs OrrCon, a boutique one-client-per-industry defense sector consulting firm.

But what he is wrong about is this: “Encrypting the data where it sits and along the route it travels makes it irrelevant to then protect the pipes.” Which is 100% wrong from an information warfare, or information advantage, or even “big data” perspective.

The military should turn its network innovation upside down

Encryption has a shelf life, and the encrypted information might have a longer shelf life than the encryption protecting it.

Triple data encryption standard, or DES, with a 56-bit key space was introduced in 1981, and the advanced encryption standard, or AES, wasn’t adopted as a federal standard until 2002, well after the F-22 first flew in 1997. The F-117 Nighthawk made its maiden flight June 18, 1981, one month before the more secure Triple DES was proposed. Had the materials involved in making the F-117 Nighthawk been encrypted with DES, that encryption would be irrelevant today, at a time when a modern low-cost commodity desktop that could break the encryption in minutes to hours.

There are still many foreign intelligence services interested in the technology to build even a first-generation stealth aircraft. There’s a reason that the Chinese J-20 and J-31 look similar to the F-22 Raptor and the F-35, and there’s a reason that China is interested in building massive supercomputers capable of massive parallel processing, despite the currently ongoing “chip war.”

We must conclude that any encrypted information collected by foreign intelligence services will eventually be cracked through sufficient compute power and time. This is one reason why super computers are part of the race for information dominance. At the level of supercomputers, the amount of compute is truly calculated in cost to build and cost to operate. If you do not have access to cutting edge chips, just increase the number of compute chips, central processing unit or graphics processing unit, or some other compute unit like an AI accelerator. It will cost more to make and cost more electricity to operate, but the amount of compute will be available to the government or corporation that invested in the system.

Without a true “zero trust” scheme, any compromise of any node on any network becomes a pivot point for further attacks. The problem with “zero trust” is that to be effective, you need a mature network model that can be secured, not a “growing, organic network” that is adapting rapidly to meet the needs of the user. And so without full security at every later version of the open systems interconnect model, there is unaddressed risk of which users are not even aware.

Lastly, even if encryption is 100% future quantum proof, the amount of data flowing between nodes is still a key indicator for intelligence analysists. If a massive amount of data begins flowing to and from a particular combatant command, that is a clue to foreign nation cyber teams that something is going on. It could be an exercise or a response to a crisis. But it becomes one part of a bigger picture that erodes any joint force information advantage. During the build up to Operation Desert Storm in 1991, the Christian Science Monitor published, “To gauge international tension, look at late-night pizza deliveries to U.S. war planners.”

Ferrari is absolutely correct that encryption of data at rest and data in transit is 100% necessary for modern military command, control and collaboration. He’s wrong that it will offer warfighters a panacea of capability, or that we can ignore protecting the data pipes that support the warfighter.

Maj. James Armstrong is a cyber electromagnetic operations officer currently serving as a course manager and instructor at the U.S. Army Cyber and Electromagnetic Warfare School at Fort Gordon, Georgia.

The views and opinions presented herein are those of the authors and do not necessarily represent the views of the Army or the Department of Defense.

Have an opinion?

This article is an Op-Ed and as such, the opinions expressed are those of the author. If you would like to respond, or have an editorial of your own you would like to submit, please email us.

Want more perspectives like this sent straight to you? Subscribe to get our Commentary & Opinion newsletter once a week.

The Army’s recent announcement that it’s adopting Gmail, long after many other organizations have done so, could be a sign that the service’s outdated and stovepiped network restrictions may be loosening. But, before declaring victory we should remember that the bureaucracy is working hard to claw back the old way of doing business.

In 2018, the Pentagon banned mobile devices ostensibly from secure areas. However, in reality, the ban was a last ditch attempt to stop the inevitable rise of mobile computing. Overnight, the Pentagon removed laptops with wireless connections because they could not be switched off. This had the effect of driving the entire leadership structure of the department back to the 1990s desktop computing environment.

The banning of mobile devices is part of a broader theme at the Pentagon, where in an effort to create the illusion of reducing network and information risk, the department attempts to hold back the revolution. But, war has the side effect of sobering up risk calculations. In Iraq, Afghanistan, and Syria, military commanders took on bureaucracies and built unprecedented jury-rigged networks to conduct combat operations with allies across commercial networks and systems. The operational flexibility, along with the innovative use of non-program of record commercial systems, far outweighed the risk of compromised information.

Once these wars ended and the innovators redeployed from combat operations, the older network security protocols took hold again, making it nearly impossible for units to tinker with commercial software and hardware to experiment and change how they fight. The war in Ukraine is now the next lab of experimentation and we are finding once again that innovation in war is alive and well when driven by necessity. In this fight, we’re seeing firsthand that communications driven from the bottom-up work just as well as top-down communications on the battlefield.

So, taking this history and these lessons into account, what should the U.S. military be doing?

First, it’s time for the services to take a hard look at themselves and realize that if they can’t keep top talent like former Air Force Chief Software Officer Nicolas Chaillan and the Army’s former Chief Information Officer, Raj Iyer, then something is wrong. In the world of information technology, everyone is not created equal. One superstar is worth a dozen marginal performers since returns are exponential. This is why the truly best make millions of dollars in the private sector. Many, such as these two gentlemen, were willing to give up financial rewards to serve their country. But in return, the Pentagon must let them make reforms at speeds much faster than the bureaucracy moves. In the information space at the department, change should be measured in weeks and months, not years.

Second, the Defense Department should abandon the top-down philosophy that currently permeates Joint All-Domain Command and Control, or JADC2. Instead, it should turn the requirements process upside down and let the operational warfighting commanders make the risk versus reward trade. They can see the benefits of technology on the ground and know better than anyone else at headquarters how it can be used. The Pentagon can assist in this effort by providing encryption capabilities, such as instant messaging system Signal, which reside on commercial phones.

Lastly, the Pentagon should adopt a philosophy of protecting the data rather than protecting the network. For 50 years, the Pentagon manned the perimeter of its network with ever more sophisticated software, most of which is easily overcome by determined adversaries. Once inside the network, as we saw with the hack at the Office of Personnel Management a few years ago, the information is theirs for the taking. Implementing a 180-degree change in security would focus on protecting the information rather than the network. Encrypting the data where it sits and along the route it travels makes it irrelevant to then protect the pipes.

The actual network should be viewed as a space to preserve freedom of maneuver rather than as something to protect.

There are hundreds of innovative companies, some of which such as Google, Space-X, Palantir, and Anduril that are backed by billionaires which can outlast and fight the Pentagon bureaucracy. But most others cannot. That’s why the Pentagon has to take charge and stop depriving our warfighters of the capabilities being exploited in Ukraine through its top-down approach to network innovation. Instead, it should turn its network innovation upside down and let our warfighters decide what risks to take.

Retired Army Maj. Gen. John Ferrari, a nonresident senior fellow at the American Enterprise Institute, is a former director of program analysis and evaluation for the Army.

Have an opinion?

This article is an Op-Ed and as such, the opinions expressed are those of the author. If you would like to respond, or have an editorial of your own you would like to submit, please email us.

Want more perspectives like this sent straight to you? Subscribe to get our Commentary & Opinion newsletter once a week.