Posted on Dec 15, 2022
EXCLUSIVE: Pentagon not prepared for software updates at the speed of war, report finds -...
2.6K
39
12
10
10
0
Interesting article. I’m not a computer or software developer, but the points made in the article makes sense to me.
EXCLUSIVE: Pentagon not prepared for software updates at the speed of war, report finds -...
Posted from breakingdefense.com
F-35
Software
Software Developer
Posted >1 y ago
Responses: 7
So ... this is MUCH more complicated than presented in the article and goes way beyond "industry best practices". Additionally the author doesn't seem to know about a lot of the cyber acquisition strategies that have been implemented in the last eight years or so.
One problem facing DoD acquisition efforts is that the PMs are often hamstrung by the 'well intentioned' efforts of our elected leaders. In an effort to avoid another $300 toilet seat, they have implemented laws upon laws for the last forty years which required these long, laborious, cumbersome, bloated, etc. processes which tie the hands of much development. Now, not all the laws are bad, but many laws are like entitlements ... once enacted, it is almost impossible to get them taken away.
So, DoD has been chipping away at them to implement operational effectiveness out of the constraints imposed on them. One of these changes that was implemented was the acquisition strategy of "IT Box"* - originally designed for IT acquisition so it wouldn't take years to get IT solutions, during my time at ARCYBER the command started the Army into 'operational acquisition for cyber capabilities'* so that it could take weeks/months to do what took years before.
Still not fast enough, so they were going in the direction of paring the concept they've had for years of reprogramming aircraft early warning sensors (You know .. the thing you hear in the movies that goes "BEEP BEEP BEEP" when an enemy radar locks on) with new threat radar signatures through an organization called the Army Reprogramming Analysis Team (ARAT). Using the concept of rapid reprogramming under ARAT, they expanded ARAT's mission to encompass exactly what the article was discussing - software development/updating at the speed of the battlefield.
I don't know what the acquisition efforts are today, but that was where they were at about eight years ago. They were going towards the "speed of the battlefield", but weren't there yet. However, they were far beyond the way it is depicted in the article.
I can only assume the other Services and DoD as a whole are in a similar situation because every Service acquisition chief steals the good ideas from the other ones.
-----------------------------------------------
* IT Box - https://federalnewsnetwork.com/defense/2014/02/how-an-it-box-is-making-it-easier-for-dod-to-do-business/
* Army utilizing IT Box for cyber-related acquisition - https://www.army.mil/article/153996/army_advances_rapid_acquisition_for_cyber_defense
* ARAT-TA - https://www.army.mil/article/193637/army_reprogramming_analysis_team_program_office_25_yrs_beyond
* AR 525-15 (Software Reprogramming for Cyber Electromagnetic Activities): https://armypubs.army.mil/epubs/DR_pubs/DR_a/pdf/web/r525_15.pdf
One problem facing DoD acquisition efforts is that the PMs are often hamstrung by the 'well intentioned' efforts of our elected leaders. In an effort to avoid another $300 toilet seat, they have implemented laws upon laws for the last forty years which required these long, laborious, cumbersome, bloated, etc. processes which tie the hands of much development. Now, not all the laws are bad, but many laws are like entitlements ... once enacted, it is almost impossible to get them taken away.
So, DoD has been chipping away at them to implement operational effectiveness out of the constraints imposed on them. One of these changes that was implemented was the acquisition strategy of "IT Box"* - originally designed for IT acquisition so it wouldn't take years to get IT solutions, during my time at ARCYBER the command started the Army into 'operational acquisition for cyber capabilities'* so that it could take weeks/months to do what took years before.
Still not fast enough, so they were going in the direction of paring the concept they've had for years of reprogramming aircraft early warning sensors (You know .. the thing you hear in the movies that goes "BEEP BEEP BEEP" when an enemy radar locks on) with new threat radar signatures through an organization called the Army Reprogramming Analysis Team (ARAT). Using the concept of rapid reprogramming under ARAT, they expanded ARAT's mission to encompass exactly what the article was discussing - software development/updating at the speed of the battlefield.
I don't know what the acquisition efforts are today, but that was where they were at about eight years ago. They were going towards the "speed of the battlefield", but weren't there yet. However, they were far beyond the way it is depicted in the article.
I can only assume the other Services and DoD as a whole are in a similar situation because every Service acquisition chief steals the good ideas from the other ones.
-----------------------------------------------
* IT Box - https://federalnewsnetwork.com/defense/2014/02/how-an-it-box-is-making-it-easier-for-dod-to-do-business/
* Army utilizing IT Box for cyber-related acquisition - https://www.army.mil/article/153996/army_advances_rapid_acquisition_for_cyber_defense
* ARAT-TA - https://www.army.mil/article/193637/army_reprogramming_analysis_team_program_office_25_yrs_beyond
* AR 525-15 (Software Reprogramming for Cyber Electromagnetic Activities): https://armypubs.army.mil/epubs/DR_pubs/DR_a/pdf/web/r525_15.pdf
How an ‘IT Box’ is making it easier for DoD to do business | Federal News Network
The Pentagon is implementing most of the recommendations it made in 2010's Section 804 report to Congress. Katrina McFarland, DoD's assistant secretary for acquisition, said initial results of the…
(6)
(0)
Maj Robert Thornton
Thanks COL Randall C.. The technology etc. I beyond me. Even in the hospital environment tech changes happen slowly.
(3)
(0)
5
5
0
I can believe this 100%. Goodness, back in the computer software dinosaur days when I was in, I was involved in develpping a JCS system. The software developers couldn't get the various programs that fed into the system to talk to each other in the two years I was involved with it. I'm sure things have improved some, but not enough.
(5)
(0)
4
4
0
One solution would to build a unified software platform built solely around a combination of UNIX/LINUX for security/military only, instead of using “Open Source Software” which is vulnerable to exploitation.
This OS (OPERATING SYSTEM) would solely be used within the military and government for the military, no other purpose.
This would allow quicker updates, upgrades, quicker troubleshooting. It would cut down on software crashes.
All military contractors would be required to use just that platform and to stay updated with software integration/updates.
Benefits :
1.) Security
2.) A closed controlled system
3.) Updated at a faster rate
4.) Identify software issues and quicker solutions.
It would take a massive overhaul, but could be done.
I could be way off.
This OS (OPERATING SYSTEM) would solely be used within the military and government for the military, no other purpose.
This would allow quicker updates, upgrades, quicker troubleshooting. It would cut down on software crashes.
All military contractors would be required to use just that platform and to stay updated with software integration/updates.
Benefits :
1.) Security
2.) A closed controlled system
3.) Updated at a faster rate
4.) Identify software issues and quicker solutions.
It would take a massive overhaul, but could be done.
I could be way off.
(4)
(0)
Lt Col John (Jack) Christensen
On the right path but as I indicated in my post the UNIX/LINUX systems, which were all we had in my time, still had issues. I'm just a dumb user, but think what you say makes sense.
(3)
(0)
CPL LaForest Gray
Lt Col John (Jack) Christensen
The current version of UNIX/LINUX runs as an open source application.
I’m thinking more of a controlled closed source Apple OS. Everything in house.
All script is to be written from the ground up.
1.) Linux/Unix is already used to run the most advanced Fire Control and Sonar systems in the submarine fleet.
SOURCE : https://www.usna.edu/Users/cs/wcbrown/courses/si110AY13S/lec/l05/lec.html
2.) Why does the government/military not use special operating systems?
* But the biggest risk for the U.S. military or any organization in relying on legacy systems is in cybersecurity. The latest and most popular versions of Windows benefit from ordinary customers helping to discover security vulnerabilities or bugs through normal computer use, which reduces the risk of undiscovered system flaws remaining undiscovered and open to exploitation by malicious hackers. That’s no small consideration given how hackers would likely be looking to exploit flaws in Windows XP or other legacy systems in use by the U.S. military.
SOURCE : https://slate.com/technology/2018/06/why-the-military-cant-quit-windows-xp.html
The current version of UNIX/LINUX runs as an open source application.
I’m thinking more of a controlled closed source Apple OS. Everything in house.
All script is to be written from the ground up.
1.) Linux/Unix is already used to run the most advanced Fire Control and Sonar systems in the submarine fleet.
SOURCE : https://www.usna.edu/Users/cs/wcbrown/courses/si110AY13S/lec/l05/lec.html
2.) Why does the government/military not use special operating systems?
* But the biggest risk for the U.S. military or any organization in relying on legacy systems is in cybersecurity. The latest and most popular versions of Windows benefit from ordinary customers helping to discover security vulnerabilities or bugs through normal computer use, which reduces the risk of undiscovered system flaws remaining undiscovered and open to exploitation by malicious hackers. That’s no small consideration given how hackers would likely be looking to exploit flaws in Windows XP or other legacy systems in use by the U.S. military.
SOURCE : https://slate.com/technology/2018/06/why-the-military-cant-quit-windows-xp.html
(0)
(0)
CPL LaForest Gray
Additional thoughts of why building from the OS from ground up is necessary for the future.
Structure of UNIX OS Layers
“The UNIX operating system is divided into 4 prominent layers that help define the interaction between the hardware and the user. As we move from layer 1 to layer 4, we move away from hardware towards the software. UNIX OS consists of a hardware layer, kernel layer, shell layer, and applications layer. These layers together create a multiuser, multitasking operating system. The following diagram shows a pictorial representation of the layers in the UNIX operating system.”
1.) Hardware Layer:
It contains the hardware-related information required for the functioning of the UNIX environment.
2.) Kernel Layer:
The core (commonly known as the heart) of the operating system. It is a software application that acts as the interface between the hardware and the user. The kernel is responsible for handling the major functionality of the Unix Operating System including process, memory, file, network, etc.
Functions of the Kernel Layer :
* Ensures that all the system and user tasks are executed concurrently.
* Acts as a device manager helping processes gain access to peripheral devices connected to the computer with the help of device drivers .
* Manages memory using techniques like paging, swapping, and virtual storage.
3.) 1 Shell Layer: The interface between the user and kernel. It is a program that interprets/translates commands typed into the terminal into a series of commands that can be sent to the shell. This script containing commands is called a shell script. The shell is what keeps a history of commands typed in by the user. To repeat a command previously typed, you can simply click the scroll-up key and you will get access to the older commands. UNIX operating system uses multiple shells including Bourne Shell (sh), C shell (csh), Korn shell (ksh), etc. The initial shell that the user logs into is defined by the system administrator. The user can change the default shell by using the 'chsh' command.
4.) Application Programs Layer: The outermost layer that includes programs that are accessed by command on the command line. It executes external applications like word processors and graphic programs . Although the earlier Command line was the only way to access them, now GUI can also be used.
SOURCE : https://www.scaler.com/topics/unix-operating-system/
* KORN SHELL
https://www.ibm.com/docs/en/aix/7.2?topic=shells-korn-shell
ISSUES :
Vulnerability Summary
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated malicious users to provide one of those environment variables could allow them to exploit this issue remotely.
SOURCE : https://vulmon.com/vulnerabilitydetails?qid=CVE-2019-14868&scoretype=cvssv3
Structure of UNIX OS Layers
“The UNIX operating system is divided into 4 prominent layers that help define the interaction between the hardware and the user. As we move from layer 1 to layer 4, we move away from hardware towards the software. UNIX OS consists of a hardware layer, kernel layer, shell layer, and applications layer. These layers together create a multiuser, multitasking operating system. The following diagram shows a pictorial representation of the layers in the UNIX operating system.”
1.) Hardware Layer:
It contains the hardware-related information required for the functioning of the UNIX environment.
2.) Kernel Layer:
The core (commonly known as the heart) of the operating system. It is a software application that acts as the interface between the hardware and the user. The kernel is responsible for handling the major functionality of the Unix Operating System including process, memory, file, network, etc.
Functions of the Kernel Layer :
* Ensures that all the system and user tasks are executed concurrently.
* Acts as a device manager helping processes gain access to peripheral devices connected to the computer with the help of device drivers .
* Manages memory using techniques like paging, swapping, and virtual storage.
3.) 1 Shell Layer: The interface between the user and kernel. It is a program that interprets/translates commands typed into the terminal into a series of commands that can be sent to the shell. This script containing commands is called a shell script. The shell is what keeps a history of commands typed in by the user. To repeat a command previously typed, you can simply click the scroll-up key and you will get access to the older commands. UNIX operating system uses multiple shells including Bourne Shell (sh), C shell (csh), Korn shell (ksh), etc. The initial shell that the user logs into is defined by the system administrator. The user can change the default shell by using the 'chsh' command.
4.) Application Programs Layer: The outermost layer that includes programs that are accessed by command on the command line. It executes external applications like word processors and graphic programs . Although the earlier Command line was the only way to access them, now GUI can also be used.
SOURCE : https://www.scaler.com/topics/unix-operating-system/
* KORN SHELL
https://www.ibm.com/docs/en/aix/7.2?topic=shells-korn-shell
ISSUES :
Vulnerability Summary
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated malicious users to provide one of those environment variables could allow them to exploit this issue remotely.
SOURCE : https://vulmon.com/vulnerabilitydetails?qid=CVE-2019-14868&scoretype=cvssv3
UNIX Operating System - Scaler Topics
The hierarchical file structure in UNIX operating system helps in indexed storage and easy retrieval. Learn more on Scaler Topics.
(0)
(0)
Read This Next
Continue with Facebook 
Continue with Google