The Senate Armed Services Committee on Monday released the full text and report for its version of the fiscal 2025 National Defense Authorization Act with a number of cybersecurity provisions included in it related to zero trust — a widely recognized, cloud-based concept that assumes an adversary has already gained access to a network and therefore looks to limit further movement internally by requiring constant monitoring and authentication of users and their devices as they pass from one part of a network to another.

Key among them is a requirement that, if passed as is, would enlist the DOD chief information officer to issue new guidance tailoring the department’s zero-trust framework to “human-wearable devices, sensors, and other smart technology” included in the so-called military internet of things within 180 days of the law’s passage.

Like traditional internet-of-things hardware, the military internet of things is generally comprised of interconnected, data-rich, sensor-driven devices meant to communicate or share information on a domain in both combat and non-combat settings. While the devices are credited for inexpensively enhancing the military’s ability to sense and share information — in some cases in an automated fashion — they also have led to a proliferation of endpoints that adversaries can target for a cyberattack. A 2015 Center for Strategic and International Studies report referred to security as the “single most important challenge for IoT implementation across the military.”

The guidance from the CIO would also require details on the role that identity, credential, and access management technologies would play in that larger zero-trust strategy as it’s applied to the military internet of things.

A Defense Department strategy signed out in 2022 outlines “target levels” of zero trust, which are a minimum set of 91 capability outcomes that DOD agencies and components must meet to secure and protect networks. The Pentagon’s goal was to achieve those target levels no later than Sept. 30, 2027 — a deadline that David McKeown, the department’s chief information security officer, wants to accelerate.

Senate lawmakers have also taken note of a successful zero-trust pilot and subsequent production contract led by the Defense Information Systems Agency called Thunderdome. In the committee report accompanying the text of the chamber’s version of the 2025 policy bill, the committee urges department components to leverage the success of Thunderdome in replacing the agency’s previous security model known as the Joint Regional Security Stacks (JRSS), which aimed to consolidate the department’s attack surface by reducing thousands of network stacks globally to roughly 25. DISA decided to begin sunsetting that program in 2021.

“The committee is encouraged by the successful prototyping and production agreement for the Thunderdome program, which is expected to scale rapidly across the entire DOD enterprise,” the report reads. “To achieve stated goals within DOD’s specified timelines, the committee believes that DOD components should leverage technologies like Thunderdome, which rely on an open vendor selection process and comprehensive prototyping before production. The committee believes that such attributes are necessary to ensure upgradability and adaptability over time.”

That provision calls on the DOD CIO and director of DISA to brief congressional armed services committees on the progress made with Thunderdome and progress transitioning away from JRSS, “with a focus on how legacy JRSS will incorporate zero trust-aligned continuous trust verification and security inspection regardless of user location or device.”

The post Senate NDAA calls for guidance to apply zero trust to ‘internet of military things’ devices appeared first on DefenseScoop.

The letter — signed by Sens. Deb Fischer, R-Neb., Mazie Hirono, D-Hawaii, and Angus King, I-Maine — outlines the legislators’ apprehensions over the possible repercussions if the Department of Defense is asked to vacate portions of the electromagnetic spectrum that are exclusively used for military operations. Notably, it questions a recent directive from the administration to conduct a second study of dynamic spectrum sharing options between the Pentagon and private sector.

“At this time, it would be counterproductive to initiate additional studies of the lower 3GHz Band,” the SASC members wrote in the missive published Wednesday. “We remain concerned that pursuing a policy of requiring the Department of Defense … to surrender its spectrum for non-Federal use would significantly harm DOD’s ability to carry out its missions, increase costs, and adversely affect our national security.”

The letter comes after the White House published its first-ever National Spectrum Strategy in November. The strategy established near- and long-term guidance that aims to modernize the United States’ spectrum usage for the benefit of both government users and the private sector.

Included in the administration’s wide-ranging list of action items is one that calls for an in-depth study of frequency bands that could be shared between the government and industry — including the 3.1-3.45 GHz S-band that the Pentagon uses to operate its radars, satellites, navigation equipment and more. The study will be conducted by the Pentagon’s Chief Information Office and the Department of Commerce’s National Telecommunications and Information Administration (NTIA).

However, as the senators point out in their letter, the Defense Department and NTIA recently completed an analysis on the impacts of sharing its spectrum band with public users. The 22-month-long, congressionally mandated study resulted in the Emerging Mid-Band Radar Spectrum Sharing (EMBRSS) feasibility assessment.

Although Biden’s strategy notes the Pentagon’s study determined that sharing its spectrum band with private users was possible if interference mitigation capabilities and coordination frameworks were established, it called for a follow-on study to “explore dynamic spectrum sharing and other opportunities for private-sector access in the band, while ensuring DoD and other Federal mission capabilities are preserved, with any necessary changes.”

In their letter, lawmakers emphasized that in order for the spectrum strategy to be successful, the White House must consult and adhere to the findings detailed in the EMBRSS report.

“We are concerned that the administration is moving forward with the National Spectrum Strategy without fully considering the recommendations of the EMBRSS report and the findings of its study on the lower 3 GHz Band,” they wrote. “Proceeding without appropriate input in advance of the National Spectrum Strategy’s implementation could lead to an approach that overrides congressional intent and is at odds with the practical realities and technical assessments the final report provides.”

They also stressed that even partially disregarding the EMBRSS report would negatively affect both government and private sector spectrum users.

Rapid innovations in 5G and other wireless technology have increased commercial demand for access to the electromagnetic spectrum. Industry is calling on the U.S. government to reallocate portions of the spectrum being used by government users — including the Defense Department’s band — for commercial use.

But Pentagon leaders assert that such a move would cost billions of dollars and take years to complete. 

Meanwhile, lawmakers are asking for the EMBRSS report to be made available to the public — either partially or in full. The letter notes that Congress was told that the report would be published, but there’s been no progress in doing so since it was finished in September.

“The study and subsequent EMBRSS report provide meaningful input on how this band of spectrum can be shared with non-Federal users to maximize its value to the American people,” the senators wrote. “We encourage the swift public release of this report to better inform ongoing discussions on what frequencies and conditions DOD’s spectrum may be appropriately shared with non-Federal users.”

At press time, Pentagon officials have not responded to DefenseScoop’s inquiries regarding the status of publishing the EMBRSS report.

The post Senators express concerns about national spectrum strategy’s impact on DOD appeared first on DefenseScoop.

Whiting currently serves as the first-ever head of Space Operations Command (SpOC) — the Space Force field command that acts as the Space Force’s primary service component to Spacecom. As an organization, SpOC is responsible for generating and sustaining much of the service’s space, cyber and intelligence capabilities.

A former space operations officer in the Air Force, Whiting previously served as deputy commander of the Air Force Space Command before it was restructured as the Space Force. He’s also previously held a number of positions at Space Command, Strategic Command and the Office of the Deputy Secretary of Defense.

Whiting would become the second four-star general to lead Space Command if confirmed by lawmakers, succeeding Gen. James Dickinson, who has served as Spacecom commander since 2020.

In addition to Whiting’s nomination, Biden picked Lt. Gen. Michael Guetlein to serve as the next vice chief of space operations at the Space Force. Guetlein is currently leading the service’s acquisition field command, called Space Systems Command (SSC). Guetlein would take the helm from current Vice Chief of Space Operations Gen. D.T. Thompson, if confirmed by lawmakers.

The White House also submitted a nomination for Lt. Gen. Philip Garrant, deputy chief of space operations, strategy, plans, programs, and requirements, to succeed Guetlein as head of SSC. 

The trio of Space Force officers must be confirmed by the Senate Armed Services Committee.

In recent months, committee member Alabama Republican Sen. Tommy Tuberville has put a blanket hold on top-level military promotions in protest of the Pentagon’s abortion policies. The blockade has put a halt to a number of key military appointments, most recently including Gen. Eric Smith, nominee to be Marine Corps commandant, leaving the service without a Senate-confirmed leader for the first time since 1859.

The post Biden nominates Space Force’s Whiting to helm Space Command  appeared first on DefenseScoop.

A provision in the Senate Armed Services Committee version of the fiscal 2024 National Defense Authorization Act — which passed the committee at the end of June but was only released publicly on Tuesday — calls for a more standard approach to how the military services present forces to U.S. Cyber Command.

It comes amid bipartisan concern regarding the readiness levels of the cyber mission force.

The military services are each responsible for providing personnel for a set number of teams to Cybercom, which then employs those forces in operations for the other geographic combatant commands. But each service has its own identity, culture, and way of classifying and providing forces to Cybercom with many arguing that this has been to the detriment of cyber warriors given they are soldiers or airmen or sailors first, with a focus on cyber second.

Some say this has led to incongruence in how the teams are filled and personnel cycling in and out too quickly.

The Senate Armed Services Committee’s provision first requires the secretary of defense to devise a plan to require common enlistment and general tour lengths across the services for the cyber mission force, enlistment terms that are appropriate given the training required and sufficient enough to meet readiness requirements.

The services must also present cyber mission force personnel to Cybercom that are fully trained to certain standards. Very often in the past, members would not get all the training they would need prior to arriving at their unit, with services electing to have forces get more on-the-job training once at an operational unit.

The provision follows similar sentiments from years past from both congressional armed services committees, requiring a plan to address readiness shortfalls and a study on the responsibilities of the military services for organizing, training and presenting forces to Cybercom.

“We’re not at the point of putting a roadblock up on their modest force expansion, but in practical terms, they’re really are going to need to get a handle on their bottlenecks for readiness if they hope to have expanded forces that are ready,” an aide told reporters last year, noting then that many of those previous provisions for addressing readiness issues stemmed from a classified hearing.

In some cases, Cybercom has been forced to curb its cyber mission force expansion. Prior reports highlighted how the Navy was forced to adjust and scale back four additional teams it was slated to provide to the cyber mission force as part of authorized growth to the overall force over the next five years.

Concerns regarding the imbalance between how each service approaches cyber has led to growing calls for an independent cyber service, akin to the Army, Navy, Air Force, Marine Corps and Space Force. The Senate committee also included a provision proposing an outside assessment regarding an independent military cyber service in the bill.

The NDAA must still be passed by the entire Senate and reconciled with the House’s version.

The post Senate Armed Services Committee looks to tackle cyber mission force readiness — again appeared first on DefenseScoop.

Unlike warheads on detectable rockets for ballistic missiles used in previous conflicts, when in-the-making and ultramodern missiles reach and maneuver at hypersonic speeds — or more than 5 times faster than the speed of sound — they become almost impossible to track or deter. America has attempted to master hypersonic flight in fits and starts over the last few decades, but recently sharpened its focus and started massively boosting investments to enable associated assets, largely in response to its competitors’ ambitious programs pushing rapid development. 

The SASC’s proposed defense policy bill for fiscal 2023 continues that upward trend in investing in hypersonics, with provisions that would mandate significant funding for the Defense Department’s hypersonics-aligned initiatives. But notably, the lawmakers behind it also revealed they are uneasy about the government’s capacity to assess such sophisticated capabilities and bring them into full fruition. 

China, on the other hand, last year shocked the Pentagon and the world with the first reported successful test of a nuclear-capable hypersonic missile, which lawmakers and national security leaders considered a “wake up call” for the U.S. 

“The committee notes the [DOD’s] overdue investment in fielding hypersonic defensive and offensive capabilities. The committee encourages additional funding for defensive and offensive capability to enable the department to not just pace, but leap ahead of peer competitors,” members of that committee wrote in a report accompanying their passed version of the National Defense Authorization Act for fiscal 2023.

The added: “However, one of the greatest concerns of the committee is the ability to test hypersonic systems, which requires extensive range space and sophisticated testing capabilities.”

To that end, the congressional cadre called for the defense secretary to provide a briefing to congressional defense committees by March 31, 2023 ”on the capabilities and shortfalls of existing and planned DOD, academia, and industry testing facilities to ensure the on-time development and fielding of these critical hypersonic systems.”

Facilities for this sophisticated type of testing essentially simulate the unique conditions of hypersonic flight, like speed and pressure. China reportedly has the world’s first operational wind tunnel that can assess a full-scale hypersonic missile through the key stages of flight.

SASC’s version of the NDAA for the next fiscal year incorporates a number of hypersonic-related funding proposals — including almost $300 million for the Pentagon’s glide-phase interceptor initiative to combat such capabilities, which is in its early stages and being steered by the Missile Defense Agency. 

Separately, while the department’s budget request included $2 million in a specific line for Navy weapons industrial facilities, the committee instead recommended an increase of $25 million for that line, specifically for a hypersonic test facility.

“The committee believes that further investment in hypersonic test infrastructure is vital to the rapid fielding of emerging hypersonic weapons technologies,” the senators wrote in their accompanying report. 

They also recommended an increase of $30 million for major range and test facility base improvements. 

In their report, the committee members wrote that they understand “that the test and training range in the eastern Gulf of Mexico has aging infrastructure and inadequate instrumented airspace to test the newest generation of weapons and munitions.” They also noted concerns “that open-air test ranges of the major range and test facility base are not capable of supporting the full spectrum of development testing required for current and next generation technologies, including hypersonic and autonomous systems.”

Further, the lawmakers encouraged DOD’s Test Resource Management Center (TRMC) to accelerate the making of launch and down range tracking facilities to support robust testing of both offensive and defensive hypersonic weapons. Alaska, in their view, is one unique geographical location where hypersonic testing could be conducted with “unrestricted flexibility” to meet mission objectives.

This overarching issue is top of mind now, but DOD has been grappling with its deteriorating hypersonics research infrastructure for years. 

In a 2014 study, the Institute for Defense Analyses warned that “no current U.S. facility can provide full-scale, time-dependent, coupled aerodynamic and thermal-loading environments for flight durations necessary to evaluate these characteristics above Mach 8.” The nation’s facilities and areas for experimentation have evolved since then, but more recent federal evaluations of the department’s assets to mature these capabilities have not been released to the public. 

SASC’s version of the NDAA also aims to require several further assessments related to this topic—including a proposal to require the Defense Secretary to “submit a report on estimated costs for conducting not fewer than one full-scale, operationally relevant, live-fire, hypersonic weapon test of the systems currently under development each year by the Air Force, the Army, and the Navy, once such systems reach initial operational capability.”

It’s not yet clear if the provisions mentioned will be included in the final version of the NDAA. The Senate has yet to vote on this version, while House lawmakers have already passed their chamber’s. The two versions will have to be reconciled in committee before the hefty bill becomes law. 

The post Senators warn of insufficiencies in US hypersonic testing infrastructure appeared first on DefenseScoop.

Their proposals come as lawmakers are working on fiscal 2023 National Defense Authorization Act (NDAA) legislation — and as software is considered increasingly critical to ensure military advantage in modern conflicts.

In a three-page letter penned to the House and Senate Armed Services Committees on Wednesday, the executives spotlighted some of what they deemed to be “key challenges in the defense acquisition process that slow the cycle time and impede innovative software companies’ ability to quickly deliver” capabilities to the Pentagon. 

“Software is critical in the new battlespace to ensure proactive defense, responsiveness, and adaptability when competing with near-peer adversaries,” they wrote in the letter, which was obtained by FedScoop on Thursday.

In particular, they called for a better Defense Department pathway for buying readily available Software-as-a-Service (SaaS) offerings. SaaS capabilities essentially provide a means of delivering technology applications remotely over the internet — as opposed to locally. 

“We recommend funding and authorization to allow military services to contract directly with SaaS product providers for software capabilities within programs of record for the acquisition of hardware platforms,” the executives wrote. 

“Fortune 500 companies today routinely use SaaS-based systems to stay competitive in the commercial world,” they noted. The U.S. “national defense community urgently needs to leverage SaaS products, so we can stay ahead of our adversaries in the rapidly-evolving digital battlespace.”

Further, the group called on policymakers to standardize the application of existing acquisition pathways across all of the military branches. They’d also like to see the reauthorization of the Small Business Innovation Research (SBIR)/Small Business Technology Transfer Research (STTR) program and the institution of “targeted reforms to assist small businesses in scaling contracts with the government from prototypes to production.”

Additionally, the executives urged the establishment of a clear pathway for extensive use of continuous Authority To Operate, which is the formal declaration that authorizes products to be used by agencies.

They wrote that they believe these recommendations “would significantly ease barriers to entry and allow small businesses dedicated to building mission-focused software the opportunity to break through the valley of death more quickly, thereby increasing innovation and technological superiority for the Department of Defense.” The term “valley of death” in the federal acquisition world refers to struggles to transition promising technologies into large-scale procurement.

The companies involved aimed to inform NDAA conference discussions before Congress’ August recess, FedScoop confirmed.

Those signed on to the correspondence include: Rebellion Defense, Recorded Future, Copado, Fiddler AI, Percipient.ai, Keeper, CalypsoAI, Interos, SandboxAQ, Nuvolo, LeoLabs, SparkCognition Government Systems, Second Front Systems, Tricentis, Aqua, Armis, Devo Security, Corelight and Jama Software.

The post Startups press Congress to improve how DOD buys software appeared first on DefenseScoop.

Sen. Jack Reed, D-R.I., told the Defense Writers Group that he and other officials will be paying close attention to lessons learned from the Kremlin’s invasion of Ukraine, which began Feb. 24 and is still ongoing.

While acknowledging he has no specific knowledge of operational details, Reed said U.S. operations with the Ukrainians have been “extremely important in informing the Ukrainians of the situation and also of disrupting attacks by Russian cyber hackers on Ukrainian targets,” adding that’s “a lesson we’ll definitely look at.”

The Financial Times reported that the United States sent cyber forces to Ukraine ahead of Moscow’s invasion to help bolster its defenses.

Gen. Paul Nakasone, commander of U.S. Cyber Command, told Congress recently that his organization has worked closely with the Ukrainians since the Russians shut down their energy sector in 2015.

“We had hunt-forward teams from U.S. Cyber Command in Kyiv. We worked very, very closely with a series of partners at NSA and private sector to be able to provide information. … These are all impacts that I think have played positively early on,” Nakasone told the Senate Intelligence Committee March 10.

So-called hunt-forward operations involve physically sending defensively oriented cyber teams to foreign nations to search for threats on their networks at the invitation of host nations. Officials say these activities are mutually beneficial because they help bolster the security of partner nations and provide Cyber Command and the United States advanced notice of adversary tactics, allowing the U.S. to harden systems at home against these observed threats.

Reed said that the operations in and with Ukraine have demonstrated the importance of developing appropriate relationships with allies and partners in terms of sharing cyber information and techniques.

Can cyber operations trigger NATO’s Article V?

The White House and others have warned that the Russians may look to execute cyber ops against the United States and its NATO allies as a means of retaliating for severe economic sanctions levied on them for their invasion of Ukraine.

While U.S. and NATO officials have previously asserted that a cyber operation could trigger the alliance’s Article V, a collective defense mechanism which stipulates that an attack on one nation equates an attack on all, Reed said there isn’t a good definition for when cyberattacks might reach that threshold.

“One of the problems with cyber is we have not written rules of the road,” he said. “We had an intrusion in our presidential election by the Russians [in 2016] and there was no formal mechanism to report them or to sanction them. We’re still in a very early stage. My instincts are it will be a function of scale and probably of the human consequences.”

For example, if a cyberattack takes out a small portion of a nation’s electric grid and no one is hurt, that might not be enough to trigger Article V, he said. However, a cyberattack that causes significant casualties would likely cause NATO to act, he added.

The post SASC chair: conflict in Ukraine demonstrating importance of cyber cooperation with foreign partners appeared first on DefenseScoop.