Digital Engineering, DevSecOps Key to Updating ICBMs

Digital Engineering, DevSecOps Key to Updating ICBMs

Minuteman III intercontinental ballistic missiles are now over 50 years old, and the time to transition to the Ground Based Strategic Deterrent, a full ICBM weapon system replacement, is getting close. The need for optimized sustainment and readiness on Minuteman III is critical as the government prepares for GBSD’s anticipated initial operational capability in 2029.

Helping the Air Force prepare for that transition is a critical mission for BAE Systems, the Air Force’s ICBM systems engineering, integration, and test partner as the Future Intercontinental Ballistic Missile Sustainment and Acquisition Construct (FISAC) Integration Support Contract (ISC) Prime since 2013. This complex transition requires digital engineering expertise, which BAE Systems applies to the ICBM mission every day with its digital modeling and simulation capabilities. BAE Systems’ digital engineering work is ensuring a high-confidence handoff between the two weapon systems and that the Air Force has access to the full range of “zero fail” strategic systems technical expertise to manage the transition.

“Our focus over the past eight years has been to help the government’s ICBM weapon system integrators manage the technical baseline of Minuteman III so they can make informed decisions on its sustainment, and support the acquisition of GBSD,” said Rick Allen, Vice President of BAE Systems Air & Space Force Solutions Strategic Systems business. “Our innovative technical solutions facilitate the ICBM team’s MMIII digital sustainment strategy and provide options for the GBSD system’s future advancements, Digital Engineering System, and Air Force ownership of key interfaces and data rights.”

Dr. Scott Nowlin, BAE Systems’ Strategic Systems chief engineer, said after nearly a decade of supporting the government in its lead system integrator role, BAE Systems continues to apply its hard-earned expertise and insights to one of the most complex and demanding weapons system transitions ever.

A Well Orchestrated and Cost-Effective Transition

“Within 20 years, the GBSD weapon systems will need to be updated with new weapon systems, command and control capabilities, and a refurbished launch facility,” Nowlin said. “That’s a heavy lift. We’re helping the government flag parts of the system that need to be modified in the near term in order to help transition to GBSD over the long term. Our work drives down risk, helping GBSD remain on time and within budget.”

The work to get there has already begun.

“The Air Force’s cost/capability trades were intensively modelled to be fully understood. Furthermore, we have been able to use customized digital tools delivered to the government, so this wind down of Minuteman III—just as GBSD comes online—can be time-certain and cost-controlled.” 

Digital Modelling for Today and the Future

Digital twin models fall under the broad category of digital engineering, which the Department of Defense defines as “an integrated digital approach that uses authoritative sources of system data and models as a continuum across disciplines to support life cycle activities from concept to disposal.”

The strategy has already contributed to development decisions on GBSD.

“We’ve been helping curate and communicate decisional data across all levels and stakeholders in the ICBM enterprise,” Nowlin said. “That’s allowed GBSD to stay on schedule right into the Engineering and Manufacturing Development [EMD] phase.”

This is despite the significant complications brought about by the COVID-19 pandemic, which Dr. Nowlin describes as being mitigated because of ICBM enterprise digital engineering strategies and investments.

“The investment that GBSD made years ago in a digital engineering environment has paid off multiple times already,” he said. “For example, they were able to meet all the milestones throughout the pandemic by being able to visualize and share data with leaders at the highest level of the DOD to meet those schedules on time.”

Modern and More Secured Software Solutions

Working with Minuteman III might not seem like the perfect place to break new ground technologically, but BAE Systems has been proving otherwise. The company has helped update and modernize software in the legacy missile systems by embracing the modern agile software development practice known as Development, Security, and Operations, or DevSecOps. The approach has helped BAE Systems break down challenges into manageable pieces and to iterate software development to produce a continuous flow of enhancements.

“As software has taken on a larger and more significant role in overall system capabilities, it’s clear you have to go faster and implement software with an agile mindset,” Nowlin said. “With DevSecOps, we can take a small team and get through a large backlog of issues by tackling them one by one, integrating them piece by piece, with testing for cybersecurity and operational effectiveness along the way.”

With a DevSecOps “pipeline” process in place, BAE Systems can respond immediately as events unfold. This will only become more important as the Air Force updates the Nuclear Command and Control Communication (NC3) system that coordinates the nuclear enterprise.

DevSecOps pays for itself in saved time by running code development applications, security checks, and operational testing of computer code in tandem.  

A Model Framework to Modernize Defense Systems

This theme of improved collaboration and communication within the ICBM enterprise isn’t limited to just the software community.

“There is a need for increased and enhanced communication between the GBSD acquisition and Minuteman III sustainment communities, because those operating Minuteman III need to know where they’re going to make a handoff and how to decommission this legacy ICBM system,” Allen said. “It’s a very complicated and complex, coordinated dance. We’re helping the government apply great systems engineering capabilities—risk management, interface control, integrated project technical planning and scheduling, configuration management, to name a few.  All in the ICBM digital ecosystem.”

With the ongoing and successful implementation of digital engineering strategies as it relates to our nation’s ICBM infrastructure, this process could also provide a framework for the future objectives of other military branches as well.

Posture Reviews, Program Reveals, and Budget Maneuvers Ahead for the Air Force in 2022

Posture Reviews, Program Reveals, and Budget Maneuvers Ahead for the Air Force in 2022

A raft of strategy and posture reviews are coming in 2022 that will significantly shape the Air Force, even as the service is slated to make major strides on programs and conduct critical tests. How the Air Force manages to pay for all that as the bills come due for major modernization efforts, particularly in the nuclear arena, will be a challenging balancing act.

Early in the year, and possibly in conjunction with the fiscal 2023 budget request, the Biden administration will release its first all-up National Security Strategy and National Defense Strategy, which will set the conditions for USAF’s force structure. Little has been said about what it will entail. The interim NDS released by the Biden administration in March largely preserved the previous administration’s military philosophies but did away with President Donald Trump’s theme of “Great Power Competition,” replacing it with the more nebulous “Strategic Competition.” It will keep China front and center as the pacing U.S. military threat, with Russia a second but crucial included case and still the principal nuclear competitor to the U.S.

Likely at the same time, the Pentagon will roll out its Nuclear Posture Review and Missile Defense Review, setting the stage for how the Biden administration plans to apportion and modernize its strategic arsenal and counter rising threats from Russia’s “novel” nuclear weapons—such as Moscow’s tidal wave-generating nuclear torpedo—as well as Chinese and Russian hypersonic missiles and China’s nascent fractional orbital bombardment system. While the B-21 bomber and B-52 re-engining seem to have full support on Capitol Hill, the new Ground Based Strategic Deterrent intercontinental ballistic missile and Long Range Standoff Weapon still have their opponents, and the Nuclear Posture Review will be the first clear indication from the Biden administration of how supportive of these programs it will be.   

These reviews will have a lot to do with how the Air Force is sized for the 2020s and beyond. Its force structure is likely to be somewhat different from that laid out in 2018’s “The Force We Need” notional Air Force of the future, which called for about a 25 percent increase in the size of the force to 386 combat squadrons. The shift to “high end” combat capabilities and away from counterinsurgency is likely to gain momentum, especially with the withdrawal from Afghanistan.

Aircraft

The Air Force is slated to make major program strides in 2022 as it reveals and flies the B-21 Raider for the first time and launches new program starts that will have great influence on how the service is organized for air combat.

The B-21 is slated to take to the air mid-year, its first flight likely a hop from Northrop Grumman’s facilities at Air Force Plant 42 in Palmdale, Calif., to nearby Edwards Air Force Base. Rapid Capabilities Office director Randall Walden predicted a year ago that the B-21 would roll out in the spring of 2022 and has only hedged a bit since then as pandemic delays slightly affected the program’s progress.

Although Walden said the rollout of the aircraft will be a public event, Air Force Secretary Frank Kendall has subsequently said much will still be kept under wraps to avoid giving China a “head start” in countering the B-21’s capabilities.

Walden has said five B-21s are under construction, suggesting that additional test aircraft will take to the sky in fairly short order. Expect funding for the bomber—which seems to have support from both sides of the aisle on Capitol Hill and which is regarded as a generally well-run effort—to shift significantly from developmental activities to production in the fiscal 2023 budget request.

New funding requests will also appear for “loyal wingman”-type autonomous, unmanned combat aircraft that will fly as escorts for fifth-generation fighters such as the F-22, F-35, and Next Generation Air Dominance platform, and for bombers such as the B-21, Kendall said. The aircraft programs will be “acknowledged classified,” meaning their funding streams will be public records, but little about them will be disclosed to preserve operational surprise.

Early in the year, the F-35 Joint Program Office and the Air Force owe Congress their plans for improving the fighter’s operating costs and mission capability rates as well as how to provide power for the fighter’s advanced Block 4 configuration. General Electric and Pratt & Whitney stand ready to build new-generation engines for the F-35 based on their prototype Advanced Engine Transition Program powerplants, but the Air Force would have to bear the whole cost of such development and production, as F-35B variant users cannot use the AETP engines and the Navy’s F-35C would need significant modification to accommodate the adaptive engine.

More may be revealed in 2022 about the Next Generation Air Dominance system, which will include a manned (and potentially unmanned) fighter, along with a family of related aircraft and attributes.

Expect the Air Force to make an even harder push to retire old, irrelevant or costly systems to free up money to develop advanced capabilities and for Congress to remain stubborn in holding onto old systems until new ones are in hand. The fiscal 2022 National Defense Authorization Act, for example, prohibits the Air Force from taking any steps to retire more B-1B bombers until they are being replaced, one for one, with B-21s.

Besides the two new “loyal wingman” programs of record—one to escort fighters and one for bombers—the Air Force will likely get formally underway on the new Advanced Tactical Trainer, a replacement for the T-38 in the lead-in-fighter/companion trainer role. It received information from industry on the art of the possible in November. The Air Force will likely partner with the Navy on this aircraft, and there could well be a memorandum of agreement for cost sharing or at least pledging high commonality. Boeing and Saab will offer a variant of their T-7A while Lockheed Martin will enter a variant of its T-50 trainer, which it developed in partnership with Korea Aerospace Industries. Other competitors that didn’t succeed in the T-X competition may enter as well.   

Weapons

The Air Force is also under some pressure to get moving on its hypersonic missile programs. The AGM-183 Air-launched Rapid Response Weapon failed to fly on its own during 2021 over several attempts, making a fast-paced string of successful test flights in 2022 essential if the service is to enter production in 2023, as it plans to do. Likewise, there should be aggressive test flights of the Hypersonic Air-breathing Weapon Concept (HAWC), a Raytheon product that’s a precursor to the Hypersonic Attack Cruise Missile, an air-breathing Mach 5+ weapon that the Air Force would buy in even greater numbers than ARRW because it will be smaller and more can be loaded on bombers and fighters.

As the Air Force migrates away from the RQ-4 Global Hawk in the strategic reconnaissance role, look for more to be revealed about its stealthy successor, a high-flying stealthy unmanned aircraft that has been called the RQ-180.

While Kendall has indicated USAF will keep mum about new capabilities, flight testing of the new AIM-260 long-range, multimode-guidance air-to-air missile is likely to step up, as the service plans to field the first versions in the next couple of years. Little is known about the AIM-260, which is being developed by Lockheed Martin.

The Air Force will also sharply expand its agile combat employment exercises and experiments in 2022, with more aircraft deployed to austere locations with progressively smaller logistical footprints, supported by Airmen with multiple specialties. Hand in hand with that effort will be further refinement of the Advanced Battle Management System and the development of joint all-domain command and control, to wring as much combat capability out of USAF’s limited assets as possible.

Affording all of this, even with a defense budget at $768 billion, will be challenging. Look for USAF to take risk in budgeting by buying fewer munitions and accepting more tiered readiness. The Air Force seems poised to win approval from the Pentagon for its new system of presenting forces to combatant commanders, which will formalize unit downtime and stop what the service has called the “burning up” of its people and equipment on endless deployments without any opportunity for reset.

Vandenberg SFB Envisioned as a ‘National Spaceport’

Vandenberg SFB Envisioned as a ‘National Spaceport’

The commander of the Space Force’s Space Launch Delta 30 envisions Vandenberg Space Force Base, Calif., as a “national spaceport” and said the launch delta is trying to figure out how to make that dream a reality.

Vandenberg has plenty of room to grow, and the convenience of launching into certain orbits—not to mention “demand signals” from customers—suggests commercial interest in launching from the site will continue to rise, said Col. Robert A. Long, who took over command of the launch delta in June. Long took part in a Spacepower Forum webinar by the Mitchell Institute of Aerospace Studies on Dec. 17. 

At 180,000 acres, “Obviously the good thing about Vandenberg is we have plenty of land area,” Long said. Situated where rockets can launch to the south, the base is desirable because of the efficiency of getting to polar orbits. By launching in another direction to get to a polar orbit, companies might have to design their satellites differently based on where they launch from. Long characterized the “performance penalty” as “less payload to orbit.”

“So you could go to Cape Canaveral, and some do at times, but you pay a performance penalty when you do that,” Long said. Only “a few locations in the world … offer what we can provide here. No. 1 is location—but then just the infrastructure that’s been built up over the decades.”

Vandenberg already provides launch services “across the spectrum,” including to the military, civil, and private launch customers such as the National Reconnaissance Office, Air Force Global Strike Command, and the Missile Defense Agency. Activities include in addition to space launch include missile testing, aircraft testing, ground and sea force exercises—“quite the gamut,” Long said.

And the frequency of launches should keep going up.

“All forecasts are pointing to increased launch rates,” Long said. “United Launch Alliance and SpaceX aren’t slowing down anytime in the future. We have numerous new customers and interests coming out here—companies like Stratolaunch, Relativity, … and they’re all trying to figure out the best way to leverage our location, our set of services, for both space launching and, I should also mention, test activities.”

The decision to organize Space Force’s launch deltas differently kept the facilities and the mission under the same umbrella, a departure from the garrison-delta setup at other Space Force bases. 

“Everyone realized that the launch mission is really hard to separate [from] the infrastructure side,” Long explained. 

He said the launch delta has just begun to contemplate its transformation, studying and gathering feedback. 

“We’re trying to really transform ourselves into this national spaceport model,” Long said. “We’re still working through what that model looks like and what it really is. We’re a customer service provider, and we want to provide … a host of tailorable services that facilitate safe, flexible, repeatable, simultaneous operations.”

So far, the launch delta has started to gather input from customers on things such as what “baseline level of services” it could provide: “We welcome any thoughts on that from industry—from all the smart people,” Long said. 

Meanwhile, “We’re looking across the entire spectrum of analogous systems,” such as different airport models and types of seaports and transit authorities to “help inform what makes the most sense.” After all: “We’re definitely ramping up,” Long said. “We don’t see any letup in the future in terms of business.”

Black Sea NATO Allies Call for Added Security Amid Russian Buildup

Black Sea NATO Allies Call for Added Security Amid Russian Buildup

The Russian troop buildup on the Ukrainian border and in the heavily militarized Black Sea region has led to calls by Black Sea allies to increase NATO and U.S. deterrence to prevent further Russian efforts to divide and isolate some of the alliance’s newest members.

With over 100,000 Russian troops surrounding Ukraine on three sides and activity consistent with combat preparation, the Biden administration has opted to pursue diplomacy with Russia following a Dec. 7 virtual summit between President Joe Biden and Russian President Vladimir Putin. But NATO allies who are members of the Bucharest Nine (B9) group of eastern flank nations have indicated to Biden and National Security Advisor Jake Sullivan on a Dec. 16 call that more American presence is needed now to deter an invasion of Ukraine.

“If the U.S. and NATO are not careful, the Black Sea will be a Russian lake,” Romanian military attaché in Washington, D.C., Col. Catalin-Constantin Mihalache told Air Force Magazine, noting how Russia has increased and modernized its Western region forces.

“The goal in the Black Sea is to isolate NATO regional partners, Georgia and Ukraine, by taking advantage of the lack of strategic and comprehensive day-to-day NATO presence and strategy,” he added.

Following a Dec. 10 B9 call with Biden, Romanian President Klaus Iohannis took to Twitter to highlight the case he made to Biden.

“I … underlined [Romanian] support for an increased NATO & US military presence in #Romania & at the #BlackSea,” he wrote.

Mihalache said the Russian invasion of Ukraine is a national security concern for Romania and NATO. Russian-occupied Crimea, which has become a heavily militarized anti-access/area denial (A2/AD) bastion in the Black Sea since annexation in 2014, is just 200 miles from Romania’s shores.

“It’s closing the distance,” he said of a potential further Russian incursion of Ukraine. “Russia will approach not only Romania but will be close to the NATO border.”

An Oct. 27 Senate Foreign Relations Committee hearing on Black Sea security detailed an uneven NATO policy of enhanced forward presence in the Baltic nations and tailored forward presence in southeastern Europe. Experts suggested that directing more robust assistance to the north led Russia to concentrate its aggression in the south. Romania established a NATO Multinational Corps South-East headquarters in Sibiu in part to encourage an increase in allied presence.

“We are very determined to build our capability and to have NATO and the U.S. join us in this effort and support us,” Mihalache said, noting that Romania also awaits a decision about global force posture that could lead to additional U.S. troops in the country. About 1,000 U.S. troops are present at any given time in Romania.

In his role as the air attaché, the Romanian official highlighted the importance of the NATO Black Sea posture and current cooperation with the U.S.

“The air domain is key for the credibility and effectiveness of the allied regional collective posture,” Mihalache explained. “The U.S. presence and persistent contribution of ISR and situational awareness is making the allied regional progress.”

The U.S. began basing MQ-9 Reapers at Romanian Air Base 71 in Campia Turzii in January. Romania maintains a small Air Force of F-16s and Soviet-era MiG-21s upgraded with Israeli technology. Romania also benefits from NATO air policing.

Mihalache said Romania’s Air Force plans a purchase of two squadrons of F-16s from Norway that will eventually replace the MiG-21s.

Romania also has the first Patriot missile defense system on the eastern flank. Some of the seven batteries contracted are operational, while others have yet to arrive.

Mihalache highlighted the recent presence of an American bomber task force supported by Romanian F-16s.

U.S. Pursues Diplomacy, Holds Back Military Aid for Now

A senior administration official briefing reporters Dec. 17 said the 2014 Minsk negotiations, which led to a quieting of hostilities with Russian-backed separatists in southeastern Ukraine, are the principal format the U.S. is advocating for to resolve the crisis on the border.

“But the U.S. is prepared to use our bilateral channels to Moscow and to Kyiv to support, if we can,” the official said.

In recent days, State Department officials have visited Moscow to entertain Russian proposals for moving forward. In the past, Putin has said Ukraine or Georgia entry into NATO is a red line, and he has discouraged military assistance to the countries.

Members of Congress have nonetheless urged Biden to answer a November request from Ukraine for additional military assistance, including air defenses that the country says are necessary to deter a Russian invasion. A Ukrainian defense official recently told Air Force Magazine that an American air defense team was in the country to assess needs, but no announcement of new assistance has been made.

“We are also in intensive dialogue with the Ukrainians at all levels, including DOD and EUCOM [U.S. European Command], with regard to their needs,” the administration official said, adding that the conversation included allies who may be able to offer defense assistance. “We will continue to keep those lines open as necessary and as we see what the Ukrainian requirements are.”

In a Dec. 16 congressional hearing titled “Defending Ukraine, Deterring Putin,” Andrew Bowen, an analyst in Russian and European affairs at the Congressional Research Service, identified the U.S. NATO Black Sea presence as the rationale for Russia’s hostility.

“Russian political and military leaders assert that the increased expansion of NATO and the presence of … European and U.S. military forces on its border and Black Sea are an existential security threat to Russia,” he said.

Bowen said the leaders are concerned that NATO and U.S. military forces will eventually place long-range precision strike missile defense systems nearby. Romania already has a High Mobility Artillery Rocket System (HIMARS), a light multiple rocket launcher.

The defense official also said the southeastern flank needs better investment in command-and-control capabilities and access to satellite reconnaissance data. Adding the capabilities to the southeastern flank, he argued, would make protection and deterrence at the eastern border of NATO more uniform.

“The allied approach needs to be firm and credible and requires united and coherent deterrent efforts to the entire flank,” he said.

“This is an unprecedented challenge in the post-Cold War because we didn’t have such an escalation since the end of the Cold War,” Mihalache continued. “It requires our allied and U.S. immediate reaction and attention.”

Air Force Names New Chief Information Security Officer to Lead Cyber Innovation

Air Force Names New Chief Information Security Officer to Lead Cyber Innovation

The Department of the Air Force has a new chief information security officer, filling a post that’s been without a full-time occupant for nearly a year.

The appointment of James “Aaron” Bishop was first announced Dec. 16 at the AFCEA of Northern Virginia Air Force IT Day by his boss, Department of the Air Force Chief Information Officer Lauren Knausenberger.

“His experience combines military experience and private-sector experience, and I believe he is the type of leader who can move us forward quickly while also building and developing our workforce to run with him,” Knausenberger wrote in reply to a query.

At the AFCEA event, she said Bishop will have a mandate to drive and highlight cybersecurity innovation across the department, which encompasses both the Air and Space Forces. In particular, she mentioned the novel tools and policies provided over the past two or three years to ease the process of getting authority to operate (ATO) for new IT systems. The Fast Track ATO process laid out in March 2019 allows for ATOs to be issued after penetration testing of a system rather than via extensive paper documentation of security controls. And under a blanket purchase agreement signed last year, any office can hire a certified “red team” to conduct that pen-testing and then use the results as the basis for an ATO.

But the new process hasn’t caught on as quickly as Knausenberger would have liked. “Across the big enterprise, we need to do a better job of governance of the [ATO] boundaries,” she said, adding this would be a priority for Bishop. “I think he’s going to be the right guy to grab that and to move [it] forward. So I think we’ll have some improvement on just the brass tacks side of that over the next year,” she said.

Bishop started Nov. 22, Knausenberger said in reply to the query. He was the top choice of the three-person Senior Executive Service selection panel. The post has been without a full-time occupant since previous incumbent Wanda T. Jones-Heath was dual hatted as acting principal cyber adviser in the Air Force Secretary’s office in December 2020, according to her official biography. Her transfer to an acting position meant a replacement couldn’t be hired until she was given the permanent appointment as PCA, Knausenberger explained.

Bishop’s role, according to his biography, includes “oversight for the Freedom of Information Act, Privacy Act laws, and cryptographic modernization supporting cyber operations for the department.”

Prior to his appointment, Bishop was CEO and founder of the Quantum Security Alliance, a public-private partnership research organization. Before that he held several posts, including CISO with massive federal IT contractor SAIC. He was general manager of Microsoft‘s National Security Group for a decade before that.

Adm. Grady Confirmed as Joint Chiefs Vice Chair, Filling Monthlong Vacancy

Adm. Grady Confirmed as Joint Chiefs Vice Chair, Filling Monthlong Vacancy

The Senate confirmed Naval Fleet Forces Commander Adm. Christopher W. Grady as Vice Chairman of the Joint Chiefs of Staff late Dec. 16. Defense Secretary Lloyd J. Austin III is tentatively scheduled to perform Grady’s swearing-in Dec. 20, the office of the Joint Chiefs confirmed.

The Senate voice vote assures the vacancy created by the retirement of the former Vice Chair, Air Force Gen. John E. Hyten, is filled before Congress adjourns for the holidays.

Grady brings a personnel and nuclear background from his current position in Norfolk, Va., overseeing the naval leg of the nuclear triad. His call for “ready-relevant learning” also became part of the Navy’s modernization doctrine.

In addition to serving as commander of U.S. Fleet Forces Command/U.S. Naval Forces Northern Command since 2018, Grady has served as commander of U.S. Naval Forces Strategic Command and U.S. Strategic Command Joint Force Maritime Component Commander since 2019.

Grady previously served as commander of the U.S. 6th Fleet and commander of Naval Striking and Support Forces NATO.

At his confirmation hearing Dec. 8, Grady warned that competitors have a new ability to “attack below the threshold of armed conflict,” and he promised to work with allies and partners toward whole-of-government deterrence, a concept known as “integrated deterrence” and often cited by Austin.

“We are faced with overt challenges to the international rules-based order and our national security in every domain,” Grady told the Senate Armed Services Committee during his confirmation hearing. “Now, more than ever, global integration is essential,” he said, referring to “integrated deterrence in those multidomains, leveraging all elements of national power.”

Hack-a-Sat Organizers Pledge to Improve Scoring Transparency

Hack-a-Sat Organizers Pledge to Improve Scoring Transparency

The Space Force’s second-ever Hack-a-Sat competition challenged hackers to find vulnerabilities in earthbound satellite hardware, drawing eight hacker teams to vie for tens of thousands of dollars in cash.  

But while last year’s inaugural competition proved inspirational, this year’s ended amid complaints by participants, who said rules changing on the fly and poor communication by the organizers undermined the event.

Even those who performed well were frustrated. “We had really high hopes … for the contest, but at the end the disappointment and frustration completely took over, even after finishing second and winning a big cash prize,” wrote Michał Kowalczyk on CTFTime, a blog where contestants rate and review different capture-the-flag (CTF) competitions. Kowalczyk, whose hacker handle is Redford, is a co-founder the team “Poland Can Into Space,” which was the runner-up both this year and last. “I wish it was different, but I have to say that this was a pretty bad CTF.” 

Organizers said they are working on the issues and trying to communicate directly with participants to ensure problems this year can be addressed ahead of future competitions.  

CTFs have grown since the 1990s into an international hacker subculture, with hundreds of contests every year.  The competitions build teamwork and develop a collaborative muscle memory while at the same time helping security researchers hone and practice defensive and offensive skills. 

The Space Force said the contest is “designed to inspire the world’s top cybersecurity talent to develop the skills necessary to help reduce vulnerabilities and build more secure space systems.” 

Hack-A-Sat 2 was organized by representatives from the Air Force Research Laboratory, the Space Force’s Space Systems Command, and Cromulence, a contractor. Organizers said they will address the criticisms in follow-up meetings with the eight teams

“We appreciate feedback and just as we did last year, we plan to have individual feedback sessions with each team to learn what worked well and what can be improved on for next year,” organizers wrote in a statement to Air Force Magazine.  

Disappointment and Frustration 

In an “attack-defend” CTF such as Hack-A-Sat, teams of “white-hat” hackers compete over an intense and often sleepless 24 to 48 hours. Each team must both defend its own satellite replica while attacking the replica systems defended by the other competitors. 

“Hackers tend to be very direct people, very open about their opinion,” said Rubin Gonzalez, a founder of FluxRepeatRocket, a team based in Germany and the fourth-place finisher this year. “So if something went wrong they will generally have no problem with publicly stating that something was wrong.”  

Gonzalez said his team wasn’t invited to the Slack channel used to communicate with competitors until well after the final round began, an oversight that left the team blind. “So for the first three hours, we had no idea what was going on,” he said. “We weren’t getting any of the information or announcements.”  

Tyler Nighswander of Plaid Parliament of Pwning, a storied team connected with Carnegie Mellon University, complained that “lots of things regarding how the game operated were not explained clearly.” 

Joshua Christman of Pwn-First Search described “a lack of communication and a lack of transparency.”  

Poor communication made it hard for competitors to understand scoring awards and other decisions that, left unexplained, appeared arbitrary. 

“Part of the problem is that organizers were and are ignoring our questions,” Kowalczyk said. “So we don’t really know the explanations and details for some of the things which happened.”  

The organizers, in their statement, defended their communication style, noting that answering competitors’ questions had to be done in a way that didn’t unfairly influence the competition.  

“Due to the nature of an attack/defend CTF, where teams are progressing at their own individual pace through the challenges, we have to address all [teams’ questions] in a manner that doesn’t disclose the solutions [to] the other teams because this would provide unfair advantage to the inquiring teams. If one team has figured something out, then it’s unfair to them to provide any hints or additional information to other teams,” the statement explained. 

The organizers said that—as they did last year—they would publish an archive of all the Slack messages during the game. 

Some participants defended the organizers. “No CTF is without its flaws/mistakes, but these organizers have always run good competitions in the past,” said Jonathan Elchison, one of the founders of SingleEventUpset, a team put together especially for Hack-A-Sat. 

Atypical Challenge 

All CTFs are technically challenging to stage, noted Elchison, but running one on hardware systems such as satellites, with embedded software and very different architecture from the conventional IT systems that most CTFs stage their competitions on, is “particularly difficult.” 

Organizers used eight centrally located flat sats—real satellite hardware, but earthbound—as the systems that each team had to attack and defend. But they also provided teams with a digital twin of the satellites, a software emulation of the hardware systems on the flat sats. 

“The contest goals were very ambitious,” agreed Nighswander, noting that “with such a complicated game to create, there was certainly a higher amount of technical effort than usual needed.” 

“In a typical CTF,” explained the Hack-A-sat organizers, the different parts of the competition, known as “challenges,” tend to be independent from one another. But satellites—even the ground-based simulators or “flat sats” used in the contest—are “systems of systems” in which functions, also called services, depend on each other.   

“For HAS2, the challenges were interrelated and sometimes dependent on each other due to the nature of the flight software running on the flat sat hardware,” the organizers said. “This architecture drove many of the decisions made about scoring and the rules of engagement for the competition.” 

Most criticism centered on these two elements. Gonzalez and other competitors said rules of engagement changed mid-game; and that the scoring system lacked the accustomed transparency—teams couldn’t tell why they were gaining or losing points. 

A dashboard representing the flat sats’ systems and subsystems showed a system in green if it was functioning normally or in red if it wasn’t. Teams thought red meant they were losing points, but the organizers announced during the course of the game that if a system turned red, “that does not necessarily mean that you are losing points for it, it is simply a basic visualization.” 

The organizers said they had to strike “a delicate balance in releasing just enough information about the scoring so that teams cannot game the system.” In a contest centered on hacking satellites, their statement continued, “the expectation was that teams knew what services on the satellite are critical.” 

Nonetheless, they promised to do better next year. “With that said, we could improve our dashboard in the future to be more representative of the SLA metrics that were a factor in scoring.” Most of the points contestants could earn came from a service-level agreement, or SLA—they got points for keeping the various systems on their satellite functioning at a certain minimum level. 

High Expectations 

In the end, said Nighswander, the contest reached the right result: “I think the first and second placed teams Solar Wine and Poland Can Into Space were the ‘correct’ teams. They both did a great job, and they deserved their places, and I think that is very important.” 

He suggested that expectations for Hack-A-Sat were high. “I think all of the participating teams have played in CTFs which were run worse than this contest was,” he said. But given that Hack-A-Sat was backed by the resources of the U.S. military, competitors expected a flawless execution. “There was an expectation level that I don’t think was cleared,” he said. 

Gonzalez said the contest this year took “a step in the wrong direction,” but he hoped the organizers would listen to the criticisms because it’s “a really cool event.” 

Solar Wine, the multinational Francophone team that won the contest and the $50,000 first prize, declined to comment on the controversy. “We will communicate our feedback to [the organizers] privately, as we did last year when we missed the podium for a technicality,” said team member Aris Adamantiadis. 

He hoped the controversy wouldn’t overshadow their victory. He noted that, as well as a personal achievement for Solar Wine team members, the result also represented something of a breakthrough. “The big American CTFs are usually led by American teams,” he said, noting that Hack-A-Sat 1, although won by a U.S. team, had Polish and German teams in second and third places. 

Solar Wine has members from France, Belgium, and Mauritius, Adamantiadis said, but the diversity that helped them win was their “diversity of skills. We have people specialized in the security aspects of reverse engineering, exploit development, cryptography, networks, IT infrastructure, scripting languages, and now even space packets, astrophysics, and satellite operation. All of these skills were key to navigate through Hack-A-Sat,” he said. 

Winning, Adamantiadis concluded, was “an achievement that we are very proud of on a personal level of course, but there’s a bit of nationalistic pride, too!” 

Minot B-52s Fly to Canada Then Calif. to Practice the Bomber Version of ACE

Minot B-52s Fly to Canada Then Calif. to Practice the Bomber Version of ACE

Preparing for conflict in the Pacific will require more than learning to fly fighters out of austere locations—it will also call for small bomber crews to go on quick consecutive missions to unfamiliar places.

In a kinetic “bomber agile combat employment” (BACE) exercise Dec. 6-8, two B-52s from the 5th Bomb Wing at Minot Air Force Base, N.D., conducted a mission in Canada then flew to Edwards Air Force Base, Calif., for a second mission, this time working alongside Navy counterparts.

“This was laying the foundation and the bed for getting to that austere and unfamiliar location,” Air Force Capt. Austyn Wilson, a weapons system officer in the wing’s 23rd Bomb Squadron, said in an interview. Wilson flew on one of the B-52s from Minot to Edwards and back for the two missions in three days.

Pacific Air Forces has spent decades adapting to operations in contested environments, first under the dynamic force employment concept and now under the Air Force’s new priority, agile combat employment (ACE).

Wilson said bomber ACE is about flexing new muscles and adapting to situations that were not part of prior operations and planning.

“You’re challenging assumptions, previous predictability, and you’re allowing the Air Force, and really our joint defense operations, to have adaptability that we haven’t seen in previous years,” she said.

Wilson said some of the questions the mission sought to answer were tactical: How are we going to conduct these missions? How are we demonstrating that flexibility? How are we sending a set of bombers to an austere location, making sure that they are self-sustained and able to execute combat out of an unknown location?

Answering those questions was exciting to the small maintenance team and aircrew of less than 20 who took part, she said, motivating them even as they prepared to board the aircraft Dec. 6 with temperatures hovering at negative 10 degrees with a negative-20-degree wind chill factor.

The bombers first flew to the range at Canadian Forces Base Shilo, Manitoba, working with Canadian Joint Tactical Ground Stations to drop 54 weapons. The aircrews then set course for Edwards for mission planning and an aircraft turnaround of less than 48 hours.

“One of the things that upgraded this mission … is our ability to operate jointly with the Navy,” Wilson said.

“Not only did we take off with our own weapons, and employ them en route to Edwards, but we were able to get the Mark 62 Quickstrike mines,” which are delivered into the water by air, “that we would also potentially be tasked with to support the Navy,” she added. “We were able to get those … built for us at Edwards, loaded, and employed the very next day.”

Speaking Air Force bomber language to Navy personnel was something she had to be ready for.

“Two different branches, two different languages, and two different ways of operating, processes, regulations,” she said. “Making sure that you’re speaking very clearly with what your intent is, and the meaning, the requirements.”

After landing at Edwards, a minimal support crew, some that flew ahead and some with the bombers, prepared the aircraft for its next mission at the Navy’s San Clemente Island Range Complex, a range off the California coast rarely used by B-52 pilots.

“We flew low level, at 3,000 feet over the water,” Wilson said, noting that the B-52 is one of the few platforms that can deliver mines. “We are getting our aviators ready to do so, if we’re called upon.”

Wilson also pointed out how bomber ACE was meant to challenge the assumptions of adversaries.

“I think our adversaries have seen us, especially B-52s, go to known locations over time, at predictable cycles,” she said.

“With bomber ACE, we are challenging that predictability. We’re making sure that our fleet is flexible, and that increases and strengthens our survivability,” she explained. “So now, when you send bombers to demonstrate these mission sets en route, and land somewhere else, you’re distributing the fleet. You’re decentralizing that control, and now you’re completely complicating the targeting solution for any of our adversaries.”

For Wilson, the sense of accomplishment and the excitement of the mission came from the series of milestones that had to be met by a small, willing 5th Bomb Wing team working with the Navy.

Bomber ACE milestones included getting into the aircraft within 20 minutes, getting off the ground in the next hour, dropping the bombs, and loading the mines. Each milestone was an accomplishment within a more complex mission set.

“Once we land at Edwards, you know, you want to take a sigh of relief of, ‘We did it,’ but that was only half the job. You have to do an entirely different mission set within 24 hours and get back home and get back home safely, with two B-52s that really are STRATCOM assets,” she said.

“The most exciting portion for me is [saying], ‘Hey, I want to challenge this tactic, this assumption. I want to go to the next level. Can you go here with me?’ And every single person that was involved in the planning and execution absolutely did that,” she said.

Air Force’s Enterprise, Warfighting IT Networks Have to Merge, Says Information Dominance Director

Air Force’s Enterprise, Warfighting IT Networks Have to Merge, Says Information Dominance Director

To achieve the military’s vision of a totally networked multi-domain force, the Air Force must merge its enterprise IT networks, which join the computers on people’s desks and the smartphones in their pockets, with its aerial networks, which connect the sensors and weapons systems on planes.

That was the message from Kevin Stamey, the director of information dominance for the assistant secretary for acquisition technology and logistics, who spoke at the AFCEA of Northern Virginia Air Force IT Day on Dec 16.

The U.S. can’t simply outspend China or other potential peer adversaries, Stamey said, but must rely on an information advantage. “And if we don’t find ways to eliminate stovepipes between our IT networks and our aerial and our terrestrial layers, then we’re not going to have the information our warfighters need to dominate,” he said.

Modernization initiatives ranging from Flightline of the Future and smart depots to joint all-domain command and control, or JADC2, “depend on our ability to collapse those stovepipes between the terrestrial and the aerial network layers,” Stamey added.

He called the separation of the two kinds of networks “one of the most glaring stovepipes we have today.”

The JADC2 vision, as Stamey laid it out, requires seamless connectivity between the sensors and weapons systems on a plane or other platform, the rear echelon commanders and planners, and the land or sea forces on the front lines, so that targets can be identified, assigned, and struck.

“Today, that process relies on things like chat [services] or voice calls or single ship-to-shore data links,” he said. “Largely still today, frankly, we complete the kill chain with a very linear process. And there’s a lot of manual manipulation of moving data. …. Weapon systems, ISR sensors, data networks, frankly, still, to this day, operate very much in stovepipes.”

But in the networked force of the future, warfighters will “need to close thousands of kill chains on time-sensitive targets, that are sometimes moving at hypersonic speeds from mobile launchers. And so there’s not going to be time for analysts to gather data and fuse that data and assess that data from all kinds of sources in that same linear fashion that we have in the past,” he said.

Yet the separation between different networks was ingrained in the culture of the Air Force and its industrial base, he said, noting that the title of the conference was “Air Force IT Day.”

“When you signed up … what kind of things were you expecting to hear? … Did you think about email and business systems and cloud migration? You probably didn’t think about bombs on target or warfighting capability or air battle management. But my point is, you should,” he said.

But he added a cautionary note, introduced with a familiar video of an office worker smashing a computer in frustration. “If you couldn’t relate to this guy just a little bit, I’ll just say you probably haven’t worked in the Air Force, or the Department of Defense, for very long,” he joked.

“Many of us, frankly, in the Air Force, have better bandwidth and ubiquitous mobile access to our data at home than we do from our Air Force networks,” he said.

But he was making a serious point, he added. “Imagine you’re sitting in a cockpit, you’re sitting in the air operations center, you’re sitting in the back of an AWACS … And you’re relying on that same IT backbone that we rely on for our desktops. That day is upon us. And the frustrating experience we have with our desktops isn’t going to win wars. We are taking IT right to the combat edge. So we can’t have those same kind of experiences with our warfighters.”

Stamey said the Air Force was experimenting with outsourcing that IT backbone through a program called Enterprise IT as-a-Service (EITaaS), being piloted at nine air bases. “The pilot bases have experienced significant improvement in their user experience,” he said.

Ultimately, EITaaS could encompass everything from desktop equipment and network connectivity to software and network services ranging from email and video conferencing to accounting, personnel, and logistics systems.