Adm. Christopher W. Grady Sworn in as Vice Chairman of Joint Chiefs

Adm. Christopher W. Grady Sworn in as Vice Chairman of Joint Chiefs

The Pentagon confirmed Dec. 20 that Adm. Christopher W. Grady was sworn in as the 12th Vice Chairman of the Joint Chiefs of Staff. The Joint Chiefs’ office confirmed that the ceremony with Defense Secretary Lloyd J. Austin III happened at about 1 p.m.

The swearing-in fills a monthlong vacancy following the retirement of Air Force Gen. John E. Hyten, whose last day was Nov. 19. The Senate confirmed Grady on Dec. 16 after his nomination testimony Dec. 8.

Pentagon Press Secretary John F. Kirby said that among Grady’s duties will be leading the Joint Requirements Oversight Council and serving as a senior member of the Nuclear Weapons Council.

Grady leaves his position as commander of U.S. Fleet Forces Command/U.S. Naval Forces Northern Command since 2018. In that role, he oversaw the naval leg of the nuclear triad.

In the Navy, Grady also championed the development and institutionalization of “Ready Relevant Learning,” part of the Navy’s modernization doctrine.

In his 11 months in office, Austin has attempted to redouble the department’s efforts to make China the “pacing challenge” of the U.S. military. The Secretary has already visited the Indo-Pacific three times, with another trip planned in January.

At his confirmation hearing, Grady was asked to address one aspect of China’s military growth—its rapid nuclear buildup.

“I think that China’s breakout is, as [U.S. Strategic Command] Adm. [Charles A.] Richard has called it, is, indeed, spectacular and, indeed, breathtaking,” Grady said, calling for deterrence against both China and nuclear-armed Russia. “Modernization of the nuclear triad will be the underpinning of that deterrence effort against two nuclear competitors.”

Pentagon Defines Extremist Activities, Releases New Regulations

Pentagon Defines Extremist Activities, Releases New Regulations

Just shy of a year after the Jan. 6 Capitol riot, the Defense Department released a detailed report defining what constitutes extremist activity and recapping DOD efforts to date to reduce and prevent extremism within the ranks.

The department will not make a list of prohibited groups, but DOD has defined a two-part test for commanders to assess a violation: Does the act constitute extremist activity; and did the service member “actively participate”?

New regulations go much further than past guidance in defining extremist activities and even state that a “like” of an extremist comment on social media constitutes a violation.

“The physical act of liking is, of course, advocating,” Pentagon Press Secretary John F. Kirby told reporters Dec. 20—”advocating for extremist groups, certainly, [or] groups that advocate violating the oath to the Constitution, overturning of the government, terrorist activities.”

The new instruction includes a glossary defining terms such as “liking” and “sharing” on social media along with platform-specific terms such as “re-tweeting.” The term “widespread unlawful discrimination” is also in the glossary, defined as extensive discrimination of individuals or groups on the basis of race, gender identity, sexual orientation, and other factors, which deprives those persons of constitutional or other rights, such as civil rights and fair housing.

Kirby made clear that the department will not actively monitor the social media accounts of service members. He said extremist ideologies or a membership in an extremist group are not in themselves violations. Membership in an extremist group, however, will make it hard for a service member not to violate a regulation.

“In order to prove your membership, you’re probably going to run afoul of one of these criteria sets,” he said.

Taking part in extremist activities, such as violent protests, fundraising, or otherwise promoting the extremist group are some of the prohibited actions.

Upon taking office, Defense Secretary Lloyd J. Austin III established a Countering Extremist Activities Working Group and took four immediate actions that included calling for an extremism standdown across the department. The event gave service members the opportunity to discuss the growing problem and solutions. Among the requests from the force was greater clarity on what constituted extremist activity.

Revising the DOD instruction that defines what constitutes extremist activity was one result, while adjusting recruiting and separation briefing activities was another. Training and education within the service will come next, Kirby said.

Other next steps suggested by the working group include reforms of military justice and policy, investigative and screening processes, training and education, and the department’s Insider Threat program.

Austin also commissioned a new study on extremism in the ranks, but no further details were provided.

Kirby said DOD does not have a comprehensive way of tracking cases of extremism but in the past year found that fewer than 100 individuals violated regulations on extremist activity. The six service members who participated in the Capitol riot were likely among the 100.

Potential violations of the prohibition on extremist activity will be considered like any other violation, Kirby said, on a “very case-specific” basis.

Kirby cautioned that DOD will not be monitoring service members and that the policy does not impact personal beliefs or political persuasions.

“There’s no monitoring. It’s not about monitoring,” he said. “This isn’t about political leanings or partisan inclinations—it’s about activity. It’s about prohibited extremist activity and active participation in that activity.”

Digital Engineering, DevSecOps Key to Updating ICBMs

Digital Engineering, DevSecOps Key to Updating ICBMs

Minuteman III intercontinental ballistic missiles are now over 50 years old, and the time to transition to the Ground Based Strategic Deterrent, a full ICBM weapon system replacement, is getting close. The need for optimized sustainment and readiness on Minuteman III is critical as the government prepares for GBSD’s anticipated initial operational capability in 2029.

Helping the Air Force prepare for that transition is a critical mission for BAE Systems, the Air Force’s ICBM systems engineering, integration, and test partner as the Future Intercontinental Ballistic Missile Sustainment and Acquisition Construct (FISAC) Integration Support Contract (ISC) Prime since 2013. This complex transition requires digital engineering expertise, which BAE Systems applies to the ICBM mission every day with its digital modeling and simulation capabilities. BAE Systems’ digital engineering work is ensuring a high-confidence handoff between the two weapon systems and that the Air Force has access to the full range of “zero fail” strategic systems technical expertise to manage the transition.

“Our focus over the past eight years has been to help the government’s ICBM weapon system integrators manage the technical baseline of Minuteman III so they can make informed decisions on its sustainment, and support the acquisition of GBSD,” said Rick Allen, Vice President of BAE Systems Air & Space Force Solutions Strategic Systems business. “Our innovative technical solutions facilitate the ICBM team’s MMIII digital sustainment strategy and provide options for the GBSD system’s future advancements, Digital Engineering System, and Air Force ownership of key interfaces and data rights.”

Dr. Scott Nowlin, BAE Systems’ Strategic Systems chief engineer, said after nearly a decade of supporting the government in its lead system integrator role, BAE Systems continues to apply its hard-earned expertise and insights to one of the most complex and demanding weapons system transitions ever.

A Well Orchestrated and Cost-Effective Transition

“Within 20 years, the GBSD weapon systems will need to be updated with new weapon systems, command and control capabilities, and a refurbished launch facility,” Nowlin said. “That’s a heavy lift. We’re helping the government flag parts of the system that need to be modified in the near term in order to help transition to GBSD over the long term. Our work drives down risk, helping GBSD remain on time and within budget.”

The work to get there has already begun.

“The Air Force’s cost/capability trades were intensively modelled to be fully understood. Furthermore, we have been able to use customized digital tools delivered to the government, so this wind down of Minuteman III—just as GBSD comes online—can be time-certain and cost-controlled.” 

Digital Modelling for Today and the Future

Digital twin models fall under the broad category of digital engineering, which the Department of Defense defines as “an integrated digital approach that uses authoritative sources of system data and models as a continuum across disciplines to support life cycle activities from concept to disposal.”

The strategy has already contributed to development decisions on GBSD.

“We’ve been helping curate and communicate decisional data across all levels and stakeholders in the ICBM enterprise,” Nowlin said. “That’s allowed GBSD to stay on schedule right into the Engineering and Manufacturing Development [EMD] phase.”

This is despite the significant complications brought about by the COVID-19 pandemic, which Dr. Nowlin describes as being mitigated because of ICBM enterprise digital engineering strategies and investments.

“The investment that GBSD made years ago in a digital engineering environment has paid off multiple times already,” he said. “For example, they were able to meet all the milestones throughout the pandemic by being able to visualize and share data with leaders at the highest level of the DOD to meet those schedules on time.”

Modern and More Secured Software Solutions

Working with Minuteman III might not seem like the perfect place to break new ground technologically, but BAE Systems has been proving otherwise. The company has helped update and modernize software in the legacy missile systems by embracing the modern agile software development practice known as Development, Security, and Operations, or DevSecOps. The approach has helped BAE Systems break down challenges into manageable pieces and to iterate software development to produce a continuous flow of enhancements.

“As software has taken on a larger and more significant role in overall system capabilities, it’s clear you have to go faster and implement software with an agile mindset,” Nowlin said. “With DevSecOps, we can take a small team and get through a large backlog of issues by tackling them one by one, integrating them piece by piece, with testing for cybersecurity and operational effectiveness along the way.”

With a DevSecOps “pipeline” process in place, BAE Systems can respond immediately as events unfold. This will only become more important as the Air Force updates the Nuclear Command and Control Communication (NC3) system that coordinates the nuclear enterprise.

DevSecOps pays for itself in saved time by running code development applications, security checks, and operational testing of computer code in tandem.  

A Model Framework to Modernize Defense Systems

This theme of improved collaboration and communication within the ICBM enterprise isn’t limited to just the software community.

“There is a need for increased and enhanced communication between the GBSD acquisition and Minuteman III sustainment communities, because those operating Minuteman III need to know where they’re going to make a handoff and how to decommission this legacy ICBM system,” Allen said. “It’s a very complicated and complex, coordinated dance. We’re helping the government apply great systems engineering capabilities—risk management, interface control, integrated project technical planning and scheduling, configuration management, to name a few.  All in the ICBM digital ecosystem.”

With the ongoing and successful implementation of digital engineering strategies as it relates to our nation’s ICBM infrastructure, this process could also provide a framework for the future objectives of other military branches as well.

Posture Reviews, Program Reveals, and Budget Maneuvers Ahead for the Air Force in 2022

Posture Reviews, Program Reveals, and Budget Maneuvers Ahead for the Air Force in 2022

A raft of strategy and posture reviews are coming in 2022 that will significantly shape the Air Force, even as the service is slated to make major strides on programs and conduct critical tests. How the Air Force manages to pay for all that as the bills come due for major modernization efforts, particularly in the nuclear arena, will be a challenging balancing act.

Early in the year, and possibly in conjunction with the fiscal 2023 budget request, the Biden administration will release its first all-up National Security Strategy and National Defense Strategy, which will set the conditions for USAF’s force structure. Little has been said about what it will entail. The interim NDS released by the Biden administration in March largely preserved the previous administration’s military philosophies but did away with President Donald Trump’s theme of “Great Power Competition,” replacing it with the more nebulous “Strategic Competition.” It will keep China front and center as the pacing U.S. military threat, with Russia a second but crucial included case and still the principal nuclear competitor to the U.S.

Likely at the same time, the Pentagon will roll out its Nuclear Posture Review and Missile Defense Review, setting the stage for how the Biden administration plans to apportion and modernize its strategic arsenal and counter rising threats from Russia’s “novel” nuclear weapons—such as Moscow’s tidal wave-generating nuclear torpedo—as well as Chinese and Russian hypersonic missiles and China’s nascent fractional orbital bombardment system. While the B-21 bomber and B-52 re-engining seem to have full support on Capitol Hill, the new Ground Based Strategic Deterrent intercontinental ballistic missile and Long Range Standoff Weapon still have their opponents, and the Nuclear Posture Review will be the first clear indication from the Biden administration of how supportive of these programs it will be.   

These reviews will have a lot to do with how the Air Force is sized for the 2020s and beyond. Its force structure is likely to be somewhat different from that laid out in 2018’s “The Force We Need” notional Air Force of the future, which called for about a 25 percent increase in the size of the force to 386 combat squadrons. The shift to “high end” combat capabilities and away from counterinsurgency is likely to gain momentum, especially with the withdrawal from Afghanistan.

Aircraft

The Air Force is slated to make major program strides in 2022 as it reveals and flies the B-21 Raider for the first time and launches new program starts that will have great influence on how the service is organized for air combat.

The B-21 is slated to take to the air mid-year, its first flight likely a hop from Northrop Grumman’s facilities at Air Force Plant 42 in Palmdale, Calif., to nearby Edwards Air Force Base. Rapid Capabilities Office director Randall Walden predicted a year ago that the B-21 would roll out in the spring of 2022 and has only hedged a bit since then as pandemic delays slightly affected the program’s progress.

Although Walden said the rollout of the aircraft will be a public event, Air Force Secretary Frank Kendall has subsequently said much will still be kept under wraps to avoid giving China a “head start” in countering the B-21’s capabilities.

Walden has said five B-21s are under construction, suggesting that additional test aircraft will take to the sky in fairly short order. Expect funding for the bomber—which seems to have support from both sides of the aisle on Capitol Hill and which is regarded as a generally well-run effort—to shift significantly from developmental activities to production in the fiscal 2023 budget request.

New funding requests will also appear for “loyal wingman”-type autonomous, unmanned combat aircraft that will fly as escorts for fifth-generation fighters such as the F-22, F-35, and Next Generation Air Dominance platform, and for bombers such as the B-21, Kendall said. The aircraft programs will be “acknowledged classified,” meaning their funding streams will be public records, but little about them will be disclosed to preserve operational surprise.

Early in the year, the F-35 Joint Program Office and the Air Force owe Congress their plans for improving the fighter’s operating costs and mission capability rates as well as how to provide power for the fighter’s advanced Block 4 configuration. General Electric and Pratt & Whitney stand ready to build new-generation engines for the F-35 based on their prototype Advanced Engine Transition Program powerplants, but the Air Force would have to bear the whole cost of such development and production, as F-35B variant users cannot use the AETP engines and the Navy’s F-35C would need significant modification to accommodate the adaptive engine.

More may be revealed in 2022 about the Next Generation Air Dominance system, which will include a manned (and potentially unmanned) fighter, along with a family of related aircraft and attributes.

Expect the Air Force to make an even harder push to retire old, irrelevant or costly systems to free up money to develop advanced capabilities and for Congress to remain stubborn in holding onto old systems until new ones are in hand. The fiscal 2022 National Defense Authorization Act, for example, prohibits the Air Force from taking any steps to retire more B-1B bombers until they are being replaced, one for one, with B-21s.

Besides the two new “loyal wingman” programs of record—one to escort fighters and one for bombers—the Air Force will likely get formally underway on the new Advanced Tactical Trainer, a replacement for the T-38 in the lead-in-fighter/companion trainer role. It received information from industry on the art of the possible in November. The Air Force will likely partner with the Navy on this aircraft, and there could well be a memorandum of agreement for cost sharing or at least pledging high commonality. Boeing and Saab will offer a variant of their T-7A while Lockheed Martin will enter a variant of its T-50 trainer, which it developed in partnership with Korea Aerospace Industries. Other competitors that didn’t succeed in the T-X competition may enter as well.   

Weapons

The Air Force is also under some pressure to get moving on its hypersonic missile programs. The AGM-183 Air-launched Rapid Response Weapon failed to fly on its own during 2021 over several attempts, making a fast-paced string of successful test flights in 2022 essential if the service is to enter production in 2023, as it plans to do. Likewise, there should be aggressive test flights of the Hypersonic Air-breathing Weapon Concept (HAWC), a Raytheon product that’s a precursor to the Hypersonic Attack Cruise Missile, an air-breathing Mach 5+ weapon that the Air Force would buy in even greater numbers than ARRW because it will be smaller and more can be loaded on bombers and fighters.

As the Air Force migrates away from the RQ-4 Global Hawk in the strategic reconnaissance role, look for more to be revealed about its stealthy successor, a high-flying stealthy unmanned aircraft that has been called the RQ-180.

While Kendall has indicated USAF will keep mum about new capabilities, flight testing of the new AIM-260 long-range, multimode-guidance air-to-air missile is likely to step up, as the service plans to field the first versions in the next couple of years. Little is known about the AIM-260, which is being developed by Lockheed Martin.

The Air Force will also sharply expand its agile combat employment exercises and experiments in 2022, with more aircraft deployed to austere locations with progressively smaller logistical footprints, supported by Airmen with multiple specialties. Hand in hand with that effort will be further refinement of the Advanced Battle Management System and the development of joint all-domain command and control, to wring as much combat capability out of USAF’s limited assets as possible.

Affording all of this, even with a defense budget at $768 billion, will be challenging. Look for USAF to take risk in budgeting by buying fewer munitions and accepting more tiered readiness. The Air Force seems poised to win approval from the Pentagon for its new system of presenting forces to combatant commanders, which will formalize unit downtime and stop what the service has called the “burning up” of its people and equipment on endless deployments without any opportunity for reset.

Vandenberg SFB Envisioned as a ‘National Spaceport’

Vandenberg SFB Envisioned as a ‘National Spaceport’

The commander of the Space Force’s Space Launch Delta 30 envisions Vandenberg Space Force Base, Calif., as a “national spaceport” and said the launch delta is trying to figure out how to make that dream a reality.

Vandenberg has plenty of room to grow, and the convenience of launching into certain orbits—not to mention “demand signals” from customers—suggests commercial interest in launching from the site will continue to rise, said Col. Robert A. Long, who took over command of the launch delta in June. Long took part in a Spacepower Forum webinar by the Mitchell Institute of Aerospace Studies on Dec. 17. 

At 180,000 acres, “Obviously the good thing about Vandenberg is we have plenty of land area,” Long said. Situated where rockets can launch to the south, the base is desirable because of the efficiency of getting to polar orbits. By launching in another direction to get to a polar orbit, companies might have to design their satellites differently based on where they launch from. Long characterized the “performance penalty” as “less payload to orbit.”

“So you could go to Cape Canaveral, and some do at times, but you pay a performance penalty when you do that,” Long said. Only “a few locations in the world … offer what we can provide here. No. 1 is location—but then just the infrastructure that’s been built up over the decades.”

Vandenberg already provides launch services “across the spectrum,” including to the military, civil, and private launch customers such as the National Reconnaissance Office, Air Force Global Strike Command, and the Missile Defense Agency. Activities include in addition to space launch include missile testing, aircraft testing, ground and sea force exercises—“quite the gamut,” Long said.

And the frequency of launches should keep going up.

“All forecasts are pointing to increased launch rates,” Long said. “United Launch Alliance and SpaceX aren’t slowing down anytime in the future. We have numerous new customers and interests coming out here—companies like Stratolaunch, Relativity, … and they’re all trying to figure out the best way to leverage our location, our set of services, for both space launching and, I should also mention, test activities.”

The decision to organize Space Force’s launch deltas differently kept the facilities and the mission under the same umbrella, a departure from the garrison-delta setup at other Space Force bases. 

“Everyone realized that the launch mission is really hard to separate [from] the infrastructure side,” Long explained. 

He said the launch delta has just begun to contemplate its transformation, studying and gathering feedback. 

“We’re trying to really transform ourselves into this national spaceport model,” Long said. “We’re still working through what that model looks like and what it really is. We’re a customer service provider, and we want to provide … a host of tailorable services that facilitate safe, flexible, repeatable, simultaneous operations.”

So far, the launch delta has started to gather input from customers on things such as what “baseline level of services” it could provide: “We welcome any thoughts on that from industry—from all the smart people,” Long said. 

Meanwhile, “We’re looking across the entire spectrum of analogous systems,” such as different airport models and types of seaports and transit authorities to “help inform what makes the most sense.” After all: “We’re definitely ramping up,” Long said. “We don’t see any letup in the future in terms of business.”

Black Sea NATO Allies Call for Added Security Amid Russian Buildup

Black Sea NATO Allies Call for Added Security Amid Russian Buildup

The Russian troop buildup on the Ukrainian border and in the heavily militarized Black Sea region has led to calls by Black Sea allies to increase NATO and U.S. deterrence to prevent further Russian efforts to divide and isolate some of the alliance’s newest members.

With over 100,000 Russian troops surrounding Ukraine on three sides and activity consistent with combat preparation, the Biden administration has opted to pursue diplomacy with Russia following a Dec. 7 virtual summit between President Joe Biden and Russian President Vladimir Putin. But NATO allies who are members of the Bucharest Nine (B9) group of eastern flank nations have indicated to Biden and National Security Advisor Jake Sullivan on a Dec. 16 call that more American presence is needed now to deter an invasion of Ukraine.

“If the U.S. and NATO are not careful, the Black Sea will be a Russian lake,” Romanian military attaché in Washington, D.C., Col. Catalin-Constantin Mihalache told Air Force Magazine, noting how Russia has increased and modernized its Western region forces.

“The goal in the Black Sea is to isolate NATO regional partners, Georgia and Ukraine, by taking advantage of the lack of strategic and comprehensive day-to-day NATO presence and strategy,” he added.

Following a Dec. 10 B9 call with Biden, Romanian President Klaus Iohannis took to Twitter to highlight the case he made to Biden.

“I … underlined [Romanian] support for an increased NATO & US military presence in #Romania & at the #BlackSea,” he wrote.

Mihalache said the Russian invasion of Ukraine is a national security concern for Romania and NATO. Russian-occupied Crimea, which has become a heavily militarized anti-access/area denial (A2/AD) bastion in the Black Sea since annexation in 2014, is just 200 miles from Romania’s shores.

“It’s closing the distance,” he said of a potential further Russian incursion of Ukraine. “Russia will approach not only Romania but will be close to the NATO border.”

An Oct. 27 Senate Foreign Relations Committee hearing on Black Sea security detailed an uneven NATO policy of enhanced forward presence in the Baltic nations and tailored forward presence in southeastern Europe. Experts suggested that directing more robust assistance to the north led Russia to concentrate its aggression in the south. Romania established a NATO Multinational Corps South-East headquarters in Sibiu in part to encourage an increase in allied presence.

“We are very determined to build our capability and to have NATO and the U.S. join us in this effort and support us,” Mihalache said, noting that Romania also awaits a decision about global force posture that could lead to additional U.S. troops in the country. About 1,000 U.S. troops are present at any given time in Romania.

In his role as the air attaché, the Romanian official highlighted the importance of the NATO Black Sea posture and current cooperation with the U.S.

“The air domain is key for the credibility and effectiveness of the allied regional collective posture,” Mihalache explained. “The U.S. presence and persistent contribution of ISR and situational awareness is making the allied regional progress.”

The U.S. began basing MQ-9 Reapers at Romanian Air Base 71 in Campia Turzii in January. Romania maintains a small Air Force of F-16s and Soviet-era MiG-21s upgraded with Israeli technology. Romania also benefits from NATO air policing.

Mihalache said Romania’s Air Force plans a purchase of two squadrons of F-16s from Norway that will eventually replace the MiG-21s.

Romania also has the first Patriot missile defense system on the eastern flank. Some of the seven batteries contracted are operational, while others have yet to arrive.

Mihalache highlighted the recent presence of an American bomber task force supported by Romanian F-16s.

U.S. Pursues Diplomacy, Holds Back Military Aid for Now

A senior administration official briefing reporters Dec. 17 said the 2014 Minsk negotiations, which led to a quieting of hostilities with Russian-backed separatists in southeastern Ukraine, are the principal format the U.S. is advocating for to resolve the crisis on the border.

“But the U.S. is prepared to use our bilateral channels to Moscow and to Kyiv to support, if we can,” the official said.

In recent days, State Department officials have visited Moscow to entertain Russian proposals for moving forward. In the past, Putin has said Ukraine or Georgia entry into NATO is a red line, and he has discouraged military assistance to the countries.

Members of Congress have nonetheless urged Biden to answer a November request from Ukraine for additional military assistance, including air defenses that the country says are necessary to deter a Russian invasion. A Ukrainian defense official recently told Air Force Magazine that an American air defense team was in the country to assess needs, but no announcement of new assistance has been made.

“We are also in intensive dialogue with the Ukrainians at all levels, including DOD and EUCOM [U.S. European Command], with regard to their needs,” the administration official said, adding that the conversation included allies who may be able to offer defense assistance. “We will continue to keep those lines open as necessary and as we see what the Ukrainian requirements are.”

In a Dec. 16 congressional hearing titled “Defending Ukraine, Deterring Putin,” Andrew Bowen, an analyst in Russian and European affairs at the Congressional Research Service, identified the U.S. NATO Black Sea presence as the rationale for Russia’s hostility.

“Russian political and military leaders assert that the increased expansion of NATO and the presence of … European and U.S. military forces on its border and Black Sea are an existential security threat to Russia,” he said.

Bowen said the leaders are concerned that NATO and U.S. military forces will eventually place long-range precision strike missile defense systems nearby. Romania already has a High Mobility Artillery Rocket System (HIMARS), a light multiple rocket launcher.

The defense official also said the southeastern flank needs better investment in command-and-control capabilities and access to satellite reconnaissance data. Adding the capabilities to the southeastern flank, he argued, would make protection and deterrence at the eastern border of NATO more uniform.

“The allied approach needs to be firm and credible and requires united and coherent deterrent efforts to the entire flank,” he said.

“This is an unprecedented challenge in the post-Cold War because we didn’t have such an escalation since the end of the Cold War,” Mihalache continued. “It requires our allied and U.S. immediate reaction and attention.”

Air Force Names New Chief Information Security Officer to Lead Cyber Innovation

Air Force Names New Chief Information Security Officer to Lead Cyber Innovation

The Department of the Air Force has a new chief information security officer, filling a post that’s been without a full-time occupant for nearly a year.

The appointment of James “Aaron” Bishop was first announced Dec. 16 at the AFCEA of Northern Virginia Air Force IT Day by his boss, Department of the Air Force Chief Information Officer Lauren Knausenberger.

“His experience combines military experience and private-sector experience, and I believe he is the type of leader who can move us forward quickly while also building and developing our workforce to run with him,” Knausenberger wrote in reply to a query.

At the AFCEA event, she said Bishop will have a mandate to drive and highlight cybersecurity innovation across the department, which encompasses both the Air and Space Forces. In particular, she mentioned the novel tools and policies provided over the past two or three years to ease the process of getting authority to operate (ATO) for new IT systems. The Fast Track ATO process laid out in March 2019 allows for ATOs to be issued after penetration testing of a system rather than via extensive paper documentation of security controls. And under a blanket purchase agreement signed last year, any office can hire a certified “red team” to conduct that pen-testing and then use the results as the basis for an ATO.

But the new process hasn’t caught on as quickly as Knausenberger would have liked. “Across the big enterprise, we need to do a better job of governance of the [ATO] boundaries,” she said, adding this would be a priority for Bishop. “I think he’s going to be the right guy to grab that and to move [it] forward. So I think we’ll have some improvement on just the brass tacks side of that over the next year,” she said.

Bishop started Nov. 22, Knausenberger said in reply to the query. He was the top choice of the three-person Senior Executive Service selection panel. The post has been without a full-time occupant since previous incumbent Wanda T. Jones-Heath was dual hatted as acting principal cyber adviser in the Air Force Secretary’s office in December 2020, according to her official biography. Her transfer to an acting position meant a replacement couldn’t be hired until she was given the permanent appointment as PCA, Knausenberger explained.

Bishop’s role, according to his biography, includes “oversight for the Freedom of Information Act, Privacy Act laws, and cryptographic modernization supporting cyber operations for the department.”

Prior to his appointment, Bishop was CEO and founder of the Quantum Security Alliance, a public-private partnership research organization. Before that he held several posts, including CISO with massive federal IT contractor SAIC. He was general manager of Microsoft‘s National Security Group for a decade before that.

Adm. Grady Confirmed as Joint Chiefs Vice Chair, Filling Monthlong Vacancy

Adm. Grady Confirmed as Joint Chiefs Vice Chair, Filling Monthlong Vacancy

The Senate confirmed Naval Fleet Forces Commander Adm. Christopher W. Grady as Vice Chairman of the Joint Chiefs of Staff late Dec. 16. Defense Secretary Lloyd J. Austin III is tentatively scheduled to perform Grady’s swearing-in Dec. 20, the office of the Joint Chiefs confirmed.

The Senate voice vote assures the vacancy created by the retirement of the former Vice Chair, Air Force Gen. John E. Hyten, is filled before Congress adjourns for the holidays.

Grady brings a personnel and nuclear background from his current position in Norfolk, Va., overseeing the naval leg of the nuclear triad. His call for “ready-relevant learning” also became part of the Navy’s modernization doctrine.

In addition to serving as commander of U.S. Fleet Forces Command/U.S. Naval Forces Northern Command since 2018, Grady has served as commander of U.S. Naval Forces Strategic Command and U.S. Strategic Command Joint Force Maritime Component Commander since 2019.

Grady previously served as commander of the U.S. 6th Fleet and commander of Naval Striking and Support Forces NATO.

At his confirmation hearing Dec. 8, Grady warned that competitors have a new ability to “attack below the threshold of armed conflict,” and he promised to work with allies and partners toward whole-of-government deterrence, a concept known as “integrated deterrence” and often cited by Austin.

“We are faced with overt challenges to the international rules-based order and our national security in every domain,” Grady told the Senate Armed Services Committee during his confirmation hearing. “Now, more than ever, global integration is essential,” he said, referring to “integrated deterrence in those multidomains, leveraging all elements of national power.”

Hack-a-Sat Organizers Pledge to Improve Scoring Transparency

Hack-a-Sat Organizers Pledge to Improve Scoring Transparency

The Space Force’s second-ever Hack-a-Sat competition challenged hackers to find vulnerabilities in earthbound satellite hardware, drawing eight hacker teams to vie for tens of thousands of dollars in cash.  

But while last year’s inaugural competition proved inspirational, this year’s ended amid complaints by participants, who said rules changing on the fly and poor communication by the organizers undermined the event.

Even those who performed well were frustrated. “We had really high hopes … for the contest, but at the end the disappointment and frustration completely took over, even after finishing second and winning a big cash prize,” wrote Michał Kowalczyk on CTFTime, a blog where contestants rate and review different capture-the-flag (CTF) competitions. Kowalczyk, whose hacker handle is Redford, is a co-founder the team “Poland Can Into Space,” which was the runner-up both this year and last. “I wish it was different, but I have to say that this was a pretty bad CTF.” 

Organizers said they are working on the issues and trying to communicate directly with participants to ensure problems this year can be addressed ahead of future competitions.  

CTFs have grown since the 1990s into an international hacker subculture, with hundreds of contests every year.  The competitions build teamwork and develop a collaborative muscle memory while at the same time helping security researchers hone and practice defensive and offensive skills. 

The Space Force said the contest is “designed to inspire the world’s top cybersecurity talent to develop the skills necessary to help reduce vulnerabilities and build more secure space systems.” 

Hack-A-Sat 2 was organized by representatives from the Air Force Research Laboratory, the Space Force’s Space Systems Command, and Cromulence, a contractor. Organizers said they will address the criticisms in follow-up meetings with the eight teams

“We appreciate feedback and just as we did last year, we plan to have individual feedback sessions with each team to learn what worked well and what can be improved on for next year,” organizers wrote in a statement to Air Force Magazine.  

Disappointment and Frustration 

In an “attack-defend” CTF such as Hack-A-Sat, teams of “white-hat” hackers compete over an intense and often sleepless 24 to 48 hours. Each team must both defend its own satellite replica while attacking the replica systems defended by the other competitors. 

“Hackers tend to be very direct people, very open about their opinion,” said Rubin Gonzalez, a founder of FluxRepeatRocket, a team based in Germany and the fourth-place finisher this year. “So if something went wrong they will generally have no problem with publicly stating that something was wrong.”  

Gonzalez said his team wasn’t invited to the Slack channel used to communicate with competitors until well after the final round began, an oversight that left the team blind. “So for the first three hours, we had no idea what was going on,” he said. “We weren’t getting any of the information or announcements.”  

Tyler Nighswander of Plaid Parliament of Pwning, a storied team connected with Carnegie Mellon University, complained that “lots of things regarding how the game operated were not explained clearly.” 

Joshua Christman of Pwn-First Search described “a lack of communication and a lack of transparency.”  

Poor communication made it hard for competitors to understand scoring awards and other decisions that, left unexplained, appeared arbitrary. 

“Part of the problem is that organizers were and are ignoring our questions,” Kowalczyk said. “So we don’t really know the explanations and details for some of the things which happened.”  

The organizers, in their statement, defended their communication style, noting that answering competitors’ questions had to be done in a way that didn’t unfairly influence the competition.  

“Due to the nature of an attack/defend CTF, where teams are progressing at their own individual pace through the challenges, we have to address all [teams’ questions] in a manner that doesn’t disclose the solutions [to] the other teams because this would provide unfair advantage to the inquiring teams. If one team has figured something out, then it’s unfair to them to provide any hints or additional information to other teams,” the statement explained. 

The organizers said that—as they did last year—they would publish an archive of all the Slack messages during the game. 

Some participants defended the organizers. “No CTF is without its flaws/mistakes, but these organizers have always run good competitions in the past,” said Jonathan Elchison, one of the founders of SingleEventUpset, a team put together especially for Hack-A-Sat. 

Atypical Challenge 

All CTFs are technically challenging to stage, noted Elchison, but running one on hardware systems such as satellites, with embedded software and very different architecture from the conventional IT systems that most CTFs stage their competitions on, is “particularly difficult.” 

Organizers used eight centrally located flat sats—real satellite hardware, but earthbound—as the systems that each team had to attack and defend. But they also provided teams with a digital twin of the satellites, a software emulation of the hardware systems on the flat sats. 

“The contest goals were very ambitious,” agreed Nighswander, noting that “with such a complicated game to create, there was certainly a higher amount of technical effort than usual needed.” 

“In a typical CTF,” explained the Hack-A-sat organizers, the different parts of the competition, known as “challenges,” tend to be independent from one another. But satellites—even the ground-based simulators or “flat sats” used in the contest—are “systems of systems” in which functions, also called services, depend on each other.   

“For HAS2, the challenges were interrelated and sometimes dependent on each other due to the nature of the flight software running on the flat sat hardware,” the organizers said. “This architecture drove many of the decisions made about scoring and the rules of engagement for the competition.” 

Most criticism centered on these two elements. Gonzalez and other competitors said rules of engagement changed mid-game; and that the scoring system lacked the accustomed transparency—teams couldn’t tell why they were gaining or losing points. 

A dashboard representing the flat sats’ systems and subsystems showed a system in green if it was functioning normally or in red if it wasn’t. Teams thought red meant they were losing points, but the organizers announced during the course of the game that if a system turned red, “that does not necessarily mean that you are losing points for it, it is simply a basic visualization.” 

The organizers said they had to strike “a delicate balance in releasing just enough information about the scoring so that teams cannot game the system.” In a contest centered on hacking satellites, their statement continued, “the expectation was that teams knew what services on the satellite are critical.” 

Nonetheless, they promised to do better next year. “With that said, we could improve our dashboard in the future to be more representative of the SLA metrics that were a factor in scoring.” Most of the points contestants could earn came from a service-level agreement, or SLA—they got points for keeping the various systems on their satellite functioning at a certain minimum level. 

High Expectations 

In the end, said Nighswander, the contest reached the right result: “I think the first and second placed teams Solar Wine and Poland Can Into Space were the ‘correct’ teams. They both did a great job, and they deserved their places, and I think that is very important.” 

He suggested that expectations for Hack-A-Sat were high. “I think all of the participating teams have played in CTFs which were run worse than this contest was,” he said. But given that Hack-A-Sat was backed by the resources of the U.S. military, competitors expected a flawless execution. “There was an expectation level that I don’t think was cleared,” he said. 

Gonzalez said the contest this year took “a step in the wrong direction,” but he hoped the organizers would listen to the criticisms because it’s “a really cool event.” 

Solar Wine, the multinational Francophone team that won the contest and the $50,000 first prize, declined to comment on the controversy. “We will communicate our feedback to [the organizers] privately, as we did last year when we missed the podium for a technicality,” said team member Aris Adamantiadis. 

He hoped the controversy wouldn’t overshadow their victory. He noted that, as well as a personal achievement for Solar Wine team members, the result also represented something of a breakthrough. “The big American CTFs are usually led by American teams,” he said, noting that Hack-A-Sat 1, although won by a U.S. team, had Polish and German teams in second and third places. 

Solar Wine has members from France, Belgium, and Mauritius, Adamantiadis said, but the diversity that helped them win was their “diversity of skills. We have people specialized in the security aspects of reverse engineering, exploit development, cryptography, networks, IT infrastructure, scripting languages, and now even space packets, astrophysics, and satellite operation. All of these skills were key to navigate through Hack-A-Sat,” he said. 

Winning, Adamantiadis concluded, was “an achievement that we are very proud of on a personal level of course, but there’s a bit of nationalistic pride, too!”