Category Archives: Future Tech

What is coming down the pipe in naval and maritime technology?

Future Tech

Don’t Neglect the Easy Wins for Military AI

1 Comment

By Christian Heller

The defense community is captivated with artificial intelligence (AI) and its possible impacts on warfare. There has been much debate on AI’s impact on offensive and defensive operations, nuclear command and control, and information warfare. AI experts worry about the dangers of ultrafast AI decision-making, the U.S.-China AI arms race, the level of autonomy granted to robots, and the overall threat to humans with increased AI independence.

The Department of the Navy (DoN) has responded with building organizations to help integrate AI into the military services. Most prolific of these groups are the Algorithmic Warfare Cross-Functional Team (also known as Project Maven) and the Joint Artificial Intelligence Center (JAIC). Project Maven’s efforts focus on using AI to support the processing, exploitation, and dissemination (PED) of video and imagery intelligence. These efforts also include using AI to exploit captured enemy material (CEM), acoustic intelligence (ACINT), and publicly available information (PAI, also known as Open-Source Intelligence, or OSINT). The JAIC’s first two initiatives were predictive maintenance and humanitarian assistance/disaster relief. Later last year, they expanded to include cyberspace and robotic process automation.

While these lines of effort are important, they pursue difficult, hard-to-achieve tactical goals while ignoring the easy, low-hanging-fruits of AI implementation within the bureaucracy. Self-targeting drones, deep fakes, and global integrated predictive analytics platforms are worthwhile, but the Navy can achieve better and faster returns on its investments by pursuing unglamorous AI efforts in the fields of manpower and administration. With a renewed willingness to rebuild the services to face the threats of the future, now is the ideal team to embrace AI.

Manpower

Existing uses of AI in the private sector can be implemented by the DoN to support recruiting, training, retention, promotions, and billet assignments. Numerous companies are using AI to help their hiring managers identify and recruit employees. Recruiting commands could adopt these services to reduce their personnel burden and increase their effectiveness. Montage combines AI, process automation, and analytics to personalize the recruitment process toward specific candidates. Textio helps recruiters choose the right words and language to attract the right people. Firms like Koru use predictive AI to better match candidates to available positions and could change the way the services assign personnel to specialties and units.

Many companies have already implemented cost-saving AI measures such as these. Google worked with American Eagle to customize their marketing to individual consumers, similar to how the services could customize efforts for individual recruits and better manpower management. Amazon, Starbucks, and Nike all use AI to personalize customer engagement and marketing. LinkedIn uses AI for its LinkedIn Recruiter platform to identify the best candidates for hiring managers, and Home Depot and Dyson use AI programs to identify candidates based on their internal databases, social media, and public job boards.

The lack of continuity of knowledge is endemic to the DoN where service members continuously change billets and commands. Turnover is high and leads to a severe lack of institutional knowledge. This turnover means the time-cost of retraining a replacement detracts from time spent advancing a project forward. AI training systems can help. IBM has partnered with firms to help departing employees document their knowledge for future workers. AI then indexes and sorts the information to make it more easily available, and successful efforts have already reduced the search times for previous knowledge by 75 percent.

The Navy and DARPA already proved the relevance of AI to training service members. A combined project in which a digital AI tutor led new sailors though their training saw AI-trained students “frequently outperform Navy experts with 7-10 years of experience.” AI startups like Bakpax aid teachers with their grading to identify specific personal needs for students and speed up the corrective process. A study by Johns Hopkins University found that students using Knewton, one of the original AI education startups which personalizes learning plans and materials for students, performed better compared to peers. Improvements in training may not seem like a critical requirement for the services, but training and development is viewed as the primary job benefit by millennials in choosing their employer.

AI also can help reform promotion processes with are plagued with inefficiency. Analytics firms like Palatine are helping leaders make better personnel decisions to identify strengths, weaknesses, and future potential. Well-meaning efforts within the Navy and Army are attempting to combat this issues, but AI can help eliminate recurrent human problems like bias from hiring and advancement.

Companies like Adecco are already able to prescreen candidates based on skillsets, geographic preferences, experiences, and availability to open locations. Its scale is massive: AI manages their timesheets, payroll, and work prioritization for its 700,000 workers and recruiters. A similar process could be applied to initial training and follow-on unit assignments to better meet the needs of commands and services while still satisfying the lifestyle demands of individuals and families.

Retention is a problem in both the government and the private sector, but AI solutions exist which can help. This increased level of human resources personalization towards recruiting, training, and billet assignments could drastically improve morale within the services and help retain talent for the DoN. Dissatisfaction with supervisors and a lack of appreciation are two of the main reasons employees quit, and AI and sentiment analysis can help manage those effects. AI management tools also help manage workloads and burnout, which, in a military environment, could prevent catastrophes.

Administration

The routine tasks of administration with the DoN and services can be significantly augmented by existing AI services. Document preparation, completion, and handling; payment and voucher processing; policy and guidance administration; and archival storage and retrieval are all carried out by AI at varying levels within the private sector. A Harvard Business Review study found that the majority of AI projects implemented by businesses involve automating back-office tasks. These tasks include updating personnel files from e-mails and call centers, as well as extracting and updating records between multiple systems. These examples found that process-automation is the cheapest and easiest of AI technologies to implement. Administrative programs can significantly reduce the time required for manually processing high numbers of different paperwork with inaccuracies or inconsistencies, and other government agencies like NASA have already adopted these practices in some departments.

Paperwork and process automation is well-established. For instance, the consulting and accounting firm Deloitte has automated thousands of forms and saved thousands more hours of labor for its clients in the financial sector. The accounting firm KPMG partnered with IBM and Watson to learn from 10,000 documents and help its tax advisors better serve their clients. Google’s Vision OCR detects text, character, and images in documents of various file types to extract, organize, and process the relevant information. Amazon’s Textract claims to go further by creating “smart search indexes” and automated workflows for processing documents through various departments.

Today’s tech leaders – Google, Amazon, Apple, and Microsoft – each have their own AI-powered assistants which businesses can implement to streamline management and coordination. Routine work like task management, calendar management, and emails and communication can be augmented by these tools.  Businesses can also use these tools to manage facilities and systems. These same tools can be used to engage leaders and commands with their service members using 24/7 assistance. Major companies like General Electric have adopted these tools, and IBM’s Watson Assistant has led to 40 percent reductions in time spent on administrative tasks.

Transitioning these types of workloads to, or augmenting them with, AI services can reduce the time burden currently placed upon staff officers and administrative specialists. In addition to large companies like Google and Amazon, start-ups like x.ai, Voicea, and Sigrid all perform a variety of tasks like coordinating calendars and meeting schedules, setting up conference calls, managing receipts and travel processes, scheduling transportation, and scanning and saving relevant files. Communications platforms like Zoom already auto-transcribe meetings and then publish the results as text-files for easy searches.

One key way AI is changing administrative work is aiding companies in their legal and regulatory compliance. With overlapping, always changing, and sometimes contradictory sets of policies and guidance, the DoN and the services could benefit from AI tools to assist leaders at both the senior and junior levels with policy adherence. AI has allowed insurance firms, one of the most highly-regulated and complex industries in the world, to analyze documents and process claims 25 percent faster.

Savings and Possibilities

Despite the difficulties which government agencies often have when implementing new technologies, examples of effective AI adoption already exist in some areas: the review and validation of 50,000 PDF records for a federal healthcare agency, state governments achieving 100 percent compliance for land lease payments and management, and state health insurance marketplaces responding to over 1,500 customers per day. In the United Kingdom, both the Ministry of Justice and the Department for Transport have implemented AI tools to provide better services to their citizens.

Adopting AI services to aid in manpower and administrative functions will pay for themselves with an outsized return-on-investment, and free up manpower and time which the services can redirect to other specialized needs. Even a small reduction in cost can provide substantial returns. For example, a 1 percent savings in the recruiting and training budgets for the Army ($5.1 billion), Navy ($2.1 billion), and Air Force ($2.4 billion) would result in $96 million in savings. A 1 percent savings in the services’ combined administrative budgets would result in over $200 million saved. Manpower can also be reduced in these respective areas to free personnel numbers for different MOS’s or operations. For example, decreases in administrative, training, and departmental management manpower for the Army (195,500), Navy (103,800), Marine Corps (56,100), and Air Force (125,100) could allocate thousands of billets for other duties.

Conclusion

These savings and efficiency measures are even more important considering the DoN’s increased emphasis on re-allocating funding toward research and innovation. AI support for tactical military purposes certainly deserves its own attention and prioritization, but the services and their leadership must not be quick to reject the immediate benefits to be gained by AI-services in the routine and familiar worlds of manpower and administration. These implementations can provide the highest near-term benefit and make additional funds and resources available for tactical AI research or other battlefield capabilities.

Christian Heller is a graduate of the U.S. Naval Academy and the University of Oxford. He currently works as an officer in the U.S. Marine Corps, and can be followed on Twitter @hellerch.

Featured Image: Server room of BalticServers (Wikimedia Commons)

Future Tech

Tech Trends and the Navy-Marine Corps Team

1 Comment

By Christian Heller

Soon after a new year, it is worth considering again the forecasts of futurists and the impacts their predictions may have on the naval services. Predictions about the future of war have often been inaccurate and sometimes detrimental to military institutions. For instance, H.G. Wells correctly predicted the emergence of aviation and bombing, but incorrectly predicted widespread militarized societies and the willing capitulation of defeated combatants. Kori Schake explains this recurrence of failure: “Futurists of warfare suffer from the same failures of imagination that frequently shackle their brethren in other professions: They overemphasize present trends and assume that their society’s cultural norms will similarly bind their adversaries.”

Best-selling book lists are replete with futurologists and their latest texts about the changing decades of warfare ahead. Thinkers like Paul Scharre lead the way at the intersection of artificial intelligence and national security. The works of P.W. Singer and David Sanger are near canon for information and cyber warfare. Authors such as these are widely reviewed and familiar to many. Two lesser-known books about the overall changing trends in the world today are reviewed here to add a wider societal and cultural context to the rapidly advancing technologies the Navy and Marine Corps are adapting to. Both raise important questions not so much about the systems and weapons of the future services, but about the processes, interactions, societies, and operating environments of the next decades.

The Industries of the Future by Alec Ross

Alec Ross, a former State Department advisor to Secretary of State Hillary Clinton, wrote The Industries of the Future based largely on his travels and experience while working in government. As Secretary Clinton’s advisor for innovation, Ross identified and assessed trends he saw emerging outside of the United States, most of which happened in disadvantaged countries. The topics of the book range from artificial intelligence and cybersecurity to genomics and education. Ross keeps the chapters in narrative form to talk about possible changes for governments and societies without distracting the reader with technical details.

Ross addresses how mobile phones and digital apps have accelerated the rates of development in poor nations by skipping entire phases such as hardwired telephone lines. He also repeats the common alarm about the security perils of digitization, and how all data-dependent systems are inherently vulnerable to cyberattack. One of Ross’s most interesting contributions is his insights into urbanization and innovation. Alongside their economic development, vibrant and growing cities are necessary centers of innovation due to their accumulation of financial and intellectual capital. Closed and authoritarian societies have largely forfeited their access to these potential innovation hubs. While countries like Saudi Arabia spend enormous amounts of money in grand projects to establish domestic ‘Silicon Valleys,’ Ross argues that societal features like cultural openness and independence from government censorship are some of the most important and underappreciated factors in technological advancement.

Ross also raises multiple issues which may influence the future Navy and Marine Corps. He highlights how advanced global data algorithms failed to correctly predict the scope of the Ebola outbreak in Africa because the programs could not monitor information in the local languages. This big data vulnerability could easily be at play in any of the Navy’s operational areas, and raises the importance of maintaining human oversight in intelligence and operational analysis. He also covers how smaller countries are making rapid advances in technology and innovation, like in Estonia where children learn to code and use robots in primary school.

Ross continues, “What I have seen in Africa makes me believe that industries of the future will have more broadly distributed centers of innovation and wealth creation than was the case in the past 20 years, when Silicon Valley dominated all comers.” This fact reinforces the observed changes to the Navy and Marine Corp’s future operating environment. Operational theaters of the future will be anything but vast, open expanses with freedom to maneuver and the ability to affect societies and geography how we see fit. Instead, the populations we fight amongst may very well be more advanced technologically than the Marines and Sailors deployed there. This dispersion of knowledge also means the dispersion of power, and the government and militaries which the U.S. has spent decades supporting and building relationships with may prove unreliable partners or outright antagonists in a time of conflict.

The Inevitable: Understanding The 12 Technological Forces That Will Shape Our Future by Kevin Kelly

Instead of focusing on case studies like Ross, Kevin Kelly, a co-founder of Wired, writes about 12 technological trends taking place amongst societies as a whole in The Inevitable: Understanding The 12 Technological Forces That Will Shape Our Future. Instead of pointing to specific outcomes or endpoints, Kelly describes the trends with  verbs and points to how they are changing various facets of our lives. The chapters describe trends like “cognifying” (the addition of smart technology, artificial intelligence, and the cloud to everything), “flowing” (all information becomes non-stop, real-time, and on-demand), and “screening” (every surface is an interactive space of some sort and can change at our will).

The Navy is already driving towards some of the trends which Kelly investigates.”Accessing,” or the trend of placing information and services in the cloud to be accessed anywhere at any time, is familiar to the force as it pursues cloud technologies. “Remixing,” i.e. breaking down existing products into individual pieces to re-assemble for new purposes, is familiar to any Sailor or Marine with Carrier Strike Group (CSG), Expeditionary Strike Group (ESG), or operational experience in which units are task-organized to meet combatant commander needs.

Other trends remain elusive from the naval services. Decentralized collaboration on a mass scale maximizes small group power, what Kelly dubs “Sharing,” is a perennial struggle for the Navy, Marine Corps, and other branches, and usually half-heartedly pursued in some form of enhanced integration or coordination. Such issues are natural in stove-piped bureaucracies, and the best efforts of the services to overcome them have had limited success. “Interacting” and changing how users engage with systems and computers, likely via augmented reality, is an exciting new area which has been pursued on a limited scale, primarily for training purposes.

“Questioning” builds off of the other existing trends to drive institutions and individuals forward. As artificial intelligence, cloud data, and increased networks make answers easily available, developing the right questions will become even more important for organizational development. It is in this trend that the Navy and Marine Corps are most seriously lacking. Some of the traits of a good question include “not concerned with a right answer…cannot be answered immediately…challenges existing answers…” Such questions drive real innovation. These traits are largely unfamiliar in an organization which prides itself on repeatable tasks and exercises with little time or resources for in-depth experimentation.

Some of the examples used in the book have direct pertinence to future military operations. The digitization of and access to information could reform professional military education (PME). Dematerialization, which is the lightening of objects as materials become lighter and more durable, will impact every facet of the military from Marines’ body armor to the airframes of naval aircraft. Blockchain technologies are already being researched for uses other than finance like communication networks and policy agreements. Future developments could play a major role in the next generation of naval information systems. Localized networks of cellphones (Kelly highlights FireChat) which can speak to each other directly can also provide a possible communications solution for operations in denied or degraded communications environments.

Two Takeaways from Two Books

The two most important questions these books raise for the Navy and Marine Corps are hinted at by Ross and highlighted by Kelly: Ross talks at length about decentralization and Kelly provides additional context. Kelly writes, “Community sharing can unleash astonishing power…The community’s collective influence is far out of proportion to the number of contributors. That is the whole point of social institutions: The sum outperforms the parts.” While no observer can argue that a group of individuals can equal the firepower or presence of a formal naval task force, the inability to mass cooperation or share information between commands, units, and fleets sustains situations like Afghanistan where two decades of war are split into 20 different one-year battles.

But is it possible to freelance or crowdsource security? In some context, partnerships and coalitions in places like the Arabian Gulf and Asia-Pacific do just that. On an administrative level, the ability to flexibly leverage the manpower of the reserves seems like a worthwhile goal. Establishing a program where reserves (or ex-military members with the requisite knowledge) can augment units on an ad hoc basis (see apps like Upwork or Taskrabbit) could greatly benefit the operational readiness of staffs by reducing the administrative burden placed upon commands.

Finally, a recurrent theme in both books is the future of world economies. Innovation, new technologies, and data are the lifeblood of future financial strength. In historic eras, navies were created to physically protect a nation’s flagged vessels as they traded around the world. If the future American economy involves a smaller portion of physical trade and relies instead on services and information, the Navy may need to re-think its role in the defense of these networks and institutions. While cyber policies and authorities have been assigned between military commands and civilian services, the Navy may need to continually refine its role if the defense and support of American trade is to remain a primary mission in the next era of warfare.

Christian Heller is a graduate of the U.S. Naval Academy and University of Oxford. He currently serves as an officer in the United States Marine Corps. Follow him on Twitter, @hellerchThe opinions represented are solely those of the author and do not represent the views of the United States Marine Corps, the Department of Defense, or the United States Government.

Featured Image: PACIFIC OCEAN (Dec. 20, 2016) Ensign Margaret Graves scans the horizon in the pilot house of the aircraft carrier USS Theodore Roosevelt (CVN 71). (U.S. Navy photo)

Future Tech

The Navy Wants To Put Its Head In The Cloud

2 Comments

By Christian H. Heller

The Navy is pushing toward an IT future based on cloud computing that promises enormous benefits and can set the foundation for a future force shaped by emerging technologies. The incremental adoption of cloud services by the Department of the Navy (DON), other services, and private industry already holds much promise, but the stakes are high. Getting the cloud migration right can underpin revolutionary developments like artificial intelligence and give the Navy the advantage it needs for the coming decades.

What Is the Cloud

Cloud computing is the linking of computer systems and networks over the internet. Instead of storing all information and computer programs on physical hard drives in a single site, the cloud takes advantage of spare storage and processing capacity across widespread locations. This system allows the using agency – the DON – to only pay for the services it needs without maintaining large-scale IT infrastructure in numerous areas.

Cloud services offer many benefits to organizations which adopt them. The cloud helps to overcome physical information technology (IT) limitations, limitations on manpower, and overlapping and cumbersome small-scale contracting measures. Cloud computing is extremely cost-efficient for large organizations and reduces the organic cost of installing computer hardware and IT infrastructure. The lack of required hardware supports scalable operational requirements around the globe. Cloud services provide fast and responsive transfers of information which increases organizational flexibility. Since it connects all subordinate networks, cloud systems also support computing performance when and where it is needed while guaranteeing reliability from backups. Cloud-based networking can also support regular and timely comprehensive upgrades to security systems to better support the Navy’s cybersecurity needs.

The Navy demands extensive requirements from its cloud adoption. The naval services conduct a vast array of missions in diverse global environments. Naval platforms gather information from dozens of sensors and communications systems at any given second. Command and control networks facilitate effective fleet management and direction. The Navy can disperse its needs between organic cloud networks onboard deployed ships which then forward information to larger shore-based clouds whenever bandwidth and operations allow. For a scale comparison, the Navy collects new data equivalent to the Library of Congress – approximately 200 terabytes – every day. This number is increasing faster every year, and any cloud system must be able to accommodate the variety and velocity of this data collection.

Benefits of the Cloud

A major benefit of cloud computing for the Navy is the ability to combine disjointed information systems spread amongst various units. The integration of these networks in the cloud is necessary for the DON to harness the benefits of big data and machine learning. In effect, the transition to the cloud is the first step of many in the DON’s transition to the future of warfare and technology. This cloud infrastructure must not only be widely implemented, but optimized for data processing and proper use.

Other benefits of cloud computing for the DON are numerous. Cloud computing can allow departments to do more with less by supporting greater speed for administrative and technological processes (such as audits and inventories), all the while occupying fewer personnel. It also facilitates quicker access to and reconciliation of data between distant units which supports expeditionary operations and better coordination. These more efficient information transfers will increase commanders’ situational awareness both locally amongst squadrons or distantly between fleets.

Other militaries have already had success migrating to the cloud. The United Kingdom has implemented a “cloud-first approach” which mandates that all purchases of IT products and services must first be considered through the cloud. Private firms helped the Australian Department of Defence move various systems to the cloud, including its non-material procurement, material procurement, and other acquisition programs. This process involved linking 13 different, non-interacting systems into a transparent and interlinked procurement program accessible by all users.

Amazon Web Service (AWS), one of the largest cloud service providers in the U.S., already supports other government entities such as the intelligence community. The CIA spent $600 million migrating to the cloud in what former Principal Deputy Director of National Intelligence Sue Gordon called, “one of the best decisions we made.” AWS created its own “secret region” to support government needs across the full range of classifications, an offering which the Navy also would require. U.S. Air Force Special Operations Command saved $3.5 million in 2019 by transitioning to the cloud. Additionally, the National Oceanographic and Atmospheric Administration (NOAA) provides an example of how the Navy can benefit from cloud-based weather systems for more accurate research and forecasts.

The government has laid out four critical requirements that cloud services must meet to support operational units. Any cloud system must support all classification levels, must have a global reach, must be synced and interoperable with other government cloud initiatives, and, most importantly, must support the future needs of artificial intelligence and machine learning programs. The current steps by the Navy meet these requirements and promise substantial return on investment.

Current Steps Forward by the Navy

The DON has pursued cloud computing services over the past decade. Its Chief Information Officer (CIO) issued guidance in 2015 on the acquisition of commercial cloud services for the Navy’s various branches and commands. Some units like the Space and Naval Warfare Systems Center (SSC) Atlantic embraced the cloud and have pushed forward under Department of Defense (DoD) instruction to accelerate cloud migration. Its pilot programs involved multiple major cloud service providers like Microsoft and Amazon.

Last year the Navy awarded $100 million for commercial cloud service contracts as a preliminary step towards future cloud adoption. Earlier last summer, the Navy completed its largest cloud migration to date. The DON migrated its Enterprise Resource Program (ERP), its financial system of record, this past August in one of the largest cloud transitions in North American history. The program, which tracks over $70 billion annually and maintains half of the DON’s financial and logistics dealings and involves 72,000 users, took ten months to complete and paved the way for future large-scale naval IT conversions. The Navy also operates one of DoD’s only two cloud computing access points to transfer high-impact unclassified data to and from the commercial cloud, a bottleneck which the Defense Innovation Unit seeks to overcome.

An early cloud transition for logistics programs makes sense as a proven method for quick benefits. The Defense Logistics Agency (DLA) upgraded its educational systems to the cloud as an early test of large-scale cloud-hosting for sensitive information. U.S. Army Logistics Activity (LOGSA), which manages 40 million different data points daily, transitioned to the cloud to implement better analytics tracking cost-saving benefits. Data-driven maintenance is an additional area where the Navy stands to benefit in the near-term from moving to cloud-based management systems. The DON also employed an early cloud transition for its Fleet and Family Readiness Division. The Navy’s GovCloud system only maintained unclassified information but demonstrated the benefits of a cloud enterprise through its maintenance of 95 websites, 10 regional content management systems, and 113 mobile phone applications, delivering more than six terabytes of data every month.

Another major goal for the Navy’s cloud evolution is to establish a digital environment for rapid software development, testing, and implementation. This “Cloud-to-Edge” (CTE) environment could be employed on either individual ships or entire strike groups and allow the navy to adapt more rapidly to changing environments. One key component of the CTE was successfully tested last year with the AEGIS system on the USS Arleigh Burke, USS Ralph Jonson, and USS Thomas Hudner which developed and deployed software updates within 24 hours.

The Bureaucracy Gets a Vote

Bureaucratic decision-making has already played a major role in the Navy’s cloud transition and will likely lead to additional changes in the future. In 2015, the Navy decided to consolidate cloud-leadership within its Program Executive Office for Enterprise Information Systems (PEO-EI). Two years later, it divided that authority between eight functional community commands. The DON intends to pursue its primary cloud enterprise contract for 95 percent of the naval services’ needs. These eight other commands – including Navy Installations Command and Military Sealift Command – will be allowed to establish individual cloud networks for mission-specific needs and will oversee their units’ transitions and readiness for the cloud implementation. The preparation of commands and systems to migrate to the cloud will be vital in facilitating the DON’s goal of a total cloud migration by 2021.

Overlapping strategic guidance will require daft navigation by DON leaders. DOD officials issued strategic guidance in February to provide some cohesion and direction to the various cloud processes currently underway amongst the services. The Director of Naval Intelligence (DNI) issued its own Cloud Computing Strategy which, if naval intelligence units are to utilize the full assets of the intelligence community, the DON will need to adopt (at least on a select basis).

The DOD and the services have knocked heads over cloud implementation throughout this period of change. Despite the DOD’s push for an overarching, large-scale cloud under the JEDI program, individual services and departments will continue operating their multiple clouds already in place. In total, DOD already spends more than half a billion dollars on cloud technology every year, and the department will continue working on new ways to integrate service-specific clouds with DOD enterprise clouds.

Inspector General investigations and reviews by the Secretary of Defense will also likely alter the path forward for the Navy’s cloud adoption in the coming years. In October, DOD announced it awarded the JEDI contract to Microsoft. The contract has a potential period of 10 years and the total payments could range from $1 million to $10 billion. A single-source contract with such potential has sparked significant backlash from other competitors. Oracle is suing the federal government for a third time. Amazon announced a challenge soon after. The impact upon the Navy from such developments is unclear for now, though they will certainly will affect cloud developments over the coming years.

Conclusion

The current transition is only the latest example of the difficulties faced by the DON as it adopts major projects for the next era of warfare. Similar challenges accompany every major change in naval technology. Future administrative battles over artificial intelligence, unmanned vehicles, and advanced weapons like hypersonic missiles will inevitably ensue, but the cloud will be the link which enables their effective application. The Navy cannot afford to get it wrong.

Christian Heller is a graduate of the U.S. Naval Academy and the University of Oxford. He currently works as an officer in the U.S. Marine Corps, and can be followed on Twitter @hellerch.

Featured Image: MEDITERRANEAN SEA (Jan. 30, 2011) Information Systems Technician 2nd Class Jeffrey Bennett, left, and Information Systems Technician 2nd Class Joseph Camino observe the proper configuration of a high-frequency radio aboard the amphibious command ship USS Mount Whitney (LCC/JCC 20). (U.S. Navy photo by Mass Communication Specialist 2nd Class Felicito Rustique Jr./Released)

Cyber War

Black Hat 2019 and DEFCON: Leveraging Private Sector Talent for Cyber Capability

Leave a comment

By Christian Heller

The U.S. defense complex is looking to private industry and civilian research to gain an advantage on the battlefield as advanced technologies push warfare in new directions. In cyber capabilities especially,the U.S. and its naval services lean on civilians, contractors, and independent cybersecurity companies to gain a competitive national edge. Every year these groups descend upon Las Vegas, Nevada for back-to-back information security and hacking conventions dubbed Black Hat USA and DEFCON. The Department of Defense follows in step to search for best practices, advanced insights, experimental tools, and new talent.

The 2019 editions of Black Hat and DEFCON held plenty for national security analysts to ponder. Dino Dai Zovi, the head of mobile security at the credit card processing company Square, spoke of the need for security software with effective user interfaces which keeps pace with advances in technology. Security programs must be built for “observability” to better “understand if the protections are working and also perform anomaly detection.” Such a requirement is not only necessary for the Navy, but finds a strong historical precedent. The Navy has a long history of simplifying advanced technologies into easier, usable forms for better employment by young sailors.

Identity intelligence, one of the most utilized capabilities of U.S. forces during the past two decades of counterinsurgencies, has also been a main effort for Chinese military and government development. Researchers from the Chinese firm Tencent demonstrated the ability to spoof biometric authentication devices with common eyeglasses. They did so not by convincing the systems that the user was a different person, but rather that the user was a photo instead of a living person. Low budget defenses against identity intelligence tools may prove just as frustrating to U.S. forces in future stability operations as space blankets did against early UAVs.

Major tech leaders like Apple and Microsoft announced new measures to search externally for IT security support through the use of rewards. Apple, which normally treats its technology and systems with close-hold protections, will now award upwards of $1 million to hackers who identify critical vulnerabilities in Apple technology. Microsoft is also offering up to $300,000 to hackers who identify exploits in its Azure cloud technology systems. To facilitate this outside support, Microsoft is creating Azure Security Labs where participants can experiment on Azure networks without affecting the existing customer base.

These bounty programs have already benefited organizations like the Marine Corps which may lack the capacity or skillsets to facilitate internal network testing. At last year’s conference, the Marine Corps hosted a hacking program to test the durability of its public websites and the Marine Corps Enterprise Network, or MCEN. One hundred ethical hackers spent nine hours testing the Marine Corps’ systems and found 75 vulnerabilities in return for $80,000 in combined prize money. Though the payment pales compared to private industry awards, these events are an important way for defense agencies to engage with community experts who are willing to support the military while gaining valuable organizational knowledge in the process. The Pentagon has hosted hacking projects since 2016 and recently leveraged three security firms – Bugcrowd, HackerOne, and Synack – via contract to conduct sustained network testing. Additionally, if data scientists and cyber specialists are going to play a pivotal role in the future Navy and Marine Corps, engaging with non-traditional audiences at events like Black Hat and DEFCON help to expose the hacking world to the armed services.

The Air Force is embracing conferences like DEFCON to leverage technical expertise and open up the service to these communities. It hosted two events at this year’s conference. One challenged hackers to gain entry into an airbase, and the other tested data transfer hardware for the F-15 fighter. The Trusted Aircraft Information Download Station, or TADs, is an independent subsystem of the F-15 which helps collect sensor inputs like images. Next year the Air Force wants to bring an entire F-15 aircraft to the convention and host a hacking event involving a live satellite.

This year’s events also pointed toward the changing battlespace in which U.S. forces will operate. Harvard lecturer and fellow Bruce Schneier discussed “hacking for good,” a movement which is becoming more prevalent throughout the world. Just as military forces found themselves operating around civilians and non-governmental organizations (NGOs) in Iraq and Afghanistan, the future cyber battlespace may be filled with hacktivists trying to do good or “grey hat” operators taking advantage of disorder to pursue alternative motives.

Hacktivist campaigns have occurred in almost every recent global crisis including Sudan, Venezuela, Pakistan, and Libya. Hacktivist campaigns usually involve unsophisticated denial of service attacks to take down websites and servers which achieve mixed results. However, as cyberspace conflict between great powers becomes routine, such groups are sure to increase operations and become regular actors in the same competitive spaces in which government agencies and militaries interact.

Another feature of the changing cyber battlefield is internal competition between state actors. Kimberly Zenz, a senior official with the German cybersecurity organization DSCO, explained at Black Hat that Russia’s intelligence agencies and hacking organizations should be viewed as individual groups competing for influence with one another. This competition can lead to chaos and risk-taking in cyberspace as groups minimize coordination amongst one another and compete to showcase their abilities to senior officials. The results could be similar to the $10 billion dollars in damages caused by the NotPetya malware.

An information graphic depicting the dangers of cyber attacks. (U.S. Navy graphic/Click to Expand)

For the Navy, Marine Corps, and Department of Defense, the consequences of these foreign internal rivalries could be sporadic and disproportionate cyber attacks. Leaders may struggle not only to determine which actor initiated the attack, but what the target, intentions, and overall scale truly are. From the defender’s point of view, probes and attacks which could seem like a coordinated and widespread operation may instead be many. They may also be part of a concerted “persistent engagement” strategy with long-term but subtle objectives. In this case, a defender’s response could be disproportionate to what the attacker intended. These factors make deterrence in cyberspace an elusive goal for policymakers.

One final takeaway from the 2019 conventions is the intention and ability of nefarious actors to target defense users and systems outside of official government channels. Agencies may spend millions to harden networks, but users, such as service members at home, may be the greatest vulnerability in the system. They are often the softest target for foreign powers and criminal groups to exploit with simple techniques. One presenter demonstrated a fully-functioning, charging-capable Apple USB which contains a Wi-Fi implant and allows nearby hackers to access the connected computer. Another speaker showed how she used information from common online subscription services such as Netflix and Spotify to access bank accounts and personal financial data. Using common talking points, customer service helplines, and classic identity theft techniques, she was able to get access to private account information at major financial institutions without any advanced technology. A separate group, Check Point Research, demonstrated the ability to hack digital cameras to spread malware through home networks and hold personal information for ransom.

The military’s efforts to increase information technology security in the workplace may need to extend to personal services and education for service members to prevent workforce distractions, blackmail, or the further spread of malware throughout units and networks. Currently, the individual Soldier, Sailor, Airman, or Marine is the easiest objective for hostile cyber actors to target, whether for criminal, intelligence, or military purposes. The main lessons from Blackhat and DEFCON may be that nowhere is safe, and the services should explore a wider range of protection services for the users they rely on to carry out missions.

Christian Heller is a graduate of the U.S. Naval Academy and University of Oxford. He currently serves as an officer in the United States Marine Corps. Follow him on Twitter, @hellerchThe opinions represented are solely those of the author and do not represent the views of the United States Marine Corps, the Department of Defense, or the United States Government.

Featured Image: DefCon attendees gather in Las Vegas to learn about new technology vulnerabilities and cyberattacks. (AP Photo/Jae C. Hong)