The coronavirus pandemic as a threat to international stability...
Pyongyang has consistently denied that it has a COVID-19 problem, but outsiders, including according to Bloomberg the senior US commander in Korea, General Robert Abrams, don't believe it. Not only is it unlikely that North Korea has escaped when its two neighbors, South Korea and China, have been heavily affected, but there are also indications that the DPRK's military is dealing with an epidemic. The Military Times reports that US and South Korean leaders and military commands are preparing for the eventuality that a serious COVID-19 outbreak in the DPRK could push the regime into dangerous instability.
...and a threat to companies' survival.
The pandemic has also had a strongly negative impact on the global economy, and defense and aerospace are not among the sectors that have shown themselves to be relatively resilient in the face of the coronavirus outbreak. (Cloud services, business software vendors, telework providers, and cybersecurity companies seem in general to have been less severely affected than others.) The US Department of Defense has begun regular conversations with the larger companies in the Defense Industrial Base with a view to assessing the disease's impact on their ability to continue to do business, Air Force Magazine wrote on March 17th.
The Acting Director for Defense Pricing and Contracting has asked contractors to take "unprecedented" steps toward making remote work possible for their employees. Defense Systems reports that Acting Director Kim Herrington asked that contractors offer "the same maximum telework flexibilities extended to DOD service members and civilians also be made available to contractors when contract services can be delivered, without mission degradation, while off-site." Acting Assistant Secretary of Defense Virginia Penrod this week issued comprehensive guidance for military personnel working during the COVID-19 emergency. Her memorandum was accompanied by a fact sheet addressing frequently asked questions about telework and other matters. Space.com has a rundown of how the pandemic has been affecting the space industry.
Big integrators, like Boeing, have temporarily shuttered most commercial work. As the Washington Post reports the Department of Defense has tried to keep its contractors working (Air Force and Space Force procurement offices have played a prominent role in that effort, according to Space News) but as the Hill says, the sector continues to experience a great deal of stress.
Congress did pass, and the President signed, a two-trillion-dollar pandemic stimulus package, the largest in US history. In addition to direct economic stimulation, the bill includes significant direction and resources for both remote work and security. The Wall Street Journal sees troubled Boeing as the biggest winner whether it receives all the cash it hopes for or not. On March 19th, before the package passed, Boeing had petitioned the Government for a $60 billion assistance package, a request that prompted the resignation of Boeing board member Nikki Hayley, opposed on "philosophical grounds," the Hill reports, to such bailouts. Boeing has been in distress since safety problems with its 737 MAX commercial aircraft began to surface over the past year, sharply cutting into orders. Airlines themselves have been hit very hard by travel restrictions, and some analysts see Boeing's survival as contingent on substantial Government help.
The outbreak has driven some companies under. Bigelow Aerospace, a small firm but a prominent one, active in the development of space habitats, on March 23rd laid off all of its employees and ceased operations. Space News notes that the company had been under some financial stress, and the effects of the pandemic on its ability to operate were more than it could withstand.
The Defense Department, aware of the importance of small businesses to the Defense Industrial Base, is taking steps to keep them up and running, Federal News Network reports. Such companies are particularly sensitive to cash flow, and the Pentagon is restructuring its procurement system to help sustain cash flow to small businesses.
Looking for your next career step in signals and space? Let’s talk.
At Cosmic AES, we leverage existing and emerging technologies, rapid prototyping, and disciplined engineering practices to develop innovative solutions to the most difficult national security concerns. We’re always looking for talented engineers, software developers, and system analysts who thrive in a fast-paced, creative environment. See the opportunities available at Cosmic AES.
Counterspace capabilites loom.
The Secure World Foundation has released its annual open-source assessment of Global Counterspace Capabilities. The highlights of the 2020 report cover activities of seven nations:
China, which has tested in-orbit rendezvous and proximity operations, is reported to have jammed GPS signals in the vicinity of Shanghai, and has continued work on ground-based directed energy weapons.
Russia, which has also conducted rendezvous and proximity operations (in both low-earth and geosynchronous orbit—at least one of the operations involved shadowing a US NRO reconnaissance spacecraft), seems to be running two counterspace programs (Burevestnik and Nivelir, respectively believed to be a co-orbital anti-satellite program and a surveillance and tracking program), shows signs of undertaking development of Ekipazh, a "nuclear-powered space-based electronic warfare capability," and which continues widespread jamming of precision navigation and timing signals in Syria, occupied Crimea, and Russia itself.
France, whose new space defense strategy touches plans for ground-based laser weapons and "guardian satellites."
India, which has continued to assess the results of the anti-satellite system tested in March of last year, and which has established a Defence Space Agency and Defence Space Research Organization.
Iran, which attempted unsuccessful satellite launches in August and February, and has jammed precision navigation and timing signals in the vicinity of the Straits of Hormuz.
Japan, which has begun to explore development of counterspace capabilities.
The United States, which has released of cubesats, explored rendezvous and proximity operations, tested GPS jamming in naval exercises, and moved forward with the creation of Space Force.
Some of these developments are arguably benign, in some cases involving dual-use capabilities (like the rendezvous and proximity operations). Both kinetic and non-kinetic technologies are under development or at least consideration, but the report stresses that "only non-kinetic capabilities are actively being used in current military operations."
The ransomware threat to the Defense industry's supply chain: CPI and Kimchuk (and an update on Visser).
Last month we read about the ransomware attack on Visser Precision, the Colorado-based manufacturer that supplies leading aerospace firms, including Boeing, Lockheed Martin and SpaceX. (Infosecurity Magazine has a quick overview of that incident, and Information Security Buzz offers a selection of industry comment.)
It came to light early in March that another company, California-based Communications & Power Industry (CPI) also sustained a ransomware attack in January. TechCrunch reported that, although the company had paid a reputed $500 thousand ransom to restore access to its data, recovery had been slow. “We are working with a third-party forensic investigation firm to investigate the incident. The investigation is ongoing, We have worked with counsel to notify law enforcement and governmental authorities, as well as customers, in a timely manner,” a CPI representative told TechCrunch.
CPI makes components for radars, sensors, and electronic warfare systems. Some of the data affected by the attack pertained to Lockheed Martin's shipboard Aegis system. The ransomware infection is believed to have begun with phishing—a CPI employee clicked a malicious link and the ransomware spread into the company's network. A number of CPI's systems, reportedly some one hundred fifty, are said to be still running Windows XP, which as My Tech Decisions points out is now several years beyond its end-of-life. Which systems were infected remains unclear, and CPI has been tight-lipped about the incident, but older operating systems have a tendency to enjoy a kind of afterlife in control system applications.
Moody's analysts believe the incident will affect CPI's revenue during the present quarter, dropping it by 5-10%, but the investor service thinks that, overall, the consequences of the attack are "manageable," and it hasn't changed its rating of the manufacturer.
A third supplier to the defense and aerospace industry has also suffered a ransomware incident. Electronics manufacturer Kimchuk, based in Connecticut, was hit with DoppelPaymer ransomware, the same strain that affected Visser, early in March. Kimchuk refused to pay the ransom, and TechCrunch says that the attackers began releasing stolen files as they'd threatened to do. As SC Magazine noted, the attacks throw the threat to the defense and aerospace supply chain into sharp relief.
Ransomware had through the end of last year been seem most commonly in attacks on poorly secured organizations that were highly dependent upon data availability: municipal governments, schools, healthcare facilities, and so on. A secure offline backup was the easiest and most effective defense against those attacks—if an organization were hit, it could restore from backup, stop the security hole the attackers used to get in (usually a human-provided hole, as most attacks were socially engineered) and return to business, inconvenienced but not seriously damaged. This has changed. First, ransomware gangs are increasingly going after industrial targets. And second, they now routinely steal files before encrypting them. This gives them added leverage over their victims: pay up, or we'll release sensitive company information where it will do you the most damage. That seems to have been the case with these recent attacks on the defense supply chain.
Cybersecurity certification program for Defense contractors remains on track and on schedule.
The Department of Defense firmly quashed rumors that COVID-19 would delay implementation of its Cybersecurity Maturity Model Certification (CMMC), Nextgov reports. The Department has executed its memorandum of understanding with the independent not-for-profit group that will serve as the accreditation body, and businesses should expect the program to proceed as planned. The accreditation will apply to new contracts, and it won’t be retroactively imposed on existing agreements. The CMMC is similar to standards contractors have used for self-assessment. The use of an independent accreditation organization, however, is new: there will be an end to reliance on self-attestation.
Contractors have expressed reservations about CMMC. Six industry groups (the Alliance for Digital Innovation, BSA: The Software Alliance, the Cybersecurity Coalition, the Information Technology Industry Council (ITI), the Internet Association, and the Computing Technology Industry Association (CompTIA)) signed a letter to the Under Secretary of Defense for Acquisition and Sustainment in which they argued that "current plans for implementing CMMC lack sufficient clarity and predictability in key areas, and as a result may unnecessarily generate confusion, delay and associated costs." The signatories' concerns fall into four categories:
"Enhance Clarity about CMMC’s Scope, Applicability, and Implementation Timeline." They're skeptical that a new third-part auditing process will be available for enterprise-scale audits in 2020. They think the flow-down requirements remain unclear, as is the scope of the certification requirements, and they believe that without clarification it will be difficult to achieve consistency across the program.
"Certification and Recertification." The signatories would like to know "whether contractors covered by this year’s RFIs and RFPs will need to recertify in three years," and they would like clarification on how companies not presently part of the Defense Industrial Base are to participate. They also ask for technical details about certification in complex environments.
"Streamlining Federal Cybersecurity Requirements." Industry would like CMMC to "align the CMMC with the DoD Cloud Computing Security Requirements Guide (SRG), DFARS 252.204-7012 and FEDRAMP."
"Ensure No New Risks are Created." The signatories are concerned that vulnerabilities identified during audits are communicated in ways that don't increase the risk to companies. And they question the extent to which the CMMC appears designed for traditional models that progress and innovation may render obsolete.
In any case, there are many reasons for believing that the Pentagon is serious about enforcing the cybersecurity of its systems. This past month the US Army, for example, cancelled plans to spend $600 million on more Israeli Iron Dome rocket-defense missile batteries because of the contractor's refusal to turn over its source code for inspection. The Army regarded this as posing an unacceptable cybersecurity risk, and the $373 million it had spent on two Iron Dome batteries were not sufficient to persuade it otherwise, Infosecurity Magazine reports.
Space Force continues to grow up.
Space Force continues to shape itself even as the nation grapples with the pandemic, the Military Times reports, despite delays in some of the ceremonial aspects of establishing itself. It's moving toward defining its intelligence needs, which C4ISRNET suggests will be substantial, and is also working on developing doctrine, according to Breaking Defense.
The youngest US military Service launched its first national security mission during March. Space.com writes that on March 26th Space Force put the sixth Advanced Extremely High Frequency (AEHF-6) satellite, the final spacecraft in the AEHF constellation, into orbit. AEHF provides jam-resistant communications between the US National Command Authority and deployed military forces.
Space Force is gearing up its procurement arm as well. Federal News Network has an overview of the Service's plans as they stand so far. Its 2021 budget will contain substantial outlays for commercial communications satellite services (heavier on research and development than on COTS purchases, according to Breaking Defense).
Looking for an indication of a Service's place in the pecking order of agency equities? Look at the attitude of the reserve components. Stars and Stripes and others report that the National Guard definitely wants a place in Space Force for what it calls the Guard's "space warriors."
Today's edition of the CyberWire reports events affecting Australia, China, France, India, Iran, Japan, the Democratic Peoples Republic of Korea, the Republic of Korea, New Zealand, Russia, Ukraine, the United Kingdom, and the United States.
Experts Insight On Visser Data Breach (Supplier To Lockheed, Tesla, Boeing And SpaceX)(Information Security Buzz) It has been reported that an American manufacturer which works with SpaceX and Tesla is being extorted by cyber criminals who are leaking documents relating to these companies. The cyber crime group known as DoppelPaymer has already leaked non-disclosure agreements signed between Visser Precision and the Elon Musk-led companies SpaceX and Tesla. More documents stolen from Visser’s …
KBR Fortifies Cybersecurity of U.S. Air Force Weapons Systems(Yahoo) KBR (NYSE: KBR) announced today that it has been awarded a $26.8 million task order to provide additional cybersecurity engineering support to the U.S. Air Force Life Cycle Management Center (AFLCMC) Engineering Directorate Cyber Systems Engineering Division.
Bill Ackman Sees Boeing’s Survival Hinging on U.S. Government Bailout(Yahoo) Boeing Co.’s staggering decline is spurring doubts about how the planemaker -- long a symbol of U.S. industrial might -- will survive the coronavirus pandemic.Wall Street is already bracing for a dividend cut as Boeing seeks to preserve cash. And the company isn’t likely to make it at
Boeing to Emerge as Big Stimulus Winner(Wall Street Journal) Boeing is set to emerge as a big winner of the coronavirus stimulus package, even if the aerospace giant declines to seek direct taxpayer help
Should Boeing be bailed out?(Asia Times) Troubled aviation giant Boeing is asking the US government to step in with US$60 billion in “government aid,” including loan guarantees. What should the Trump administration do? In France, because …
How to Make a Boeing Bailout More Palatable(Yahoo) Boeing Co. is the least deserving of the corporate needy in the coronavirus crisis, but the nature of its position means it must get a special cut of a $2 trillion aid package working its way through Congress.
Raytheon-UTC merger wins approval, pending divestitures(Defense News) The merger between two defense giants got the green light from the U.S. Department of Justice, under the condition that divestitures already in the works move forward and another piece of business is shed.
Northrop Grumman Prices $2.25 Billion Debt Offering(Northrop Grumman Newsroom) Northrop Grumman Corporation (NYSE: NOC) announced today that it has priced a $2.25 billion underwritten public offering of senior unsecured notes. The notes include: $750 million of 4.400% senior notes due...
Elon Musk dismisses astronomers’ concerns over Starlink(C4ISRNET) The SpaceX founder predicted his massive satellite constellation would have zero impact on astronomical discoveries even though the company is experimenting with ways to reduce any reflection from the satellites.
Last of the AEHF satellites launches from Florida(C4ISRNET) An Atlas 5 rocket successfully lifted off from Cape Canaveral Air Force Station in Florida March 26 carrying a satellite that is expected to provide secure, jam-resistant communications for the military for the next 15 years.
Army Doubts Iron Dome Can Kill Cruise Missiles(Breaking Defense) Israeli manufacturer Rafael says its anti-rocket system can now shoot down cruise missiles. Army Secretary Ryan McCarthy and acquisition chief Bruce Jette are saying, show us the data.
Don't lift Iran sanctions, not even for the coronavirus(Washington Examiner) Like clockwork, two dozen left-wing activist groups demanded last week the United States lift sanctions on Iran to help the Islamic Republic fight the coronavirus. “With hospitals overrun and Iranian doctors struggling to procure necessary equipment, the U.S. must be part of the solution rather…
Spending on R&D doubles in bid to drive innovation(The Telegraph) Spending on UK research and development is set to nearly double to £22bn per year within five years, after the Chancellor used the Budget speech to unveil a raft of measures designed to turbocharge the nation’s cutting edge science and technology.
Air Force leaders don’t want to give up spectrum for 5G(C4ISRNET) Top U.S. Air Force officials doubled down Tuesday on the message the Pentagon will not vacate airwaves that telecom firms want in their race with China to build the next-generation mobile networks, known as 5G.
Cabaniss resigns as OPM director(Federal News Network) Dale Cabaniss, who briefly led the Office of Personnel Management for six months, has resigned Tuesday afternoon, Federal News Network has learned.
GDIT protests Navy’s $7.7 billion NGEN-R contract(Federal News Network) General Dynamics Information Technology, one of the two losing bidders for the largest portion of the NGEN contract, has filed a protest with the Government Accountability Office.