*** One of the key hang-ups in acquisition is intellectual property, and the Army is hoping to change that with new approaches, especially when it comes to software.
The Army will often have weapons systems for decades -- frequently much longer than anticipated -- and will need access to technical data for maintenance and upgrades, Alexis Lasselle Ross, the deputy assistant secretary of the Army for strategy and acquisition reform, said during a Center for Strategic and International Studies event June 18. The trick is determining how much data is needed and who to share it with, while staying away from private companies' proprietary information.
The Army's new IP policy aims to increase communication with private industry, develop tailored strategies for each program and negotiate data, licensing and costs early on in the acquisition process.
Previously, the Army would try to get as much data as possible, which locked the service into long-term arrangements with a company and discouraged others from doing business with DOD, she said.
"We have to think through what the unique characteristics of the systems and components are," Ross said, and "when we do need access to data, [define] what level of specificity."
For software, the Army is shifting toward modularity, specifically the modular open systems approach. "We're going to start seeing more and more weapons systems designed with a MOSA in mind," she said.
"The key is interfaces and making sure we're using standards, and [being able to] plug and play that component out with a new black box. We don't need to see everything in that black box but need to be able to take it in and out and make sure it's compatible."
*** Hackers were able to penetrate NASA's Jet Propulsion Laboratory in 2018 by targeting an unauthorized Raspberry Pi computer attached to the network that officials didn't even know was there, according to a newly released audit of the breach. Hackers used the device to gain broader access to the lab's network and made off with 500MB of data. Among other recommendations, auditors said NASA needs to improve the way it catalogues and tracks devices connected to its network.
The incident is a "great case study to push for Network Access Control," noted Sergio Caltagirone, vice president of threat intelligence for Dragos, on Twitter. "An unknown device should not be able to route to anywhere else on the network."
*** The Department of Health and Human Services recently completed a blockchain proof of concept using the distributed-ledger technology to secure and verify log files required under the Department of Homeland Security's Continuous Diagnostics and Mitigation program. Get more on this story from GCN.
Posted on Jun 21, 2019 at 2:37 AM