SoS – 01/27/2016Distribution Statement A: Approved for public release; distribution is unlimited

Cleared 16-S-0887

Distribution Statement A: Approved for public release; distribution is unlimited

DoD Innovation and Reducing Cyber Risk

ITEA 2016 System of Systems Engineering Workshop

Dr. C. David Brown, PE, CTEP

Deputy Assistant Secretary of Defense (DT&E)

Director, Defense Test Resource Management Center

Wyndham Hotel, El Paso, TX

January 27, 2015

SoS – 01/27/2016Distribution Statement A: Approved for public release; distribution is unlimited

Cleared 16-S-0887

DoD Tech Superiority

• US and Allies have been able to count on a technology

superiority advantage for more than 40 years

– Advantage built on technologies developed by and for the US military

o Precision weapons, long-range intelligence, surveillance and reconnaissance

(ISR), stealth)

• What has changed:

– Increasingly global access to resources, technology and talent

– Competitors investing in capabilities directly designed to counter US

technical advantage: tactics, techniques, technologies, procedures

– Responding to such an environment requires agility and a commitment to

invest to keep pace with technical opportunity

– Drives a focus on cost and cycle time

2

SoS – 01/27/2016Distribution Statement A: Approved for public release; distribution is unlimited

Cleared 16-S-0887

DoD Innovation

• In response to this long-term challenge, DoD seeks

competitive advantage through innovation…

– Leveraging all sources of innovation opportunity:

− Academia, Commercial, Defense Industry, Organic (DoD Labs), Global

Sourcing (Allies and Partners)

– Time to market matters – Accelerate the Technology

Adoption Cycle

− Out-innovate competitors with access to the same

commercial technology base

– Speed transition from Laboratory to Fleet

− Prototyping, Demonstrations, Operational Experiments

– Innovation enables Strategy

3

SoS – 01/27/2016Distribution Statement A: Approved for public release; distribution is unlimited

Cleared 16-S-0887

Previous Offset Strategies

• “First Offset Strategy”

– Emphasis on nuclear deterrence to avoid the large increase in defense expenditures necessary to

conventionally deter Warsaw Pact forces during the 1950s.

• “Second Offset Strategy”

– Following the Vietnam War, U.S. tolerance for defense expenditures plummeted while Warsaw Pact

forces outnumbered NATO forces by three to one in Europe.

– DoD sought technology to “offset” the numerical advantages held by U.S. adversaries.

− Emphasized: Intelligence, Surveillance, and Reconnaissance (ISR) platforms; Precision-Guided Weapons;

Stealth; and the expansion of space’s role in military communications and navigation.

− Guided by a long-range research and development plan that enabled U.S. and allied forces to hold

adversary forces at risk long before they could bring superior numbers to bear.

– Shaped, in many ways, the U.S. military of today. Key resulting systems include:

− Airborne Warning and Control System (AWACS) found on the E-2s and E-3s

− F-117 stealth fighter and its successors

− Modern precision-guided munitions

− Global Positioning System (GPS)

− Significant enhancements in reconnaissance, communications, and battle management

These Offset Strategies’ technologies continue to enable U.S. global precision strike today

4

SoS – 01/27/2016Distribution Statement A: Approved for public release; distribution is unlimited

Cleared 16-S-0887

Five Key Building Blocks for a Third Offset Strategy

• Autonomous Learning Systems

– Delegating decisions to machines in applications that require faster-than-human reaction

times

− Cyber Defense, Electronic Warfare, Missile Defense

• Human-Machine Collaborative Decision Making

– Exploiting the advantages of both humans and machines for better and faster human

decisions

− “Human strategic guidance combined with the tactical acuity of a computer”

• Assisted Human Operations

– Helping humans perform better in combat

• Advanced Manned-Unmanned System Operations

– Employing innovative cooperative operations between manned and unmanned platforms

− “Smart swarm” operations and tactics

• Network-enable, autonomous weapons hardened to operate in a future

Cyber/EW Environment

– Allowing for cooperative weapon concepts in communications-denied environments

5

SoS – 01/27/2016Distribution Statement A: Approved for public release; distribution is unlimited

Cleared 16-S-0887

Defense Innovation Unit Experimental (DIUx)

• Three Year Pilot Project designed to:

• Build new relationships with High-

Tech, Non-Traditional firms.

• Scout for breakthrough and

emerging technologies.

• Impedance match the needs of the DoD with

the fast-moving commercial innovation

community

• Highly qualified Civilian and Reserve Military

experts with first-hand experience in high-

tech start-ups.

• Initial operating location: Silicon Valley

www.diux.mil

“…creating tunnels of ideas into the Department that haven’t existed

before...”- Bob Work, Deputy Secretary of Defense, DSD Editorial Board, 15 September, 2015

6

SoS – 01/27/2016Distribution Statement A: Approved for public release; distribution is unlimited

Cleared 16-S-0887

Innovation OpportunitiesPrototyping and Experimentation

• Autonomy & Robotics

• Biomedical & Biometrics

• Electronic Warfare & Cyber

• Computing& Micro-electronics

• Hypersonics

• Directed Energy

• Manufacturing

• …?

7

SoS – 01/27/2016Distribution Statement A: Approved for public release; distribution is unlimited

Cleared 16-S-0887

Focus on AutonomyTRMC Autonomy T&E Study

Key Requirements

1 Evaluate human trust in combination with

mission performance

2 Evaluate perception, reasoning & decision

making in LVC test environment

3 Intelligent scenario generation to evaluate

emergent behavior & autonomy’s intent

4 Quantify system learning ability and experience

level

5 VV&A autonomy’s understanding of human

intent in human-machine-relationship

6 Evaluate autonomy’s response to adaptive and

intelligent threats

7 Evaluate swarm distributed perception, shared

knowledge & collaborative decisions

Phase 1: Study Methodology Significant Findings

3

Phases

1. Study Autonomy T&E Infrastructure Requirements (Complete)

2. Identify T&E Infrastructure Solutions and Gaps

3. Develop Time-Phased Investment Strategy

SoS – 01/27/2016Distribution Statement A: Approved for public release; distribution is unlimited

Cleared 16-S-0887

• Strategic Use of Prototyping

– Hedge against technical uncertainty, emerging capabilities, or unanticipated threats

– Enhance interoperability; reduce lifecycle cost; explore the realm of the possible

– Forge an effective operating construct to select the most appropriate

opportunities/options

• New approaches

– Evaluate new concepts, guide new technology development

– Sustain unique elements of the defense industrial base

– Stimulate design teams to advance the state of the practice

– Improve development methods and manufacturing

– Promote open standards, and competition throughout the product lifecycle

– Demonstrate new capability, determine maturity using sound DT&E practices (e.g.

DEF)

• T&E as opposed to experimentation

– Co-developed and tested Tactics, Techniques and Procedures; potential operational

concepts

– Assured safe for the warfighter

– Well characterized capabilities & limitations

Focus on Prototyping & Rapid FieldingNDAA ’16, Section 804

SoS – 01/27/2016Distribution Statement A: Approved for public release; distribution is unlimited

Cleared 16-S-0887

Better Buying Power (BBP)Continuous Improvement Process

• BBP 3.0: Continues and builds upon prior elements –and takes the focus to our Products

– Innovation and Technical Excellence

www.bbp.dau.mil

• BBP 3.0 Highlights:

• Strengthen Cybersecurity throughout the Product Lifecycle

• Improve Speed to Market

• Remove barriers to Commercial Technology Utilization

• Increase the use of Prototyping and Experimentation

• Use Modular Open Systems Architectures to Stimulate Innovation

Focus of BBP 1.0: Best Practices and Business Rules; BBP 2.0: Critical Thinking,

making better business decisions

• Improve DoD outreach to technology and products from Global Markets

• Anticipate and plan for responsive and emerging threats by building stronger partnerships

10

SoS – 01/27/2016Distribution Statement A: Approved for public release; distribution is unlimited

Cleared 16-S-0887

No Innocent By-Standers in the Cyber World

• Assertions:

– The most advanced technologies in DoD go thru the T&E infrastructure

(S&T, Development, System’s Acquisition and System Sustainment)

– Defense T&E facilities remain prime intel targets (Exfiltration of Information)

– Cyber attacks on T&E capabilities could alter results (Disruption, False

Negatives)

• Security

– Physical and electronic emission concerns remain

– Cyber security – new stuff (Have we thought about it?)

• How cyber secure are the test capabilities in the DoD and

its contractors facilities?

Poor Cyber Security at Test Locations can Negate the Best

DoD Weapon Technologies

11

SoS – 01/27/2016Distribution Statement A: Approved for public release; distribution is unlimited

Cleared 16-S-0887

How Cyber Secure Are Your Test Capabilities?(Assess, Fix, Test)

• Conduct a Top to Bottom Risk Management Assessment

– Necessary, but not Sufficient (DoDI 8500.01)

– Address both data exfiltration and disruption to operations (delay thru destroy)

− Examples: Data Storage, Range Control and Safety, Industrial Control Systems, etc

• Need a OPFOR perspective

– “Table Top” with Blue Team engagement

– If needed, conduct an assessment with “Red Team” targeting your test capabilities

• Unacceptable risk areas to be budgeted for, fixed and verified

• TRMC looking for 3 partners to develop and refine the process

– Open Air Range

– Hardware in the Loop (HWIL)

– Contractor System’s Integration Lab (SIL)

12

SoS – 01/27/2016Distribution Statement A: Approved for public release; distribution is unlimited

Cleared 16-S-0887

Assess, Fix, Test…Example

Army wants to do the cyber security analysis of an

open air range like White Sands…

• Army does an RMA per 8500 across the facilities

at WSMR

• TRMC works with them to do a "Table Top"

• if needed, do a "Red Team" engagement while

they are doing a test rehearsal (similar to what

DOT&E does at the COCOMs during exercises)

• TRMC would support WSMR request within the

Army for budget to fix needed cyber

vulnerabilities at WSMR

13

SoS – 01/27/2016Distribution Statement A: Approved for public release; distribution is unlimited

Cleared 16-S-0887

Improve the Testing…Improve the Process…Improve the Product

ARMY NAVY

AIR FORCEDEFENSE

AGENCY

14

SoS – 01/27/2016Distribution Statement A: Approved for public release; distribution is unlimited

Cleared 16-S-0887

Back Ups

15

SoS – 01/27/2016Distribution Statement A: Approved for public release; distribution is unlimited

Cleared 16-S-0887

DoD R&E Enterprise(UARCs, Service Labs, DoD Labs, MURIs, FFRDCs, MRTFB)

66

27

4

1

4

9

19

8

14

7

1

9

13

181

0

3

911

5

8

2

9

2

19

1

3

5

1

UARCs (13)

Service Labs (3)

DoD Labs (75)

MURIs (319)

FFRDCs (10)

MRTFBs (24)University Affiliated Research Centers (UARCs)

Service Labs (Army, Navy Air Force Research Labs)

DoD Laboratories

Multi-Disciplinary University Research Initiatives (MURIs)

Federally Funded Research and Development Centers (FFRDCs)

Major Range and Test Facility Bases (MRTFBs)

16