technology topics most relevant to Technology Vectors ... · Open Source: Apache Hadoop and NiFi Single View of Data Predictive Maintenance Fraud Detection Cyber Security Description:

Technology VectorsInsights and expertise in emergingtechnology topics most relevant to

Federal technology leaders

Version 2.0An offering by the AFCEA International Technology Committee

Vectors Concept and BackgroundConcept of the Vectors InitiativeLeverage the expertise and relationships of Technology Committee members to provide value to Federal IT leaders, AFCEA conference organizers, and member firms, by:● Identifying the most relevant emerging technology topics● Capturing key concepts for each topic in a concise knowledge base● Identifying points of contacts (committee or external) for each topic

Mechanisms● Maintain a list of technology vectors, related sub-topics, and subject matter

experts in a private master sheet● Maintain a public version of distribution-ready material for use to present the

vectors information

Current Technology Vectors● Cloud Computing● Smart/Advanced Manufacturing● Big Data Analytics● Advanced Cyber Security● Quantum Computing● Mobility/Wireless

NOTE: This is a “living” document that will be updated annually at a minimum by the Technology Committee. The main Vectors as well as the material presented within each may be updated at any time.

Cloud Computing

Sub-Elements:● Deployment & Service models● Decision considerations for adopting cloud● Best practices for deploying to cloud● Security/FedRAMP● Emerging cloud capabilities

Implications (Drivers):● Cost Savings & flexibility● Federal directives● Cloud features● Divestiture of non-core activities

Description (Vector/Trend):The growing availability of usage-priced, shared computing and services

Open Questions:● Is there a common understanding of cloud?● Will IaaS become an oligarchy?● Is there a role for small business?● Is Private Cloud viable?● Will Fed-unique concerns affect adoption?● Will future Internet be walled gardens?

AFCEA Technology Committee Lead(s) – Al Mink

Cloud ComputingDecision Considerations for Adopting Cloud

Insights:• Former Federal CIO published a set of decision factors• Most actual decisions have involved:

• Trade-off between benefits and cost• Assessment of security & other Fed-unique constraints

• Actual Cloud migration decisions indicate cost savings is oftennot the most significant factor

• Low-hanging fruit has been:• IaaS – For agency-unique applications• PaaS – For development and testing• SaaS – for common back-office applications (e.g. email)

Elaboration (Why this matters):Analysis of Federal experience with Cloud adoption provides insights into the factors a Federal leader should consider about making a move to Cloud

AFCEA Technology Committee Lead(s) – Al Mink

Additive Manufacturing

Relevant Subtopics:● Standards and Testing● Certification re Airworthiness● Robustness and Integrity● 3D Printers and In-line QC/PC● Cyber Threat to Supply Chain

Drivers:● Just-In-Time Production● Manages obsolescence● Potential for Unique & Novel Parts● Value Based Economics

Description:Any manufacturing process capable of making 3D objects from a digital model, or creating controlled 3D features into an existing object, typically layer by layer, or point by point.

Open Questions:● GE Leap Engine: where next for DOD?● Business Model – suitable for low rate

production and complex parts in the main?● Hybrid parts – Mixed metals and Ceramics?● Opportunities for Embedded Sensors results in

active parts?

AFCEA Technology Committee Lead(s) – Vicki A. Barbur

Additive ManufacturingSystem Resilience

Insights:•Cyber Reports•Threat Reports and Assessments•Foreign Collection Methodologies•Suspicious Contact Reports•Insider Threat Assessments•NISPOM related reporting(National Industrial Security Program Operating Manual)

Elaboration (Why this matters):Threats and Counterintelligence information can be used to determine what means are most effective to protect the system from intrusionPrerequisite throughout the lifecycle of a process and adapts with time


Additive ManufacturingLegacy Processes

Insights:● Air Gaps currently provide a means to isolate Enterprise

from Operational floor will be eliminated in time,● Remote and other external connectivity necessary to

support utilization and throughput opens up threats to internal process,

● Attack vectors are documented in NDIA’s CFAM efforts● Breach Closure approaches are being researched for

deployment to prevent attacks

Elaboration (Why this matters):Smart Digital Manufacturing needs to be integrated across the enterprise and the operational base – so product, production line, and business are linked to maximize the flow and the reuse of data throughout the entire enterprise.


Additive ManufacturingDigital Thread

Insights:● Prevent compromise and loss of critical information

○ Anti-tamper and Exportability features● Deploy key protection measures

○ Software/Hardware/Trusted Systems● Prevent Adversary Collection

○ Classification/Export Controls/Information Security

Elaboration (Why this matters):Capabilities that contribute to the warfighter’s technological advantage maybe compromised and copied reducing the supremacy. Information about mission critical functions and components can be lost.


Additive ManufacturingSupply Chain Integrity

Insights:● NIST Cyber Infrastructure Standards in development● NDIA’s Cyber Security for AM Identifying gaps for closure● Insider Threats are often greatest● Small-to-Medium Manufacturers are most at risk● Loss of and/or manipulated design templates● Contaminated Materials impact performance● Enterprise Suite to Operational Floor is a legacy gap to close● AM advanced before implications fully understood

Elaboration (Why this matters):Vulnerabilities have been exposed for a fully digitized supply chainAuthenticity, Performance, Dimensions, Quality of partsConcern re several points for breach and loss of integrity


Additive ManufacturingCounterfeits/Authenticity

Insights:● Wrong part, wrong material, wrong dimensions….● Ineffective part, substandard materials, misaligned fit....● Reliability, integrity, and robustness compromised....● Failure to perform, failure for mission......● Challenge to economics – lower cost/lower

performance

Elaboration (Why this matters):With counterfeits and lack of authenticity, quality and performance can be compromised along with safety. In addition, lack of a trusted supply can lead to other embedded malware and active features detrimental to the mission at hand.


Additive ManufacturingMeasurement Standards

Elaborate on the problem (why this matters):Edward Morris, Director, America Makes said: “Additive manufacturing needs to have an appropriate body of standards so that engineers can do their designs using materials with properties that the standards community has embraced.” The reasons are to:


• Allow manufacturers to better compare and contrast performance of different processes• Improve purchaser/supplier relationship by specifying parts requirements accurately• Provide support for new adopters to appropriately use and implement AM technologies• Enable researchers and process developers to provide repeatable results that can be

independently verified

Additive ManufacturingMeasurement Standards

Insights:• ASTM’s Committee F42 partnered with organizations to promote

cohesive, broad adoption of additive manufacturing through standards• 11 international standards covering several industry areas exist; more in

progress, focused on mechanical properties, inter-laboratory collaboration, enhanced 3D printing etc.


• Standards available: – F2915 Standard Specification for Additive Manufacturing File Format (AMF)– F2924 Standard Specification for Additive Manufacturing Titanium-6 Aluminum-4 Vanadium with Powder Bed

Fusion– F2971 Standard Practice for Reporting Data for Test Specimens Prepared by Additive Manufacturing– F3049 Standard Guide for Characterizing Properties of Metal Powders Used for Additive Manufacturing– F3091 Standard Specification for Powder Bed Fusion of Plastic Materials– F3122 Standard Guide for Evaluating Mechanical Properties of Metal Materials Made via Additive Manufacturing

Processes

Additive Manufacturing Airworthiness Demonstration

Elaborate on the Problem (why this matters) : Additive Manufacturing (AM) uses digital 3-D design data to build components in layers. Provides a unique & different process. Up until this point, due to validation only possible with traditional processes & an airworthy parts certification for numerous flight hours, outputs of such a process had only been used as a prototyping tool, e.g., for the printing of non-flight critical parts & tools.

Insights: ● Osprey’s titanium, 3-D printed link & fitting assembly for engine nacelle printed at Naval Air

Warfare Center Aircraft Division, Lakehurst, NJ, ● Link & fitting assembly is one of four that secure a V-22’s engine nacelle to primary wing

structure; flight performed using standard V-22 flight performance envelope, ● Prior to flight, multiple V-22 components built by Lakehurst & Penn State ARL were validated at

Patuxent River,● Flight on July 29th 2016 represents the Naval Air Systems Command (NAVAIR) first successful

‘flight’ demonstration of a flight critical aircraft component built using additive manufacturing (AM) techniques, and

● Opportunities exist to revolutionize how aircraft are repaired; provides know-how to develop & field new capabilities, and “AM is a game changer,” said Liz McMichael, AM Integrated Product Team lead.


Additive ManufacturingResources/SME’s

SME’s:● Catherine Ortiz – Defined Business Solutions● Michael McGrath – McGrath Analytics● Kristin Baldwin – Acting Deputy Assistant Secretary, DASD(SE)● Vicki Barbur & Heather Moyer – NDIA’s CFAM Team

Resources:● NISPOM – National Industrial Security Program Operating Manual ● NIST (National Institute of Standards and Testing) - Framework for Improving Critical

Infrastructure Cybersecurity – continues to be in development● NDIA (National Defense Industrial Association) - Cyber Security for Advanced Manufacturing

- Identifying gap closure initiatives● Trust and verify is key to manufacturing cyber resilience – Glavach, D., (2015) SME● Locking down the factory Floor –Waurzyniak, P., (2015) SME


● Brian Hughes – Office of the Assistant Secretary (DASD(SE)

● Dean L. Bartles – ASME/DMDII● John Gronto – AM, Northrup Grumman

https://fas.org/sgp/library/nispom.htm

https://fas.org/sgp/library/nispom.htm

http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf




http://www.ndia.org/Divisions/Divisions/Manufacturing/Documents/519B/3-150219-McGrath-NDIA-Mfg-Div-Cybersecurity-Update.pdf




https://www.sme.org/uploadedFiles/Publications/ME_Magazine/2015/December/December%202015%20AM%20Now%20Concurrent%20Tech.pdf

https://www.sme.org/uploadedFiles/Publications/ME_Magazine/2015/December/December%202015%20AM%20Now%20Concurrent%20Tech.pdf

https://www.sme.org/uploadedFiles/Publications/ME_Magazine/2015/December/December%202015%20f2%20Cybersecurity.pdf

https://www.sme.org/uploadedFiles/Publications/ME_Magazine/2015/December/December%202015%20f2%20Cybersecurity.pdf

Big Data Analytics

Relevant Subtopics:● Open Source: Apache Hadoop and NiFi● Single View of Data● Predictive Maintenance● Fraud Detection● Cyber Security

Description:Actionable intelligence captures perishable insights in real-time by analyzing data in motion.It means drilling into terabytes or petabytes of data at rest for historical insights.And, in turn, those historical insights help you tune your streaming analytics and data flows.Modern data applications live and breath at the intersect between those Connected Data Platforms and the data they manage.

Open Questions:● How does Open Source handle Security?● Where to Start?● How to Centrally Architect into Current

Environment?● How do you manage the Lifecycle of Data

including Provenance?

AFCEA Technology Committee Lead(s) – Vicki Huttar and Kaus Phaltankar

Apache Hadoop and Apache NiFiCyber and Insider Threats

Insights:• Threat detection latency reduced from 4 hours to 2 seconds• Time to protection improved 5000x • Machine learning over tens of petabytes of historical data predicts threats to customers• Cloud team uses Ambari and Cloudbreak for dynamic clusters to meet peak workloads

Elaboration (Why this matters):Provider of Largest Security Data lake required a new modern data architecture that could scale, and add clusters in minutes with governance and security to meet over 100 companies requirements across 157 countries

AFCEA Technology Committee Lead(s) – Vicki Huttar and Kaus Phaltankar

Advanced Cyber Security

Sub-Elements:● Component Verification Tools● Lightweight Encryption Modules● Micro-segmentation● Machine-to-Machine Security

Implications (Drivers):● Ever increasing sophistication of cyber threats● Need to “bake in” cybersecurity in new commercial products● Desire to drive down escalating costs of cybersecurity● Internet of Things (IOT) speed of deployment● Trust in autonomous cyber defense systems

Description (Vector/Trend):The evolving trends in cybersecurity technologies and services

Open Questions:● Hardware vs. virtual machine/network solutions?● Can we improve attribute in cyber incidents?● What is the ROI for hardening network defenses?● Can we truly control the cyber supply chain?● What is the role of artificail intelligence (AI) in

future contested cyberspace environments?

AFCEA Technology Committee Lead(s) – Dr. Gil Duvall

Advanced Cyber SecurityComponent Verification Tools

Sub-Elements:● Component marking & testing● CPU positive identification● Invisible OR codes● Digital signing with PKI

Implications (Drivers):● Reduce the spread of malware● Mitigate cyber espionage susceptibility● Cost Savings by eliminating substandard components● Increased performance and reduced failure rates

Description (Vector/Trend):Counterfeit hardware, software & firmware threaten the cyber supply chain

Open Questions:● Do policies require verification of manufacturers

throughout the system lifecycle?● Do acquisition programs contain a “program

protection plan?”● Is a monitoring program in place to determine

real-time use of safe components in assembly?


Advanced Cyber SecurityLightweight Encryption Modules

Sub-Elements:● "Simon & Speck” publicly accessible

lightweight encryption algorithm from NSA● ISO 29192 lightweight encryption standard ● RFID, SCADA, WiFi sensors, Implantable

medical devices, cyber supply chain tracking

Implications (Drivers):● IoT devices (sensors, actuators, CPUs) use is

increasing at a faster rate in critical infrastructure● Small size, short battery life, low computational

capability prevents use of normal encryption methods for protecting data

Description (Vector/Trend):IoT devices lack self-protection features against cyber attack

Open Questions:● AES maturity and performance vs. lightweight

encryption acceptance?● Adoption of lightweight encryption by IoT

manufactures as an industry standard?● When and where to use lightweight encryption?● Hardware vs. software encryption?


Graphic Source NSA

Advanced Cyber SecurityMicro-segmentation

Sub-Elements:● Use of stealth technology to prevent

unauthorized users from seeing network endpoint nodes which process, store, and transmit large databases.

● Prevent malware insertion on console machines that create backdoors

Implications (Drivers):● Cost Savings & flexibility● Federal regulations to protect sensitive information● Cloud features● Divestiture of non-core activities

Description (Vector/Trend):Data center breaches continue to expose large data sets to exfiltration

Open Questions:● The future of software designed data centers?● How to use of micro-segmentation in

conjunction with traditional hardware firewalls?● Is it scaleable?● ROI of micro-segmentation adoption?


Graphic Source ARL

Advanced Cyber SecurityMachine-to-Machine Security

Sub-Elements:● Artificial intelligence (AI)● Machine to machine communications● Machine learning in contested environments● Heuristic algorithms● Predictive analytics to identify abnormal

network behavior● DevOps

Open Questions:● How to balance the risk and cost of “false

negatives” vs. “false positives?”● How to keep machine learning knowledge from

decaying over time?● When should AI be trusted over heuristics?● Is sufficient attack history data available to

support autonomous cyber defense systems?

Description (Vector/Trend):Ransomware use against high-stake enterprise networks is increasing


Implications (Drivers):● Ransomware spreads faster that current security

technologies can detect or prevent● Malware signature based defenses are time-late● Loss or confidentiality (due to data exfiltration) or

availability (due to malicious encryption)

Graphic Source DARPA

Quantum Computing

Implications (Drivers):● Speed, speed and more speed

○ Compute instantaneously○ Do everything faster than before○ Faster R&D results/analytics○ Improved forecasting (eg: weather)○ Automated real-time systems and

operational optimization○ Tackle problem sets that are not even

able to be attempted with today's computing capabilities

Description (Vector/Trend):Theoretical computation systems that make direct use of quantum mechanics physics phenomena to perform operations on data.

Open Questions:● Cryptographic concerns● Affordability ● Quantum decoherence● Physical scalability● Intellectual property and standards

AFCEA Technology Committee Lead(s) – David E. Meadows

Emerging Technologies – Mobile/Wireless

Sub-Elements:● Policy & Approval - Evaluation through implementation of new

mobile/wireless technologies, acquisition, regulations and standards● Infrastructure –Enterprise Mobile Management, Devices, App Store, Wi-Fi,

Security, Cloud, Architecture, Carrier network, Spectrum● Applications – Development Framework, Component Sharing,

Vetting/Approval, Deployment, Updating, Acquisition● Business Case – Return On Investment, Mobilized Workforce, Telework,

Human Machine Interface, Automation process● Future – Internet of things, Li-Fi, Ubiquitous coverage, Intelligent Vehicles,

5G, geospatial, Virtual reality, Situation Awareness, Personalization, Wearables

Description (Vector/Trend):Mobile Technology trends to allow employees to work outside a fixed location by using wireless untethered technology to optimize human and technical resources anywhere at anytime.

Open Questions:➢ Governance➢ Availability real-time of enterprise

support systems➢ Knowledge sharing and

collaboration➢ User experience and adoption➢ Productivity and Efficiency➢ Security and Automation

AFCEA Technology Committee Lead – Anitha Raj/Cecilia Phan

Implications (Drivers): ● Innovations in Mobile Devices, Mobile Apps, Social Networks, Cloud Computing,

Security, Cost, Global coverage and High-speed bandwidth, reciprocity, and Governance


Mobility Business

Mobile/Wireless Strategy & Trends

•Security & Threat manageability•Application development and management

•Convergence of Technologies/devices

•Technology infrastructure•Governance •Mobile User experience


Technology


Mobile/WirelessInfrastructure

Insights:• Mobile Devices operate primarily on commercial wireless infrastructures• Multiple hardware platforms, mobile operating systems, mobile management systems and carriers must

all be synchronized to provide a reasonable user experience • Applications beyond web browsing and email require, not only competent and secure application

development and vetting environments, but also new and sophisticated application deployment strategies and facilities

• Mobile COTS solutions provide significant cost leverage to the DoD, but inherently lack robust unique security requirements to support tactical and classified environments

• Enterprise Wi-Fi is not widely adopted across DoD components limiting the value of inexpensive non-LTE devices.

Elaboration (Why this matters):The unique nature of mobile technology and use cases require a re-thinking of traditional IT implementation and management


Near Term (NT): Fragmented and non-strategicMid Term (MT): More sophisticated reliability and performance architecturesLong Term (LT): Fully integrated with IT assets/processes

Mobile/WirelessEnterprise Services

Insights:• Enhance existing enterprise applications and authoritative data

sources for use on mobile devices• Establish criteria, selection, and implementation of enterprise

applications and data sources for mobile deployment• Develop all new enterprise applications and data sources with a

mobile extensions• App rationalization in progress to determine and prioritize all

enterprise software

Elaboration (Why this matters):Improve user experiences of enterprise services on mobile devices. Enterprise software, VPN, UC, and authoritative data sources must be mobile-enabled to provide ubiquitous access to data anytime from anywhere and at all classification levels.

NT: Data standards, Responsive designMT: Mobile-enable enterprise software and

authoritative data sourcesLT: Mobile First


Mobility Conceptual Architecture Model


Mobile/WirelessMobile Devices

Insights:• Dependence on industry for commercial

solutions• Compliance to NIAP and NIST for security

certifications• New peripherals continue to provide new

capabilities (e.g., IoT) for connectivity• Integration with cloud for access to information

at anytime from anyplace using any device at all classification levels

Elaboration (Why this matters):Mobile Devices continue to evolve offering new capabilities, services, battery technology, and form factors. Interoperability, connectivity, and usability are key factors to information sharing at all classification levels.

NT: Transition from BB to iOS and AndroidMT: Deploy classified solutionsLT: Develop multi-layered security solution

leveraging virtualization


Mobile/WirelessPublic Key Infrastructure (PKI) Credentials

Insights:• NIST 800-63-3 (in draft)• Authentication standards are maturing (e.g.,

Simple Certificate Enrollment Protocol (SCEP), Enrollment over Secure Transport (EST))

• Integration challenges for CAs, OSs, MDMs, 3rd-party apps, and enterprise services

• DoD Purebred pilot for iOS, IOC Oct 2016

Elaboration (Why this matters):Smart cards are cumbersome and expensive on mobile devices. PKI ecosystems must transition to hardware-backed software certificates, per NSA guidance.

NT: Mobile Security CredentialsMT: 3rd-party PKI servicesLT: Automated provisioning

Derived


Mobile/WirelessMobile Isolation & Device Integrity

Insights:• Mobile platforms utilize various mobile isolation and device integrity

techniques, including app isolation• Apple and Blackberry use secure elements (SE)• Android uses ARM TrustZone• Windows tablets and PCs use trusted platform modules (TPM)• Trusted Execution Environments (TEE) establish isolated object-oriented

computing environments on demand• TEE Protection Profile v1.2 was published by Common Criteria in Nov

2014, but few vendors have been validated• NSA continues to work with industry to establish HRoTs

Elaboration (Why this matters):Hardware Roots of Trust (HRoT) are the foundation for security of mobile firmware, operating systems, IdAM, apps, and services

NT: App isolation, Secure containersMT: SEs, TPMsLT: TEEs


Mobile/WirelessCloud Integration

Insights:• The rapid pace of technology causes mobility infrastructure

and services to be specialized and segmented from enterprise network and cloud infrastructure

• Enterprise network and cloud systems are beginning to integrate mobility capabilities

• Data center, network, and security infrastructure consolidation in progress

• DoD Cloud Security Requirements are outlined in the Cloud SRG for the CSP’s

Elaboration (Why this matters):Enterprise network and cloud infrastructure and services must mature to integrate mobility capabilities to avoid duplicative, dedicated mobility infrastructure and services

NT: Separate mobility infrastructure and services

MT: Integrated infrastructure and security services

LT: Mature integration


Mobile/WirelessEnterprise Mobility Management (EMM)

Insights:• Streamlined onboarding process (e.g., Apple DEP and VPP)• Security policy enforcement • Tiered administrative management (e.g., Tier 0 provisioning, PIN

resets)• Role-based access (e.g., personal, business)• Shared devices (e.g., logistics, maintenance)• Rapid mobile operating system updates• App distribution• Cloud-based MDM• Network Management integration

Elaboration (Why this matters):Enterprise Mobility Management (EMM) is mature, but some scaling challenges remain. Business processes that support mobility services add overhead and cause delays.

NT: Scaling challengesMT: Incremental improvementsLT: Agile and flexible EMM


Mobile/WirelessApplications

Insights:• Many mobile application-related processes are immature or non-existent in the DoD • Due to the complexity of mobile application development and deployment, these functions are ripe for

standardization, thereby, eliminating a continual “recreation of the wheel” across the DoD• Creative utilization of web services as a “concentration” mechanism addresses many security and data

access issues allowing for a faster delivery of mobile data access, but sub-optimizes the user experience• DoD is developing security standards for the evaluation of mobile applications• Application ROI and priority work must be done to target high value solutions for real mission opportunities

Elaboration (Why this matters):The justifiable promise of mobility dictates that the DoD move aggressively beyond email and generic web browsing


NT: Standardize Application vetting process across agencies for quicker deploymentMT: COTS and Vendor-driven application developmentLT: Government-driven application development

Mobile/WirelessWireless Connectivity

Insights:• Today, connectivity challenges still remain. Users must log off one

network and log onto another once in range (i.e., hard handoff).• Wi-Fi Alliance Passpoint standards were published in 2012 and

are deployed by all 4 major wireless carriers, Wi-Fi aggregators, and cable TV networks to enable Wi-Fi Calling (i.e., soft handoff)

• Passpoint relies on WPA2 security standards and adds authentication pass-through to external service providers (e.g., government networks and PKI)

• Automated connectivity and aggregation of and cooperative multipoint among multiple wireless networks offer new performance levels

Elaboration (Why this matters):Industry standards exist for seamless interconnecting between cellular and Wi-Fi networks, but they need to be matured for government enterprises

NT: Hard handoffs (Break and remake)

MT: Soft handoffs (Make before break), Wi-Fi Calling

LT: Seamless roaming (Aggregation, Cooperative Multipoint)


Mobile/WirelessMobile Application Store

Insights:• Segmented by OS, COTS/GOTS, web/native/hybrid/widget• Duplicative infrastructure and overhead• Lost economies of scale• Disparate management policies and services• Dual-hatted VIPs must carry multiple devices• DoD CIO and NGA have executed an MOU for a 2-year pilot

with the NGA MAS to serve as the DoD MAS for GOTS apps• Pilot used to investigate feasibility of unified MAS

Elaboration (Why this matters):As each department and agency acquired its own MDM, each has its own MAS.

NT: Agency MASs integrated with MDMMT: Agency MASs independent from MDMLT: Federated MAS independent from MDM


Process


Mobile/WirelessPolicy & Approval

Insights:• Without a legacy approval roadmap to follow, the uncertainty of what approvals are needed

and who should provide the approval, impacts agility in “mobilizing” the DoD • Approval process are not lengthened to use commercial transport(LTE or wi-fi), NSA policy

is unchanged requiring dual tunnel VPN to ride commercial transport access, new evaluation standards adopted to streamline their evaluation an approval (e.g., NIAP)

• Mobile technology and security standards compliance with unique requirements are issues and need to be incorporated with standards release of COTS apps and devices.

Elaboration (Why this matters):As with any new technology deployed in the DoD, Policy & Approval significantly impacts which mobile technologies are evaluated and the pace in which they are tested and implemented


NT: NIAP PPs, DISA SRGs/STIGsMT: Creation of a more flexible framework for Mobile Policy LT: Synchronize Mobility as just another IT technology regarding Policy

Mobile/WirelesStreamlined Approval Processes

Insights:• DoD requires NIAP, DISA SRGs/STIGs, JITC, UCAPL, and FedRAMP

certifications and CSfC approvals• NSA engaging industry and standards committee to participate in Technical

Committees• Varying degrees of maturity by product type:

Elaboration (Why this matters):Security approvals are complex, take too long, and cost too much

o Certificate Authoritieso Mobile Deviceso MDM, MDM Agento App Softwareo File Encryption, Full

Disk Encryptiono Web Browsero Email Cliento

NT: NIAP PPs, DISA SRGs/STIGsMT: NIAP PPs, DoD AnnexesLT: NIAP PPs


o VoIP Systems, Clientso Virtualizationo VPN Servers, Clientso WLAN Access Systems,

Clients, WIDS/WIPSo Authentication Serverso Firewallso Network IDS/IPSo

Mobile/WirelessBusiness Case

Insights:• Although the mobile cost justification for the military is fundamentally different than the commercial

world, there are some “lessons learned” that can reduce the ROI effort on the DoD • A high level, but comprehensive mobile business case analysis will identify those cost areas within

the DoD’s mobile implementation that have to be addressed to allow the benefits of mobility to justifiable to more DoD applications/use cases

• The business case work for mobility can become a model for the DoD’s analysis for deploying virtually all future non-weapon systems new technologies

Elaboration (Why this matters):Overall foundation work needs to be done around the business case for the mobilization of the DoD workforce in order to reduce the burden on mission owners looking to justify mobile expenditures and realize a ‘mobile first’ vision


NT: Reliance on non-cost based justification

MT: Balance of mission and cost justification

LT: “Commercial” model for personnel productivity

Mobile/WirelessApp Vetting

Insights:• The tremendous volume of apps are causing backlogs and forcing many

departments and agencies to skip vetting• Vetting tool reports require manual inspection• The Federal CIO’s Mobile Technology Tiger Team (MTTT) is establishing

Federal app vetting criteria and processes• Reciprocity agreements are in process• Basic research is needed to develop automated vetting tools• DoD CIO is establishing baseline security requirements for the security

evaluation of applications for use in the DoD• https://www.niap-ccevs.org/pp/pp_app_v1.2_table-reqs.htm

Elaboration (Why this matters):Each department and agency has different app vetting criteria, processes, and tools, adding community risk

NT: Disparate criteria, processes, tools

MT: Reciprocity agreements, Federal criteria and processes

LT: Automated vetting


https://www.niap-ccevs.org/pp/pp_app_v1.2_table-reqs.htm

https://www.niap-ccevs.org/pp/pp_app_v1.2_table-reqs.htm

Mobile/WirlessClassified Wireless Devices

Insights:• CSfC capability packages (CP) specify Unclassified, Secret, or

Top Secret wireless solutions• CSfC CPs will soon specify multi-domain wireless solutions with

a common Gray network and multiple security levels (MSL)• The Intelligence Community (IC) is investigating alternatives and

TTPs to improve interoperability and reduce costs• TEMPEST criteria specifies minimum RF separation distances,

but needs to be refined with RF signal levels• CSfC CPs will transition to multi-tenant wireless solutions with

multiple levels of security (MLS) on a single device

Elaboration (Why this matters):With proliferation of unclassified mobility solutions, there is increasing interest in using devices within classified spaces to improve productivity

NT: Unclassified, Secret, or TS; IC Study

MT: TEMPEST criteria, TTPs, Multi-domain and MSL CPs

LT: Multi-tenant and MLS CPs


Mobile/WirelessMobile Content Management (MCM)

Insights:• Few MCM services are in process for FedRAMP certifications at

security impact level 4/5 (FOUO/CUI)• DoD Cloud security requirements are outlined in the Cloud SRG• Knowledge management issues when multiple content

repositories are deployed (e.g., network drives, SharePoint, MCM)

• Navy and AF/DLA are piloting Level 5 Microsoft Office365

Elaboration (Why this matters):Users need to seamlessly and securely access government information on mobile devices

NT: Level 2/4 SaaSMT: Level 5 SaaSLT: Domain integration


People


Mobile/WirelessTactical/Mission Use

Insights:• Mobile devices need to withstand harsh Disconnected, Intermittent, and

Low-bandwidth (DIL) operational environments and meet Electromagnetic Environmental Effects (E3) requirements under congested and contested conditions

• AF deployed about 38K tablets for flight information, logistics, and maintenance• Army and USMC have deployed mobile devices tethered to tactical radios• Army WIN-T awarded Command Post Wi-Fi in Jan 2016• Navy is conducting afloat pilots• LTE and Wi-Fi standards must refine interference mitigation techniques to

address tactical DIL and E3 requirements

Elaboration (Why this matters):As technology improves, mobile devices increasingly become powerful tactical tools that empower the warfighter and deliver unified communications

NT: Tethered to tactical radios, Tactical LTE and Wi-Fi

MT: Command Post Wi-FiLT: LTE to Wi-Fi calls handover, Mesh

configuration with D2D communications


Mobile/WirelessContinuous Monitoring

Insights:• The rapid pace of technology causes mobility infrastructure and services

to be specialized and segmented from enterprise network infrastructure• Conventional anti-virus and personal firewalls are not deployed on mobile

devices• Separate filtering for mobility solutions is implemented• Deep packet inspection and integration with Network Management

systems is in process• Behavioral analysis is needed to identify zero-day and insider threat

vulnerabilities

Elaboration (Why this matters):Mobility infrastructure continues to mature to mitigate vulnerabilities and allow deeper monitoring and inspection of work traffic

NT: FilteringMT: Deep packet inspection,

Network Management integration

LT: Behavior analysis


Mobility - Industry• Government• Defense• Transportation• Health• Manufacturing/Retail• Education• Finance• Energy• Hospitality


Mobile/WirelessFuture

Insights:• Mobile technology challenges are just beginning and will get more sophisticated as the numbers of

manned and un-manned mobile devices dramatically increases• The value of mobile technology will increase for the DoD if it is prepared to embrace a more ubiquitous

implementation of “smart” devices• Risk assessment and justification will be the biggest challenge in leveraging new mobile and IOT

technologies• New genres of technology will move far beyond mobilization of current applications and processes to

allow for totally new approaches to mission organization and workflow

Elaboration (Why this matters):As with almost all technologies before it, mobility and the mobile infrastructure will move and morph from human interactive to being predominantly machine to machine and autonomous


NT: Extensive Wi-Fi deploymentsMT: Convergence of Technology, Internet of Things, Device2Device , DesktopLT: Sophisticated mobile fabric and workflow models

Need Additional Information?

If you have additional questions or inputs regardingthis material please send an email to:

[email protected]

To learn more about the AFCEA Technology Committeeand it’s mission please visit:

http://www.afcea.org/site/?q=Technology-committee

mailto:[email protected]

mailto:[email protected]

