The next big milestone for Cyber Command’s Unified Platform program will be a fully built software factory, an environment for consolidating applications and developing new tools.
Once up and running, the software factory will help integrate and deploy disparate analytical capabilities for the cyber mission force.
Unified Platform will consolidate and standardize the variety of big data tools used by Cyber Command and its subordinate organizations, including the Defense Information Systems Agency. This will allow forces to share information more easily and build common tools to be used across the service cyber components leading to greater interoperability.
Cyber Command needs a mix of standardization capabilities to tools to access targets to cause effects to data integration capabilities to cyber deterrence tools.
The Unified Platform program has been steadily progressing. Northrop Grumman was awarded a $54 million system coordinator contract for the program in October 2018, the program office established a “software factory” and five companies were awarded a subordinate contract under the program called Cyber Enterprise Services, which will enhance multiple cyber platforms with a services in command and control, planning, generation, execution, assessment, reporting and visualization.
Chris Valentino, Northrop’s vice president for cyber solutions, provided additional details on the type of work the program entails.
The software factory is “containerizing” applications using a technology called Kubernetes as a means of providing a more flexible platform and infrastructure with a set of standards.
Kubernetes is an open source version of containerization, which is a form of virtualization for microservices, Valentino said, that allows people to rapidly create capabilities that can be applicable to the cyber mission force.
“Through the standardization of the software factory and the containerization of the applications, that is what creates the environment for which someone can develop software, develop a mission application that’s applicable to the CMF, bring it into the factory and then the factory contains all of the DevSecOps tool chain then to not only provide a common environment for the application to live in but also provides the checks along the way to make sure that it’s compliant with the overall continuous [authority to operate] environment,” he said.
The Unified Platform program will provide the environment for building and delivering tools, especially analytic tools, to the cyber force.
“In the end, it’s really about that holistic environment that will enable the mission areas … about being able to integrate different types of data sources and then deliver that back out to the mission force,” he said, adding where the program is right now is focusing on data ingestion and integration, not necessarily offensive and defensive tools.
In its role as system coordinator, Valentino said Northrop is helping the Air Force, which is running Unified Platform on behalf of Cyber Command and the joint cyber force, to “implement their agile practices and processes for being able to rapidly create and deploy mission capabilities.”
Cyber Enterprise Services
Valentino said the Cyber Enterprise Services program is particularly focused on experimentation pertaining to potential mission applications to help the cyber mission force.
Awardees can respond to orders or mission capabilities. The contract roughly equates to a wish list of capabilities Cyber Command or other entities might want. In turn, those companies under contract can respond and try to build the necessary tools. Northrop, on a separate contract, is among those companies that can compete for the work.
The Air Force plans to spend as much as $95 million on cloud services from several companies to work on one of Cyber Command’s first major weapon systems.
“The Air Force program office in San Antonio, they get the requirements coordinated through all the CYBERCOM processes, requirements will come out through the program office, the folks that are on Cyber Enterprise Services you kind of get to determine a rapid response like we can meet that requirement or not,” George Franz, cybersecurity lead for Accenture Federal Services’ national security business, one of the companies on CES, told Fifth Domain at the AUSA conference. “If you successfully put your response in and they pick you, then you have very short period of time to actually develop an analytic or a tool.”