What Northrop’s Unified Platform Win Means For Cyber War

A deceptively modest award for a blandly named “Unified Platform” actually gives contractor Northrop Grumman the lead role in developing the next generation of weapons for Cyber Command. Other companies may offer specific software and hardware modules, but as “Systems Coordinator,” Northrop now gets to design the virtual chassis all those upgrades must fit on.

The goal is to give the 6,200-strong Cyber Mission Force, created in a hurry and equipped with a hodgepodge of kit developed by different armed services and intelligence agencies, a common, compatible set of tools so they can act in cyberspace as a coordinated military unit. 

In particular, Unified Platform will let the newly independent Cyber Command conduct military operations in cyberspace without depending on National Security Agency infrastructure, as it has done since its creation, and without interfering with NSA’s intelligence collection.

The need is urgent and the pace intense: Following just eight months after a Request For Information in February and four months after a Request For Proposals in June, Friday’s $54 million award is the first piece of a fast-moving effort for which the Pentagon wants to spend $217 million over five years.

But a skeptical Congress knocked $2.2 million off the Unified Platform request in the 2019 appropriations bill, citing a “lack of justification on foundational efforts.” The program’s problem? It exists at the unhallowed intersection of clandestine operations, information technology, and federal contracting, so what it actually does is shrouded in classification, buzzwords, and jargon.

A veteran cyber warrior, a retired Air Force two-star turned principal assistant secretary for cyber policy, has made a good effort at explaining it in English:

“It’s a unifying platform in a lot of ways because it brings to bear a lot of data and it helps commanders…make decisions,” Edwin Wilson told reporters. Unified Platform will pull together information from disparate systems into a single, standardised view of the virtual battlefield that shows their commanders not only the threats, but also the status of their own disparate forces, “the readiness and the capabilities that we have both on deck for offensive or for defensive operations,” he said, and command-and-control mechanisms to employ those capabilities.

Cyber Maneuver

Unified Platform isn’t as sexy as a fighter plane or a nuclear submarine. To the untrained eye, all it will ever look like is a bunch of people staring at screens and typing. But militarily, it’s as essential to cyber war as planes are to war in the air or subs to war under the sea. 

Like the air, sea, and outer space, but unlike the land, cyberspace is a domain which humans can’t enter without specially designed machines. Indeed, much like the electromagnetic spectrum used for radar and radio, humans can’t even perceive what’s happening in cyberspace without specialized tools.

What makes cyber operations even more challenging, however, is that you can’t even see into a particular network, let alone defend or attack it, unless the specific software you’re using is compatible with the specific software running that network. Offensive cyber tools in particular often have to be exquisitely custom-built to affect a particular target, as Stuxnet was for the Iranian nuclear program.

The closest equivalent in the physical world is how railways in the former Soviet Union are standardized on a different gauge than the rest of Europe. Rail cars built for one network can’t travel on the other without physical modifications, a major impediment to German supply lines during World War II. 

Moving from one network to another in cyberspace often requires a roughly comparable reconfiguration, except that instead of being a strange quirk of one particular border region, it has to happen all the time.

Today, Cyber Command is like a railroad in the bad old days before standardized gauges, running different kinds of trains on different kinds of track. Specifically, today’s Cyber Command consists of four service components, Air Force, Army, Navy, and Marine Corps, that are all trained to a common standard but equipped with different sets of hardware and software.

While that heterogeneity was probably a necessary compromise to get the force operational as soon as possible, it makes it harder for multiple teams, especially teams from different service components, to share information and act together as a larger force. But that kind of coordination is what’s required to scale up from combatting ISIS cells and online propaganda to waging cyber warfare against sophisticated adversaries like Russia and China.

Maneuver in cyberspace doesn’t require physical movement the way it does in other domains, but it still requires bringing different units’ capabilities to bear at the right place, time, and target in a coordinated way. If your teams don’t have compatible software, they can’t easily access the same networks, which means they can’t combine their forces. Unified effort requires a Unified Platform.

Deliverables & Deadlines

The Unified Platform program doesn’t fit tidily into a traditional acquisition framework, but budget documents and anonymous sources outline how it will run. Instead of standard step-by-step phases, the program — with the Air Force acting as executive agent — involves fast-paced, overlapping activities that range, to quote the 2019 budget submission, from “prototype development, risk reduction, testing, and integration of cyber capabilities…. (to) delivering enhanced cyber effects to the Combatant Commanders.”

That last one, “delivering…effects,” specifically means getting working hardware and software to Cyber Mission Force teams so they can conduct real-world operations — even as development work continues to refine that technology based on operators’ feedback. And all this has to happen fast, with the goal being to “deliver capability” to operational users in fiscal 2019.

Again, last week’s $54 million award to Northrop Grumman is just the beginning. To keep up with the pace of both operational needs and technology improvements, the Unified Platform will involve multiple “new and existing contractual vehicles” (quoting the 2019 budget again), rather than a single big contract. The vehicles will include Defense Department-wide IT contracting mechanisms like DISA’s Encore II and even government-wide ones like GSA’s Alliant, as well as contracts specifically written for the program.

Funding starts with a spike of $56 million in fiscal year 2019 (again, that’s after Congress cut $2.2 million from the request) before leveling off to $33.7 million a year in 2020-2023 (which is as far as detailed projections run). The 2019 money is almost a 50-50 mix of prototyping (Budget Activity 4) and operational development (BA 7), but over time the prototyping funds fall off rapidly as development rises, almost dollar for dollar.

So what’s being prototyped? Two things:

The first and fastest activity — beginning now and finished by April 1, 2019, halfway into the fiscal year — is prototyping what budget documents call a Service Oriented Architecture (SOA). SOA is an IT sector term of art: 
Instead of each user having a complete package of software on his or her device, they connect over a network to a central server offering an array of different applications, all written to a common standard to allow easy upgrades by swapping in new software and hardware as desired. (This “loose coupling” is similar to the broader engineering concept of modular open architecture, which uses common standards to plug-and-play all sorts of components, physical machinery as well as software).

The second prototyping effort, which also begins immediately but lasts until October 1, 2021 (the end of the fiscal year), is “Minimum Viable Product build-up.” MVP is a particularly confusing and contentious bit of IT jargon, but the best definition I’ve seen is that, in essence, “minimum viable” means it’s the earliest version of the software that users can interact with and give useful feedback on.

This approach a crucial part of so-called Agile development, something Northrop Grumman prides itself on doing. Agile has become a widely derided buzzword but, when actually implemented properly, it involves getting user feedback as early and often as possible, allowing developers to make constant small improvements, and quickly delivering an adequate product that can be continually upgraded, rather than trying to fulfill a long list of formal requirements in one big bang.

This prototyping work overlaps with the development phase. Indeed, the Agile process doesn’t draw a bright line between the two in the same way traditional Pentagon practice does, and the $54 million award to Northrop seems to cover a mix of both.

- The Minimum Viable Product work that begins this month continues (after the initial prototyping “build-up”) through 2023, the five-year defense program.

- Agile Capability Development officially starts mid-2019 (the third quarter of the fiscal year) and runs through fall 2023 (the end of the FY).

- The initial Limited Deployment of the first operational version of the Unified Platform, known in Agile jargon as an “epic”, occurs in the second half of fiscal 2019.

- Limited Deployments of further upgrades will follow through the end of 2023, with an incremental upgrade every six months and a major upgrade (called an “epic” in Agile jargon) every 18 months.

- But the budget documents also call for upgrades to achieve “near-immediate integration into the UP baseline for delivery to cyber warfighters”: In other words, if cyber teams need something now, they shouldn’t have to wait for the six-month upgrade cycle.

This is an extremely ambitious agenda, one that pushes the limits of acquisition bureaucracies designed for industrial age mass production. Whether the Pentagon can pull it off is an open question. But if they can’t, the US will fight in cyber-space at a serious disadvantage.

Breaking Defense:

You Might Also Read:

US Defense Secretary Defines New Cybersecurity Strategy

« AI Gives Businesses Real Customer Insights
The Pentagon Doesn’t Want To Use Real AI »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

National Cyber Directorate Israel

National Cyber Directorate Israel

The Israeli National Cyber Directorate provides incident handling services for civilian entities and critical infrastructures and works to increase national resilience against cyber threats.

Exein

Exein

Exein are on a mission to build the world’s first ecosystem for firmware security so that all different types of firmware are secure around the world.

Langner

Langner

Langner is a software and consulting firm specialized in cyber security for critical infrastructure and large-scale manufacturing.

ECOMPLY

ECOMPLY

ECOMPLY is an all-in-one GDPR Compliance Solution. Efficient data protection management system for businesses and DPOsomply.

Southwest Research Institute (SwRI)

Southwest Research Institute (SwRI)

Southwest Research Institute SwRI are R&D problem solvers providing independent services to government and industry clients. Areas of expertise include Cybersecurity, Intelligent Networks and IoT.

CyCraft Technology Corp

CyCraft Technology Corp

CyCraft is an AI company that forges the future of cybersecurity resilience through autonomous systems and human-AI collaboration.

Mendoza Ventures

Mendoza Ventures

Mendoza Ventures is a venture capital fund focusing on pre-seed Artificial Intelligence (AI), Fintech, and Cybersecurity startups.

ProcessUnity

ProcessUnity

ProcessUnity is a leading provider of Third-Party Risk Management software, helping companies remediate risks posed by third-party service providers.

Vigilant Technology Solutions

Vigilant Technology Solutions

Vigilant is a global cyber security technology company offering solutions to manage entire IT & cyber security lifecycles.

Viria

Viria

Viria is an information and security technology solution provider that promotes digitalization in a secure way.

FortKnoxster

FortKnoxster

FortKnoxster is a cybersecurity company within the Crypto & FinTech space. Our encryption technologies are blockchain integrated.

UncommonX

UncommonX

UncommonX offers enterprise-class cybersecurity protection for mid-size organizations by combining adaptive threat and intelligence software with 24/7 industry experts.

Comparitech

Comparitech

Comparitech strives to promote cyber security and privacy for all. We are committed to providing detailed information to help our readers become more cyber secure and cyber aware.

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

CSIRO is Australia's national science agency. We solve the greatest challenges through innovative science and technology.

CyBourn

CyBourn

Cybourn's diverse offerings include engineering, analysis, product development, assessment, and advisory services in the cybersecurity space.

Evolver

Evolver

Evolver delivers technology services and solutions that improve security, promote innovation, and maximize operational efficiency in support of government and commercial customers.