From the first military use of computers until the late 1980s, military computers were designed and built from the circuit board up. This included designing the instruction set architecture (ISA) that operated the computer’s primary functions. As a young military officer, part of my first postgraduate school assignment was helping the AN/UYK-43 design team build the ISA for this military specification (MILSPEC) tactical computer. AN/UYK-43 computers continue operating the AEGIS combat systems in many of the Navy’s AEGIS cruisers and destroyers today.
In 1989, I participated in a Navy Research Advisory Committee (NRAC) study on next generation computers for Navy tactical systems. At the time, a formal waiver was required for a program that wanted to use commercial computers. The NRAC study recommended reversing that policy and requiring a waiver for using MILSPEC computers. The recommendation was accepted and the era of ruggedized commercial Naval computers began.
Fast forward to today. In the 1980s cyber-hacking was a little known activity. Taking advantage of rapidly growing commercial information technology was the most efficient way for the military to remain near the leading edge of the IT revolution. Unfortunately, by the mid-to-late 1990s cyber-hacking had become a known challenge for both National Security and commercial businesses . In response, DARPA established the first cybersecurity technology project, to defeat cyber-hacker threats, in 1998. Today DARPA is hosting a Cyber Grand Challenge to test the abilities of a new generation of fully automated cyber defense systems.
Although illegal, cyber-hacking has become big business over the past 15 years. Within the hacking community, low cost hacking tools and malware are easily obtained through the internet or related illegal connections. As I described in an earlier post, Can DoD Get Out of It’s Cyber-IT Rut?, the Defense Science Board categorizes hackers into six tiers, according to the amount of resources applied. Thousand dollar hackers are people or groups buying available tools and malware to exploit known vulnerabilities. Million dollar hacker organizations are discovering new vulnerabilities, and billion dollar hacker organizations are creating new vulnerabilities in support of National advantage and/or military cyber-warfare.
While eliminating all cyber vulnerabilities may be impossible for the foreseeable future, the military, and other high profile commercial organizations, can adopt techniques that significantly reduce the vulnerabilities of easily obtained hacking tools. Early on, Google started building proprietary servers and networking infrastructure by ordering directly from chip and computer/network development vendors. In doing so they are able to optimize security and performance across their infrastructure.
“Google’s data centers use custom hardware running a custom hardened operating system and file system. Each of these systems has been optimized for security and performance.”
Amazon, Facebook, and others have followed Google’s lead and now build their own proprietary infrastructures. By modifying these infrastructures, to include compute and network operating systems, these companies render ineffective many of the hacker tools and malware being shared across the hacker community. These techniques reduce or eliminate their vulnerability to thousand and million dollar hacker organizations, while complicating the job of the billion dollar club.
Military electronic systems are sensitive to the space, weight, and power (SWAP), necessary for them to field and operate. Because of newly emerging converged or hyper-converged server technologies, a paradigm shift in SWAP is becoming available to military system designers. By combining compute, storage, and networking functionality within a single server, these products are capable of hosting virtual machines (VMs), virtual desktop infrastructure (VDI), and software defined networks (SDNs) an order of magnitude more efficiently than current implementations. Said another way, one rack of converged server equipment can replace as many as 10 current system racks.
One of the technologies making converged servers possible is the maturing of flash memory solid state drive (SSD) storage components. SSDs offer significant improvement in access time and power usage over spinning hard disk drives (HDDs). Many of us are now enjoying these new SSDs in our laptop computers where they operate significantly faster than the older HDD computers. Solid state memory technologies have been under development for the past 35 years. Up until recently, cost and longevity challenges have limited the market for SSDs. That has now changed. Today’s enterprise class SSDs ship with 5-year manufacturer warranties and are delivering up to 2 terabytes (TB) of memory in a 2.5 inch form factor (laptop size). Further, SSD manufacturers predict they will be delivering 8 TB SSDs, in the same form factor, within two years.
By adopting SSDs into the converged server designs, manufacturers are now able to significantly improve virtual server performance. Nutanix and RuggedCloud are two of the converged server products Navy engineers are currently evaluating. While SSD memory is not as fast as conventional synchronous dynamic random-access memory (SDRAM) memory, it is 40 times faster than HDD memory.
Nutanix and RuggedCloud both leverage SSDs to speed up server performance and reduce SWAP for equivalent functionality. RuggedCloud further leverages SSD technology by increasing memory to central processing unit (CPU) data flow, thereby enabling SSD memory to be used by the CPU as extended random-access memory (RAM). The largest power consumers in a server are the CPU chips and the SDRAM memory chips. By using less SDRAM and more SSD memory as RAM, significant power savings are possible while computer performance increases because of the extra large RAM. Because a single 3.5 inch high 2U server, as shown, can be configured with as much as 96TB of SSD memory, the server can support hundreds of VM/VDI/SDN workloads using a power draw of less than 300 watts. When populated in a full rack configuration, achieving 10:1 reductions in rack space and power consumption is possible.
In addition to paradigm shifting SWAP savings, by increasing available virtualized cybersecurity processing resources, converged server technologies introduce new opportunities to mitigate cyber threats on Navy ships, and other tactical platforms. Further, these combined technologies create an opportunity for Navy to create its own version of the Google data center model. By designing and then specifying custom modifications to the chip sets, hardware, network, and software infrastructure, low cost hacker tools and malware can be rendered ineffective in Navy platforms and shore-based data centers. In a sense this would be a return to MILSPEC IT infrastructure, but with a modern twist. Like Google, Amazon, and others, Navy IT infrastructure customizations would be small variations on commercial chips, hardware, and software components, while maintaining compatibility with commercial and government software applications.
A custom OS that lacks the “convenience features” of a commercial OS would be a plausible choice for embedded computers. But there are trusted computer platforms guarded doing the manufacturing process that eliminate the risk of attack vectors introduced in the supply chain, so funding a hardware production line for DoD computers with oddball ISAs offers little benefit.
The best way to forestall cyber attacks is to abjure the Internet. If that is not possible, consider frequent reimaging from ROM.
Good points Bruce. I am not suggesting that we modify the ISA and cause the OS to have minimal features. I am suggesting that we can learn how to modify some pieces of the hardware and software stack to reduce our cyber vulnerability. In a sense that is what NAVSEA is doing for the combat system. This does become a big technical challenge that would be ongoing but that is why we have smart NRL and SYSCOM labs folks, as in your day:-)
Marv has written down the details of the computer world that bear careful thought. He has worked in that world; I am only a user. But, I think that his comments focus on the dangers that we face as a nation. Communications and data transfer in a variety of scenarios: I am focusing only on the military. The commercial world has similar dangers but with different consequences.
The military world uses, as an example, drones, and the future aircraft will operate without humans actually physically sitting at the controls in the aircraft. But all the aircraft, regardless of their missions, eventually will be controlled from distant sites, and will be controlled through electronic data transfer. Data from sensors will be collected in several different distributed systems, integrated at sub stations, and finally create information that will affect military operations, both black and standard. But, if hackers can interrupt these communications our entire system for defense, offense, local and world wide could possibly be compromised.
Marv suggests steps that should, in fact, must be taken, to keep the electronic systems operating on reliable, real-time data. It is a national issue.
As Marv notes, the explosion of military capability built on leveraging commercial computer architectures and infrastructures certainly advanced Naval capabilities across the range of tactical warfighting domains. The same holds true with respect to advances in our ability to execute the Navy’s business across the enterprise.
However and as usual, Marv moves beyond mere realization that the Navy’s reliance on COTS/Commercial Specs based systems has run its course. He insightfully advances an approach that recommends and reimagines the MILSPEC as intended: Unique specifications created to address and deliver military capability not otherwise available from nor applicable to commercial market use.
This is not to say that under the guise of MILSPEC and “doing the same thing” as Google or Amazon, or by using the latest in commercial technology we’d just be using COTS/Commercial Specs all over again. It’s to say that by replicating their customized design approach, we can return to building militarily unique systems that operate differently from common commercial systems while, remaining interoperable with that infrastructure.
I’m with Marv. The time has come to put a new MILSPEC regime in place and put the onus on our enemy to spend billions to hack its way into Navy systems, tactical or othewise.
A great exchange, and in fact we are seeing a migration to a ‘milspec’ comparable approach to protecting our tactical equipments via NSA. In recent discussions with CISCO they reference their Commercial Solutions for Classified (CSfC) solutions which emanates from NSA’s new approach:
“Background: U.S. Government customers increasingly require immediate use of the market’s most modern commercial hardware and software technologies within National Security Systems (NSS) in order to achieve mission objectives. Consequently, the National Security Agency/Central Security Service’s (NSA/CSS) Information Assurance Directorate (IAD) is developing new ways to leverage emerging technologies to deliver more timely IA solutions for rapidly evolving customer requirements. NSA/CSS’s Commercial Solutions for Classified (CSfC) Program has been established to enable commercial products to be used in layered solutions protecting classified NSS data. This will provide the ability to securely communicate based on commercial standards in a solution that can be fielded in months, not years.”
More information at:
Rear Admiral, USN (ret)
AECOM Vice President, C4I Strategic Programs
D 1-619-940-4647 C 1-619-252-6026
2450 Crystal Drive, Suite 500 Arlington, Virginia 22202
T 1-703-418-3043 F 1-703-418-3022
Twitter | Facebook | LinkedIn I Google+
Great points Admiral… Thanks, marv
It appears that the time has come to put a MIL STD pedigree on tactical IT. One note of caution – tactical MIL STDs are managed by DISA, with participation/consensus voting by all the services. This arrangement has proved cumbersome over time, and with the rapid pace of IT development I would recommend a more agile governance structure.
Good points Pete. I am more thinking about the idea of modified IT stacks than the formalization of MIL STDs. Governance is always an issue and we tend to do it poorly in the DoD/Navy so this is an area that would need considerable attention…
…and to add to Pete’s comment along with more agile governance, it’s critical that testing, especially “negative testing” be included to ensure these systems are defended vs. potential threats.
Excellent point Mark, negative testing is not something normally thought about, but needs to become more common going forward…
Outstanding and compelling post. Along with our physical infrastructure we need to keep our eye on the upper levels of the OSI model (applications) too. New infrastructure should have new tactical applications. Thanks.
Great point Kurt. We IT folks traditionally spend way too much energy and resources on infrastructure and not nearly enough on applications. It is a bit like driving a car on a race track. Most drivers go too fast on slow corners and too slow on fast corners, but it is the fast corners that deliver the best time. We need good infrastructure as this post addresses but we really need to focus on building great applications to make that infrastructure worth the cost. Command & Control applications are the most difficult and the apps that have suffered from lack of innovation for teh past 30 year. The is right, now, to change this and build the applications that meet user needs, and go beyond their expectation… Thanks
But isn’t what makes this approach viable for Google and Amazon their massive web scale operations? The military’s use of IT will always be orders of magnitude less than the Googles and Amazons of the world.
Thanks Michael, good point but I believe the reality is that Navy could tailor an IT stack without enormous expense and given the down-side of cyber attacks on our military capability, the cost may be a small factor…