As the Defense Department beefs up its cyber threat hunting capabilities, it's taken a slower approach toward modernizing GPS.
This week I am following up on developments surrounding some of the ideas I put forth in two of my previous Nextgov columns: the one I wrote just two weeks ago, and the first one that I officially penned for the magazine. Ironically, the one I wrote last time is getting a happy ending of sorts, with government stepping up to embrace an innovative technology. But as for the other item, we find the government still lagging, and in danger of losing a critical piece of technology infrastructure through inaction.
But let’s start with the happy news. In my previous column, I wrote about some of the cutting-edge technologies that I am reviewing for technology publications. This included a program called Mantix4, which is offering threat hunting as a service to the private sector, after successfully deploying with the Canadian government.
Threat hunting is a relatively new concept whereby trained investigators look at network data to try and uncover threats which have already breached existing defenses but remain undetected. They are the most dangerous type of threat any organization can face. Uncovering them requires a particular skill set that few people possess. Hunters need to have the keen mind of an investigator, able to look at data and form hunches about what might be happening, and also the technical knowledge to dive in and find evidence of the suspected attack so that it can be revealed and killed. Because of these strict requirements, there are not too many threat hunters, especially within government.
That situation makes threat hunting as a service a natural fit for government agencies, but only if they can find trusted partners to do the hunting. Last week, the team at Trustwave reached out to let me know that they were launching a new Threat Hunting for Government service.
Trustwave is a natural fit for this need; its renown SpiderLabs group are already working with many agencies supplementing cybersecurity as government database security provider. Adding threat hunting simply enhances what the SpiderLabs teams are already doing for many agencies.
“All of our security teams are able to support each other,” Brian Hussey, vice president of cyber threat detection and response for Trustwave explained to Nextgov. “For example, every time we get information about a new security incident, that attack can be fully reverse engineered, with the data going to our threat hunting teams searching for similar threats.”
Trustwave Government Solutions President Bill Rucker said while the capability exists for an agency to only purchase threat hunting, which is available on an hourly basis, bundling hunting with other cybersecurity services would help to speed up agency-specific hunts and threat detection. “Threat hunting only gets better with a better baseline,” Rucker said. “And we want to provide the best possible security for our government clients through our new Threat Hunting for Government service.”
As happy as I was to see such rapid movement on a suggestion to improve government security, I was just as down about another issue I wrote about a long time ago, which has almost not seen any improvement at all.
My very first official column for Nextgov back in 2015 warned that our country’s GPS, which is relied on by the military as well as countless other industries, was in danger of collapsing as the satellites that support it near their end-of-life dates. At the time, lots of people wrote in and told me not to worry because the satellites would last longer than anticipated, and the military would find a suitable solution in time.
Now several years later, a recent report from the Government Accountability Office stresses the fact that there is a very real chance that things might not work out for GPS or the planned upgrade to a new system dubbed GPS III. The report even takes into account what all those commenters were saying to me in 2015—that the existing satellites could probably last longer than anticipated. Most of them were designed to operate through 2020. The GAO adds to that time, saying they probably won’t begin to fail until June 2021. But even with the extra time, there is still a significant risk of disruption, especially if everything planned does not go exactly right or strays from a tight schedule.
And it is not just satellites that need upgrading. Technology on the ground also needs to be improved. To that end, the military is developing two programs, OCX and M-code, to work with the new GPS III satellites should they ever launch. But neither of those programs are sure things, according to the report.
“[Defense Department] is relying on a high-risk acquisition schedule to develop a new ground system, known as OCX, to control the broadcast of a modernized military GPS signal. OCX remains at risk for further delays and cost growth,” the GAO report states. “To mitigate continuing delays to the new ground control system, the Air Force has begun a second new program—Military-code (M-code) Early Use—to deliver an interim, limited broadcast encrypted GPS signal for military use by modifying the current ground system.”
The Air Force says it can launch six new satellites by the June 2021 deadline, and I hope that happens. But don’t forget that this program has been funded since the year 2000, yet was so wracked with delays that it’s now up against the clock.
Obviously, the loss of GPS would become an enormous handicap for our military, which has come to rely on the technology for everything from autonomous vehicles to weapon systems to keeping troops on track during missions. And civilians also need GPS. Many industries from agriculture to transportation have come to rely on GPS just as heavily as the military. Its loss would be a major economic setback for the country, at a time when Europe, Japan, Russia, India and China are deploying, or already fully supporting, their own versions of satellite positioning.
The nation needs GPS, for its military and economy. It’s time for the government to stop acting like it’s some secondary program and start treating GPS like the critical piece of technology infrastructure that it has evolved into, and which we wouldn’t want to ever live without.
John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology. He is the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys