Appendix F Leveraging Commercial Developments in Information Technologies

Commercial investments in nondefense-related information technologies in the United States amount to about $1 trillion per year. The U.S. Department of Defense (DoD) budget for information system technologies (IST) is significantly less, about $1 billion per year. Some of DoD’s limited IST investments could be used for leveraging commercial developments, by adopting, adapting, and/or reengineering commercial successes; the remainder could be used to address DoD-unique needs not being addressed by commercial industry. A detailed discussion of some commercial capabilities and shortcomings follows.

The commercial sector has developed a very robust, static-fiber infrastructure (the opposite of the military’s large-bandwidth, mobile computing). Military radio-frequency bands and other nonfiber communication methods will not receive commercial investment, although some commercial work is being done on lower-frequency VHF/UHF (e.g., Inmarsat) and higher-frequency capabilities (e.g., Direct TV on aircraft). DoD will have to develop small antennas for high-bandwidth capability, especially for aircraft. Although the commercial sector will address network technology challenges, these networks will be custom-built to connect a limited number of information systems. DoD will have to develop a common network-transport system for many legacy and new information systems (DSTAG, 2000a).

Information assurance (e.g., defensive information warfare, damage assessment/forensics, course-of-action assessment, automated recovery) is of great interest to both the commercial and military sectors. Ensuring the security (trustworthiness) of networked information systems is very difficult. Most commercial software packages are not hardened against attacks, and little is being done to enable detection of potential attacks. Instead, commercial software is modified after an attack. The commercial marketplace is willing to pay for new features but not for security, so the latter has received little attention.

In addition, the commercial sector appears to be doing little to detect “malicious code.” The “Melissa” virus attack of 1999, the “I Love You” virus attack of 2000, and the denial-of-service attacks on Yahoo and similar sites in 2000 are all evidence of this weakness. Reliability, verification, and validation are not built into commercial software. Therefore, DoD will have to develop more rigorous protection systems against threats from enemies trained in information warfare. The impact of commercial attacks is measured in loss of dollars and, in some situations, loss of life. Military attacks, however, would result mostly in loss of life.

Commercial protection efforts are focused on components, rather than systems. Commercial protection is difficult to use, configure, and manage, and it does little to assess threat capabilities or forecast intrusions. Because most commercial protection is focused on commercial software, which is much less complex in design than defense software, commercial protection has not addressed the problem of detecting new and novel attacks. Commercial research and development are not focused on automated capabilities to assess damage, survive, or recover from attacks. Current forensic capabilities are limited to human experts and individual



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 65
Review of the U.S. Department of Defence Air, Space, and Supporting Information Systems Science and Technology Program Appendix F Leveraging Commercial Developments in Information Technologies Commercial investments in nondefense-related information technologies in the United States amount to about $1 trillion per year. The U.S. Department of Defense (DoD) budget for information system technologies (IST) is significantly less, about $1 billion per year. Some of DoD’s limited IST investments could be used for leveraging commercial developments, by adopting, adapting, and/or reengineering commercial successes; the remainder could be used to address DoD-unique needs not being addressed by commercial industry. A detailed discussion of some commercial capabilities and shortcomings follows. The commercial sector has developed a very robust, static-fiber infrastructure (the opposite of the military’s large-bandwidth, mobile computing). Military radio-frequency bands and other nonfiber communication methods will not receive commercial investment, although some commercial work is being done on lower-frequency VHF/UHF (e.g., Inmarsat) and higher-frequency capabilities (e.g., Direct TV on aircraft). DoD will have to develop small antennas for high-bandwidth capability, especially for aircraft. Although the commercial sector will address network technology challenges, these networks will be custom-built to connect a limited number of information systems. DoD will have to develop a common network-transport system for many legacy and new information systems (DSTAG, 2000a). Information assurance (e.g., defensive information warfare, damage assessment/forensics, course-of-action assessment, automated recovery) is of great interest to both the commercial and military sectors. Ensuring the security (trustworthiness) of networked information systems is very difficult. Most commercial software packages are not hardened against attacks, and little is being done to enable detection of potential attacks. Instead, commercial software is modified after an attack. The commercial marketplace is willing to pay for new features but not for security, so the latter has received little attention. In addition, the commercial sector appears to be doing little to detect “malicious code.” The “Melissa” virus attack of 1999, the “I Love You” virus attack of 2000, and the denial-of-service attacks on Yahoo and similar sites in 2000 are all evidence of this weakness. Reliability, verification, and validation are not built into commercial software. Therefore, DoD will have to develop more rigorous protection systems against threats from enemies trained in information warfare. The impact of commercial attacks is measured in loss of dollars and, in some situations, loss of life. Military attacks, however, would result mostly in loss of life. Commercial protection efforts are focused on components, rather than systems. Commercial protection is difficult to use, configure, and manage, and it does little to assess threat capabilities or forecast intrusions. Because most commercial protection is focused on commercial software, which is much less complex in design than defense software, commercial protection has not addressed the problem of detecting new and novel attacks. Commercial research and development are not focused on automated capabilities to assess damage, survive, or recover from attacks. Current forensic capabilities are limited to human experts and individual

OCR for page 65
Review of the U.S. Department of Defence Air, Space, and Supporting Information Systems Science and Technology Program computers, which are not easily scalable to the network level (DSTAG, 2000b; NRC, 1999). Many other DoD requirements cannot be satisfied by commercial technologies. DoD requires long-term software support, which is not common in the commercial sector. DoD is far ahead of the commercial sector in some technology areas, such as non-von Neumann architectures. Commercial industry is beginning to expand beyond low-cost, single-processor systems; DoD has had a long-standing need for scalable systems that increasingly mandate software portability standards. In the area of autonomous software, commercial activities have been focused on software agents primarily for the retrieval of noncritical information. Commercial software for robotic systems relies on synchronous remote-control and basic-control laws, whereas DoD requires real-time, dynamic information systems that rely on complex agents and models that can adapt and learn, and even reason, about system state. In the area of intelligent information management and interaction, the commercial sector is making advances in E-commerce, and search engines are beginning to focus on foreign keywords and nontextual information. However, DoD needs knowledge-based authoring tools for nonartificial intelligence experts that can support the retrieval and analysis of information derived from multiple languages and presentation modes (e.g., text, graphics, images, and videos). Finally, in advanced software technology, DoD will have to leverage the very massive commercial capability to meet DoD-unique needs. For example, DoD requires dynamic assembly of software for system adaptability, dependability, and assurance; model-based integration of embedded software; and process models embedded in system descriptions (DSTAG, 2000c). For decision making, some commercial work has been done on information fusion (e.g., in medicine, law enforcement, and the airline industry), cognitive understanding for decision making, and integrated assessment, planning, and execution. However, DoD requires a very robust fusion architecture to support very complex decision-support systems. DoD’s needs include unique algorithms, georegistration of data, and object-oriented fusion databases. In the area of integrated assessment, planning, and execution, DoD requires highly automated plan-development tools that provide dynamic, optimal replanning in a rapidly changing environment. DoD also requires flexible, scalable, command and control architectures. Commercial technology, which is focused on in-system stability (e.g., manufacturing, traffic flow), bounded, well-defined environments (e.g., airline scheduling), and some process-based enterprise management (e.g., integrated workflow), will not satisfy these needs. Finally, the commercial sector is addressing perceptual, cognitive, and decision-making skills; consumer profiling; knowledge-management tools; Web-based human-computer interfaces; collaboration technologies; and information visualization. DoD will be able to leverage these capabilities to develop tools for monitoring human performance for managing workloads, developing more immersive human-computer interfaces (e.g., three-dimensional graphics, virtual and augmented reality, mobile/wearable devices, and speech and gesture recognition devices), and visualizing complex relationships (especially across space, time, and functional domains) (DSTAG, 2000d). Few commercial attempts are being made to develop modeling and simulation technologies to support the interoperability and reuse of applications for the simulation-based design, analysis (i.e., system performance, tactical/doctrinal use, etc.), and acquisition of air and space systems (including information systems). The commercial sector has promoted the use of simulation-based design in the aviation and automotive industries and human-factors engineering. In addition, the entertainment industry has developed Web-based gaming and visually appealing graphics (especially for movies). However, DoD requires realistic, distributed, collaborative models and simulations that are representative of physics-based and behavior-based reality that can be verified, validated, and accredited by warfighters are real time (especially with graphics generation) and low latency represent human and organizational behavior use open-system linkages of disparate databases, models, and simulations have a capability for human immersion provide linkages to live C4ISR systems have reduced development/set-up costs. Modeling and simulation in the entertainment industry have been focused on nonphysics-based fantasy worlds. Commercial simulations are market driven and often go to market when they are only 60 to 80 percent complete. There are only a few distributed simulations (some on the Internet), and those are not time sensitive. Graphics are often rendered (usually by artists), and

OCR for page 65
Review of the U.S. Department of Defence Air, Space, and Supporting Information Systems Science and Technology Program real-time graphics are not at the fidelity/resolution levels required by the military. Human behavior is primarily based on stories and characters. Finally, linkages to other systems are usually custom set-ups using proprietary tools and systems. Human immersion is a commercial art that should be leveraged by DoD. Commercial simulation-based design and development efforts should be leveraged for DoD’s simulation-based acquisition endeavors. DoD should also be interested in commercial efforts to reduce development, set-up, and authoring costs. Basically, DoD currently has the lead in modeling and simulation research and development (DSTAG, 2000e). REFERENCES DSTAG (Defense Science and Technology Advisory Group). 2000a. Information Systems Technology: Seamless Communications Subpanel, briefing by Cliff Warner at the Information Systems Technology (IST) Technology Area Review and Assessment (TARA), Air Force Research Laboratory, Rome, New York, March 13–17, 2000. DSTAG (Defense Science and Technology Advisory Group). 2000b. Information Systems Technology: Information Assurance Subpanel, briefing by William E.Wolf at the Information Systems Technology (IST) Technology Area Review and Assessment (TARA), Air Force Research Laboratory, Rome, New York, March 13–17, 2000. DSTAG (Defense Science and Technology Advisory Group). 2000c. Information Systems Technology: Technology Area Review and Assessment: Computing and Software Technology, briefing by Northrup Fowler III at the Information Systems Technology (IST) Technology Area Review and Assessment (TARA), Air Force Research Laboratory, Rome, New York, March 13–17, 2000. DSTAG (Defense Science and Technology Advisory Group). 2000d. Information Systems Technology: Technology Area Review and Assessment: An Overview of Decision-Making Technologies and Programs, briefing by Walter Kasain at the Information Systems Technology (IST) Technology Area Review and Assessment (TARA), Air Force Research Laboratory, Rome, New York, March 13–17, 2000. DSTAG (Defense Science and Technology Advisory Group). 2000e. Modeling and Simulation Technology: TARA Overview: Modeling and Simulation Subpanel, briefing by Gary Yerace at the Information Systems Technology (IST) Technology Area Review and Assessment (TARA), Air Force Research Laboratory, Rome, New York, March 13– 17, 2000. NRC (National Research Council). 1999. Trust in Cyberspace. Committee on Information Systems Trustworthiness, Computer Science and Telecommunications Board. Washington, D.C.: National Academy Press.