Issue link: https://read.uberflip.com/i/1463108
w w w. m r c y. c o m WHITE PAPER 6 The conversation has shifted from whether to secure the technology building blocks of today's platforms, to a focus on how to do it. In es- sence, how can it be done quickly, affordably, and effectively? S EC U R E D T R U S T E D Our thesis is something we have put into practice for the past six years as we get ready to enter into our fourth generation of building secure technology solutions for our customers. There are four key elements to our secure solutions thesis: • The Security in Secure Solutions Must Be Designed In: First and foremost, for defense platforms to be secure the security must be built-in, not bolted on. This concept is key to making sure technology building blocks can be leveraged effectively even as they are integrated and customized during subsequent stages of integration. This needs to happen without large cost overlays or over-reliance on custom solutions. We are about to enter into our fourth generation of building secure solutions that can then be integrated into a customer's solution and the ultimate platform's secure architecture. • Secure Solutions Must Be Domestic: Much of the broader IT industry, which the DoD has become dependent on, is now manufactured and sourced outside of the US, either in places where supply chains are hard to track, or even worse in coun- tries such as China, where there is the risk of a highly compro- mised solution. We engineer, develop and manufacture all of our secure solutions domestically. • Secure Solutions Must Be Upgradeable: We provide secure building blocks that are standardized and can be used, in a repeatable way, by our customers who then include them in their secure architectures. This approach allows the customer to be in control as they build their secure processing platforms using and re-using our technologies as needed. We can help, in effect, "future proof" our customers' secure architectures as new generations of technologies evolve. • Secure Solutions Need To Be Integrated: It's impossible for any industry participant to create a secure solution without using technology from an outside company. As part of creating "built-in" solutions, it is essential to know what the source is and how it's being used. As an example, insecure APIs (applica- tion program interfaces) have caused notable security problems in the commercial sector and could do the same within defense. As multiple technologies are integrated into a single platform it is essential that common APIs and software code have a known and controlled source and can provide clear and known user authentication, information assurance, tamper monitoring and resistance, and secure run-time operation. Thesis: Most agree we need to pay attention to security for all platforms. But we must do this without driving up cost excessively or falling behind schedule to meet security requirements. No one has all the answers as it relates to the need to build and deploy secure solutions. But as we get ready to enter into our fourth genera- tion of building secure solutions on behalf of our customers, one thing is for sure. It's not something you can do quickly and affordably on your own. Modular and secure building blocks are now table stakes in terms of how to build a new platform or modernize an older one. The challenge is to incorporate security while still meeting the increas- ingly stringent budget and scheduling requirements of today's defense industry. A Role for Everyone Thesis: This is no time to go it alone. We have entered an environment of rapidly emerging global threats while also having to make the necessary reforms within defense. All against a backdrop of budget uncertainty and domestic political uncertainty. Government leaders, policymakers, the Pentagon, defense research labs, com- mercial companies, and large defense prime contractors all have an important role moving forward. We look toward the rapidly evolving landscape that our nation, the DoD, and our allies face with a healthy respect for the task at hand. The challenges are daunting. Shifting geopolitical sands aren't likely to stabilize any time soon. Our adversaries and potential adversaries are both numerous and possess, in some cases, peer or near peer capabili- ties. Adversaries with lesser capabilities are no less concerning due to their unpredictability. The DoD and the defense industrial base isn't standing still against this backdrop. In spite of budget pressures and a longstanding drive to "do more without more", the DoD has stood up organizations that show a willingness to think outside the box. This includes but isn't limited to the now four year old Strategic Capabilities Office (SCO) and the more recent establishment of the Defense Innovation Unit Experimental (DIUx) with ties to the tech community. The Armed Services Commit- tees of both houses of Congress, and the Office of the Secretary of Defense, all acknowledge that some basic underpinnings of how we do business need to be examined. The now robust discussions around Goldwater- Nichols reform is specific evidence of this. All of this leads us to conclude the obvious. There is a lot of "heavy lift- ing" to be done. What is perhaps less obvious is the fact that there is a role for all components within defense to help meet these challenges. The President and Congress, the DoD including the Office of the Sec- retary of Defense, the armed services, elements within the Pentagon and DARPA and key government research labs all have a role in sorting out and meeting the key challenges noted above. Within the defense industrial base itself, both the large primes as well as mid-tier commer- cial companies like Mercury Systems have key roles to play. The chal- lenges are too numerous, the global threats too fluid and demanding, and the need for rapid innovation is too great for any one organization, government agency, or commercial company to handle it alone. Why is it important that all defense participants take an active role? For open, affordable, modular technology solutions, continued investment and innovation within the defense labs, government sponsored labs and non-profit independent labs is critical. The DoD itself, as it has in the past, needs to actively promote a robust private/public R&D community. Further, all members within the defense industrial base, both commercial companies, and large defense primes, need to invest in open standards and affordable, re-usable technologies. Policymakers and key influencers within the Pentagon need to continue to promote