POH – EN.675.641.FA23
The Johns Hopkins Applied Physics Lab (APL) has been awarded a $10 million contract to evaluate the software and cybersecurity of the US Military’s Evolved Strategic Satcom (ESS) ground segment. ESS is being developed to replace legacy nuclear command and control systems. The ground segment that APL will be evaluating is named GRIFFON (Ground Resilient Integration and Framework for Operational Nuclear Command, Control, and Communications).
GRIFFON prototypes are currently being developed by both Lockheed Martin and Raytheon. APL’s contract award will require them to assist in ensuring that software and cyber best practices are used in these early phases. It can be expected that APL will act as a red cell, conducting independent software tests. The DoD intends to spend $6.5 billion on the development of ESS & GRIFFON over the next 5 years.
It is critical that cybersecurity plays a major role in the ESS system development lifecycle from the beginning. It is excellent that Lockheed and Raytheon’s prototypes will be scrutinized by a third-party government partner (APL) to add another layer of assurance. ESS will contain critical systems, networks, and data that need to be protected. GRIFFON, being the ground segment, is a vital ESS system that will connect ESS networks to terrestrial networks and people. This could make it the most attractive segment to attack for nation-state cyber threat actors.
An interesting consideration. APL is evaluating the development of the ESS GRIFFON prototypes, but are they evaluating and testing the cybersecurity of these organization’s processes in which they develop prototypes? Likely if a nation-state has a desire to attack another nation’s critical system, they will invest a line of effort early when the system is still being developed to exploit vulnerabilities in the military industrial complex cybersecurity posture before it can mature to DoD own and operate. Look at the F-35 program and all of the stolen IP. Hopefully APL or another third-party is scrutinizing Lockheed and Raytheon’s organizational cybersecurity as well as their GRIFFON prototypes.