Subject: Objective Simulation Framework (OSF)
The Challenge:
Tasked with providing defense from global missile threats, the Ballistic Missile Defense System consists of land, sea, and space-based launch detection systems, an integrated operations communications and control center, and strategically positioned counter-measure systems. Enhanced combat capabilities are continually delivered via hardware and software modifications.
The OSF is the centerpiece test and simulation environment that allows the client to evaluate ballistic missile defense systems in various threat scenarios, ensuring the continuous effectiveness against evolving threats to protect national assets and our way of life. Capable of running full-scale simulations, ground tests and live fire events to verify and certify BMDS combat effectiveness against evolving threat scenarios, the OSF combines digital simulations and Hardware-in-the-Loop technologies at multiple locations to generate an operationally-realistic test environment.
The complexity of this integrated system requires a cybersecurity-first mindset during system design and development to ensure current and future capabilities aren’t fielded with cyber vulnerabilities that require costly redesign; analytics-based solutions for accelerating the assessment of enhanced capabilities; and effective integration of rapidly change threat intelligence into scenario generation.
The Solution:
We established a cybersecurity-first mindset across the program by defining and implementing cybersecurity requirements and solutions into the systems engineering “V” development model. This comprehensive approach ensures cybersecurity is built-in to all software releases of OSF and includes more than 26 security documentation artifacts that address NIST SP800-171 R1 controls. Sentar also established, implemented and maintained all aspects of cybersecurity for the program, including all data artifacts required by the Risk Management Framework (RMF) to obtain the OSF Authority To Operate (ATO).
Our software development team utilized Agile/SCRUM practices for each OSF build, incorporating threat models we developed from intelligence sources to deliver a new build every 6 to 12 months to address evolving threats and field new capability. We also integrated software models from the legacy Single Simulation Framework, transitioning over a million lines of code and conducting regression tests to ensure functionality. Our engineers also developed automated scripts to build and test OSF models, accelerating capability delivery by 20%.
Sentar conducted ACAS scans for Security Technical Implementation Guide (STIG) compliance and software code scans to look for vulnerabilities in the more than 5 million lines of code. We utilized our proprietary analytics-based veriScan tool to automatically scan for source code and binary code vulnerabilities. Our solution was also used to assess >120 3rd party/open source products proposed for integration into the OSF. These comprehensive assessments provide information needed by developers, managers, and Government stakeholders to determine risk.
The Mission Impact:
• Reduced Risk:
Application of veriScan reduced risk of source code cyber vulnerabilities in organic OSF modules as well as third-party applications.
• Enhanced Combat Effectiveness and Security:
Incorporation of intelligence-based threat data created an operationally realistic test environment to ensure system effectiveness. Integration of cybersecurity requirements into the systems engineering life cycle ensured the system architecture was designed to minimize cyber vulnerabilities from the beginning, avoiding costly redesign later.
• Accelerated Capability Delivery:
Automated software scanning expedited software build delivery and overall system resiliency against cyber threats.
• Resilient Cybersecurity Architecture:
Unique cybersecurity approach throughout system lifecycle ensured RMF compliance and enabled ATO approval for spirally-developed and deployed combat capability.
Please note: Sentar’s technology veriScan is now known as CodeValor™ as of May 2020. Visit the CodeValor™ page for more details.