Greetings and welcome to the NDIA Delaware Valley Chapter’s last newsletter for 2014. We’ve had a busy late summer and fall, and are looking forward to a great 2015. I’ll review some chapter highlights in a bit, but as I’m writing this on Veterans Day and the anniversary of the Battle of the Bulge is approaching, I wanted to share a story of the military-industrial partnership in action that I

suspect has been largely forgotten.

If asked to name some of the significant technical achievements that came out of the Second World War, you’d probably come up with the atom bomb, radar and perhaps the jet engine. But how many people would think of the proximity fuse?

I stumbled across this story while reading Rick Atkinson’s The Guns at Last Light, and a little bit of internet research filled in the holes. Up until the early 1940s, artillery and anti-aircraft shells detonated as a function of time or contact with the target, which was tremendously inefficient, not to mention difficult. The proximity fuse (also called the “VT” or Variable Timing fuse) revolutionized gunnery by detonating the shell when it sensed it was near the target or approaching the ground, a technological innovation that, it could be argued, changed the course of the war.

How so? Well, the situation was looking pretty grim for the Allies when the 5th and 6th Panzer Armies crashed into Belgium on the morning of December 16th, 1944, kicking off the Battle of the Bulge. Gen. Eisenhower released the new fuse for use soon after the battle started, and it had an immediate impact on disrupting German troop concentrations and supply routes. There is some debate as to whether it really turned the tide of battle, but prisoner reports left no doubt that it was a demoralizing weapon. Gen. George Patton would write that, “The new shell with the funny fuse is devastating.”

So what does this have to do with the Delaware Valley? Well, the VT fuse was invented around 1940 by the British who, needing facilities for mass production, took the idea to the US, initiating a massive government/industry development program that needed breakthroughs in electronics, packaging, power storage, and mass production to be able to turn out millions of fuses that would be

affordable and withstand the stresses of being shot out of a gun at high velocity. Procurement contracts increased from $60M in 1942 to over $450M in 1945 as the cost per fuse fell from $732 to $18. And (here it comes), while a number of companies were involved in the production effort, over half of the ten million fuses produced between 1942 and V-J Day were built by RCA Victor at its plants in Camden, New Jersey and Bloomington, Indiana.

Needless to say, I’ve glossed over a lot of the details, but it is an interesting story and was more fun to write than another piece about sequestration. In addition to shedding some light on a little-known aspect of our region’s contributions to national defense (one old RCA publication I found online said, “The fuse, next to the atomic bomb, was the best-kept secret of the war.”) The tale of the VT fuse also highlights the great things that the government-industry partnership can accomplish when everything is on the line – something that all of us in this business can be proud to say.

And it is the promotion of that partnership that is the whole point of the NDIA Delaware Valley Chapter. We continued our efforts during the latter half of the year, holding another successful golf outing at Tavistock in August to raise funds for our scholarship and sponsorship programs. Many thanks go to Bob Coates of L-3 SPD Electrical Products who once again led the event committee, and to all of our sponsors and golfers for a great day. We look forward to returning to Tavistock on August 3, 2015 – mark your calendars!

We also broke some new ground this year, under the able leadership of our board members Brian Gocial, partner at Blank Rome LLP, and Joe Welsh, Attorney at Law, in joining Drexel University in co-sponsoring a seminar on cyber security at Drexel in September.

Delaware Valley Chapter

NDIA Delaware Valley Chapter

NewsletterVolume 13, Number 1 December 2014

Inside this issue:Letter from the President ......................................... p. 1Navigating Cybersecurity ..........................................p. 2NDIA Shark Tank Competition ................................ p. 2/3Industry is Under Attack ............................................ p. 4NDIA Golf Outing ........................................................ p. 5

December 2014 NDIA Delaware Valley Chapter Newsletter

CONT... p3

Note from the Chapter President

2 December 2014 NDIA Delaware Valley Chapter Newsletter

On Tuesday, September 9, 2014, the NDIA Delaware Valley Chapter sponsored the seminar “Navigating Cybersecurity: Best Business Practices” with Drexel University. Co-sponsors of the event included the Greater Philadelphia Chapter of the National Contract Management Association and the William Penn Chapter of the Association of the United States Army. Eighty-eight people attended to hear government, business, legal and technical experts discuss the cybersecurity threat and how business can adopt best practices to identify vulnerabilities and implement a secure cyber infrastructure.

The first panel discussion was titled “Cyber Security Threats that All Businesses Face”, moderated by Col. Norm Balchunas, USAF (ret.), Director of Operations, Drexel University Cybersecurity Institute, with panelists LTC Scott A. Nelson, Commander of the Special Operations Command Army Reserve Element; Jack Tomarchio, Esq., Buchanan Ingersoll & Rooney PC, former Principal Deputy Under Secretary for Intelligence and Analysis Operations Department of Homeland Security; and Ed Lowery, U.S. Secret Service, Criminal Investigative Division, Special Agent in Charge. The panel discussion began with the ominous note, “We are at war”, but the war referred to was not the traditional type of war we are accustomed to fighting with “boots on the ground”. This war is in cyberspace and is fought over the internet, but it can have very real and potentially devastating effects for our businesses, critical infrastructure and national security. The panelists discussed the pervasive nature of the terror threat from the Chinese military to the Russian mafia to mere hackers and unwitting employees who click on the wrong link or download the wrong file. A common theme among the panelists was that businesses must not view cybersecurity as merely a technical issue, but an operational one. While technology will undoubtedly play an important part of enhanced protections, increased education and awareness for all employees about the cyber threat and how to detect and respond to infiltrations is vital.

The second panel discussion was on Risk Assessment and Compliance Issues. Moderated by Joseph Welsh, Esq., NDIA Delaware Valley Chapter Board Member, panelists included Jay Weinstein of L-3 Communications and the Defense Security Information Exchange and Steven L. Caponi, Esq., Co-chair of Blank Rome, LLP’s Cyber Security and Data Privacy Group. The discussion focused on the NIST Cybersecurity Framework and how businesses can use the document to conduct a risk assessment and gap analysis for a concern’s current cyber hygiene posture. The panel also touched on the cybersecurity requirements for Department of Defense contractors, DFARS 204.7300 – 204.7303, Safeguarding Unclassified Controlled Technical Information, and the fifty-one minimum specific cyber security requirements from the clause.

The Keynote speaker was Keith Morales, Information Security Officer & Assistant Vice President of the Federal Reserve Bank of Philadelphia. Mr. Morales shared his experiences on the leading edge of the cyber war and the measures instituted by the Federal Reserve Bank to protect our nation’s financial institutions.

The last panel discussion was moderated by Steven Weber, PhD., Director of the Drexel Cyber Security Institute, and included a discussion on Innovative Solutions to Counter the Cyber Threat.

Navigating Cybersecurity: Best Business Practices

CONT... p3

Delaware Valley Chapter

December 2014 3

On November 6, 2014, NDIA Delaware Valley Chapter Board Members attended the Second Annual Veteran Shark Tank Competition, a unique event hosted by the Greater Philadelphia Veterans Network (GPVN). GPVN is a non-profit organization with three goals: (1) Ensure veterans have career services programs and mentors available to help accelerate their job search; (2) Offer Veteran Entrepreneurship programs; and (3) Generate job leads by networking with business leaders in the Greater Philadelphia area who are looking to hire veterans. Similar to the popular show Shark Tank, aspiring veteran entre-preneurs had the opportunity to “pitch” their business plans to a panel of local CEOs and business leaders from PECO, Sugar House Casino, the American Red Cross of Southeastern PA, Scout Ventures, and Stallvalle.com. This year the panel selected two winners: Theo Gerstle from Osiris Biomedical who received a $10,000 cash award, and Nick Degiglio, a young combat veteran from Warrior Custom Concrete who will receive $10,000 worth of business services. A Philadelphia Business Journal article regard-ing the event and the five veterans who presented their plans is available here. GPVN is a wonderful organization and we proudly support their mission of helping veterans meet their career goals through a number of programs and networking opportunities. The NDIA Delaware Valley Chapter and GPVN have hosted joint events in the past and look forward to future collaborations to assist our veterans in finding employment within our region’s Defense Industrial Base.

Panelists included Vinny T. Sakore, Cloud Security Lead for Verizon & ICSA Labs, and Emilian Papadopoulos, Chief of Staff at Good Harbor Security Risk Management, LLC.

Attendees provided extremely positive feedback about the presenters and the information conveyed. Our NDIA chapter continues to seek opportunities to provide small and medium size companies the resources and knowledge required to protect the Defense Industrial Base in our region. Additional cybersecurity workshops are planned for 2015. If you’d like to get involved or obtain additional cybersecurity information for your company please contract Gocial@blankrome.com.

By: Brian Gocial

Navigating Cybersecurity: Best Business Practices (CONT)

From the EditorWhat do you think of this newsletter? How can it be improved? Do you want your company profiled in a future issue? Would you like to contribute a feature article in a future issue? Send me your feedback and suggestions so that we can improve this publication with each issue. skeenan@agi.com

NDIA-DV Supports Veterans Shark Tank Competition

Note from the Chapter President (CONT)

Finally, I’d like to thank our federal liaisons from the US Air Force, LtCol Mike Fenimore and SMSgt Rob Shafer, and the 6th Airlift Squadron at Joint Base McGuire-Dix-Lakehurst for hosting our September board meeting. All those C-17s on the flight line were a sight to behold. And, of course, thanks to all our board members who hosted meetings during the course of the year.

And thanks for reading this letter all the way through! I wish everybody a wonderful holiday season and all the best for the New Year.

Juan Peñalver - Lockheed Martin MST

4 December 2014 NDIA Delaware Valley Chapter Newsletter

Why This Question (Are You Ready?) Is So ImportantLast month we introduced “Are You Ready?” with the promise of addressing cyber-security topics in each issue, explaining each and articulating their importance. This month we lay the foundation for many future topics. Why is this important? Plain and simple the defense industry … our industry … is under attack.

The Internet: Land of “Opportunity”Regrettably, hacking episodes and data losses have become all too commonplace within our society. Undoubtedly, many of you have been impacted by one or more of these attacks; data breaches have affected 100+ million users. Since 2000, the number of users of the internet has increased from 350 million to nearly 3 billion, 40% of the world’s population and growing! The Internet is today’s business and communication enabler. It is also fertile ground for the darker side of “opportunity” by criminal, hacktivist, or nation state attackers who seek to protest, extort, enact revenge, or just plain steal. Attackers are illegally obtaining intellectual property for economic advantage and cyber-espionage to support national interests. The question “Are You Ready?” takes on a whole new meaning when considering impacts applicable to the world of servers, networks, and mobile connected devices that store, process or deliver information.… the Internet.

What about the Defense Industry? The impact of the Internet on the DOD and the Defense Industrial Base is dramatic. With the arrival of the new millennia both government and industry became aware of a new and quite serious threat they began referring to as the Advanced Persistent Threat or “APT.” The APT is made up of groups that are typically nation-state sponsored or government-affiliated. Recently hacktivists and lone attackers have joined the ranks of the APT. APT attacks are “advanced,” in that they are sophisticated in their tactics, well-organized and well-funded. They are “professional caliber” adversaries. They are also “persistent.” APT attackers are in this for the long haul, as witnessed by their conduct of “campaigns,” some of which last many months, even years, evolving their tactics to combat defenses placed in their paths. The APT represents a real threat to national security and the well-being of every company supporting this industry. It’s advanced. It’s persistent. It’s dangerous. It’s a formidable threat.

What are Attackers After? Specific to our industry, attackers are seeking information related to military hardware, software and systems (i.e. aeronautic, marine, ground, and space-based platforms and their supporting weaponry, electronics, targeting and guidance systems, etc.).

DOD spending on Cyber has increased in a climate of challenged defense budgets. Cyber has been deemed a warfare domain joining Air, Sea, Land, & Space. Although we often think “classified” data when discussing defense systems, in this instance we’re actually talking about our unclassified networks (i.e., typical company computing environments with email systems, websites, and file sharing, to include finance and HR systems), which encompasses practically any company that has Internet presence doing business in the defense industry. In fact, recent activity shows adversaries moving toward the 2nd and 3rd tier companies in the supply chain. Attackers have learned that targeting these environments, if successful, can provide an opportunity to launch more sophisticated attacks.

How are Attackers Doing this?From a vulnerability perspective just about anything connected to information technology is a potential entry point, including humans. The essence of a cyber-intrusion is that an attacker must first breach a computing environment, then establish a foothold inside that environment and from there take actions, typically to exfiltrate information. They may scan networks for weaknesses or backdoors that offer opportunities to plant a virus or malware. They may masquerade as an authorized user by employing stolen credentials, login IDs and passwords to attempt a breach. They may insert malware into a legitimate website frequented by those in our industry, commonly referred to as a “watering hole.” They may even take advantage of unknown vulnerabilities in an application, embed malware in an attachment using that application and send a carefully crafted email to employees within the targeted company (spear phishing). Whether it’s exploiting technology or humans, the objective is to breach the computing environment and establish an inside foothold behind perimeter protections. If successful, the attacker will establish “command and control” in the target environment, or in common parlance, they “own” it. How can we defend against this?

Intelligence Driven Defense: A Game ChangerWhat if you could understand the phases or chain of events an attacker must go through to be successful? Defending diverse environments requires a risk strategy with foundational elements of Cyber Security enhanced with process and procedures providing network, system, and operations security visibility and integration for an Intelligence Driven Computer Network Defense(1). In the face of APT, one’s security posture must possess the maturity to mitigate evasive, coordinated, repeated, and highly targeted attacks. Accomplishing this requires a higher order understanding of cybersecurity risks to include the adversaries, their tactics, techniques, and procedures, their motivations, and their objectives.

NDIA Our Industry is Under Attack... Are You Ready?

CONT... p5

Delaware Valley Chapter

December 2014 5

The 2014 NDIA Delaware Valley Chapter annual golf outing on August 4, 2014 was a swinging success. Held at the Tavistock Country Club in Haddonfield, NJ, 104 golfers from Delaware, Maryland, New Jersey, Pennsylvania

and Virginia endured a bright sunny day with modest humidity and a golf course in near perfect condition. Golfers arrived to a cheerful registration desk manned by the volunteers from Parts for Life! With tee prizes in hand, a fantastic lunch was served outside on the patio.

The round of golf was a shotgun start at 12:00 noon. The roving beverage cart and refreshments placed throughout the course kept all participants nourished as the battle ensued for bragging rights of victory at this prestigious event. The winning team from Aerotek with a 61 or -11 for their round was closely followed by the top ten teams within 5 strokes of victory. The six longest drive and closest to the pin contests were awarded to different players as well.

Happy hour was kicked off with an open bar and some hot wings to get the appetite going. The buffet dinner featured numerous hot entrees, with crab cakes going like hotcakes! Prizes were awarded to the top ten finishers and contest winners and various items were raffled off, including a large flat screen TV to Susie Swider at AGI

for an amazing third time. When you see Susie, rub her head for good luck. Special thanks go out to Earl Grimm for the handmade golf clubs he donated and the Air Force for bringing the iconic F-22 fighter jet to the first tee!

We are already looking forward to next year. Same venue with the date of August 3, 2015, a date you should put on your calendar NOW! Also start thinking now about sponsoring a contest, a hole, beverages, dinner or create your own! Remember sponsors will be invited to the ROTC luncheon at the Union League!

NDIA Golf Outing “Tees Up” A Great Event

The Cyber Kill Chain™ (CKC) lays out the seven steps required for an adversary to be successful in attacking a target. The model identifies what the adversaries must complete in order to achieve their objective. From reconnaissance to actions on objectives, stopping adversaries at any stage breaks the chain of attack. For example, an adversary monitors a conference website to select attendees as targets and progresses thru the CKC to gain full access to the target victim’s systems to have “hands on keyboard” to access network shares and hop from computer to computer. Adversaries must completely progress through all phases for success; this puts the odds in our favor as we only need to block

them at any given single step to successfully defeat them. Every intrusion is a chance to understand more about our adversaries and use their persistence to our advantage. Now, instead of using a “whack-a-mole” (the old carnival game) strategy for defending your enterprise (i.e. waiting for the next attack to surface somewhere), you can build an ever-maturing approach to stop an attack, requiring an attacker to successfully navigate a host of defensive efforts before ever being able to consider “actions on the objective.”

This is the fight facing our industry today. The battle is real and the question “Are You Ready?” is as important as ever.

NDIA Our Industry is Under Attack... Are You Ready? (CONT)

6 December 2014 NDIA Delaware Valley Chapter Newsletter

PresidentMr. Juan R. PeñalverLockheed Martin Mission Systems and Training (MST), Moorestown, NJjuan.penalver@Lmco.com

1st Vice PresidentMr. Brian Gocial, Esq. Blank Rome, LLP., Philadelphia, PAgocial@blankrome.com 2st Vice PresidentJoe WelshCollegiate Consortiumjosephpwelsh@gmail.com

Publicity: C. Randy ReevesLife Cycle Engineeringrreeves@lce.com

Secretary/TreasurerJosef N. Grossmann Lockheed Martin MSTMoorestown, NJ josef.n.grossmann@Lmco.com

DirectorsRobert CoatesL-3 SPD Electrical SystemsRobert.Coates@L-3com.com

Alan J. CriswellAmerican Competitiveness Institutecriswell@aciusa.org Anthony A. DeMarco PRICE Systems, LLCanthony.demarco@pricesystems.com James A. DonahueStrategic Management Consultingjadonahue@rcn.com

Mr. William (Bill) EckerleEHS Technologiesbeckerle@ehstech.net Larry G. FanningDay & ZimmermannLarry.fanning@dayzim.com Paul GrayTriman Industries, Inc.Paul@trimanindustries.com

Joseph C. HareRhoads Industries, Inc.jhare@rhoadsinc.com Thomas HarrisValley Forge Scientific, LLCtbharrisphd@gmail.com Mr. Miguel Hughes Winthorpe Groupmdhughes78@gmail.com

Henry LeipertSciCast, Inc.H.leipert@scicast.com

Jane LowensteinJanBara & Associates jlowenstein@janbara.com

Mark G. Mortenson, ESQ.General Resonancemort5@earthlink.net John J. MulhernFels Institute of GovernmentUniversity of Pennsylvaniajohnjm11@verizon.net

David J. ParryTechline technologies, IncMpswilgro@aol.com

C. Randy ReevesLife Cycle Engineeringrreeves@lce.com

Daniel J. Rhoads, Jr.Rhoads Industriesd2@rhoadsinc.com Thomas U. Seigenthaler, RADMNDI Engineering Companytseigenthaler@ndieng.com

William J. SwahlColony Consultingb.swahl@comcast.net Francis M. WaltonNDI Engineering Companyfwalton@ndieng.com Paul WelshAnalytical Graphics, Inc.welsh@agi.com

Mr. Paul Trenholm Derbyshire Machine & Toolpt@derbyshiremachine.com

Mr. Sam Thevanayagam Parts For Life, Inc.sam@partslifeinc.com

Government LiaisonLtCol Michael C. FenimoreUSAF 314th RCSmichael.fenimore@us.af.mil

Patricia WoodyNAVSSESpatricia.woody@navy.mil

Corporate MembersVisit link to see a list of our Chapter Corporate Members:www.ndia-dvc.org/corplinks.htm

2014 Chapter Board of Directors Directory