2007 Issue 2 - Raytheon


2007 Issue 2 - Raytheon




2007 Issue 2

Raytheon Secure Systems and Networks

Delivering Mission Assurance in a Hostile Cyberspace

A Message From Dr. Taylor W. Lawrence


Vice President of Engineering, Technology and Mission Assurance

The Information Age is dramatically changing the scope of threats our customers

must be prepared to counter. They need systems that can quickly put actionable

information into the hands of the appropriate personnel who need it, when they

need it, over absolutely secure channels. This requirement is something I regularly

hear from our customers, and something I spent considerable time on while I was

staff director for the U.S. Senate Select Committee on Intelligence.

Access and security … that is quite a balancing act. As you will read in this issue

of Technology Today, Raytheon is a leader in providing secure systems and networks

to deliver Mission Assurance in a hostile cyberspace. The following pages include

feature stories on multi-level security, information assurance and intrusion-tolerant

systems, as well as on the Compartmented High Assurance Information Network

(CHAIN) we are developing and deploying for the Defense Advanced Research

Projects Agency (DARPA).

This issue also launches a new leadership column, which presents thoughtful

comments about strategy and direction from our corporate leads in Engineering,

Technology and Research, Operations, Performance Excellence, and Mission

Assurance. In the inaugural column, Heidi Shyu, vice president of corporate

Technology and Research, discusses her approach to creating an enterprise-wide

technology vision and direction, and the importance of disruptive technologies.

Last but not least, I would like to congratulate our Excellence in Engineering and

Technology Award winners. Seventy-eight outstanding Raytheon engineers and

technologists were recognized in April with the company’s highest technical honor.

As a technology company, Raytheon is determined to stay on the leading edge of

innovation to help us fulfill our mission of ensuring customer success. The efforts

of these award recipients have made a significant contribution to this success, and

to the success of our company. For that, they all deserve our thanks and gratitude.

Until next time …

Dr. Taylor W. Lawrence

Technology Today is published

quarterly by the Office of Engineering,

Technology and Mission Assurance

Vice President

Dr. Taylor W. Lawrence

Managing Editor

Lee Ann Sousa

Editorial Assistant

John Cacciatore

Art Director

Debra Graham


Rob Carlson

Alain Ekmalain

Dan Plumpton

Bob Tures

Publication Coordinator

Carol Danner


Sue Booth

Kelly Lei

Matthew Rixon

Larri Rosser

Sharon Stein

Kevin Wynn


Secure Systems and Networks Overview:

Addressing the Challenge of Information Warfare 4

Ensuring That Our Systems Can Be Trusted 5

The Benefits of Multi-Level Security 8

Intrusion-Tolerant Systems 12

Wireless Honeypots 14

Raytheon Human Review Manager 15

Information Assurance and Survivability Research at DARPA 17

CHAIN: Compartmented High Assurance Information Network 18

Information Assurance: A Holistic Approach 20

Leaders Corner: Q&A With Heidi Shyu

Eye on Technology


Architecture and Systems Integration 23

Processing 24

EO/Lasers 26

RF Systems 27

Materials and Structures 28

Raytheon Enterprise Process Group Workshop 30

Software Engineering Process Group Conference 31

Excellence in Engineering and Technology Awards 31

CMF Profiles: Driving Innovation Into Everything We Do 32

Getting to Know Your Raytheon Certified Architects 33

IPDS Version 3.2: Delivering a Streamlined Process Foundation 34

Raytheon Six Sigma Business Excellence 36

U.S. and International Patents 38


Picture a scenario where the power goes out. Your cell phone is dead, the Internet is

inaccessible. Airports, trains, banks, traffic lights, power grids, telecommunications are

all shut down. You hear that the United States has been attacked — not by conventional

weapons, but by cyber attack. This threat is very real. In fact, very recently, Estonia’s

civil and financial infrastructures were crippled by cyber attacks in what some are calling

the first cyber war. It is a threat to our homeland and to the warfighters who defend

our freedom.

This issue highlights Raytheon’s efforts to detect and deter an ever-growing barrage of

cyber threats to our systems and information at home, as well as those mission-critical

systems our warfighters depend on to complete their mission. You’ll get a look at the

Human Review Manager system being developed out of Raytheon’s IIS business, as well

as the wireless honeypot research Raytheon’s NCS business is co-sponsoring with the

University of Florida, to name a few.

You’ll read about urban warfare challenges, gallium nitride technology and metamaterials,

as well as the upcoming release of IPDS version 3.2.

We hope you enjoy this issue, whether in hard copy or online at


If you have any ideas or suggestions for future articles, please drop us a note at


As always, I look forward to your comments. Enjoy!

Lee Ann Sousa



Addressing the Challenge of

Information Warfare

feature overview

It is no surprise that information assurance,

or information security, is a top

priority concern for Raytheon and our

customers. Information assurance protects

systems and networks from loss of availability,

integrity, confidentiality, authenticity

and control or ownership. It includes measures

taken to detect and respond to cyber

threats. It is what makes systems and networks

secure. This is critical to delivering

Mission Assurance in the age of information

warfare. When members of the armed

forces rely on our technology, they depend

on us to do the job right — regardless of

whether they are facing an enemy on the

battlefield or in cyberspace.

Our military customers need secure systems

that also handle multiple levels of security.

Modern security classification practices

have been used since the mid-20th century

to protect sensitive information at various

levels, granting individuals access to information

according to their “need to know.”

In today’s world, many military systems

must create, transmit, store and process

dynamically changing information at multiple

levels of security and deliver it to the

right users at the right time. Information

must not leak from one security domain to

another, either by accident or by the malicious

intent of a user, administrator or an

external attacker. Several articles in this

issue discuss how Raytheon is addressing


different challenges in engineering multilevel

secure information systems.

Raytheon has established a dependable and

repeatable process for engineering information

assurance into its systems. Our process

incorporates federal standards and guidelines

with Raytheon best practices to ensure

that the systems we develop can be trusted.

It covers engineering activities from information

assurance requirements development

through system certification and accreditation

(C&A). The process addresses many

challenges, such as developing a secure system

that contains COTS hardware and software

components that were not designed

with information assurance in mind.

Network architectures, links, routers and

protocols must be secure, reliable and

robust, delivering a high quality of service

under attack. Our dependence on networks

will only grow as the military realizes its

vision for the Global Information Grid (GIG)

and its Net-centric Enterprise Services

(NCES). This global network of systems will

manage and deliver information on demand

to warfighters, their leaders and support

teams. Networks will need to be self-healing;

they must know their attackers, learn

their goals and adaptively respond.

One of the steps Raytheon is taking toward

that goal is highlighted in the article on a

honeypot for wireless networks. A honey-

Our nation needs secure computers and networks

that deliver Mission Assurance even

in hostile cyberspace. Information warfare is

a valid strategy for attacking military forces

as well as a nation’s critical infrastructures.

A war could be won in cyberspace without

firing a shot, by successfully compromising

information systems and networks that are

essential to banking, utilities, industry and

our national defense.

pot is an information system that is used to

attract, confuse and observe attackers, and

to identify the threats they pose so that

these threats can be mitigated.

Raytheon is conducting internally funded

research to address anticipated and real

customer needs that no currently available

security technology can meet. An example

discussed in this issue is intrusion tolerance

— the ability of a system to tolerate malicious

faults. This enables a system to operate

under sustained cyber attacks, including

new and unknown attacks. Coupled with

self-regeneration, the ability to automatically

and fully restore all services after an

attack, intrusion tolerance will be a major

step forward in delivering Mission

Assurance in hostile cyberspace. Raytheon

recently participated in DARPA’s Self-

Regenerative Systems (SRS) program, and is

now working to transition the results of

SRS and other DARPA programs described

in this issue to make such capabilities realizable

in future systems.

Raytheon is also teaming with universities

and small businesses to develop and apply

technologies that address security challenges

on many fronts, such as improving

the survivability of wide area networks, and

mitigating the “insider” threat presented

by malicious users. •

Tom Bracewell


Ensuring That

Our Systems

Can Be Trusted

The systems we build must be trustworthy.

That is because the information

they provide is used to make

decisions on matters of national defense,

national security and public safety. Often,

these decisions directly concern the safety

of the military personnel and public officials

of the United States and our allies.

Therefore, the end users of our systems —

our customers — demand trustworthy


All information technology (IT) systems

must be certified and accredited in accordance

with national policies, federal standards

and agency guidelines — regardless

of the sensitivity of the information

processed on those systems. These standards

and guidelines define the certification

and accreditation (C&A) processes 1 and

information assurance (IA) requirements 2

used to ensure that IT systems can be trusted

to protect the confidentiality, availability,

integrity and non-repudiation 3 of the information

they process.

Proving that our systems are trustworthy is

the focus of our customers’ C&A processes.

The end goal of C&A is to achieve the

approval to operate a system by verifying

that it provides protection at an acceptable

level of residual risk.

The customers’ C&A processes do not tell us

how to successfully turn a system concept

into a secure, certifiable system, and they do

not provide a common, unified process for

achieving C&A. A common process was first

developed by the Information Assurance

Technical Framework Forum (IATFF) and

termed the Information System Security

Engineering (ISSE) process. It provides a standard,

dependable way to engineer certifiable




• Disposition of the DIACAP

registration information

and system-related data



Maintain authority to operate

and conduct reviews

• Maintain situational awareness

(revalidation of IA controls must

occur at least annually)

• Impact IA posture

Figure 1. DIACAP Activities Summary

systems and to implement C&A processes. In

2005, Raytheon integrated the ISSE process

into its common engineering and product

development process.

The C&A processes and Raytheon’s ISSE

process are integrated into system development

from the program startup through

deployment. They affect requirements

analysis, system design, development, testing

and deployment.

Certification and Accreditation

Our customers’ C&A processes are all variations

on DoD IA C&A Process Guidance

(DIACAP). DIACAP is derived from the DoD

Information Technology Security

Certification and Accreditation Process

(DITSCAP), an earlier standard that it recently

superceded. Different customers have tailored

versions of the C&A process, but they

all work largely as DIACAP does today.

The DIACAP process (see Figure 1) consists

of five phases or activities:

1. Initiate and Plan IA C&A (Definition) –

Define and agree on the system

requirement and mission security levels

2. Implement and Validate Assigned IA

Controls (Verification) – Verify that the

DoD Information Systems

• AIS Applications

• Enclaves

• Platform IT


• Outsourced IT-Based


Issue certification determination

• Make accreditation decision


• Register system with DoD

component IA program

• Assign IA controls

• Assemble DIACAP team

• Review DIACAP intent

• Initiate DIACAP

implementation plan

• Execute and update DIACAP

implementation plan

• Conduct validation activities

• Compile validation resuls in

DIACAP scorecard

design works and provides the right


3. Make Certification Determination and

Accreditation Decision (Validation) –

Test the system to ensure it meets all

relevant security requirements and can

operate at an acceptable level of risk

4. Maintain Authority to Operate and

Conduct Reviews (Post Accreditation) –

Ensure that the system maintains its

security configuration and all changes

are properly documented

5. Decommission System

The C&A process and system development

begin with analyzing program objectives,

identifying the specific standards and

guidelines applicable to the program, and

translating these into system level requirements.

At this stage, it is important to

forge an agreement with the key stakeholders

involved in the system development

and C&A process.

A continuing partnership must be established

at the beginning of the program

between the customer program office and

Continued on page 6

1 C&A processes are defined by DITSCAP, DIACAP, DoDIIS C&A Guideline, NIACAP, NISCAP and NIST SP 800-37.

2 Principal IA requirements documents are DCID 6/3, DoD 8500.2 IA controls and NIST SP 800-53A.

3 Non-repudiation is a property achieved through cryptographic methods which prevents an individual or entity from denying having performed a particular action related to data

(such as mechanisms for non-rejection or authority (origin); for proof of obligation, intent, or commitment; or for proof of ownership).



Initiate and plan IA C&A


Make certification determination

and accreditation decisions

Implement and validate

assigned IA contracts



Continued from page 5

the various stakeholders involved in the

C&A process. Early involvement keeps the

stakeholder aware of the challenges in

securing the system. The typical stakeholders

include the program management

office, systems developers and integrators,

the designated approving authority (DAA),

certification authorities and the user organization.

This partnership is often referred to

as a security accreditation working group

(SAWG). It uses a disciplined vetting

process to tackle and resolve security issues

in order to help achieve accreditation.

During development, the engineering team

must design a system to be compliant with

applicable security policies and directives.

The C&A engineer works closely with other

engineers to ensure this compliance, and to

ensure that IA operational details are captured

in required IA documentation. The working

relationship between the C&A engineers and

others can make or break the accreditation of

the program’s cost and schedule.

All hardware and software components are

analyzed to determine whether they are IA

or IA-enabling products that provide or

support security functionality to protect

sensitive information. These products

include commercial off-the-shelf (COTS) or

government off-the-shelf (GOTS) operating

systems, firewalls, intrusion detection systems

(IDS), and virus protection or encryption

devices. During system development,

engineers, technicians and managers conduct

trade studies to select IA products

from a common criteria–evaluated products

list of approved IA hardware and software.

Products must be evaluated in accordance

with specific standards.

Engineers are supported throughout the

C&A process by a Web-based knowledge

service (KS) provided by the DoD

Information Assurance Certification and

Accreditation Program (DIACAP). This service

provides an authoritative source of C&A

information. It contains a library of tools,


Ensuring That Our Systems Can Be Trusted

diagrams, process maps and documents to

support execution of the DIACAP. It offers a

workspace for DIACAP users to develop,

share and post lessons learned, best practices,

and IA events and news. It also provides

developers with an online tool for

C&A documentation development.

There are several types and levels of accreditation.

The system owner will seek formal

accreditation for one of the following:

• Site-based accreditation – All systems at

a single site are consolidated under a

single set accreditation

• Type accreditation – Multiple instantiations

of similar systems with similar configurations,

and similar environments at

various locations. Each instantiation is

under the same Principal Accrediting

Authority (PAA).

• Accreditation of similar systems – Similar

systems are essentially the same based

on need to know and access level. The

Master Systems Security Plan

(SSP)/Systems Security Authorization

Agreement (SSAA) may be used for this

type of system under the same PAA.

An accreditation boundary that contains all

the hardware and software that composes

the operational system defines the scope of

the system to be accredited.

A system must be accredited to operate

at a particular protection level or Mission

Assurance category. These levels and categories

determine how much security is

required based on the sensitivity of the information

processed, who has access to the

information, and what assurances the system

will provide to protect the information.

Accordingly, they affect the level of effort

required for certification and accreditation.

There are a number of critical success factors

in executing the C&A process, including:

• Ensure that program and security managers

develop a C&A strategy and get

early buy-in from stakeholders

• Make certain that engineering and

security management collaborate on the

design to ensure that functional and

security requirements are nailed down

• Select hardware and software products

that meet the assurance levels according

to the common criteria

• Keep accreditation boundaries simple

so they are clearly understood by the

accreditation authority

• Use the security accreditation working

group to resolve IA issues;

preserve meeting minutes for records of

activities discussed and agreed upon

during discussions

• Include all C&A activities in the

master schedule

• Pay particular attention to CT&E and

ST&E activities to ensure all relevant test

cases are developed and the results of

those test activities validate the security

features and functions

• Separate security deliverables from functional

deliverables; security deliverables

are reviewed and approved by officials

with concerns that are separate from

functional requirements

• Plan adequate time and resources to

fix the findings after the evaluation

is complete

The Raytheon ISSE Process

Raytheon’s Information System Security

Engineering (ISSE) process is a systems

engineering process that addresses the

security needs of the system owners and

users. It is a generic process designed to

meet our diverse customer base. Its purpose

is to build trust into the systems we

deliver in a reliably repeatable manner.

The steps in the ISSE process mirror those

in the systems engineering process we use

to define and decompose our customers’

requirements, and develop and deliver their

systems at the consistently high level of

quality they expect. The process is formalized

into five process activities. The integration

of ISSE steps with each phase of the

various C&A processes is shown in Figure 2.














Assess information protection effectiveness


Initiate and plan the IA C&A (Phase 1) Verification

Implement & validate IA Controls (Phase 2)

Certification determination

Validation Post accreditation

(Phase 3)



Figure 2. C&A and ISSE processes





Step 1: Discover customer’s information needs

The first activity in the ISSE process is to

discover the information needs of the customer.

This involves gaining a thorough

understanding of the user and the user

environment of the system, as well as the

data on the system and any data movement

into or out of the system (i.e., data

flow). Understanding this lets the security

engineer develop a sense of the security

risks associated with the final deployment

of the system. Continued communication

with the customer is critical to fully understanding

their view of the necessary security

of the system. In these discussions, however,

both sides should also agree that

security is not an absolute — building security

into the system must be a risk mitigation

activity. The focus of the second activity

is the acceptable level of residual security

risk that shapes the security requirements.

Step 2: Define specific system

security requirements

Defining specific system security requirements

is the goal of the second activity in

the ISSE process. Using the customer

understanding gleaned in activity one, the

security engineer must define system secu-








Development and verification

Validation and testing




Deployed &



(Phase 4)

Post accreditation




(Phase 5)

rity requirements that will ensure the security

needs of the customer are met. This

also includes ensuring that the system will

meet any and all C&A standards levied on

the system. Other than being security-specific,

these requirements must adhere to

the common requirement writing guidelines

to which all requirements should adhere. A

well-written set of security requirements

paves the way for activity three.

Step 3: Define a system architecture

The third ISSE activity is to use the requirement

set defined above and the understanding

of the customer’s needs to define

a system architecture. Here it is critical for

the systems engineer and the security engineer

to work together to create a system

architecture that meets all of the functional

and security requirements. Inevitably, this

requires compromise on both sides. As

with functional requirements, meeting

security requirements must be balanced

with the customer’s cost and schedule

needs. On the other hand, the security

requirements of the system often create

the need for the functional requirements to

be met with new approaches.

Step 4: Develop a detailed security design

Once a system architecture has been

defined that meets both sets of requirements,

the fourth ISSE process activity can

begin: developing a detailed security

design. In this activity, security engineers

use their knowledge of security products,

security functionality of non-security

products, the interaction of these products

with the custom code being developed

for the system, and the underlying hardware

and software standards to create a

build-to design that meets the security

requirements and aligns with the

approved architecture.

Step 5: Implement detailed security design

The final ISSE activity is to implement the

detailed security design. It is here that the

security engineer interacts with other

system implementers to create the system

captured in the system architecture above.

It is also here that shortcomings of the

detailed design or in the system architecture

come to light, causing the design and

sometimes even the architecture to be

tweaked. The security engineer must be a

part of all such tweaks to ensure that the

security requirements are eventually met.

All necessary testing to sell off security

requirements and to meet C&A expectations

also occurs during activity five.

The ISSE process allows us to assure our

customers that we can reliably address

their security needs. Addressing our customers’

security needs instills trust in the

data our systems process and store. It also

verifies that the data has not been tampered

with and that it will be available

when needed to all those (and only those)

who need the data. In turn, this increases

our customers’ trust in us. •

Robert Batie


Jay Coleson




Col. Roger Shell was

the deputy director of

the National Security

Agency’s (NSA)

National Computer

Security Center (NCSC)

as it was formed in the

early 1980s. Dr. Kenneth

Kung joined NCSC in

1984 as one of the

system evaluators using

the famous Orange

Book. He learned his

information assurance

techniques from

Dr. Shell and other

early pioneers in this

field (e.g., Steve Walker,

David Bell, Marv

Schaefer, Earl Boebert,

etc.). Dr. Kung is the

co-author and

contributor to several

other Rainbow Series of

guidelines, while NSA

remains the premier

organization to learn

the latest information

system and weapon

system protection



The Benefits of

Multi-Level Security

Multi-level security (MLS)

has been a holy grail ever

since the early days of

applying computer systems to meet

the automation needs of military

and intelligence systems. In the

1970s, MITRE published a series of

papers (by Bell and LaPadua) that

describe the issues and rules of

determining access rights of individual

users to information, based on

their credentials. In fact, in 1971,

Dr. Roger Schell (then a U.S. Air

Force major) conducted his Ph.D.

research at MIT on the Multics OS

protection rings.

Although multiple initiatives in the

1980s and ‘90s were launched to

tackle the MLS “problem,” the issue

is still with us today. This article

addresses the background of the

issues involved in solving the general

MLS problem. It also describes

both the security functionality and

the assurance needs of the

Department of Defense (DoD) community

of users and possible solutions

to address those needs.

The DoD has a goal of fielding

systems that provide the right information

at the right time to the

right person. In many cases, this

goal is difficult to achieve due to

the security classification of

the data. To properly safeguard

information today, many DoD information

systems are separated in

domains at the highest classification

level of any data in the

domain. They are commonly

referred to as “system high”

domains. If an individual does not

possess a security clearance to

access a domain, they are denied

access to all information within the

domain, even though some of the

information may have originated at

a lower classification and thus

should be accessible to the individual.

To ameliorate this problem,

high-speed guards requiring additional

hardware and processing

overhead, or labor intensive procedures

such as manually reviewing

data, are commonly used when

moving data between domains.

The single-level security domain

paradigm is not compatible with

this time-sensitive collaborative processing

environment needed to

support net-centric operations and

the systems of element approach

where information is first published,

then later subscribed. The concept

of using single-level security

domains results in over-clearing personnel,

over-classifying data and

creating system inefficiencies and

redundancies. To minimize or eliminate

these problems, the concept

of MLS systems was developed.

MLS eliminates the need for these

separate domains. MLS systems

reduce the total cost of ownership

by eliminating hardware and software

redundancies. Top secret,



secret, confidential and unclassified

data all can reside in a single MLS

domain. MLS provides the ability to

simultaneously receive, process,

store and disseminate data of multiple

classifications within a domain

where not all users have the security

clearance to access all the data

within the domain. MLS needs to

permeate into the computing environment

(workstations, servers and

operating systems), the network,

the database and the mission applications

— all must work together

to maintain trust. MLS systems

must assure that users are granted

access to all the data, systems and

services for which they are authorized,

while denying them access if

they are not authorized.

Figure 1 illustrates a traditional

configuration using guards between

security domains on the left and an

MLS enclave on the right.


Information Systems

The next major research milestone

is to tackle the issue of multination-

Traditional: one domain per

security classification Multi-level security (MLS)



Data Store

High Speed Guard

Data Store

High Speed Guard







Data Store



Domain Computing



Figure 1. Traditional vs. MLS Enclaves

Top Secret

Data Store

MLS Domain




Top Secret


Data Store



Data Store



al information systems (MNIS).

MNIS are inherent in battle command

to ensure the timely

exchange of information across all

coalition member domains and

government agencies. Raytheon is

doing research with the DoD to

identify the issues and potential

solutions under a study contract.

With the proliferation of coalition

operations and joint operations, the

issue of information separation

becomes even more challenging.

Not only must the information be

separated by clearance levels with

each country’s security policy, but

well-defined information must be

shared across multiple countries,

where agreements to share are on

a bilateral basis. Information

releasable to certain countries is

not releasable to other coalition

partners. This complicated set of

access control rules makes the Bell-

LaPadula hierarchical security model

of “write up, read down” traditionally

used in MLS systems look simple.

Raytheon is currently working

to solve this demanding challenge

of sharing information in the presence

of multiple compartments

within single security levels.

Trusted Operating Systems

There are several common

approaches when attempting to

provide MLS capability. One is to

use a trusted operating system that

attaches sensitivity labels to all

objects within the domain. (Sun’s

Trusted SolarisTM is an example of a

trusted operating system.)

Sensitivity labels identify security

classification and handling restrictions

of the object. The sensitivity

labels are compared to the user’s

security clearance and privileges to

determine if access to the object is

allowed. These operating systems

are proprietary, tend to be very

difficult to administer, and are at

times extremely cumbersome to

use. Because of their size and complexity,

they have typically been

evaluated only to a medium level of

robustness. Due to administrative

difficulties, customers often prefer

less trustworthy operating systems

such as Windows.

Multiple Independent Levels

of Security

Another approach being developed

to provide MLS capability is called

Multiple Independent Levels of

Security (MILS). Raytheon has been

working with the Air Force Research

Laboratory Information Directorate,

the Cryptographic Modernization

Program and the National Security

Agency for several years on the

foundational components for this

high assurance architecture to support

systems with MLS requirements

and/or Multiple Single Levels

of Security (MSLS).

The goal of the MILS program is to

establish a viable commercial market

for high assurance, standardsbased

commercial off-the-shelf

(COTS) products that can be used

to produce NSA-accredited systems.

By leveraging COTS products that

conform to the DO-178B safety

standard, it is anticipated that the

wider customer base for these products

will result in a lower cost to

DoD security customers.

MILS have a layered architecture

that enforces an information flow

and data isolation security policy.

At the bottom layer of the architecture

is a small but highly trusted

separation kernel. A separation kernel

executes on processors such as

Pentiums and PowerPCs to provide

a virtual machine upon which a

variety of COTS operating systems

(e.g., Windows, Lynux, Solaris, etc.)

can be hosted. The separation kernel

provides a high robustness reference

monitor 1 to enable this separation

and to control communication

between untrusted applications

and data objects at various

levels of classification/caveats on a

single processor. It also enables

trusted applications to execute on

the same processor as untrusted

applications, while ensuring that

the trusted applications will not be

compromised or interfered with in

any way by the untrusted applications,

(see Figure 2). Security policy

enforcement mediated by the separation

kernel is non-bypassable,

always invoked and tamper-proof,

because it is the only software that

runs in privileged mode on the

processor. Thus, systems with applications

at different security

levels/caveats require fewer processing


The separation kernel’s security

requirements are specified in the

NSA’s U.S. Government Protection

Profile for Separation Kernels in

Environments Requiring High

Robustness, now in its final draft. A

separation kernel can be evaluated

to a high level of assurance

(Evaluation Assurance Level (EAL

6+), because it is very small — on

the order of 4,000 lines of

C-Language code. Although originally

targeted to real-time, embedded

systems, the Separation Kernel

Protection Profile (SKPP) has been

generalized to provide the security

requirements for a high assurance

virtual machine on which operating

systems with medium or no assurance,

such as Windows, can execute

in separate partitions without

degrading the assurance of the

overall system.

The Green Hills Software (GHS)

Integrity Separation Kernel is available

commercially and is currently

undergoing evaluation at a high

robustness level by a National

Information Assurance Partnership

(NIAP) accredited Common Criteria

Testing Laboratory. It is targeted for

embedded and server applications

running on PowerPC and Intel ®

processors. The Integrity Separation

Kernel is being used in the

Raytheon’s Space and Airborne

Systems NETSecure internal research

Continued on page 10

1 IAEC 3285, NSA Infosec Design Course,

High Robustness Reference Monitors version 3,

Michael Dransfield, W. Mark Vanfleet.

Raytheon is fielding a

product called CHAIN

(Compartmented High

Assurance Information

Network). CHAIN

permits the separation

of the information by

compartments (as the

name implies). Until

the true MLS system is

available, Raytheon is

fielding CHAIN in

multiple systems to

separate information

from different

domains using the



mechanism. There are

multiple commercial

operating systems that

allow this enforcement.

To upgrade from

compartments to

multi-level security, the

underlying operating

system must meet the

functionality and trust

discussed in this article.


Feature Benefits of Multi-Level Security

Continued from page 9

and development effort to develop an

MLS network processor that can be incorporated

in legacy platforms such as the F/A-18

and B-2 to enable data fusion, sensor

integration, distributed targeting and

net-centric operations.

Two other COTS operating system vendors,

LynuxWorks and Wind River, have also

developed separation kernels conforming to

the SKPP that are available as Beta versions.

In addition, GHS has demonstrated a high

assurance Windows workstation running

on their Padded Cell TM technology, which

is based on their separation kernel.

Separation kernels from the three vendors

have been demonstrated publicly running

a Raytheon application.

Raytheon has also conducted research in

the area of Partitioning Communication

Systems (PCS), which enables trust relationships

and data separation to be established

between processors in a MILS enclave. The

PCS is part of the middleware layer of the

MILS architecture. In effect, the PCS functions

as a data flow guard by controlling

the information that flows between an

application and the network.

When running in a separate partition on

top of a high assurance separation kernel

(see Figure 2), a PCS provides data separation

and controls the flow of information

between processors in a manner that is

non-bypassable, always invoked and tamper-proof.

The PCS also provides separation

by encrypting data before it is delivered to

device drivers or the network interface. This

enables the use of COTS network components

in secure environments and may also

eliminate the need for some guards in cases

where downgrading is not required.

With Objective Interface Systems (OIS) as a

subcontractor, Raytheon is responsible for

the development of the security requirements

documented in the Partitioning

Communications System Protection Profile

(PCSPP). OIS is independently developing

the first PCS, working closely with the three

separation kernel vendors and intends to

have it evaluated at a high robustness level.


MILS - Multiple Independent

Levels of Security

MSL - Multi Single Level

MLS - Multi Level Secure

SL - Single Level

Trusted Path
















Supervisor Mode

MMU, Inter Partition Communications Interrupts

Figure 2. Representative MILS Architecture

The PCS has been demonstrated publicly on

the GHS separation kernel running on Intel

processors. A version of the PCS for

PowerPC is currently under development.

Protection profiles and products for other

MILS middleware components are in various

stages of development. As a subcontractor

to Raytheon under an AFRL CRAD program,

SRI International has started work on a

MILS Network System Protection Profile. A

MILS file system and MILS CORBA protection

profile have also been proposed.

Trusted components such as downgraders,

firewalls, virus protection, and intrusion

detection and protection are employed at

the application level in the MILS architecture.

These efforts are expected to continue

over the next several years.

Guard Technology

Evaluated MILS products are still years away

from being available in general workstations

and servers. In the meantime, there is

a need to provide capabilities to connect

systems composed of various security levels

together, while granting access to only

authorized users of the data. One of the

key technologies that support data sharing

between security domains is the security

guard that sits between different security

domains. Raytheon has developed a product

called High Speed Guard to support the

user community’s need for data sharing

between single-level domains.

Application (User Mode) Partitions





Guest OS/


RTOS Micro Kernal (MILS Separation Kernal)


What Is a Guard, Anyway?

Current security policies require a “trusted”

entity to independently validate data being

moved between top secret, secret and

unclassified networks. These products are

commonly known as “trusted guards,”

“high assurance guards” or just “guards.”

Guards typically function as proxies, providing

security separation between the two

systems being connected. There are three

main functions for a guard:

• Network separation

• Mandatory access control

• Data validation

Network Separation

A guard’s high-security (“high”) side network

interface has an IP address on the

“high” side network while the guard’s low

side network interface uses an IP address

from the low side network. Thus, the guard

provides network separation and typically

enforces source/destination IP via some

firewall mechanism in the guard.

Mandatory Access Control

Another requirement for guards is to

enforce Mandatory Access Control (MAC).

Per current security policy, a trusted operating

system such as Trusted Solaris is

required to meet MAC requirements. In

a trusted operating system, the operating

system carries label information on all

components on the system — memory, file

systems, network interfaces, etc., — and

provides APIs for systems such as guards

to move data between security levels.



Guest OS/




Guest OS/


Data Validation


Feed 1

Large File



Feed 2

Guards must validate that the data passing

through it is authorized. Guards typically

enforce different checks depending on the

direction the data is flowing.

When data is passed from a high to low, the

main focus of data validation is to ensure

that only data authorized at the lower network’s

security level is passed. Several

options exist for performing this check:

• Classification rules to independently

interrogate the data to determine its


• Verify existing labels on data

• Verify upstream system’s digital

signature on data if provided

The correct option depends on a particular

system’s data formats.

The prevention of malicious content is the

primary concern when moving data from a

lower network. For file-based transfers,

virus scanning is the primary mechanism for

meeting this requirement. For streaming

data, virus scanning is problematic so data

validation can be used to verify that the

content of the data is valid and there is

no unknown content.

Raytheon High Speed Guard

Figure 3 illustrates a typical use of the

Raytheon guard.

Raytheon’s High Speed Guard was built

for high bandwidth needs within the

High Speed Guard


Feed n

Message Transfer


Class: S

Dataset ID: Y

Current: Z



Classification X

Classification Y


Class: S

Dataset ID: Y

Current: Z



Figure 3. The Raytheon High Speed Guard provides a high-bandwidth, low-latency crossdomain

solution for most intelligence community and DoD data types.

intelligence community. Key features of

our guard:

Performance: Currently achieves

850Mb/sec on 1 Gigabit networks and 4.5

Gb/sec on 10 Gigabit networks.

History: Our guard has been in use since

1998 and has over 144 units operational. It

has been certified by multiple agencies at

Director of Central Intelligence Directive

(DCID) 6/3 Protection Level 4.

Flexibility: The Raytheon guard supports

TCP/IP socket-based transfers, file-based

transfer, and has a Human Review capability

that utilizes digital signature validation. The

guard is also rehostable to various trusted

platforms. Raytheon’s current platform is

Sun using Trusted Solaris 8. Raytheon also

supports Silicon Graphics Incorporated (SGI)

hardware running Trusted Irix, but that OS

is being end-of-life’d in 2012. Raytheon

plans to support SELinux in the next 12–18

months and may also support Solaris 10

with Trusted Extensions.

Ease of Use: The Raytheon guard comes

with complete documentation and training,

enabling end users to maintain it, if desired.

The rules language is straightforward, but

very powerful and includes full XML parsing

capability. •

Carolyn Boettcher, cbboettcher@raytheon.com

Kenneth Kung, kkung@raytheon.com

Jerry Lebowitz, jalebowitz@raytheon.com

Kevin Cariker, kevin_l_cariker@raytheon.com


A principal engineering

fellow for Raytheon’s

Network Centric

Systems (NCS) business,

Kenneth Kung, Ph.D. has

over 26 years of system

and software engineering

experience, including

22 years with Raytheon.

Currently, he is leading

the architecture capability

area for NCS on the

Enterprise Net-centric Integration Capability

(ENIC) initiative, which seeks to change the way

we develop solutions and capabilities for Raytheon

customers. He leads the development of reference

architectures, solution architectures and architecture

governance. This effort transforms our

culture by enhancing our speed to market, speed

to demo and ability to cost appropriately.

Kung represents NCS on the Corporate

Architecture Review Board. Some of the board’s

functions include developing a strategy to train

system architects, ensuring the interoperability of

various systems, and recommending Raytheon

architecture directions involving our customers.

He participates in several industry consortia and

standards committees, including the Net Centric

Operations International Consortium, the Open

Group Architecture Forum, the ISO/IEC JT1

Subcommittee 27 on Cyber Security U.S.

Technical Advisory Group, and the Systems

Architecture Forum. From these external boards,

Kung has been able to learn and exchange

lessons with others in the industry.

From 2004–2005, Kung was the Architecture

Technology Area Director at Corporate

Engineering, where he led the initial development

of the taxonomy of the reference

architectures and C2 reference architecture.

Before coming to Raytheon, Kung worked

at the Aerospace Corporation, supporting the

National Security Agency on information security

product evaluation. He has been lecturing

in colleges for more than 30 years on topics

such as information security and communication

networks. He has also served on the

advisory boards of Harvey Mudd College

and California State University, Fullerton.

Kung received his bachelor’s degree in engineering

from UCLA. He later received his master’s

and doctorate degrees in computer science also

from UCLA. He is a Certified Raytheon Six

Sigma Expert TM and Raytheon Certified Architect.



Intrusion-Tolerant Systems

As a nation, we need information

systems that continue to operate in

the presence of a sustained cyber

attack. Our systems cannot afford to lose

their availability, confidentiality or integrity

when an attack becomes an intrusion —

that is, when an attack successfully penetrates

a system’s security mechanisms to

form a malicious fault. The need for a system

that can tolerate malicious faults,

deemed “intrusion tolerant,” is based on

the reality that some attacks will inevitably

succeed, and therefore must be

tolerated without compromising

system integrity.

Today’s systems are not intrusion

tolerant, as security mechanisms

can only prevent or detect some

intrusions. Because of this limitation,

a system may fail to perform

its mission when an attack is

successful, and it may be unable

to recover quickly, if at all. What’s

more, it may fail to detect an

intrusion that compromises its

confidentiality or integrity. Clearly,

if today’s systems are to deliver

Mission Assurance in the face of

information warfare, they need to

be more secure than they are now.

Lifecycle Survivability

As a result, Raytheon is currently

working to develop an architecture

for intrusion-tolerant systems.

This work leverages the results of

recent DARPA programs that have

developed and demonstrated

intrusion-tolerant technologies

and architectures. Raytheon has

participated in one of these pro- Figure 1

grams (Self-Regenerative Systems)

and is now working with the

research community to apply technologies

and concepts from these programs.

Current and Future Systems

Intrusion tolerance takes survivability to a

new level. While today’s systems prevent

most intrusions by blocking known attacks,

intrusion-tolerant systems must handle


unknown attacks. It is not enough just to

detect intrusions; a system needs to decide

on a course of action that will effectively

respond to the attack. Data from multiple

sensors must be correlated in order to better

diagnose, isolate and respond to

attacks. Today’s responses usually involve

human diagnosis and interaction, which is

slow and often inaccurate. To handle varying

attacks, operating scenarios and prevent

damage, diagnosis and response need to be

automatic, adaptive and at machine speed.

Add/Remove Vulnerabilities

(Design, Removal, Blocking,

System Communities)

Prevent Intrusions

(Access Controls, Cryptography,

Trusted Computing Base, Multiple Security Levels)

Detect Intrusions, Limit Damage

(Firewalls, Intrusion Detection Systems,

Virtual Private Networks, PKI)

Tolerate Attacks

(Redundancy, Diversity, Graceful Degradation,

Deception, Wrappers, Proof-carrying Code)

Restore System

(Diagnosis, Learning, Reconfiguration,

SW Rejuvenation, Reflection, Cognition)

Conduct Forensics

(Auditing, Pattern Recognition)

In addition to blocking and detecting most

intrusions with mature security technologies,

an intrusion-tolerant system will use new

generations of security technologies to tolerate

the intrusions that penetrate these

defenses. This idea is illustrated in the

“Operate Through Attack” flow in Figure 1.

An intrusion-tolerant system will respond to

an attack by gracefully degrading its level of

service and its non-critical functions as needed.

It will recover its full functionality and

level of service automatically after the attack.

Looking farther into the future, we can

expect systems to reason about attacks,

develop more effective responses to new

attacks, and improve their survivability over

time by identifying and removing vulnerabilities.

This idea is illustrated in the “Lifecycle

Survivability” flow in Figure 1. In addition,

networked systems will

share their insights with

one another, so that

whole families of similar

systems can rapidly gain

immunity from new

attacks and remove their

Operate Through Attack

common vulnerabilities.

Automating vulnerability

diagnosis and removal

will make lifecycle survivability


practical. A system’s survivability

naturally tends

to degrade during

deployment, as attackers

discover its vulnerabilities

and new attacks emerge.

Today, vulnerability diagnosis

and removal are

complex, manual timeconsuming


creating lengthy vulnerability

windows during

which vulnerabilities can

be continually exploited.

This is a common problem

today among systems

connected to the Internet.

Ongoing DARPA research seeks to automate

vulnerability diagnosis and removal at

the application level. Its goal is to develop a

software execution infrastructure that monitors

and augments application behavior so

that multiple copies of an application

behave as a self-aware community. In turn,

this community would collaboratively

diagnose attacks/bugs/errors; generate

appropriate configuration changes, patches,

filters, etc.; and generate a communityspecific

situation awareness gauge that

predicts the likelihood and timing of imminent

problems. Eventually, this will lead to

automation at the system level.

Architecture Principles

Intrusion tolerance cannot be achieved by

simply adorning a system with security technologies

after it has been designed. A system’s

architecture must support intrusion

tolerance as well. A number of architecture

principles apply:

• The architecture should first maximize its

intrusion prevention and detection capabilities

using mature security technologies

and techniques.

• The architecture must tolerate Byzantine

failures. This is because malicious faults

can asynchronously occur in any replica

and yield Byzantine failures.

• Static diversity, or implementing a function

in multiple ways, should be used to

avoid common vulnerabilities. For example,

research has made it practical to

automatically generate diverse executables

from the same source code.

• Runtime diversity, which implements a

function differently at different times, will

make it harder for attacks to succeed. For

example, a system could be designed to

automatically change its configuration

from time to time to confuse the attacker.

• Attack isolation and containment will

prevent damage from spreading and bind

the set of elements that a system must

reconstitute after an attack.

• Correlating alerts from multiple intrusion

sensors will allow a system to better

diagnose, isolate and adaptively respond

to each attack.

• Adaptive response will enable a system

to respond appropriately to different

types of attack.

• Graceful degradation will prevent an

abrupt or catastrophic loss of service

during an attack.

• Self-regeneration after an attack will

automatically restore full functionality

and level of service. Automation will

speed the process and make it reliable.

• Architecture should make weak assumptions

about the integrity and availability

of its operating environment.

A Common Architecture

The common architecture for survivable

systems applies these principles. It is based

on a prototype architecture that was

demonstrated on DARPA’s OASIS

(Organically Assured and Survivable

Information Systems) program.

A common architecture offers the advantages

of repeatable results and economy. The

abstract architecture can be the basis for many

system designs. Its reusable software components

can be used across many systems.

The architecture is transparent to mission

applications, making it easier for the architecture

to support legacy applications, as

well as new ones. These applications must

be model-able as loosely coupled service

providers and consumers that use pub-subquery

transactions. While the architecture

cannot support hard real-time transactions,

real-time systems such as radars can be

included as mission applications within a

larger system that the architecture supports

(such as a C2 system). This protects real-time

systems from attack if they are not directly

accessible from outside the larger system.

The architecture provides concentric layers

of protection to mission applications, system

operations and system/security management

— placing management functions

in the most highly protected zone. These

zones are replicated in a Byzantine fault

tolerant manner.

A survivable middleware builds security

mechanisms on top of a common multicast

protocol to enhance integrity, access control,

resiliency and graceful degradation.

The middleware has redundant protocols

and can change its transport protocols

dynamically. Session keys and cryptographic

credentials are used to manage access con-

trol. Messages, which are checked for valid

size, frequency and signature, are briefly

held in escrow so that if the publisher

appears corrupt, a message is not forwarded.

The middleware provides redundant

channels that connect each mission application

to the core zones of the architecture. If

all channels to the core fail, the middleware

attempts to attach mission applications

directly to one another. Heartbeats are generated

by the middleware to indicate that

each mission application is alive.

Policy-driven protection “domains” help

protect system, process and network

components from attack. Domains are used

to isolate components, limit their privileges,

prevent corrupted processes from accessing

critical resources, defend application-specific

resources and disallow actions that exceed

privileges. Attempts to violate policy

generate alerts.

System/security management monitors

these heartbeats and alerts. Correlated

sensor data helps identify suspicious assets,

and contain and isolate attacks. System/

security management provides adaptive

responses, which are executed by actuators

placed throughout the system. Responses can

be reactive or proactive. For example, if sensors

detect a process’s attempt to transition

to root, an actuator might kill the offending

process (a reactive response). However, if

sensors detect file corruption, the system

may decide to check and restore files (a more

proactive response). If the system determines

that a host is compromised it may disconnect

the host and reconfigure the system.


Raytheon is working to take the lead in

making intrusion tolerance a reality in

defense systems, by engaging the research

community and our customers to transition

technologies and concepts into working

systems. This will make it possible for systems

to withstand sustained cyber attacks

and achieve Mission Assurance in the face

of information warfare. •

Tom Bracewell




Comprehensive Mission Assurance

involves the disciplined application

of systems engineering, thorough

risk management, superior quality and

sound management principles to achieve

mission success. In a DoD network-centric

environment, the warfighter is faced with

both wired and wireless network–based

threats. To mitigate wireless threats, innovative

software technologies can be applied

to identify wireless attacks and perform risk

management. One such technology is the

wireless honeypot.

A honeypot is an information system

resource whose purpose is to attract attackers,

provide them with misinformation,

cause confusion and monitor their actions.

Even more importantly, a honeypot gathers

valuable information to determine if a

threat exists, and then provides details to

help mitigation of these threats. A wireless

version of a honeypot entices its attackers

through a simulated wireless access point.

Raytheon Network Centric Systems in St.

Petersburg, Fla., recently sponsored a wireless

honeypot research project at the

University of Florida to help address wireless

threats. The goal of the project, which was

dubbed “The Hive,” was to design, build

and test a simulated environment for a

wireless networked system, or honeypot.

In order to track and log suspicious nodes

and traffic in mobile environments, the Hive

research team developed a wireless honeypot

as a live Linux bootable mini-CD. The

Hive Linux is a Live-CD version of Debian

Linux that was scaled down for operating

system security, and contains the tools

needed to run a standalone wireless honeypot

with virtual services. It is currently available

at the Hive’s project website 1 .




Innovative software technologies

to identify wireless attacks

and perform risk management

Using a Hive Linux CD, any personal computer

(including laptops) can easily be

turned into a wireless honeypot. The experimental

system operates on the IEEE

802.11g wireless standard and instantiates

a honeypot as a simulated wireless access

point with tracking capabilities.

The Hive honeypot runs Honeyd, a GNU

Public License (GPL) open source honeypot

program. Honeyd is described on its website

as “… a small daemon that runs on

both UNIX-like and Windows platforms. It is

used to create multiple virtual honeypots

on a single machine. Entire networks can

be simulated using Honeyd. Honeyd can be

configured to run a range of services like

FTP, HTTP or SMTP. Furthermore, a personality

can be configured to simulate a certain

operating system. Honeyd allows a single host

to claim as many as 65536 IP addresses.” 2

The Hive lures its attacker by broadcasting a

modifiable service set identifier (SSID) over

the network. As an attacker attempts to

connect to the honeypot, its Dynamic Host

Configuration Protocol (DHCP) assigns the

attacker an Internet Protocol (IP) address so

that the attacker is placed on a simulated

network. For the proof of concept, it was

important to allow the attacker to see and

gain access to the network. (An encrypted

and secured wireless network would make

the establishment of a network connection

far more difficult, but may lure the more

experienced attacker.)

One of the first things that an attacker may

do is to “fingerprint” computers that are

local to their subnet. This can be done by

port-scanning local nodes. In our case, the

attacker port-scans the honeypot’s virtual

services. The system tells the attacker that

ports 22, 23, 80 and 110 are open, while

Honeyd logs the probe. When an attacker

connects to port 22 secure shell (SSH) or

port 23 (Telnet), an authentication script is

executed. The attacker may try a brute

force attack to guess username and password

combinations; such an attack can be

done easily with a program named Hydra 3 ,

and all connection attempts can be logged.

Once the attacker gains access, all commands

entered are logged. This connection

is similarly made for the virtual services of

port 80 Web and port 110 Post Office

Protocol 3 (POP3).

The honeypot itself is composed of a Linux

operating system running a DHCP server,

HostAP, Honeyd, and Sebek with Syslog.

HostAP is a driver for Prism2-based wireless

client cards that allows them to appear and

act as a wireless access point. Sebek 4 is a

data capture tool designed to capture the

attacker’s activities on a honeypot, without

their knowledge. Syslog is the system logger,

which is similar to the Event Viewer in

Microsoft ® Windows.

The Hive was able to integrate and test the

DCHP server, some scripts, the logging with

Sebek, Honeyd, Syslog and the wireless

access point emulation. This integration cre-



Virtual Services


Simple Wireless Honeypot Diagram

ated a functional prototype wireless honeypot.

Additional work would be necessary to

keep this system from being used as a tool

for an attack. For instance, honeypots have

been used to collect malware 5 .

Technical challenges are not the only issues

we must address to make wireless honeypots

practical. Legal issues also impede the

deployment and use of wireless honeypots.

For instance, federal wiretap laws prohibit

interception of electronic communications,

including traffic monitoring across a network,

except for network protection.

However, these laws do not easily apply to

honeypots, because a honeypot is set up

with the intention of being attacked.

Furthermore, legal analysts believe the use

of honeypots does not lead to entrapment,

because entrapment occurs when someone

is enticed to do something they would not

normally do. Therefore, the question that

needs to be asked is, “Do you own all of

the resources and how will you be using

this information?” If your network is isolated

and cannot cause harm to others, it may be

feasible to run a honeypot. The information

gleaned may enable increased security measures

in areas that present the highest risk.

The following resources provide further

insight into creating and operating


• The Hive


• Honeyd (http://www.honeyd.org)

• Honeynet (http://project.honeynet.org)

• Project Honeypot


• The Distributed Honeynet Project


• Malware Collection


• Wireless Honeypot Trickery


infocus/1761) •

Randall Brooks, CISSP, ISSEP


1 http://www.cise.ufl.edu/class/thehive

2 http://www.honeyd.org

3 http://www.thc.org/thc-hydra

4 http://www.honeynet.org/tools/sebek

5 http://www.mwcollect.org

6 For a discussion of legal issues see




Human Review Manager

The ability to effectively share

information among security domains

of differing classification levels,

and with coalition partners, is essential

to the daily operations of our customers.

The challenge with these data transfers

is that they must be carefully scrutinized

to ensure that inappropriate data is not

inadvertently released, and harmful data

is not imported into a domain.

Raytheon has a long history of providing

solutions that meet our customers’ needs

in this area. One of those is Raytheon’s

High Speed Guard, which is designed to

provide data transfers and structured data

reviews in a multi-security level (MSL) environment.

However, release of data that is

not well structured (e.g., images, MS

Office files, etc.) usually involves a human

review of the data being released. Human

review has traditionally been performed

largely through an inefficient and unstructured

manual release and review process.

In early 2005, Raytheon Intelligence and

Information Systems undertook an effort

to improve this process by creating the

Human Review Manager (HRM) — an

extendable Web-based workflow system

for streamlining and automating (where

possible) the human review of file transfers

from one security domain to another. The

HRM was specifically engineered to complement

the Raytheon High-Speed Guard

and support its digitally signed release

format, which allows data that has been

reviewed and signed to seamlessly flow

among interconnected security domains of

differing classification levels. The HRM also

works independent of the Raytheon High

Speed Guard and supports data release by

a number of mechanisms, including file

transfer protocol (FTP), secure shell (SSH)

and CD/DVD media burning. The HRM

can easily be extended to support other

release mechanisms through its “widget”

plug-in framework.

An innovative aspect of the HRM is its

power and flexibility in the data

release/review process. In addition to its

widget architecture, the HRM has a workflow

engine (Pending Patent #064747.1150)

that allows the HRM to support complex

release processes, including fully automated

non-human processing. The HRM can

also support a similar but complementary

function of importing data through a

structured workflow process.

The HRM is capable of multiple workflows,

allowing it to manage data flows from

multiple destinations and sources simultaneously.

These workflows are defined and

managed by a privileged user and are configured

through the HRM’s built-in

Workflow Editor.

Under a typical use scenario, the HRM

workflow allows a file owner (publisher) to

submit one or more files for review as part

of a single release request. The HRM

accepts these requests through either the

Web-based GUI Request Manager interface

or through the use of a JAVA Request

Client API. Files can also be imported into

the HRM from local file systems or through

FTP/SSH interfaces with appropriate widgets.

As part of the release process, the HRM

allows a publisher to choose the set of

actions to be performed on a particular

data release request through selecting a

workflow. Each of these actions is carried

out by HRM widgets as the workflow is

advanced through the release process. As

the HRM steps through these widgets, it

not only enforces a consistent release and

review process, it can also automate

tedious or time-consuming tasks for the

reviewer, including scanning for imbedded

inappropriate data (e.g., “dirty words” that

cannot be released, unapproved file-types,

or malicious content such as viruses).

Continued on page 16



Continued from page 15

A workflow is usually comprised of several

steps. A typical Two-Person Review workflow

is shown below.

Initiation Phase

Upload File(s)/directory structure(s)

File uploaded via Web form, remote file

path or Java Applet

Select User selects release workflow from

Workflow those they have permission to utilize

Typical Two-Person Review FTP Workflow

Step 1: User selects destination(s) from

Select possible destination defined

Destination in the workflow

Step 2: User selects appropriate classification

Select from available classifications

Classification for the destination(s)

Step 3: User can modify the names of

Set Remote file(s)/directory structure(s) for the

File Path remote destination system

Step 4: User reviews previously defined

Self Sign release information and asserts the

appropriateness of the request by

digitally signing the release package

Step 5: System performs an automated

“Dirty Word” review of release package for

Search classification-related issues based

oncontextual search of the

released file(s)

Step 6: System performs an automated

File Type review of release package for

Check inappropriate and/or allowed

file types

Step 7: “Second person” approver reviews

Approve file(s) and the results of the

and Sign automated checks before asserting

the appropriateness of the request

by digitally signing the release

package. Release packages can

also be reverted to correct

information if required.

Step 8: Signed (or unsigned) release

FTP Send packages are transferred via FTP

tothe appropriate destinations


Human Review Manager

As a release request is processed through a

HRM workflow, the status of the request is

tracked for display on the Request Manager

Web interface, or its status is available for

query by the HRM Request Client. The HRM

also automates e-mail notifications to

reviewers, provides for release packaging

and meta-data generation, and produces a

comprehensive audit trail of the release,

review and transfer process.

The HRM has been deployed on dedicated

Windows-based or Solaris-based machines

and is comprised of two Java Servlet Web

applications with a backend mySQL database

running under an Apache Tomcat

Web server. The HRM application provides

the workflow features for release and

review, while a separate Web application

known as the Login Enabler (Pending

Patent #064747.1151) provides a reusable

and extendable single sign-on and user/

group management capability, which has

been integrated into the HRM’s functionality.




File transfer



Application with

Request Manager API



File transfer












HRM File



and Sign


agent(s) Web user

Typical HRM Deployment Architecture




to DVD

Raytheon has fielded HRMs in support

of customers in both the U.S. and U.K.

markets. The HRM meets the Protection

Level 2 (PL2) with configurations up to PL4

possible when combined with appropriate

boundary devices. Within the U.K., the

HRM has been evaluated to the SYS3

level (which approximates to a Common

Criteria 3 evaluation, without all of the

formal paperwork). • Monty McDougal



Upon earning

his doctorate

degree in instrumentation


MIT, Jay Lala,

Ph.D. embarked

on an impressive


career at Draper


where he

designed and



computers for mission- and safety-critical

applications. These included the swim-by-wire

ship control computer for the SEAWOLF nuclear

attack submarine and the flight-critical computer

to control all on-board functions of the NASA

X-38 crew return vehicle.

In 1999, Lala joined the Defense Advanced

Research Projects Agency (DARPA) as a program

manager where DARPA’s Information Assurance

& Survivability programs provided him with an

opportunity to achieve his vision of integrating

the two previously distinct and parallel disciplines

of fault tolerance and computer security.

Working at DARPA enabled Lala to change the

security paradigm from prevention and detection

to intrusion tolerance and self-healing.

“Intrusion tolerance moves from the classical

computer and network security approach of prevention

— where you build all types of forts and

moats to keep attackers out — to intrusion tolerance

where you design systems that, even when

some parts fail or are successfully attacked, continue

to operate and degrade gracefully to perform

all the mission-critical functions correctly,” he

explained.“Self-healing or self-regenerative systems

go beyond that — they diagnose root cause and

remove vulnerability exploited by the attacker.”

At the end of his four years at DARPA, a congressionally

mandated term-limit, Lala was awarded

the Office of Secretary of Defense Medal for

exceptional public service for helping improve

the security of our nation’s networks.

Since joining Raytheon in 2003, Lala has been

integral to several key wins. He understands our

customer needs, especially in Mission Assurance,

and has a thorough comprehension of the science

and technology landscape that enables him

to provide state-of-the-art solutions. Lala’s background

and experiences in fault-tolerant computers,

as well as changing a mindset from prevention

to intrusion tolerance and self-healing

systems, is closely aligned with Raytheon’s pursuit

of Mission Assurance.


Information Assurance and Survivability Research

at DARPA: 1999–2003

In 1999, a group of five program managers,

including myself, arrived at DARPA to

initiate a major new push in countering

the threat of large-scale, coordinated cyber

attacks against the United States by

nation-states, terrorist organizations and

other adversaries.

This new initiative, a suite of programs in

Information Assurance and Survivability (IA&S),

was started by former DARPA director, Dr.

Frank Fernandez, with ample encouragement

from Congress. Seven new programs

were created in IA&S, though two did not

survive after the first year. DARPA prides

itself on funding cutting-edge, high-risk

research, and sometimes, the risk manifests

itself as an utter lack of progress. DARPA is also

quick to take action when things go awry.

The program, initially called Intrusion

Tolerant Systems, operated on a simple

premise: Some attacks will penetrate

defenses and successfully evade intrusion

detection mechanisms. Consequently, a

number of basic research questions arose.

How can we design systems to continue to

function correctly in the presence of such

inevitable compromises? How can the system

operate through attacks? Can fault-tolerance

techniques and principles be used to

defend against cyber attacks? (Before arriving

at DARPA, my background was in

designing systems to tolerate accidental

faults, failures and errors.)

When defending against viruses, worms

and denial-of-service attacks, one is dealing

with an intelligent and adaptive adversary:

a human being. It is a greater challenge

than countering randomly occurring hardware

faults or even software bugs.

Nevertheless, the research results are

encouraging in that we can, in fact, architect

systems that are intrinsically resilient to

cyber mischief. The program resulted in

more than 100 referred publications, of

which 24 seminal papers were edited in a

book by this author, with a preface by current

DARPA director, Dr. Tony Tether 1 .

Numerous prototypes were also built and

subjected to attacks by red teams.

A follow-on program, called OASIS

(Organically Assured and Survivable

Information Systems) Demonstration and

Validation, created, demonstrated and validated

an intrusion-tolerant architecture for

the Joint Battlespace Infosphere 2 , applying

many of the concepts developed under the

earlier program. A prototype system was

subjected to sustained attacks by multiple

red teams, including one from the National

Security Agency.

For a very long time, the principal information

and communication security mechanisms

focused on keeping the intruder out

of critical systems. Systems were designed

with multiple defense layers, like multiple

walls of a fortress. Various forms of electronic

and physical access controls and

cryptographic techniques were employed to

maintain confidentiality. This worked fairly

well until the advent of networked systems.

Cyber attacks accelerated as the Internet

provided a path for information sharing

among networked systems, while simultaneously

actualizing an easy attack avenue.

As a result, DARPA started to fund research

in network-based intrusion detection in the

1990s, and MIT Lincoln Laboratory created

a network traffic representation that mixed

real network traffic with attack packets. All

DARPA-funded intrusion detectors were

tested against this ground truth. After a

few years of research, it became apparent

that detection rates had “plateaued” at

much less than 100 percent and could not

be improved without simultaneously

increasing false positive rates. These mechanisms

faired especially poorly in detecting

novel attacks and zero-day worms. It was clear

that despite all the preventive approaches,

some attacks would succeed — and some of

those would not be detected. A new approach

was needed to secure information systems.

The Intrusion Tolerance approach can be

thought of as the third generation of information

assurance — the first two being

Prevention and Detection. Some of the

many techniques that were researched to

provide intrusion tolerance included redundancy

coupled with design and implemen-

tation diversity (to avoid same vulnerabilities

in replicas), redundancy management

(intrusion detection, response and reconfiguration),

randomness and deception to

confuse attackers, and proof-carrying code

to shift the security burden from consumer

to software vendor.

Intrusion and fault-tolerance can enable

the continued correct operation of a system

in the presence of attacks and faults.

However, as the system ages and components

experience failures or are compromised,

the system’s capacity to tolerate

additional attacks and faults is depleted. A

correctly designed system would degrade

gracefully and still continue to perform all

the critical functions. But at some point even

this will not be possible, and the system will

eventually fail to perform its mission.

The current approach to dealing with this

situation is to repair and replace failed

components or take the system offline and

purge compromised components of infections.

These are mostly manual and tedious

procedures. Furthermore, back-up systems

must be brought online while repairs are

occurring. But what if systems could be

designed to be self-healing? What if they

could automatically regenerate their capabilities?

Thus, a new DARPA program —

Self-Regenerative Systems — was born.

The goal of Self-Regenerative Systems is to

design systems that can automatically diagnose

root causes of attacks (i.e., vulnerability

exploited by an attacker), reflect on past

responses and learn, and improve its performance

when similar events are encountered

in the future. This fourth generation

of information security technology relies

heavily on principles from human cognition.

Accordingly, it has the potential to deal

successfully with ever-morphing novel

attacks and an intelligent and adaptive

adversary, the human being. •

Jay Lala


1 Foundations of Intrusion Tolerant Systems, Ed. by

Jay Lala, IEEE Computer Society Press, 2003.

2 DPASA Final Report, BBN Technologies, DARPA Contract

No. F30602-02-C-0134, CDRL A011, 15 June 2006.



CHAIN: A Compartmented High Assurance

Information Network

One of the biggest challenges the

DoD currently faces is the need for

compartmentalized, multi-level

information sharing. Its current stovepipe

approach to data sharing significantly inhibits

the development of these capabilities. In

stove-piping, information travels freely up

and down within an organization, yet there is

little horizontal sharing among organizations.

Current solutions only address part of the

problem. Traditional multi-level security

operating systems based on information

labeling such as Sun Trusted Solaris TM provide

features that enable cross-domain information

sharing, but fail to adequately address

compartmented information processing

requirements within a single domain. In

addition, desktop users familiar with

Windows-based suites such as Microsoft ®

Office, are forced to adapt to unfamiliar,

sometimes arcane applications or suffer

endless delays in accessing new capabilities

due to extended certification schedules.

Raytheon has addressed this opportunity by

leveraging its expertise in commercial offthe-shelf

systems integration and information

assurance. Providing the capabilities

the DoD needs while keeping a high level

of security requires a tailored solution. The

Compartmented High Assurance Information

Network (CHAIN) supports those needs.

CHAIN provides the best of both worlds:

compartmented security and systems most

DoD users are already familiar with.

Raytheon has been awarded multiple contracts

by DoD-classified customers over the

last five years for high assurance information

management and dissemination solutions.

Most recently, in March 2006,

Raytheon was selected by DARPA to implement

its CHAIN operational capability for

use within its classified environment with

the express goal of collapsing its independent

Special Access Required (SAR) networks

into a single interoperable Director of

Central Intelligence Directive Protection

Level 3 (multi-compartmented) fabric.

The contracts provide for both development

and long-term sustainment of the deployed


system, including the operation of 24 by 7

Network and Security Operations Center.

The contracts provide for the continuing

introduction of new technologies by

addressing both technical obsolescence and

the availability of evolving technologies.

Raytheon has invested in the development

of CHAIN for more than six years, ensuring

that its solutions are both technologically

sound and inherently secure. By relying on

components readily employed by industry

(e.g., Microsoft XP/2003) in everyday

business settings, rather than relying on

traditional Trusted Operating Systems

(e.g. Trusted Solaris), Raytheon is able to

offer users an information processing environment

that requires less training and

customization, and is resistant to obsolescence.

Raytheon’s continuing investment

in CHAIN significantly reduces the risk

associated with development, deployment,

sustainment, and most importantly,

accreditation and certification.

The modular approach and architecture of

Raytheon’s solution provides a solution for

any DoD, Intelligence Community, or

Homeland Defense agency concerned with

ensuring the confidentiality and integrity of

information being shared among nations,

organizations and agencies. The Raytheon

solution offers significant operational and

logistical advantages as outlined below:

• Performance/Scalability

– Scalable to a user population

exceeding 10,000

– Support for over 1,000 clearances

and compartments

– Virtually unlimited storage capacity

– Object-oriented storage eliminates

restriction on data types

• Security

– Authentication, authorization and


– Identity management

– Single sign-on (SSO)

– Digital shredding

– Encrypted communications

– Repository encryption and digital


– Digital rights management

– Mandatory access control

– Low impact to vehicle signature

– Public key

• Easy Integration

– Support for global, distributed repository

and open, standards-based architecture

for seamless integration with other

data and content sources

– Supports geographically distributed

environments with a distributed

architecture supporting content

replication and federated management

• Services

– SMTP mail

– Web

– Instant messaging

– White boarding

– Text, voice/video chat

– File sharing

The Chain Solution

Raytheon’s CHAIN architecture is designed

and implemented in accordance with the

latest commercial and military standards.

This ensures CHAIN is able to directly, or

indirectly, support most data models and

operational concepts. By virtue of the components

used in the implementation of

CHAIN, standards-based application programming

interfaces are readily available to

allow for their integration and interoperability

into and with existing systems and applications,

respectively. Support is readily available

for both machine-to-machine and

man-to-machine data transfers.

CHAIN’s rule-based data processing and dissemination

features support reducing the

occurrence of data overload. Inherent within

the CHAIN architecture are capabilities

that allow rules to be established that

determine the appropriateness of information

exchanges based upon user and

process roles, the context of the information

being processed, the time of day, the

priority of the transmission, etc. Rights

determination is made through a complex

process that uses information contained

within various external authoritative

sources. This process, as applied to e-mail,

is depicted in Figure 1.

Figure 1. User CONOPS/E-mail

Figure 2. User CONOPS/Data Sharing

Figure 3. User CONOPS/Collaboration

CHAIN is capable of operating as an independent

information network or as an

overlay within an existing network. The

CHAIN security architecture framework also

includes the use of Internet Protocol

Security (IPSEC) VPNs, based upon the

Advanced Encryption Standard (AES) 256bit

algorithm. IPSEC VPNs are used in combination

with data labeling and digital signatures

to allow independent and redundant

networks to be collapsed into a single

IP fabric, while insuring with a high degree

of integrity that data leakage is unlikely.

The required cryptographic material is

obtained from a high assurance Public Key

Infrastructure (PKI) Certificate Authority

(CA) internal to the CHAIN architecture.

At the application layer, the CHAIN architecture

incorporates multiple security safeguards

to insure that information is

exchanged among users or processes only

when the sensitivity of the information is

dominated by both the originator of the

information and its intended recipient.

Metadata associated with the data object is

used to determine the appropriateness of

the exchange. Additionally, the information

transmitted is protected both at transit and

at rest through the application of data-level

or storage-level encryption. The integrity of

the data and its associated metadata may

also be protected through the incorporation

of digital signatures. All these features are

critical for the successful integration of data

sharing and collaboration capabilities.

Figures 2 and 3 provide a high-level view of

these capabilities.

CHAIN addresses what traditional stovepipe

solutions could not address: the need for

compartmented shareable data. In addition

to addressing existing conditions, it supports

a transformation to a more flexible,

scalable and interoperable system. The

result is higher efficiencies and reduced

training costs. By integrating security into

common office functionality, Raytheon has

created a system that capitalizes on existing

skill sets, while preserving PL3 certification

requirements. •

Ricardo J. Rodriguez


Dan Teijido




Information Assurance:

A Holistic


Post-9/11, it became apparent that creating

a physical “ring of steel” around chosen

environments where security was the cornerstone

for safety and security was counterproductive.

It did not restore confidence in

our economy, our industries or our citizens.

A realization grew quickly that what was

needed was the ability to authenticate a

person claims, while still maintaining confidentiality.

These claims include 1) a person’s

identity, 2) their permission to be at a certain

place at a certain time,

and 3) their authorization to

perform certain activities.

This is not necessarily physically

bound — it is both

real and virtual.

Information Assurance (IA)

is the “process” by which

we protect and defend our

information and information

systems in order to

ensure confidentially,

integrity, availability and

accountability. IA also

extends to restoration,

with protect, detect,

monitoring and reacting

capabilities. Even if

you don’t understand

what this means, it is

still changing your


Just as we experience in real life,

accountability closes the loop on any holistic

approach to IA. The access control environment

must allow an audit loop to be

established with someone responsible for

the activity in the loop. Hence, the holistic

principle of IA becomes confidentiality,

integrity, availability, accountability and

restoration. This means that IA becomes a

people-directed activity, with clear links of

responsibility to the individual through

association by identification.

As the real world becomes more and more

digitized, so does the need for irrefutable

authentication of people involved with

permission to be in that digital environment.

Authentication — or the ability to prove in


a non-repudiation approach that you are

who you say you are — then became integrated

with all other daily processes. At

that point, IA reflected the issues that safeguard

daily life. This is an important point

because it means that IA is, in fact, the way

we view digital life, and not a “bolt” in the

way information security, engineering security,

or operations security has been in the

past. In fact, IA is an integrated approach

to security, incorporating policy, technology

and security (personal, physical and environmental)

components, and must be

“baked” into the “process.”

Accordingly, real-life issues such as privacy

are justifiable ones for IA. Indeed, it will

become the principal issue to overcome:

the ability to prove your identity and that

you are entitled to the list of permissions

associated to you and the information you

access or distribute. This suggests that the IA

world is one of permissions (not rules or law).

As society embraces the net-centric world,

it is becoming overwhelmed with information.

We experience the knowledge age

(the application of information) as a society

hungry for information (some productive

and other destructive), so much so that

entire programs have been built around

achieving greater efficiency to access and

process knowledge.

I believe what 9/11 taught us is that people

matter. People must be identified in a nonrepudiatable

manner to allow society to

continue to operate in a safe and secure

way. Therefore, IA is not just about technology,

information or even infrastructures; it is

about protecting our most valued asset —

our homeland, citizens and way of life.

Raytheon is and has always been a customer-focused

organization. While everyone

else rushed to the IA “gold mine,”

Raytheon has been more vigilant, waiting

for others to catch up and really understand

what the issues are — truly adding

value to our clients’ mission-critical requirements.

So whether it is our clients’ highly

classified operating environment, a commercial

business, protecting our employees

at home and work, or our own business

operations, we practice what we preach.

We take pride in our holistic information

assurance program, and we enjoy a privilege

that we do not take for granted: being considered

your partners in transformation. •

Stephen R. Haynes



Steve Haynes

is an entrepreneurial,broadbased


leader specializing



Assurance, an


approach to

security. Haynes

has extensive


experience in

the strategic and tactical implementation of

e-commerce, e-government and e-business related

products and services. “With security, it’s no

longer about assessing or even managing the

risk,” said Haynes, “it’s about governing the risk.”

His 15 years of exemplary service in the security

field, coupled with 20 years in the credit card

industry, has earned him the respect of his

industry. “I take pride and pleasure in serving

my clients and focusing on their enterprisewide

mission critical needs.”

Noted for his visionary leadership and proactive

problem-solving approach, Haynes’s holistic

focus is on the process of protecting and defending

information and information systems. “My

goal is to make clients successful by providing

what we have learned and help them become

thought leaders in the Information Assurance

industry. This will enable them to meet their

mission-critical goals and objectives. That’s what

will keep them coming back again and again.”

An Information Assurance instructor at the

National Defense University, Haynes is periodically

asked to assist the U.S. government by

engaging in strategic joint agency tasks/initiatives.

He is also on retainer to the Executive

Office of the President and has been an advisor

to three presidential administrations and

numerous senior levels of management on a

regular basis. He is called upon to define overall

corporate strategic positioning and tactical

implementation to enhance corporate level

value and provide business advantage. A leader

by example, Haynes empowers resources to act

with speed, simplicity and self-confidence.

“My great grandfather used to say, ‘It’s not

enough to do things right, it’s as important to

do the right thing.’ And at Raytheon, we strive

to serve our clients with holistic solutions that

work — the first time, every time.”


Heidi Shyu

Vice President, Corporate

Technology and Research

Recently Technology Today talked with

Heidi Shyu about technology and

innovation, and her new role as vice

president of Corporate Technology and

Research. Shyu discusses her approach to

creating an enterprise-wide technology

vision and direction, the importance of

disruptive technologies and radical innovation,

and her penchant for taking on —

and reaching — “unachievable” goals.

TT: Throughout your career, you’ve held

many senior leadership positions. Can you

share with us some of the attributes you

believe are essential to effective leadership?

And how do those attributes influence

your new role as vice president of

Corporate Technology and Research?

HS: First, I always try to look at the big

picture, and figure out how all the pieces

of the puzzle fit together. Even from the

early stages of my career, when I was

given one task that was part of a huge

effort, I always tried to understand,

“Here’s my little piece of the puzzle, now,

how does it fit into the big picture? What

is the right thing to do for our customer?”

Second, you need to communicate your

vision and your plan. You can never communicate

enough. People fail because

they don’t communicate clearly. Therefore,

your ability to articulate and communicate

is very essential.

One other thing that has always helped

me is I have always had a passion to do

whatever task I am given. I just dive right

in; whatever the challenge is. That

becomes infectious. When troops see that

you really care about what they are doing

and the goal that you have set, they then

realize we are really trying to aim for the

same goals. Namely, we are trying to do

the best thing for the company, the best

thing for the customer and to beat our

competition, not each other.

TT: How has your past experience

prepared you for this role?

HS: I think that as I grew in my career, I

faced many things that I have tried to figure

out how to orchestrate. One of the early

tasks I was given was developing modeling

and simulation, and I tried to figure

out, “How does my piece fit into that big

picture?” I then took the initiative to lay out

the entire simulation, and show my little

piece in the overall big picture. I am always

trying to figure out “How does this work?”

I know my project manager was delighted

that I took the initiative to do that.

Another key: Never stop learning. Each

step, wherever I am in my career, I look a

couple of ladders above me and I observe

the people there. What are things that

they know, that I don’t know? Those are

things I need to learn. What attributes do

they have, that I currently don’t have, and

I can learn? Find out your own shortfalls.

It’s good to get independent assessments of

yourself, and figure out how you need to

grow as a person throughout your career.

TT: What people or programs influenced

your career?

HS: When Dr. Peter Pao asked me in 1997

to lead the Joint Strike Fighter Active

Electronically Scanned Array development,

it seemed insurmountable at the time

because we had an incredibly short period

of time to develop something that seemed

unachievable — weight reduction, reliability

improvement, reducing the observability,

improving the survivability, reducing

cost … and do it in record time. Most

people told me I was crazy to take that

job, but I never came to that conclusion.

The way I approached it was, “OK, truly

here’s an opportunity to do something

that’s incredibly important for the company.”

So you have to not be afraid of challenges.

Then you have to methodically figure out

how to do it. You can’t eat the whole elephant

in one bite, so what is your path?

What is your plan? How do you put your

arms around this incredibly difficult problem?

I think a lot of the “thinking

through” early on and planning the steps

that you have to take is so important.

TT: In your new role, you’re responsible

for the development and execution of an

integrated enterprise-wide technology and

research vision and strategy. How do you

go about formulating a vision that encompasses

Raytheon’s breadth of technologies,

programs and priorities?

HS: Again, the approach I take from the

beginning is to figure out the big picture.

I read the Quadrennial Defense Review —

the 20-year vision of the capability we

would like to have. I then think about the

capability we would like to achieve. What

are the threats out there that we are facing

today? What are our capability shortfalls

that we have relative to the threats in

the environment we are facing? Then you

take a systems approach to decomposing

the problem. What are the opportunities

out there for us? What are the enablers

that can help you achieve this capability to

fill the gap that we have, and what are

the technology options that we have to

close this capability gap?

Then, from the technology options we

have, how well are we doing in this particular

technology relative to our competition?

Are we ahead of the pack? Nose to

nose? Or are we lagging? Then consider

are there other companies out there that

we can team with to help us bridge this

gap? Then you flow down: Are there

CRAD (Contract Research and

Development) opportunities? Are there

IRAD (Internal Research and Development)

opportunities we should be pursuing?

What is our road map for getting there in

the near-term, in the mid-term and in the


Continued on page 22



Continued from page 21

TT: One of your major areas of focus —

influencing enterprise-wide research collaboration

and technology opportunities —

requires a substantial commitment to crossbusiness

engagement and knowledge sharing.

How do you facilitate this dynamic in a

company like Raytheon?

HS: This year, I’m having a week-long IRAD

meeting with all the businesses, where

we’ll talk with all the technical directors to

understand what capabilities their customers

want, then figure out how that ties

into the technology road map. With all the

technical directors from the company there

at the same time, what you often find is

that you are trying to solve the same problem

from a slightly different angle. This

way, we can put our resources together

and figure out the different ways of solving

the same problem. So the joint IRAD week

is something new this year.

What I am also trying to do is give each technical

area director a much broader breadth, a

broader perspective of the company’s work

at this IRAD review. At the same time, we

have technology networks — RF technology

network, EO technology network, materials

and structures technology network, etc. I am

going to invite them along to all these crosscompany

IRAD reviews so they too can see a

much bigger picture and understand the

breadth of our capabilities and the problems

we are trying to solve. You also want

to nourish the bottom up, so I am trying to

take the technology leaders and make

them understand the breadth of the problems

we’re trying to tackle, so they can go

to the next layer and help out.

TT: This year Raytheon has redefined our

core markets and is looking to grow in our

Strategic Business Areas. Tell us about your

organization’s role in this process, and which

areas you believe Corporate Technology

and Research can influence most.

HS: We need to expand from a single phenomenology

focus to multiple phenomenologies

in order to increase the information

content that we can get on a target.

For example, one of the Technology

Challenge areas that I have set up this year

is “Assured ID and Continuous Persistent

Track.” There are many ways to get ID: One

can use synthetic array radar (SAR) map, or


EO imagery, IR imagery, vibrometry, hyperspectral

imaging, hyper-temporal, 3D ladar,

taggant, SIGINT, HRR, etc. Any one of the

phenomenologies will have strengths and

weaknesses. This combination will produce

additional information on the target.

The technical area directors have taken the

initiative to work with the EC leads on

Multi-INT, the ET leads on ATR, prior

warfighters and users of our products, as

well as the tech directors from each business.

We just had a Technology Innovation

Workshop in June and the tech directors

from each business are identifying a crossdiscipline

list of innovators from their businesses

to participate. So Corporate

Technology and Research can help to be

the catalyst in expanding our core markets.

TT: There is a new emphasis on emerging

disruptive technologies and radical innovation.

Tell us more about these concepts

and how they can influence Raytheon’s

future success.

HS: When the Wright brothers helped to

develop the first airplane, that was pretty

disruptive because you were no longer

stuck in a two-dimensional world on the

ground. That is very disruptive in terms of

how it changed our lives. So think of “disruptive”

as something that enables you to

have a capability you simply don’t have

today. It is not incremental change; it is a

quantum jump in capability.

What we are looking for are nuggets that

can provide us a revolutionary increase in

terms of capability across our customer base.

This year, I focused this disruptive technology

effort into two tough technology challenge

areas: Assured ID and Continuous Persistent

Track of targets and Novel Effects.

TT: In what ways can a large, super-structured

company like Raytheon nurture a

culture of radical innovation?

HS: One of the things we need to do is not

squash ideas. Sometimes we have a tendency

to say “it doesn’t work,” and that

statement can squash a younger engineer’s

ideas so they stop attempting to come up

with something innovative, because they

don’t want to feel stupid. You become risk

adverse, and one of the key things to do is

create an environment in which it’s OK to

throw out ideas, to think outside the box.

Q&A With Heidi Shyu

My other hat is the Air Force Scientific

Advisory Board chair. One of the things that

I’m always so impressed with is that young

AF officers are incredibly creative in trying

to figure out how to solve the problem,

because they’re not restrained by the past.

This younger generation is coming up with a

fresh perspective in attacking the problem

from a very different angle. I think we need

to create that culture within our company.

TT: The diversity of Raytheon’s workforce

continues to grow, and with it, opportunities

to broaden the company’s scope of expertise

in many areas. How do you build productive,

diverse teams and why is it important?

HS: We each have certain experience,

knowledge and education, so diverse teams

are important. There are so many different

ways of looking at the problem and it is the

exact same thing with skill sets. That’s one

of the reasons why the Air Force Scientific

Advisory Board looks across 25 different

disciplines and finds people from across very

broad, diverse backgrounds. The problems

that are brought to us are very difficult,

and I’d rather have a room full of people

with very diverse backgrounds thinking very

differently to try to come up with solutions.

TT: Can you share an experience that

helped provide you inspiration or guidance?

HS: I have always tried to have a mentor in

my career, and talk to somebody who is

probably two levels up, because I like to

have somebody that has a broader perspective.

We’ll periodically chat about career

prospects, what you’re doing and whether

you ought to do something else.

TT: What are the ways we as professionals

can help youngsters get excited about

math and science?

HS: I think you have to make the problem

interesting. I applaud DARPA for having a

Grand Challenge competition, in which

participants design an unmanned robotic

vehicle to travel a course. So what you

have to do is create challenges and incite

their curiosity. Kids are very curious about

things and incredibly creative. If you make

the problem interesting enough, you will

gain their interest. You have to capture

them at an early age. Bottom line: Help the

kids get interested in a little problem.

Challenge them and make it fun. •


Warfighter Challenges

in Urban Environments

Today’s warfighter faces many challenges

in the urban environment. Usually, these

challenges stem from having to relearn lessons

from bygone events and yet accommodate

the influx of innovations in technology

and emergent social context.

The relearning comes about primarily from

the transition of traditional force-on-force

encounters — which still must be executed

and effectively managed — into the much

publicized re-emergent asymmetric interactions.

Historically, our warfighters have intimately

known asymmetric warfare and its

derivatives. During the Revolutionary War,

the Minutemen displayed the power of

asymmetric warfare against the British.

During World War II, as the allies advanced

across Europe, the warfare devolved into

the house-by-house urban conflicts resembling

today’s engagements.

But much is different as well. New locations

with new cultures provide challenges that

previously have not been encountered, or

have little commonality in social structures

and norms. In short, the evolution of technology

across the globe has developed

other new challenges — both as capabilities

for, and obstacles to, the warfighter.

One of the most significant recent operational

challenges is the integration and transition

of the operational environment into a

continuum, with the open-field foreign

force projection of traditional warfare on

one end, and the civil support aspects of

homeland defense and homeland security

domains at the other. This merged environment

isn’t the familiar force-on-force scenario

complete with neutral parties and

bystanders; rather it’s a complex environment

of socially ambiguous people groups

and multifaceted structures and subterranean

areas. Phrases like PMESII (political,

military, economic, social, information,

infrastructure), DIME (diplomatic, informa-

Y E S T E R D A Y … T O D A Y … T O M O R R O W


Foreign Ops Homeland Defense Ops Homeland Security Ops Civil Ops

3 Block War Stabilization Disaster Response

Force on Force Asymmetric


tion, military, economic) and MIDLIFE (military,

information, diplomatic, law enforcement,

information warfare, financial, economic)

are used to illustrate the complexity

of the problem sets being addressed across

strategic, operational and tactical levels.

The modern-day warfighter is further challenged

with increasing shifts in technology

and operational tempo. On one side, technology

migration favorably impacts capabilities

available to the warfighter. However,

these technologies often have deployment

processes and availability time cycles that

become problematic in the face of evolving

operational tempos and the asymmetric

enemy’s adaptability. These detrimental

deployment-driven effects on the warfighter

are exacerbated by trends to increase the

efficiency of our troops. In other words, the

expectation is to accomplish more with less by

engaging fewer people (but with more skills

individually), less equipment, less organizational

structure and lower cost of execution.

One particularly ubiquitous technology need

is in the area of communications and the

related field of interoperability.

Communications needs are escalating —

Military Operations

Other Than War

The problem space being addressed by the warfighter has expanded significantly.

more bits are needed by more users who

are working in a more net-centric environment.

This communication capability is also

needed in very harsh, communication-dense

urban terrains with complex building structures

to be traversed. In this environment,

there is very little tolerance to latency, data

loss, and information and presence compromise.

On the other hand, these communications

and information-sharing networks

need to interoperate with, and quickly

adapt to, more systems, groups and

domains than ever before. Additionally, policies

that enable these technologies for

deployment are slow to change, because

demonstrated improvement is required

before lives are put on the line.

Although today’s evolving landscape is challenging

for the warfighter to navigate, there

are mechanisms, born from technology, that

are available to help. One mechanism is

truly a recent addition to the world’s arsenal:

net-centric capabilities. Not only does

this general approach — brought about by

unprecedented levels of information connectivity

— provide operational advantages

to the warfighter operating in command

Continued on page 24


Continued from page 23

and control echelon levels, but it also provides

significant opportunities to the individual

on the front line. Furthermore, net

centricity provides unprecedented capabilities

to validate the operational utility of

these same technologies and emergent

methodologies prior to deployment. Thus,

it validates Mission Assurance and the

effectiveness of solutions, from the frontline

warfighters’ environment through all

levels of upper command operations.

The recent Cooperative Research and

Development Agreement (CRADA) between

JFCOM and Raytheon is oriented toward

establishing the framework and supporting

mechanisms to allow just such a RDT&E

capability for urban environments. This

CRADA, titled Networked Urban Operations

Test Bed (NUOTB), is establishing an open

access framework to capitalize on existing

sites through the exploitation of networks.

By networking training environments,

acquisition authorities, and technology

providers into a cohesive environment and

process, complex system solutions can be

quickly evaluated, operationally validated

and readied for deployment to the by the

using customer throughout the RDT&E evolution.

By embedding technology testing,

evaluation and product evolution as part of

the existing training skills development of

the end user community, the operational

utility is aligned with the evolution of the

conflict area. And by embedding the

acquisition process up front in the other

areas, the customers DOTMLPF (Doctrine,

Organization, Training, Materiel,

Leadership, Personnel, Facilities) concerns

are addressed early, and therefore the

“Need” to “Deployed Solution” cycle can

be shortened significantly. Furthermore,

solutions in this environment can be scrutinized

not only for tactical effectiveness, but

for operations and strategic levels of effectiveness

as well.

Although challenges still exist and continue

to evolve, our nation is developing solutions

to meet these challenges at the technology

level, the employment level, the effect level

and the timeliness level. The real challenge

is expending enough effort to bring these

solutions to bear. •

Timothy R. Morris





After Solid Success

Raytheon Presses Forward With MDA

Model-driven architecture (MDA ® ) is an

established software development methodology

put into practice across Raytheon’s

businesses. Raytheon Missile Systems (MS)

has been using MDA for more than 10

years; Integrated Defense Systems (IDS) has

a half-dozen projects where contractually

delivered software has been developed

from MDA (each at a greater productivity

level than traditional software methods);

and Network Centric Systems (NCS) has an

initiative to have MDA deployed at each of

their sites across the country.

As such, Raytheon engineers and other

experts have authored a number of papers

and presentations touting the benefits of

MDA. These benefits include:

• An increase in productivity

• A decrease in defects

• Better communication between systems

and software engineering

• Better communication with our customers

• An increase in reuse and product line


• Portability

For these reasons, the adoption of MDA

may be inevitable. The most compelling

argument for its adoption, though, might

be that our customers are beginning to

demand it.

As the value and maturity of MDA is

increasingly recognized, the larger question

becomes: “Should the government make

the delivery of compilable models a contractual

requirement?” Based on Raytheon’s

MDA briefings to Pentagon representatives

and the Office of Naval Research, the message

is now clear. The acquisition offices of

the DoD are seriously considering the productivity

improvement, the software quality



Transportation Health Care



Space Model-Driven Telecom


and the potential for reuse that represent

the promise of MDA.

From a business perspective, an argument

can be made that the industry transition

from current software development

practices to MDA is similar in nature to

the adoption of the Capability Maturity

Model (CMM ® ).

When the CMM was first released in the

early 1990s by the Software Engineering

Institute (SEI) at Carnegie-Mellon University,

acceptance ranged from total buy-in to outright

hostility. The norm may have been

somewhere in the middle, between cautious

optimism and mindful skepticism. All

arguments were settled when various government

factions required CMM certification

as part of the acquisition process.

As the customer community explores the

possibility of requiring MDA products as

deliverables, Raytheon will continue to

expand the use of this technology.

Our continued success with model-driven

architecture is based on a practical strategy.

After pathfinding the new technology on

several internal research and development

projects in IDS, MS and NCS, we started

Y E S T E R D A Y … T O D A Y … T O M O R R O W

Short-term Benefits

Faster Code Development (>2x)

Lower Defect Rate (up to 90%)

Automated Documentation

Earlier Testing (before HW is available)

Automated Testing

Long-term Benefits

applying MDA selectively to customer-funded

programs and delivering software developed

with MDA. We have successfully integrated

new MDA components with legacyreused

components, COTS and GOTS into

deliverable systems. As we continue down

this path, we are building an ever-larger

team of MDA experts at Raytheon, and

applying it to larger and larger problems.

To facilitate the transition, we have:




Production Quality Software

• Developed detailed deployment guides in

both NCS and IDS, specific to the

toolsets being used

• Updated process documents to include

the use of MDA and created sample

process documentation

• Established a Raytheon-wide working

group to produce a pamphlet that is

tool-agnostic and will standardize the

use of MDA across Raytheon

• Developed training courses

• Standardized the metrics to be collected

and shared for MDA programs

• Conducted ongoing work with vendors

to guide tool development

• Conducted ongoing work with the

Object Management Group to guide

standards development



Raytheon realizes strategic and tactical benefits by leveraging separation of concerns

delivered by MDA.

• Established a Raytheon-wide repository

of MDA-related data

• Held a Raytheon-wide MDA workshop in

2006 to share information and tackle

issues like process and tool standardization

Raytheon has a diverse development community

serving different customers, providing

a range of software capabilities. To help

propagate our MDA successes and lessons

learned across our development organizations,

we have implemented a multipronged

communications strategy:

Raytheon has developed overview training

targeted to Integrated Product Team

(IPT) leads, department managers and

technical leads.

Y E S T E R D A Y … T O D A Y … T O M O R R O W

• The Real-Time Model-Driven Computing

Technology Interest Group has met

monthly for three years; it also sponsors

a well-attended track of presentations at

two Raytheon symposia each year.

• A Raytheon intranet website on MDA

provides links to internal and external

MDA sources and experts.

Raytheon IDS funds travel to customer

sites, the Pentagon and Raytheon

Technology Days events to present our

experiences to interested customers.

What does all this mean to our customers?

It means that we are tremendously encouraged

by our successes to date, and we plan

to grow those successes by making higher

quality software — while still reducing the

cost to our customers. If the customer community

requires a transition to MDA, then

Raytheon is ready. Regardless of mandates,

we are prepared to champion the implementation

of this proven technology.

For more information, visit the IDS Software

Engineering Directorate MDA website at


DrivenArchitecture.html or the Real-Time

Model-Driven Computing TIG website at


pstn/runtime.htm. Also visit the Object

Management Group MDA standard at

http://www.omg.org/mda. •

Ken Neidorf


Terri Potts




Fiber Communication Technology

Benefits Eye-Safe Laser Development

Over the past couple of decades, an

enormous amount of effort and investment

has been made in the area of fiber optic

communications technology and equipment.

This area is now providing a great

deal of benefit toward the development of

the next generation of highly efficient and

compact eye-safe laser sources.

Existing Eye-Safe Tactical Laser


Most existing eye-safe tactical laser systems

start out with a non-eye-safe Nd:YAG laser

source that transmits at 1.064 micron. The

non-eye-safe wavelength is then converted

to an eye-safe wavelength using a Raman

cell (1.54 micron) or an Optical Parametric

Oscillator (OPO) that emits at 1.57 micron.

These conversion techniques are effective but

are inefficient, add weight and consume

additional space. Wall plug efficiency of a

system like this is generally around 8 percent.

Adapting Fiber Communication

Hardware for Tactical Eye-safe Lasers

Erbium-doped fiber amplifiers (EDFA) have

become a main component of the telecommunications

industry. A typical EDFA in

telecommunications is used to amplify a

signal to be transmitted over extended

distances. Telecom uses erbium-doped

silica fibers that transmit in the Near

Infrared (NIR), because they have less

attenuation and dispersion than visible.

Also EDFAs intrinsically transmit in this

same NIR region.



Diode Pump Source

• 1480 nm

• 980nm



• 1538 nm, C-Band

• 1617 nm, L-Band

Figure 1. Simple Er-doped fiber amplifier


Corner Cube

Er:YAG Laser Rod


Assembly Pump Diodes

1480 nm

Figure 2. Direct eye-safe 1.617 um laser resonator

The laser diode pump sources with output

wavelengths of either 1480 or 980

nanometers are used to optically pump the

erbium-doped fiber and provide a significant

(30 dB) signal gain out of the overall

amplifier at 1538 or 1617 nanometers. Both

of these diode sources are widely available

today because of the investments made by

the telecommunications industry. The 1538

nanometer output is within the C-Band or

conventional band (C-Band: 1530-1570 nm)

of operation. The 1617 nm output is within

the L-Band, or long band (L-Band: 1570-

1620 nm) of operation.

980 Nanometer GaAs vs. 1480

Nanometer InP Pump Diodes

The erbium-doped silica fibers have an

extremely long absorption length enabling

practical 980 nm pumping with the higher

maturity GaAs-based diode sources.

Although the quantum efficiency of 980 nm

pumped EDFAs is only ~65 percent, the

overall efficiency of the 980 nm pumped

EDFA is still respectable due to the 100 percent

pump absorption within the long fiber

gain length and high wall-plug efficiencies

(>50 percent) of the 980 nm diodes.

In a bulk Er-doped crystal (e.g. YAG), 980

nm pumping is not practical unless a high

co-doping of Yb is utilized. In crystal hosts,

however, the Yb-Er energy transfer is poor,

therefore rendering this type of pump

implementation impractical for efficient

pumping of bulk lasers. Er-doped crystals

are preferentially pumped at the resonant

state near 1500 nm (1480nm) where the

absorption is much stronger and broader

than at 980 nm. This enables efficient pump

absorption and, therefore, the overall high

efficiency operation of short bulk Er:crystal

E O / L A S E R S

Pump Resonator

Output Coupler

1.617 Microm Output

1.617 um Energy

gain geometries. Pumping an Er:YAG 1617

nm laser with a 1480 nm source correlates

to a very high 92 percent quantum efficiency.

The high quantum efficiency and broad

absorption range of erbium at 1480 nm

makes these diodes an ideal choice for

pumping bulk solid state laser sources for

tactical laser sensor applications.

Although less mature as compared to the

GaAs-based 980nm diodes, the 1480 nm

InP–based diodes are gaining in wall-plug

efficiency and power levels that rival the

980 nm devices. Kilowatt class multi-bar

stack diode arrays are currently available

from a number of suppliers. These larger

packages can be incorporated into solid

state laser transmitters that utilize a much

larger laser gain medium than an erbiumdoped

silica fiber. Gain medium such as a

rod or slab made of Er:YAG are ideal for

these applications. Figure 2 shows a simplified

block diagram of a direct eye-safe

1.617 micron laser. Wall plug efficiency of a

system like this is 35 percent or greater.

Recent development work in this area has

yielded impressive results. An experiment

using a 30 mm long Er:YAG laser rod and

1480 nm pump sources demonstrated 7

watts of average output power at three different

pulse rates (3 kHz, 4 kHz and 5 kHz).

Utilizing this technology, eye-safe laser systems

can be created with significant pulsed

output energies and a variety of pulse formats

that are capable of filling numerous

current and future sensor needs. •

Douglas A. Anderson


Kalin Spariosu


Y E S T E R D A Y … T O D A Y … T O M O R R O W


The Benefits of

Gallium Nitride Technology

In recent years, gallium nitride (GaN)

technology has created quite a stir in the

microwave electronics community, as well

as the press. Here are what industry insiders

are saying about this exciting technology.

“The GaN ‘revolution’ will have an

enormous impact on future military

radar and communication systems.”

– Mark Rosker, DARPA program manager,

CompoundSemiconductor.net, April 2005

“This [GaN] is the leap ahead in

technology, the building blocks for the

next generation of radar.”

– Mark Russell, Raytheon IDS VP of

Engineering, Boston Globe, April 25, 2005

“From broadband wireless to compact

radars, countless future scenarios depend

on the high power and high frequencies

that only gallium nitride can deliver.”

– Lester F. Eastman and Umesh K. Mishra,

IEEE Spectrum, May 2002

What exactly is GaN and why is everyone so

excited about its potential? Like silicon and

gallium arsenide (GaAs), gallium nitride is a

semiconductor transistor technology. GaN

transistors, however, have a high frequency

power handling capability well beyond silicon,

GaAs or any other semiconductor yet

fabricated. This capability will make it the

technology of choice for the monolithic

microwave integrated circuits (MMICs) that

are the building blocks of the RF portions of

next-generation defense systems. Use of

GaN MMICs will lead to weight, range, sensitivity,

prime power, cooling and cost

advantages at the system level.

GaN’s material properties allow it to support

device operation at much higher voltages

than the GaAs that dominates today’s

defense systems. GaN MMICs easily operate

at 28 volts, have ~2 times the maximum

channel current and can produce five to 10

times the power (with comparable gain and

efficiency) of an equivalently sized GaAs

MMIC typically operating at less than 10 volts.

So-called high voltage GaAs pHEMT MMICs

can be engineered to operate at higher

voltage (10 to 20 volts) but at the expense

of operating current, limiting power density

to 1.5 to 2 times that of a typical GaAs

pHEMT. Amplifiers of equivalent total power

can be made more compactly using GaN

because of the higher GaN power density.

In addition, the higher voltage of GaN

results in higher matching impedance,

which enables broader bandwidth design

than GaAs. Table 1 compares GaAs and

GaN device properties.

Table 1. GaN vs. GaAs comparison

Parameter GaAs GaN




0.5 – 1.5 W/mm 3 – 6 W/mm

Operating 5 – 20 V 28 – 48 Voltage



20 – 40V > 100V



~ 0.5 A/mm ~1 A/mm




47 390(z)/490 (SiC)

Raytheon’s Leadership Position

Raytheon RF Components (RRFC) center has

a long history of providing enabling

microwave and millimeter wave semiconductor

technology. GaAs MESFET (metal

semiconductor field effect transistor) MMICs

developed at Raytheon enabled the first

MMIC-based solid state radar, the Ground

Based Radar (awarded to Raytheon in

1991). But even at the time of this award,

RRFC was developing an improved technology

known as GaAs pseudomorphic high

electron mobility transistors (pHEMTs),

which allowed Raytheon to offer its Army

customer a substantial improvement in

Y E S T E R D A Y … T O D A Y … T O M O R R O W


system sensitivity at no increase in cost

(THAAD). Now, RRFC is leading the development

of GaN MMIC technology to

enable the next generation of military radar,

communications, electronic warfare and

missile systems.

Raytheon is one of three prime contractors

awarded the DARPA Wide Bandgap

Semiconductor Phase 2 program. On this

program, Raytheon is teamed with Cree to

demonstrate state-of-the-art X-band GaN

transistor and MMIC performance. The

aggressive program goals include the demonstration

of a reliable, 1.25 mm periphery unit

cell transistor operating at 40V with 6.4W/mm

of output power, 60 percent power added

efficiency (PAE) and 12 dB of gain at 10 GHz.

The Raytheon team is already well on its way

to achieving these goals, having already

passed the program’s interim goals of

demonstrating 1.25 mm periphery unit cell

transistors operating at 28V with greater

than 5W/mm of output power, 55 percent

PAE, and 10 dB of gain at 10 GHz.

Figure 1. Fixtured GaN MMIC

In terms of reliability, Raytheon’s GaN is

state-of-the-art. As announced in a January

2007 press release, more than 8,000 hours of

successful RF operational testing on 28V fixtured

GaN MMICs (see Figure 1) have been

Continued on page 28



Continued from page 27

completed, affirming Raytheon’s leadership

position in the development of this technology.

This testing was done at elevated temperatures

and operating conditions to simulate

performance over a much longer period

of time. Three temperature DC Arrhenius

tests of Raytheon’s 28V GaN have also been

completed, and the results predict a mean

time to failure (MTTF) of greater than 1 million

hours at a standard transistor channel

temperature of 150 Celsius. These test

results have given Raytheon customers confidence

in the use of Raytheon’s GaN for

future defense systems.

To support these efforts, RRFC is presently

transitioning the fabrication of GaN MMICs

into its high-volume 100 mm diameter wafer

production fabrication facility (see Figure 2).

This transition will make GaN available with

the quality (RF performance, reliability and

yield), quantity and affordability necessary

to support systems requirements.

Figure 2. A 100 mm diameter GaN wafer

produced at RRFC

GaN is a disruptive high-power semiconductor

technology that will enable a new class of

microwave and millimeter wave RF systems

envisioned for the near future. Raytheon is at

the forefront of GaN development, having

demonstrated outstanding microwave performance

and industry-leading reliability.

This performance gives Raytheon a strategic

advantage in the development of nextgeneration

defense systems.

Nick Kolias





Materials That Perform the Impossible

Imagine if you could create a

“cloaking” device by surrounding an

object with a new and special material.

How would you design an optical

system if the lenses could be any

shape and size you desired?

How could you utilize an antenna

that conforms to the shape of

an airframe?

Would a material that converts waste

heat into THz energy (with no

moving parts) be of interest to you?

These are just a few of the advanced

concepts made possible by a new technology

field that merges physics and materials

science. This wide-ranging field, called

“metamaterials,” bases macroscopic

behaviors on nano-scale building blocks.

The metamaterials field is now being studied

worldwide at universities and

companies including Raytheon.

Metamaterials are materials that gain their

properties from their periodic structure,

rather than from their composition —

particularly when the resulting properties

are not found in naturally formed substances.

For example, index of refraction,

a property used to describe how light is

bent as it passes through an interface

between two materials, is traditionally a

positive number between 1.0 and 4.0.

Metamaterials can effectively create

negative indices of refraction (so-called

“left-handed” materials). Since the index

of refraction is also directly related to

permittivity (dielectric constant) and magnetic

permeability, these same unusual

behaviors open up entirely new possibilities

in materials and structures exposed to

any form of electromagnetic energy.

Investigators have found, for example, that

creating controlled patterns of defects in

materials — where the defects are of the

same scale as the wavelengths of the

energy they wish to control — can be

used to channel energy much as waveguides

are used. Similarly, split-ring

formations etched on printed wiring

The effects of a the typical refraction of an object in a positive index of refraction material

(left) compared with the effect of a negative index of refraction material. (Courtesy of W.

Padilla, Boston College and D. Smith, Duke University)

Y E S T E R D A Y … T O D A Y … T O M O R R O W

µ, ε Space

k = ω εµ

M A T E R I A L S & S T R U C T U R E S

No propagation


substrates on a scale matching the wavelengths

of RF energy can create strong

responses in specific frequencies, causing

them to act as antennas.

This past March, a group of Raytheon engineers

converged in Dallas to participate in

a metamaterials workshop. The engineers

listened to academia and industry experts

discuss the current state-of-the-art technologies,

as well as potential applications

for Raytheon products. Representatives

from across Raytheon also described ongoing

or planned efforts in metamaterials in

their respective businesses.

New developments and ideas are continually

being announced in the metamaterials

field. Fortunately, Raytheon’s expertise

in sensor and RF circuit design and

fabrication is an ideal fit for this exciting

new technology.

No propagation

Waves in Media:


2 ∂ E

∇ E = εµ 2


n = εµ

The behavior of electromagnetic waves with effective negative permeability (ε) and permittivity

(µ). Waves will propagate in regions when both values are positive or both negative. (Portions

borrowed from V.G. Veselago, Sov. Phys. USPEKHI 10, 509 (1968))

A photograph of an early split ring oscillator

array usable in creating antennas with

nearly flat profiles. (Courtesy of D.R. Smith,

W. J. Padilla, D.C. Vier, S. C. Nemat-Nasser,

S. Schultz, Phys. Rev. Lett. 84, 4184, (2000))

For more information, contact Bill Owens at

520.545.9528 or wrowens@raytheon.com.

Steve Tunick


Y E S T E R D A Y … T O D A Y … T O M O R R O W


Upcoming Engineering and

Technology External Events

American Institute of

Aeronautics and Astronautics

(AIAA) Space 2007 Conference

and Exposition

Sept. 18–20, 2007

Long Beach, California


CMMI® Technology Conference

and User Group

Nov. 12–15, 2007

Hyatt Regency Tech Center

Denver, Colorado







Raytheon Enterprise Process Group Workshop:

The Good, the Bad and the Ugly

The Enterprise Process Group (EPG) actively

supports, facilitates and executes the

Integrated Product Development Process

(IPDS) development, management and

improvement activities. It is organized to

facilitate the employment and institutionalization

of process goals, objectives, directives

and activities across our company.

The EPG at Missile Systems (MS) is an enterprise-wide

group that is responsible for all

the processes associated with IPDS. They are

responsible for supporting the maintenance,

sustainment and improvement of those

processes. More importantly, they do it by listening

to the customer base — namely, the

program managers, chief engineers and

other key personnel. By making constant

improvements, they help keep infrastructure

fresh and value-added for the business.

This year, MS sponsored the 6th annual

Raytheon EPG Workshop in Tucson, Ariz.,

April 17–18, which was attended by 134 participants.

The event’s theme, “The Good, The

Bad and The Ugly,” was a light-hearted nod

to Raytheon’s current process behavior. One

of the event’s highlights was an entertaining

seven-act drama called “The Initiative,” which

was performed by conference committee members

throughout the two days.

According to Michael Scott, the workshop

sponsor, EPG is really a collaboration of all

the process professionals at Raytheon striving

toward common process improvement.

“That’s why we put on these kinds of events:

to give us some opportunity to get together

and share our lessons learned,” said Scott.

“The workshops are greatly beneficial.

What’s mostly valuable, I think, is establishing

those people-to-people networks, learning

about other people, meeting other people

and then engaging with them after the


The event’s keynote speaker was Raytheon’s

Don McMonagle, a former astronaut at

NASA who flew as a mission specialist on the

space shuttle Discovery, piloted the shuttle

Endeavor and commanded the shuttle

Atlantis. “Its all about anticipating problems


and communicating knowledgeably with the

effective communication of people,” said

McMonagle. He went on to stress the need

to focus on strategically marketing IPDS and

process-driven behavior and adoption.

Ron Carsten, chief engineer at MS, delivered

a presentation called “The Challenge of a

Knowledge-Based Process.” In it, he indicated

that one of the problems we face with

process-driven behavior is forcing the process

people to be in more of a push mode, rather

than having the programs in a pull mode.

Like McMonagle, Carsten contends that we

do not market our product effectively.

“There’s no activity that I can see, for marketing

our tools.”

Active marketing is really about understanding

customer needs and then helping them

with a solution. Providing a champion to

meet with the customers will instill ownership,

as well as provide them the assurance

that they are speaking with someone who

actually understands and can help bring

resolution to their problems.

Eric Ziegler, Raytheon’s process project manager

and presenter of “IPDS v3.x: Law &

Order in the Wild West,” had this to say

about IPDS v3: “We’re definitely striving to

get the top layer of IPDS to be more streamlined,

so that it’s more representative of what

happens on a generic program.”

An EPG council, consisting of enterprise

process leaders from across Raytheon, is in

the initial stages of being formed. With its

varied resources, the council will address several

key issues now facing Raytheon, including

CMMI ® , Mission Assurance and AS9100.

To access the presentations from the 2007

EPG Workshop, visit:



To view additional EPG information, visit the

Technology & Process Library Web page at


5/tab5.htm. •

Marcilene Pribonic


2007 SEPG


Continuing its longstanding relationship

with Carnegie Mellon University’s Software

Engineering Institute (SEI), Raytheon made

a strong showing at the SEI-sponsored

Software Engineering Process Group (SEPG)

Conference in Austin, Texas, on March 26.

The conference, now in its 20th year, is

dedicated to highlighting the latest trends,

techniques and technologies in systems and

software process improvement.

More than 1,500 government and industry

experts from around the world participated

in the conference’s 170 lectures, presentations,

panel events and exhibits. Attendees

arrived at the SEPG Conference in search of

innovative methods of transforming software

and systems performance in industry and

government. They left as agents of change,

armed with new ideas, skills and contacts.

Presenters included Mary Balboni, who

discussed the use of agile techniques to

improve systems engineering processes,

and Kathryn Kirby, who addressed representative

sampling for enterprise CMMI ®

appraisals. Both speakers were from

Raytheon’s Intelligence and Information

Systems business.

The SEI operates at the leading edge of

technical innovation. They have advanced

software engineering principles and practices

and have served as a national resource

in software engineering, computer security

and process improvement. The SEI works

closely with defense and government

organizations, industry and academia to

continually improve software-intensive systems

through research, pilot programs,

knowledge sharing and best practices. •

2006 Excellence in

Engineering and

Technology Awards

The Smithsonian Institution’s National Air

and Space Museum in Washington, D.C.,

was the setting for the Raytheon Excellence

in Engineering and Technology Awards ceremony.

Seventy-eight people were recognized

for their outstanding technical

achievements at the April 11, 2007 event,

which attracted the Raytheon leadership

team, customers, colleagues and guests.

The awards are Raytheon’s highest technical

honors, and the 2006 winners comprise

15 team and six individual examples of

excellence. They hail from across the company

including two “One Company” teams

with members from multiple businesses, a

team from Raytheon Systems Limited and a

team representing Information Technology.

During the evening program’s opening

remarks, Taylor W. Lawrence, vice president

of Engineering, Technology and Mission

Assurance, celebrated the anniversary of

his first day on the job — the 2005 awards

ceremony. He recounted the incredible

accomplishments the award winners

achieved in just one year, and what

Raytheon, as a company, achieved in the

last year. He noted how we are driving

change, and how we are driven by it,

requiring us to continue to excel and innovate

for the success of our company and

our customers.

The evening’s keynote was delivered by

Raytheon Chairman and CEO Bill Swanson,

who spoke about his childhood fascination

with the way things work — a major factor

in his decision to pursue an engineering

career. This inquisitiveness, he said, is a cornerstone

of the way engineers turn ideas

into functioning technology and solutions.

He also noted that making new connections

is an important part of innovation. To

illustrate this point, Swanson juxtaposed a

series of images from the Hubble telescope

with similar unnamed images here on Earth.

Raytheon congratulates and applauds this

year’s winners for helping keep Raytheon on

the leading edge of innovation. To view the

complete list of winners, visit the Raytheon

Excellence in Engineering and Technology

Awards intranet spotlight feature at

http://home.ray.com/feature/rtn07_eiet07. •







CFM Strategy

CHAIN High Assurance APIs for MS Office

and Web Publishing Environments Team

Russell A. Hendrickson, Robert C. Moehl, Thomas

Farley, Frank L. Prioleau Jr., Tyson D. Vooge

This team was honored for developing the

Compartmented High Assurance Information

Network (CHAIN), resulting in Raytheon winning the

$56 million DARPA Classified IT services contract.

CHAIN provides breakthrough sharing abilities to

users operating at high classification levels across

compartments. The team integrated security services

with Microsoft applications and created a

life-cycle Web-publishing environment offering

commercial IT quality collaboration services with

Protection Level 3+ accreditation. The unprecedented

combination of strong security, familiar

office capabilities and maintainability was the key

to winning the $56 million DARPA contract.

“Working on IRADS can be both exhilarating, as

new concepts are explored, and challenging,

since a diverse team with different skills must

come together to solve customer challenges,”

said team member Robert Moehl.

CHAIN was selected as the worldwide collaboration

environment for Coalition Warfighter

Interoperability Demonstration 2007, a forum for

new and emerging technologies to be used and

evaluated by operators from all armed services,

DoD agencies and coalition members. CHAIN

establishes Raytheon as a provider of leadingedge

information assurance solutions validated to

meet compartmented and multilevel secure


“For the CHAIN team, our most critical challenges

were the availability of skilled subject matter

experts and training on new technologies and

products,” said Moehl. “The CHAIN IRAD team

has and continues to be in high demand on programs

like DARPA, Firewalker and Starburst, as

well as supporting proposal efforts.”


Driving Innovation Into Everything We Do

Highlighted below are three of the 15 teams who captured awards at Raytheon’s Excellence in

Engineering and Technology Awards, held April 11, 2007. The award is Raytheon’s highest honor for

technical achievement that contributes to the company’s success and continued growth.

Each winning team is responsible for keeping the company on the leading edge of innovation so we can

meet our customers’ evolving needs. Moreover, their outstanding performance challenges the entire company

to meet and exceed the new standard of excellence they have set.

Project JFires Team

Kenneth L. Pratte, Philip M. Green, Christopher

Dow, Dennis E. Woods, F. Allen Bouressa

The Project JFires team received their award for

designing a prototype Department of Defense

(DoD) Protection Level 3 system capable of interconnecting

multiservice networks and demonstrating

joint interoperable functionality.

The Project JFires team successfully partnered

with Raytheon Integrated Defense Systems

Security, the Defense Security Service and local

Raytheon site security offices to achieve

Raytheon’s goal: establishing an infrastructure to

prototype, evaluate and demonstrate joint interoperable

functionality to improve and extend

warfighter capability.

“With JFires, everything is new, often never done

before, and a big challenge — but with a potential

huge payoff for our customers and warfighters,”

said Robert Wilcox, JFires Integration of

Labs (IOL) IPT lead. “That’s what it’s all about.

We have to consistently run at faster than Ramp

Speed; we call it JFires Speed, and we love it! As

is often said in the Navy, a ship underway makes

a wake. And believe me, JFires knows how to

make a wake!”

Global Information Grid (GIG) Appliance

Demonstrator Team

Michael J. Townsend, Danion T. Dugger, Mark A.

Phelps, Brian L. Bultemeier, Charles S. Kuehl

These five dedicated engineers were acknowledged

for developing the Global Information Grid

(GIG) Appliance Demonstrator — a secure, COTSbased

publish-and-subscribe mechanism that

enhances situational awareness and supports the

migration of legacy avionics systems to Service-

Oriented Architecture, Internet Protocol networks.

The GIG Appliance Demonstrator serves as a

presentation layer for warfighters to connect to

the GIG to share or receive sensor information

needed to enhance situational awareness. The

GIG Appliance Demonstrator team designed it to

support legacy avionics system migration to

Service-Oriented Architecture, Internet Protocol

networks, and to provide systems that upgrade

easily, adapt to evolving commercial technology

and resist short-term obsolescence.

The COTS-based GIG Appliance can affordably

morph into any required form factor, level of enduser

network capability, and command/control

human interface under a multilayer of security.

“The greatest obstacle our team faced in developing

our COTS demonstrator for the AF Airborne

CRADA Capstone Flight Test event,” said Charles

Kuehl, the team’s principal systems architect and

systems engineer, “was establishing our system’s

networking value to airborne RF communications,

using the OSD NetCentric Checklist guidance to

support our SOA telecommunications development


“After an exhaustive team-coordinated approach in

defining what OSD’s GIG publishing and consuming

really encompasses, a ‘Customer Vision of GIG

Deployment’ conops document was developed for

IPDS Gate 6 to provide our team some NetCentric

Checklist (Data & Transport Tenets) requirements

clarity on how the customer is envisioning GIG

‘Edge’ Interoperability for the warfighter.”

Getting to Know Your Raytheon Certified Architects

The Raytheon Certified Architect Program (RCAP) is the culmination of Raytheon’s systems architecting

learning curriculum. RCAP focuses on providing our customers with the expertise needed to support their

long-term transformational goals. In recognition of their certification, we continue to highlight our

Raytheon certified architects.

Edwin Lee

Senior Principal

Engineer, Space and

Airborne Systems –

Years with Raytheon: 20

Q: Can you tell us about

your current program?

A: My current program

is called the Raytheon

Reference Architecture Enterprise Campaign,

Hard Real-Time. It just started this year. Before

that, I worked on the Raytheon St. George

Enterprise Campaign for two years. Enterprise

campaigns are corporate-level programs with

participation from all Raytheon businesses.

Q: In terms of the three pillars of Customer

Focused Marketing (CFM) — Performance,

Relationships and Solutions — what’s been

lacking in your current role, and what has

worked well?

A: In my current role as IPT lead, my customers

include stakeholders in the Corporate

and Local Technology, Business Development,

and Engineering areas. Trying to satisfy the

needs of all these areas and promoting the

use of our product (Reference Architecture)

has been challenging due to its exploratory

and “disruptive” nature. On the other hand,

by using a combination of remote collaboration

(using tools such as teleconference and

Sametime), face-to-face meetings, workshops

and awareness seminars, we are producing

good results.

Q: How would you improve Raytheon’s

Performance, Relationships and Solutions?

A: Get out of the comfort zone, think out of the

box, reach out to peers and other experts across

the company, and participate in community

activities inside and outside of the company.

Most of all, share, collaborate and leverage

with each other to create a “force multiplier.”

Q: How do you see CFM affecting the future?

A: CFM will still be a key measure of customer

satisfaction. In fact, I believe it will become

more critical in the future because the market-

place will be open to more competition, and

customer expectations will continue to increase

in terms of fast turnaround time and costeffective


Q: What about your job keeps you up at night?

A: There are indeed moments when my job

keeps me up at night. Luckily, they’re mostly

good moments when I found a solution to a

problem or have a creative idea for expressing a

concept. I like those moments! However, there

are also moments when I feel like pulling my

hair out searching for an answer.

Q: How would you describe your job


A: My job has no requirements in the traditional

sense. Only very high level guidelines

and objectives are given. That leaves lots of

room to explore, investigate and create, along

with opportunities for problem solving. I think

“degree of challenge” could be a good job

parameter; the other one may be “opportunity

of innovation.”

Mike Stemig

Program Chief

Engineer, Space and

Airborne Systems –

Years with Raytheon: 23

Q: How long have you

been working with your

current program?

A: My current program

is Silverthorn, and I’ve been working on it

from the proposal stage in January 2005

through the present time. Our Period of

Performance lasts through 2012, so it’s a fairly

long program. Since early this year, I’ve taken

on the role of being a program chief engineer.

It’s a relatively new role within SAS, and I’m

excited about being on the frontier, both technically

and organizationally.

Q: Why do you think you have excelled in

your career?

A: Early in my career, I benefited from identifying

role models for myself, people who were

at higher levels of the business and who exhibited

traits I admired. They would be my measuring

sticks, and although I may never fully

measure up to the gold standard, I knew that

every step I made toward it would help me.

On the technology side, the two people I tried

to measure myself against were Joel Mellema

and Mike Wong. Both gentlemen are awesome

technically, wonderful communicators, and

always enable a positive teaming experience by

treating everyone at all levels of the organization

with respect. Organizationally, my measuring

sticks are Debbie Ybarra and Steve

Jackson. From them, I’ve learned enterprise

perspective, collaborative leadership, and organizational

excellence. All four have the ability

to see the forest … and the trees.

Q: What advice would you offer to enhance

Performance, Relationships and Solutions?

A: Find ways to fill the white space — and

architects are ideally suited to filling the white

space. As engineers, people want to draw a

clean boundary around their components and

make sure they have everything covered.

Everyone’s components may work great on

their own, but when it comes together into a

higher level product or system, it may not

work at all. The architect’s role is to make sure

that doesn’t happen. Organizationally, the

same thing can happen, and someone has to be

willing to fill the white space. You can learn a

lot by filling the white space, and the teams

you participate in or lead will be more successful

because of that.

Q: What about your job excites you? What

concerns you?

A: Interestingly enough, the same things both

excite me and concern me. System Integrity

Programs has experienced amazing growth

over the last four years. We’re a world-class

leader in a key domain that’s in high demand.

So every day, there’s interesting work waiting

for me when I walk through the door. Every

night, when I go home, I’m afraid there will

be even more interesting work the next day.

I’m usually right!



New IPDS Version

Delivers a Streamlined Process Foundation

IPDS — we love it, we hate it.

We follow its precepts (usually)

and get the desired, predictable

results that our customers expect

from our products and services.

But how rewarding (or painful)

was the journey through that

process? Or more importantly,

was the process rigorous and

flexible enough to achieve performance

excellence without

sacrificing agility and speed?

The Need for Change

There’s a fine line between maintaining

process discipline and allowing freedom to

operate unencumbered — a line that must

be held tight to achieve real business success.

On one hand, when discipline is not

maintained, processes are loosely followed

or not documented, which in turn results in

cost overruns, poor performance history,

diminished customer confidence and

reduced profit margin. On the other hand,

when the process becomes too unwieldy

and restrictive, the results can be just as

detrimental, including:

• A process that is open to many


• Sub-processes that are not easily

understood or followed

• A process that’s difficult to navigate and

find what you need

• Redundant task descriptors that

often overlap

A New Approach

With the release of IPDS version 3.2, a

major focus has been to transform the

Integrated Product Development Process

(IPDP) into a concise, integrated common


process. This can be achieved by implementing

the following:

• A common, tailorable process across

all businesses describing what is required

to capture, execute and support any


• A focus on clarity of direction vs. verbose

narrative process descriptions

• A focus on integrating essential “whats”

from sub-processes

• A more useful set of results of IPDP

tailoring for program planning

Additionally, the Process Asset Library (PAL)

will promote more commonality while

acknowledging business preferences. The

PAL consists of common and businessunique

assets describing how IPDP tasks are

executed within programs. All assets share

a common framework and are associated

with the tasks they intend to help execute.

The Benefits

So how will version 3.2 make a difference?

The improvements will be evident in a more

streamlined, user-friendly IPDS that performs

these functions:

• Makes it easier for users to see what

needs to be done and how it fits into the

flow of a program

• Facilitates building an Integrated Master

Schedule and identifies the enablers that

implement tasks

• Allows programs to see an integrated

flow of tasks as the program progresses

• Eliminates redundancy, speeds tailoring

and supports key work products

• Makes related processes available

without cluttering the IPDP layer with

redundant content


One of the most significant changes to

complement IPDS version 3.2 is the implementation

of a new governance model. The

need for a new model was underscored by

IPDS Governance Model as of IPDS v3.2

Key Functional






IPDP Content


Council CCBs


Business Development

Supply Chain Management




some specific inadequacies in the current

process. A few of these inadequacies

included lack of sufficient stakeholder

involvement on process changes, confused

responsibilities for shared content, difficulties

with maintaining configuration control,

and difficulties committing and retaining

development resources.

The new model addresses existing concerns

by keeping the IPDP and the PAL process

materials under the control of the IPDS


Architecture/Style Guidance

Approved Changes





Integrated Product Development Process

Configuration Control Board (CCB), corporate-level

council CCBs, or business CCBs.

Endorsement of the IPDP will be given by

consensus of the business CCBs. Likewise,

PAL common content endorsement will

come from business CCBs on an asset-byasset


The real value of the new governance

model comes from allowing business

endorsements to provide insight into the

ROI of “common assets,” which will help

Engineering & Technology Council

Business Process Leads

IPDS Steering Committee





Process Asset Library

Engineering Common Assets

Business Development Common Assets

Supply Chain Common Assets

Operations Common Assets

IDS Assets

IIS Assets

MS Assets

NCS Assets

RTSC Assets

SAS Assets

Integrated Product Development System

IPDS Reqs &

Arch Team

Change Requests

Approved Changes



direct our council process activities. It also

lets us identify and cull uncontrolled

assets, while still allowing users to submit

potential council or business assets for

inclusion in the PAL. Finally, this model will

drive more efficient implementation of

approved changes.

Moving Forward

Each of our Raytheon businesses is making

plans for the implementation of IPDS version

3.2 as a part of its overall process


Business Representation


Architecture Use

Cases Designs

IPDS System



Business CCBs







definition and deployment over the next

few months. In parallel, key roles will be

filled by subject matter experts across the

businesses for the improvement and governance

of the IPDP and the IPDS/PAL system

as a whole. These are critical steps on our

path to deploy a potent combination of

common and business-specific processes

for the benefit of Raytheon programs

and customers. •

Eric Ziegler




R6σ Business Excellence:

Providing Capabilities to Enable Success

The evolution of Raytheon Six Sigma to

a new business-centric operating model has

already made an impact on how businesses

are using it to support strategic priorities.

According to Rusty Patterson, vice president

of Raytheon Six Sigma Business Excellence,

this is only part of a larger transformation

targeted to fuel continuous improvement at


In a synergistic organizational move, R6σ®

Business Excellence was established to provide

a broader spectrum of expertise, capabilities,

tools and processes to enable others

(internal and external partners) to reach the

goals they’ve set for themselves — goals

that are in line with those of the company.

“We align with the strategies of the organization

we’re working with, and provide the

capability to do it,” said Patterson. “In the

process, we’re setting the stage to enable

Raytheon to meets its goals as well.”

“Part of this process is

helping others see their

own vision. This ties into

our goals as individuals

and Raytheon’s goals

as a company: to nurture

an innovative,

inclusive culture.”

- Rusty Patterson, Vice President,

Raytheon Six Sigma Business Excellence

The business excellence arm of the organization

fortifies its ability to take on a range

of more complex challenges, like financial

performance, operational efficiency and

innovative thinking.


Aligned to Achieve Mission Assurance

R6s Business Excellence operates within the

Engineering, Technology and Mission

Assurance (ETM&A) organization, established

under the direction of Dr. Taylor W.

Lawrence in 2006. This relationship, as well

as representation on the ET&MA Joint

Council, ensures top-level connectivity with

other “enabling functions” that together,

guide the research, design and development

of Raytheon’s growing portfolio of

products and programs, and drive innovation

and meaningful diversity. It also aligns

R6σ Business Excellence with other organizations

(like Performance Excellence,

Engineering, Technology and Research, and

Operations) on the frontlines of enabling

the delivery of Mission Assurance.

“In order to have Mission Assurance,” said

Patterson, “you need the tools, techniques

and capabilities to enable efficiency

improvements in a structured way; to perform

transformation activities in a knowledge-based

way. ET&MA Joint Council

member organizations have a great deal of

overlap, and because of that, we’re able to

close any gap between functions and concentrate

on a shared mission.”

Same Focus, Expanded View

“Our focus will always be improving

Raytheon and its programs,” said Patterson.

“But now that the businesses are using R6σ

in areas where it makes the most sense to

them, we’ve opened our aperture to apply

this knowledge and expertise to other areas

that impact our company’s value and performance,

both internally and externally.”

These areas will expand R6σ’s reach to the

extended enterprise, and allow the company

to maintain its industry-leading edge in

the development and use of innovative

resources (subject matter experts, tools,

techniques, etc.), while providing the learning

required to understand and take full

advantage of them. They include:

• Rapid Deployment Teams of highly skilled

resources to help the extended enterprise

resolve challenges that require targeted

expertise and quick turnaround.

• Consulting Groups to assist businesses in

applying R6σ to areas of strategic importance

and provide external assistance

where it makes sense for the businesses

and the company.

• Curriculum Management & Development

that meets the needs of Raytheon businesses

and provides better learning

options for employees.

Raytheon Accelerated Collaborative

Environment (RACE) for complex enterprise-scale

improvement and integration.

RACE is the new, trademarked change

vehicle that combines expertise, processes

and technology to enable decision

acceleration, rapid prototyping and

resource alignment. The RACE process,

available to internal and external partners,

can be implemented on any site or

conducted at the new RACE

Collaboration Center in Garland, Texas.

A Self-Fueling Engine for

Creating Improvement

Some of these areas involve active participation

by firms outside Raytheon. “By working

with external firms with varied expertise,”

said Patterson, “we’re able to grow

our knowledge and capabilities, and bring

those back into the company. This way, our

knowledge base will continue to be

refreshed, we’ll gain new insight into how

issues can be solved, and build our inventory

of tools and techniques in the process.”

One example is in the area of innovation.

“Since innovation is at the heart of our

company, we have someone working with

an external partner that is renown in the

creative industry,” continued Patterson.

“This is one way we will develop avenues to

improve the innovative processes.

Businesses have said what they wanted,

and we’re supplying the tools and techniques

to help people make that leap.” •

When you help a student master the Pythagorean theorem, you could be supporting a future

engineer who will master nanotechnology. That’s why Raytheon created MathMovesU TM , a national

initiative designed to show middle school students that they can master math, and that it will take them to lots

of cool places. Raytheon is also proud to support MATHCOUNTS ® , which motivates more than 500,000 middle

school students to sharpen their math skills each year. By working to improve our children’s proficiency in math

and science today, we’re giving them what they need to improve our world tomorrow.


© 2007 Raytheon Company. All rights reserved.

“Customer Success Is Our Mission” is a registered trademark of Raytheon Company.

MathMovesU is a trademark of Raytheon Company.

MATHCOUNTS is a registered trademark of the MATHCOUNTS Foundation.

Supporting Math and Science Education


U.S. Patents

Issued to


At Raytheon, we encourage people

to work on technological challenges

that keep America strong and develop

innovative commercial products. Part

of that process is identifying and

protecting our intellectual property.

Once again, the U.S. Patent Office

has recognized our engineers and

technologists for their contributions

in their fields of interest. We

compliment our inventors who

were awarded patents from

January through April 2007.


7171776 Weapon sight having analog

on-target indicators


7174835 Covert tracer round




7176774 Differential mode inductor with

a center tap





7177601 Method and apparatus for

transceiving data using a bimodal power

data link transceiver device


7180067 Infrared imaging system with

ellipsoid reflective warm baffle and method









7180457 Precision wideband phased

array radiator




7178345 Stacked-plate gas-expansion cooler

assembly, fabrication method and use


7183592 Field effect transistor



7183965 Efficient stripmap SAR processing for

the implementation of autofocus and missing

pulse restoration



7183969 System and technique for calibrating

radar arrays








7183995 Antenna configuration for reduced

radar complexity (automotive)




7185066 Secure data sharing system


7199753 Calibration method for receive only

phased array radar antenna






7185847 Winged vehicle with variable-sweep

cantilevered wing mounted on a translating

wing-support body


7185851 Inflatable aerodynamic wing and method



7191674 Stepper mechanical drive system




7193772 Conductively cooled liquid thermal nonlinearity

cell for phase conjugation and method




7187735 Mixed technology MEMS/SIGE BICMOS

digitizing analog front end with direct RF sampling



7195177 Method and apparatus for humidity

control within a housing



7199016 Integrated circuit resistor


7199753 Calibration method for receive only

phased array radar antenna



7201217 Cold plate assembly



7201582 Microstrip interconnector for

solderless connection


7202673 Tuned MMIC probe pads



7202708 Comparator with resonant

tunneling diodes


7202762 Q enhancement circuit and method



7202812 Technique for compensation of transmit

leakage in radar receiver




7205927 Technique for low grazing angle 3D

SAR target recognition



7205930 Instantaneous 3D target location

resolution utilizing only bistatic range

measurement in a multistatic system



7205948 Variable inclination array antenna




7206062 Readout integrated circuit for laser

detection and ranging system and method for

using same




7207517 Munition with integrity gated

go-no-go decision




7205948 Multiple-port patch antenna


7209937 Method and apparatus for generation

of arbitrary mono-cycle waveforms

Raytheon’s Intellectual Property is

valuable. If you become aware of any

entity that may be using any of

Raytheon’s patented inventions or

would like to license our patented

inventions, please contact your

Raytheon IP counsel:

Leonard A. Alkov (SAS)

Horace St. Julian (MS & RTSC)

Robin R. Loporchio (NCS)

Edward S. Roman (IDS)

John J. Snyder (IIS)


Patents Issued

to Raytheon

Congratulations to Raytheon technologists

from all over the world. We would

like to acknowledge international patents

issued from January through mid-April

2007. These inventors are responsible for

keeping the company on the cutting

edge, and we salute their innovation

and contributions.

Titles are those on the U.S.-filed patents;

actual titles on foreign counterparts are

sometimes modified and not recorded.

While we strive to list current international

patents, many foreign patents

issue much later than the corresponding

U.S. patents and may not yet be reflected.




2003234414 All weather precision guidance of

distributed projectiles




1354306 System and method for reading

license plates



2292077 Temperature compensated amplifier

and operating method


2435461 Electrical cable having an organized

signal placement and its preparation




2407790 Light-weight head-mounted display






2285643 Variable microwave cold/warm

noise source




1335176 Compact FLIR optical configuration




1218965 Method and apparatus for cooling

with a phase change material and heat pipes


1397697 Synthetic aperture ladar system

using incoherent laser pulses



1275026 Method and apparatus for switching

optical signals with a photon band gap device


1019746 Averaging-area-constrained adaptive

interferometric filter that optimizes combined

coherent and noncoherent averaging



1266427 Digital phased array architecture and

associated method





1623500 Digital switching power amplifier






1495281 Boot mechanism for complex projectile

base survival





0998684 Processing method using an

advanced waveform for unlocked coherent and

wideband bistatic radar operations





144486 Off-axis indicator algorithm for

electrically large antennas


150373 Multi-mode vibration sensor laser





2295102 Precision-guided hypersonic

projectile weapon system




669307 Analog load driver




677793 Highly adaptable heterogeneous

power amplifier IC micro-systems using flip

chip and microelectromechanical technologies

on low loss substrates




680082 Corrosion resistant waveguide systems

and method



681784 Electronic firearm sight and

method of operating




697170 Optical system for a wide field of

view staring infrared sensor having improved

optical symmetry








1269876 Far field emulator for antenna





1270653 Launcher platform



1272502 System and method for

topology-aware job scheduling and backfilling

in an HPC environment


Do you have a great idea for an article?

We are always looking for ways to connect with you — our engineering, technology and

Mission Assurance professionals. If you have an article or an idea for an article regarding

technical achievements, customer solutions, relationships, Mission Assurance, etc., send it

along. If your topic aligns with a future issue of Technology Today or is appropriate for an online

article, we will be happy to consider it and will contact you for more information. Send your

article ideas to techtodayeditor@raytheon.com. We’re waiting to hear from you!

Copyright © 2007 Raytheon Company. All rights reserved.

Approved for public release. Printed in the USA.

Customer Success Is Our Mission is a trademark of Raytheon Company.

Capability Maturity Model,CMM and CMMI are registered in the U.S.

Patent and Trademark Office by Carnegie Mellon University.

More magazines by this user
Similar magazines