Last month, Lockheed Martin [LMT] demonstrated distributed processing using Kubernetes aboard the U.S. Air Force U-2 reconnaissance aircraft, as the company continues to develop a U-2 Open Mission Systems (OMS) computer, the company said on Dec. 14.
“The demonstration is a critical steppingstone toward creating a DevSecOps [development, security, and operations] environment to enable the delivery of enhanced software capability to airborne assets in real-time,” the company said.
“The U-2 flew a Kubernetes cloud that connected in-flight to a ground node, extending the U-2’s network-of-networks connectivity,” per Lockheed Martin. “Air Force OMS-compliant datalink gateway software services onboard the U-2 and in the ground node within the Kubernetes cloud disseminated sensor data, dynamically bridging datalinks across assets. This distributed processing approach allows the cloud computing technology to scale up for advanced mission processing based on the unique needs of the battlespace.”
Jeff Babione, vice president and general manager of Lockheed Martin Skunk Works, said in a statement that the demonstration “not only advances the deployment pipeline for in-flight software upgrades but also operationally extends the computational resources for mission execution” and that “this additional capability makes it possible for the warfighter to quickly adapt to changing threat environments without costly or time-consuming system upgrades.”
In April, Lockheed Martin received a $50 million contract to give the U-2 an upgraded avionics system, Avionics Tech Refresh (ATR), which uses OMS. This upgrade will be completed and tested in 2022.
The Kubernetes cloud configuration, demonstrated during the OpenAirKube demo in late August, “was flown on the U-2 via an Enterprise Open System Architecture Mission Computer (EMC2),” Lockheed Martin said. EMC2 is to be a stepping stone toward the U-2’s OMS computer.
Nicholas Chaillan, Air Force’s first Chief Software Officer since 2018, has said that before he helped establish the DoD DevSecOps reference design, the Pentagon had been using “Waterfall” software methodologies that led to the slow fielding of software–once every three to 10 years.
In October, Air Force acquisition chief Will Roper said that the service had, for the first time, updated software code on a U-2 in flight (Defense Daily, Oct. 19).
The two in-flight software updates involved a “docker containment generating log files” and “improved target recognition algorithms,” Roper said.
The U-2 Federal Laboratory at Beale AFB, Calif., used a Sandia Labs Electro Optical/Infrared (EO/IR) Automatic Target Recognition software package for the U-2’s EO/IR sensor during the flight, the Air Force said. Because of the “docker containment,” the EO/IR software could not affect other software on the plane during the flight.
The Air Force’s Air Combat Command (ACC) at Langley AFB, Va., has been testing a Zero Trust Architecture (ZTA) that uses open-source container-orchestration systems, such as the Cloud Native Computing Foundation’s (CNCF) Kubernetes, originally designed by Google [GOOGL], for improving cybersecurity through the automation of computer application deployment, scaling, and management.
The flight computers on the U-2 have been able to use Kubernetes to run advanced machine learning algorithms without any impact on the aircraft’s flight or mission systems, the Air Force has said (Defense Daily, Oct. 12).
Last year, the SoniKube team at Hill AFB, Utah, installed Kubernetes on legacy hardware aboard a Lockheed Martin F-16 fighter within 45 days and demonstrated the functioning of Kubernetes on the F-16 for Roper. Chaillan said that the testing marked a step toward allowing the jets to adopt improved warfighting capabilities quickly to respond to needs in the field.
ACC’s Directorate of Cyberspace and Information Dominance (A6) has taken the lead on ZTA, which will likely use Identity Credential Access Management (ICAM) and Common Access Card (CAC) credentials to help identify those trying to access Air Force information systems and the source point of the access.