Category Archives: China

Five Regulatory Changes For Government Contractors to Watch

Standard
Image: Mastercontrol.com

“WASHINGTON TECHNOLOGY”

In recent years, both Congress and the Executive Branch have made it a key priority to mitigate risks across the industrial and innovation supply chains that provide hardware, software, and services to the U.S. government.

Five of these initiatives are likely to result in new regulations in 2020, each of which could have a fundamental impact on companies’ ability to sell Information, Communications, Technology and Services to the USG.

______________________________________________________________________________

“In recent years, both Congress and the Executive Branch have made it a key priority to mitigate risks across the industrial and innovation supply chains that provide hardware, software, and services to the U.S. government.

Five of these initiatives are likely to result in new regulations in 2020, each of which could have a fundamental impact on companies’ ability to sell Information, Communications, Technology and Services to the USG. As these requirements begin to take hold, federal contractors should be mindful of potential impacts and the actions that can be taken now to prepare for increased USG scrutiny of their supply chain security.

Section 889 of the Fiscal Year 2019 National Defense Authorization Act

As many USG contractors are now painfully aware, Section 889 of the Fiscal Year 2019 National Defense Authorization Act establishes two constraints on telecommunications supply chains. Subsection 889(a)(1)(A), effective as of August 13, 2019, prohibits USG agencies from acquiring certain telecommunications equipment or services from Huawei, ZTE, Hytera Communications Corporation, Hikvision, or Dahua, or any of their subsidiaries or affiliates.

Section 889(a)(1)(B), effective August 13, 2020, prohibits USG agencies from “enter[ing] into a contract (or extend[ing] or renew[ing] a contract) with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.” As drafted, the statute is broad enough to apply in cases where a company uses such equipment or services solely in connection with its commercial sales outside of work the company does for the USG.

The interim rule for Section 889(a)(1)(A) was released last August and opened for comment. The FAR Council has indicated that it will provide feedback to those comments when it issues the proposed regulations for Section 889(a)(1)(B), which have not yet been released. This means that key terms, such as “entity”and “use” remain undefined. Accordingly, contractors, especially those with a mix of commercial and government business, must take educated guesses in preparing compliance programs to begin to address these requirements.

SECURE Technology Act

On December 21, 2018, the President signed into law the Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure Technology Act. The Act establishes the Federal Acquisition Security Council, which is charged with building greater cybersecurity resilience into federal procurement and acquisition rules.

The Act also gives the Secretary of the Department of Homeland Security, the Secretary of Defense, and the Director of National Intelligence the authority to issue exclusion and removal orders for information technology products and/or companies that supply such products if the FASC determines that they represent a risk to the USG’s supply chain. The Act also permits federal agencies to exclude companies or products they deem to pose a supply chain risk from individual procurements.

Recent reports indicate that the FASC is nearing completion of a final interim rule that would specify the exclusion criteria and detail the appeal process from an exclusion order. Although the Department of Defense and the Intelligence Community currently have the authority to exclude products in certain instances, this interim rule would apply government wide. Still to be seen is whether the exclusion determinations will be publicly available.

Cybersecurity Maturity Model Certification

On January 31, 2020, DoD released Version 1.0 (since updated to Version 1.02) of its Cybersecurity Maturity Model Certification. CMMC is DoD’s upcoming framework for managing cybersecurity risks in the Defense supply chain. Under the current paradigm, contractors that handle “Covered Defense Information” must self-attest to providing “adequate security” to protect that information, but are allowed to work toward implementing 110 NIST SP 800-171 security controls over time so long as the plans for doing so are appropriately documented.

Not only does the new CMMC add additional security controls (depending on the level of sensitivity assigned to the procurement), contactors must be in full compliance with each control at the time that contract performance begins. Most importantly, contractors will no longer be able to self-certify compliance. Instead, compliance with a particular CMMC level must be externally validated by trained auditors.

DoD is in the process of promulgating an update to the current Defense Federal Acquisition Regulation Supplement cybersecurity clause to account for the shift to CMMC requirements and is planning on choosing a subset of procurements where CMMC can be applied by the end of this year. DoD’s goal is to fully implement CMMC certification requirements in all DoD awards by Fiscal Year 2026. DoD has indicated, however, that COVID-19 could delay release of the DFARS clause.

Executive Order on Securing the ICTS Supply Chain

On May 15, 2019, the President issued an EO declaring a national emergency with respect to threats against ICTS in the United States. The EO authorizes the Secretary of Commerce to prohibit, block, unwind, or mitigate any transaction involving ICTS that is “designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary.” Reviews of transactions will be conducted on a case-by-case basis.

Commerce received comments on a November 2019 proposed rule in January 2020. There has been no known use of the authority during the rulemaking process and an update is expected from Commerce soon.

Sections 1654 and 1655 of the Fiscal Year 2019 National Defense Authorization Act

Sections 1654 and 1655 of the FY19 NDAA generally require contractors to disclose whether they have allowed within the last five years a foreign government that poses a cybersecurity risk to USG defense and national security systems and infrastructure (or for non-commercial items, any foreign government) to review the source code of any product, system, or service that DoD is using or intends to use.

The law also requires contractors to disclose whether they are under an agreement to allow a foreign government or a foreign person to review the source code of a product, system, or service that DoD is using or intends to use. DoD will be able to condition contract awards on contractors’ mitigation of any risks that DoD identifies because of the foreign source code review.

The DFARS regulatory implementation of this requirement is currently on hold “pending resolution of technical issues,” and specific countries of concern have not been publicly identified, but regulations are still expected within the next year.”

https://washingtontechnology.com/articles/2020/06/26/insights-covington-regulatory-changes.aspx

Cool It With the ‘America In Decline’ Talk

Standard
Image: AP/ Rich Pedroncelli

DEFENSE ONE

The bottom line: the notion that the United States is shrinking to a shell of its former glory or somehow withering in the face of challenges from its strategic competitors leaves out all nuance and simplifies a highly complicated world into clickbait.

______________________________________________________________________________

“With more than 40 million Americans out of work, demonstrations rocking cities coast-to-coast, and projections for a dire economic picture this summer, you can be forgiven for believing the United States is on a rapid decline. 

The conventional wisdom now emerging is one of a distracted, bumbling, and fumbling America ceding the international playing field to strategic competitors and outright adversaries. In the words of a featured June 2 report in the New York Times: “with the United States looking inward, preoccupied by the fear of more viral waves, unemployment soaring over 20 percent and nationwide protests ignited by deadly police brutality, its competitors are moving to fill the vacuum, and quickly.”

While this “U.S. is in decline” narrative is exceedingly popular today, it also happens to be inaccurate — and dangerous. If it becomes widely accepted as fact that Washington is “retreating” and leaving adversaries to “fill the vacuum,” then U.S. policymakers responsible for formulating and executing foreign policy will be increasingly susceptible to making bad policy.

We need to clear the record: discussions about the United States losing its luster, or on its way to meeting the same fate as the Roman Empire, are vastly overblown. To continue making these arguments is to wipe away all context and ignore recent history.

Much has already been written about China’s aggressive behavior in the South China Sea, perhaps the world’s most important shipping lane and an area where multiple countries have set out competing sovereignty claims. This year alone, the People’s Liberation Army-Navy has sunk a Vietnamese fishing vessel in disputed waters off the Paracel Islands and engaged in a month-long standoff with a Malaysian oil exploration ship in waters claimed by China, Malaysia, and Vietnam. Beijing has become noticeably more confrontational with Taiwan, dropping the word “peaceful” from its reunification plans and reportedly preparing a military drill simulating the seizure of Taiwanese-held Pratas Island. And as Beijing´s move on Hong Kong last week shows, the Chinese Communist Party is getting bolder and asserting itself on issues it has long considered as vitally important to its national security, despite universal international condemnation. 

We are led to believe that China’s recent activity in the South China Sea is some direct product of a U.S. seemingly incapable of maintaining a global leadership role. This, however, discounts the fact that Beijing has long viewed the waterway as its exclusive domain and has in fact spent the last 25 years coercing, cajoling, and otherwise chipping away at its neighbors’ competing claims through various military maneuvers. To chalk up China’s activity in the Pacific to a lack of U.S. resolve or leadership is to overstate Washington’s ability to deter Chinese behavior in this domain. If this mistaken premise is accepted outright, it will almost certainly convince Washington that a more intensive U.S. military response would be deter future Chinese assertiveness.

It’s important to note that China has continued to improve its posture in the South and East China Seas despite an uptick in U.S. freedom-of-navigation operations and B-1 bomber flights in international airspace. 

Nor does the present narrative explain the recent spate of Russian interceptions of U.S. aircraft in international airspace, which are not exactly a new phenomenon either. On May 26, Russian Su-35 aircraft challenged a U.S. Navy P-8A flying in the eastern Mediterranean in what the U.S. Navy called an “unsafe and unprofessional” operation. Five weeks earlier, a similar Russian aircraft intercepted another U.S. surveillance plane in the same area. The U.S. Air Force has reciprocated; on April 9, U.S. F-22s escorted two Russian maritime surveillance aircraft after they entered the Alaskan Air Identification Zone. Such encounters are likely to continuee, which is precisely why it is urgent for U.S. and Russian officials to establish far more durable channels of communication in order to deescalate the situation and ensure these types of relatively regular incidents don´t result in a miscalculation or mid-air collision. 

Over the previous week, U.S. officials have suggested Russia is making a power-play in North Africa and establishing its own strategic base in Libya. According to U.S. Africa Command, more than a dozen Russian warplanes recently flew to Eastern Libya purportedly to assist its partner in the civil war, renegade Libyan general Khalifa Haftar, after a series of humiliating setbacks on the battlefield. Russian investment in Libya´s conflict, however, hasn´t exactly panned out the way the Kremlin anticipated. 

Haftar has turned out to be an unreliable, mercurial, stubborn wannabe strongman whose  with other armed, tribal factions is fueled by little more than contempt for the U.N.-recognized government in Tripoli. Russian President Vladimir Putin was publicly embarrassed last December, when Haftar walked out of a Kremlin-orchestrated peace conference. Negotiations remain practically nonexistent, which suggests Russia will soon face an unenviable choice between doubling down on a war that shows no signs of abating or disengaging and looking feckless.

As for Russia´s presence in Syria, this too has become an albatross around Moscow´s neck. While Russian air support in 2015 turned the war around and saved Bashar al-Assad from death or exile, Moscow´s investment in Syria since the conflict erupted more than nine years ago has yet to translate into concrete security benefits for the Kremlin. Notwithstanding the establishment of a few Russian airbases and friendly lease terms for the warm-port in Tartus, Moscow´s so-called victory in Syria consists of nothing more than a broken country led by a government that is corrupt, largely isolated from the West, and woefully incompetent in delivering basic services. Syria´s economy is in utter shambles as a result of the war, a rash of international economic sanctions, and outright mismanagement. Assad, the man the Kremlin has backed despite significant harm to its reputation, remains intransigent on even the slightest compromise with his opponents—leading Russia itself to question whether its support of the Syrian dictator was worth the cost.  

Developing a foreign policy that meets U.S. interests requires working from accurate assessments and the world as it really is. Relying on a black-and-white view of international affairs is risky business and could very well produce policies that will truly weaken the United States.”

https://www.defenseone.com/ideas/2020/06/cool-it-america-decline-talk/165913/

Is Short Term Economic Focus On Earnings Killing U.S. Innovation?

Standard
Image: “Saracanaday.com

DEFENSE SYSTEMS

The U.S. risks losing its competitive edge over China in terms of technology because companies care more about quarterly earnings than research and development.

Solutions involve incentivizing U.S. companies to focus on long-term investments and research.

______________________________________________________________________________

“That’s the message Michael Brown, director of the Defense Innovation Unit, the Defense Department’s innovation arm, shared at a Brookings Institution virtual event May 8 on China’s technological impact worldwide.

“You’re never going to win in a technology race with defense,” Brown said. Instead, the U.S. needs to focus on being more productive and “invest in itself” with more basic research.

“What do we do to reform our business thinking and our capital markets to move away from short-term thinking to be more long-term oriented,” Brown said. Ways to focus U.S. companies on building and maintaining a competitive edge include stricter export controls and more scrutiny of foreign investments in U.S. companies, particularly technology startups.

Brown, formerly CEO of Symantec, said the corporate focus on quarterly earnings and stock prices is counterproductive to competing with China.

“They all feed into this short-term thinking in our business community,” said Brown, “we have to reform this or we’re not going to be successful in competing with China.”

Incentives could include tax advantages for focusing on long-term growth and research and development, Brown said. And on the punitive side, there is the possibility of establishing penalties for U.S. companies that off-shore manufacturing or spinning off hardware businesses whose domestic presence can support U.S. jobs and military production.

“The irony is that U.S. companies focus on profits often driven by market dominance ends up aiding China’s cause,” Tom Wheeler, former Federal Communications Commission chairman, said during the event. “The market control, market dominance that we’ve seen from the principal big tech companies thwarts competition driven innovation.”

“It is doubtful that we will be able to out implement China,” said Wheeler, referencing that country’s tightly controlled, one-party system of government. “But we can out-innovate China if we have policies that will encourage this competition driven innovation.”

The big question for DIU is whether it can take advantage of U.S. tech talent, startups and research dollars to maintain a long term advantage over China, which is able to dictate its priorities to industry.

“The Defense Innovation Unit spends all day every day trying to encourage innovative companies to work with the Defense Department,” Brown said. “And General Secretary Xi [Jinping] accomplishes this by fiat. So we have to recognize that there are some advantages to their system.”

Brown said he maintained some doubts about the ultimate success of the “civil-military fusion” practiced in China.

“I don’t know how well that’s going to work for them, but that certainly keeps me up at night,” he said.”

The Heavy Cost of Ignoring Biosurveillance

Standard
https://dod.defense.gov/News/Special-Reports/1012_biosurveillance/

NATIONAL DEFENSE MAGAZINE”

It’s crucial that any such network be independent of governments and left in the hands of public health officials. The data it gathers should not be filtered through bad actors such as the Chinese Communist Party, or elected officials who may have a political agenda.

One day — hopefully soon — big international meetings will return and the next Biosurveillance Conference will be held in a bigger venue with a lot more participants.”

__________________________________________________________________________

“It was Aug. 28, 2012 in a Washington, D.C., hotel near Union Station where the National Defense Industrial Association held its first and only Biosurveillance Conference.

It was lightly attended — if memory serves. I’ll be charitable and say there were 75 attendees in the smallish room.

At least one of them — myself — was in the wrong place. Biosurveillance? I thought it would be about sensors. I was expecting to hear about typical defense and homeland security technologies designed to detect bioweapons — something akin to the Department of Homeland Security’s BioWatch program, or what the Joint Program Executive Office for Chemical and Biological Defense wanted. The agenda included Defense Threat Reduction Agency personnel.

No, actually, the attendees were mostly in the public health field, and they were talking about a worldwide database where doctors, public health officials, veterinarians and the like could report what they were seeing as far as new infectious diseases.

They likened the concept to weather reports. The world has a network of sensors that tells meteorologists what’s happening in the atmosphere. With the data, they can warn people if a storm is coming and citizens can prepare. The public health officials wanted to do the same for infectious diseases: manmade or natural. And the far-term goal would be to do predictive analysis — just like weather forecasts.

Here is an example: let’s say a doctor in China — let’s just say Wuhan, China — noticed an unusual number of cases of patients with a new respiratory disease marked by an unusually high fatality rate. He would then input that information into a database accessible to public health officials throughout the world. Then, let’s just say, doctors in South Korea or Italy, noticed the same thing. Analysts could connect the dots and sound the alarm. Hospitals could stock up on items such as, let’s say, face masks and respirators.

What I learned at that one-day conference ended up being part of a story that ran in the November 2012 issue. NDIA members with their expertise in information technology could have a lot to offer building such a network, I reasoned, so it was worth reporting.

Let’s pull some quotes out of that 2012 story.

Harshini Mukundan, a scientist at Los Alamos National Laboratory, said diseases emerge from people, plants and animals.

“They are all interconnected, and having separate agencies monitoring each one defeats the cause.”

Laurie Garrett, an analyst at the Council on Foreign Relations, said the technical part of setting up a biosurveillance network could be completed in five to 10 years. Policies and procedures were the roadblocks. “I don’t believe we have the capacity or the will to implement” it, she said. U.S. political gridlock would prevent the idea from moving forward, she predicted.

Jason Pargas, special assistant to the DTRA director, sounded an optimistic tone. It could all come to fruition in five to 10 years. Prediction models, applied math and advanced computing would make it so.

The reporting that emerged from this conference ended up in the article, “Top Five Threats to National Security in the Coming Decade.” We ranked “Bio-Threats” as No. 1. Yikes. I don’t even want to mention what the other four were for fear of a jinx.

I would like to say that National Defense consistently reported on this issue and that we kept up a constant drumbeat for the need of a worldwide biosurveillance network, but that is not the case. Public health really isn’t in our wheelhouse.

However, two years later in 2015, we did an update online, which was reported from an Armed Forces Communications and Electronics Association homeland security conference.

No progress had been made on a biosurveillance network, Jeff Runge, former chief medical officer at DHS, said at the conference. That year saw a deadly strain of the flu that killed many children and an Ebola outbreak.

“The rate and scope and spread of the illnesses were not detected before severe consequences occurred,” he said. “These are cautionary tales underscoring the need for better biological intelligence.”

Navy Cmdr. Janka Jones, then the director of medical programs in the office of the assistant secretary of defense for nuclear, chemical and biological defense, said, “We’ve got a lot of capability. We don’t have a lot of money to build new capability.”

Transparency, openness and data sharing would be key, she said. Jones helped the Obama administration in 2012 put together the first-ever national strategy on biosurveillance. It was released in July, shortly before the NDIA Biosurveillance Conference. It included a technology roadmap on how to build the information-sharing network.

“Biosurveillance — including early detection — is one of our first lines of defense against these threats,” President Barack Obama wrote in the introduction to the strategy.

National Defense took its eye off the ball when it comes to biosurveillance — but so did a lot of people, apparently. That won’t be the case in the future.

Granted, there are policy, procedure and diplomatic hurdles to overcome, but how much funding would it have cost to set up an initial biosurveillance network — $100 million, $200 million? Seems like a paltry investment when more than $1 trillion is being spent on an economic bailout, lives have been lost and entire industries brought to their knees.”

https://www.nationaldefensemagazine.org/articles/2020/4/21/the-heavy-cost-of-ignoring-biosurveillance

COVID – 19 Adversarial Capital Threat to Defense Industry Small Business

Standard
Image: Investors Business Daily

FCW

“Adversarial capital” is the latest buzz phrase used to describe the security problem that can occur when foreign rivals, especially China, take advantage of the relatively open U.S. investment marketplace.

“We simply cannot afford this period of economic uncertainty to lead to loss of American know-how on critical technologies,” – Jennifer Santos, DOD’s deputy assistant secretary of defense for industrial policy.”

______________________________________________________________________________

“The Defense Department is hoping steadily engaging small businesses will help shield them from shady foreign investments during the global COVID-19 crisis.

[At risk are] nascent technology firms whose work may have security applications but don’t yet fall under the aegis of the cross-agency Committee on Foreign Investment in the United States (CFIUS).

“We simply cannot afford this period of economic uncertainty to lead to loss of American know-how on critical technologies,” Santos said during an April 28 webinar on coronavirus supply chain challenges hosted by the Intelligence and National Security Alliance.

Additionally, DOD has been hosting teleconferences multiple times per week with industry trade associations and continued to host virtual Trusted Capital Marketplace events to help ensure companies have access to “clean capital” and avoid foreign investment conflicts.

Ellen Lord, DOD’s acquisition chief, warned in March that the defense industry base, their technology, and intellectual property were vulnerable to “nefarious” foreign investors.

As the coronavirus pandemic worsened, DOD has struggled with multiple plant closures — 93 out of 10,509 prime companies with 141 that closed and reopened and 427 out of 11,413 vendors, with 237 that have closed and reopened. Those closures have significantly affected aviation, shipbuilding and small space launch supply chains.

Santos said several companies in Mexico have “impacted our major primes” and DOD is working to identify those companies and work with the Mexican government supporting various technologies, including airframe production.

But foreign investment remains one of the more pressing priorities in defense acquisition, Santos said, adding that suspicious transactions in vulnerable areas are mitigated or blocked if a risk is found regardless of the pandemic.

That is an acute problem for small manufacturers, Lord said.

“Typically the most problematic areas we have now are some of the smaller manufacturers who, maybe from a dollar value, don’t do huge numbers but they are providing critical components across aircraft and naval applications. That’s where my biggest concern is; sort of the weakest link in the system,” Lord told reporters April 30.

The acquisition chief also worried some smaller companies “might end up with some significant financial fragility” and is looking across interagency and in the Trusted Capital Marketplace, a partnership that links private investors with defense companies, to keep those with “critical technology, talent, and facilities together with those investors.”

Lord’s concern extends overseas, as well, particularly in Europe, regarding what Lord called “nefarious” mergers and acquisition, where shell companies have known U.S. adversaries as beneficial owners. To protect against that, the Pentagon wants stronger foreign legislation from Congress to make the CFIUS process more stringent, Lord said.

In addition to pursuing stronger legislation, DOD has bolstered and expanded national security investment reviews, which can take 45 days and are reviewed by the Director of National Intelligence, and increased engagement with businesses using the newly stood up industrial base council.

Santos said the council helps address the industry base’s existing gaps and risks by aligning their priorities with DOD’s, identifying authorities that can be used to solve any issues, and drawing up policy as needed.

“We need to protect our industrial base from what could be adversarial capital and during COVID, we maintain the same due diligence,” Santos said, “It’s what keeps me up at night most nights.”

https://fcw.com/articles/2020/05/04/dod-adversarial-capital-williams.aspx?oly_enc_id=

“Tracing”Challenges Using Tech To Combat COVID-19

Standard
Image: “FCW

FCW” By Steve Kelman

This refers to gathering information about those with whom newly infected people have been in touch, in order to notify them that they might have been infected.  The most-interesting example of this is a recently developed Singapore app called TraceTogether.

It is impossible to mention systems such as these without some raising concerns about privacy. These efforts are still in the earliest stages — but we should be tracking how combating coronavirus has entered the digital age.

______________________________________________________________________________

“Recently there has been attention to the importance of what is called “contact tracing” for fighting the coronavirus.

This has come up in the discussions of “reopening the country” after recent lockdowns, with the argument that slowing disease spread depends heavily on being able to do this, though it did not appear in the president’s re-opening plan.

But contact tracing has historically been a resource-intensive and very imperfect process. Officials have had to go to newly infected people and interview them about whom they have been in contact with over the previous two weeks. Memories of course are often imperfect. People may not even know everyone with whom they interacted. And the interviewing itself takes significant time and manpower.

In just-published guidance of contact tracing, the Centers for Disease Control has stated that “contact tracing in the U.S. will require that states, tribes, localities and territorial establish large cadres of contact tracers.” Reaching people to interview about contacts can be slow, and contacting those contacts delays things further. Meanwhile, there is a limited window between infection and illness to catch contacts with problems, so speed is important.

However, since the Ebola outbreak in 2014, mobile telephone technology and especially smartphone penetration have dramatically improved. We are now seeing, mostly in Asia, the use of tech to provide quicker, more accurate, and more economical contact tracing in response to the coronavirus pandemic. I blogged a number of years ago on the theme of areas where Asia was overtaking the U.S. in tech apps, which I illustrated with the widespread use in China of mobile payment apps using smartphones and QR codes. We are now seeing Asian superiority with digital coronavirus apps in Asia as well.

This was the theme of a recent piece in the Daily Alert, a publication of the Harvard Business Review that publishes short management-related articles, called How digital contact tracing slowed covid-19 in East Asia, by MIT Sloan School professor Yasheng Huang and grad students Meicen Sun and Yuze Sui.

I think the most-interesting example of this is a recently developed Singapore app called TraceTogether. For those choosing the use the app, Bluetooth tracks smartphones that have also installed the app. The app then tracks when a user is in close proximity with these other persons, including timestamps. If an individual using the app becomes positive to Covid-19 they can choose to allow the Singapore Ministry of Health to access the tracking data — which can then be used to identify and then contact any recent close contacts based on the proximity and duration of an encounter. This is tech-enabled quick and accurate contact tracing. Apple and Google recently announced ago that they are developing a similar Bluetooth-based app, but rolling it out is apparently still a few months away.

Other Asian countries have used tech in other ways to help fight the virus. Taiwan has created a “digital fence,” whereby anyone required to undergo home quarantine has their location monitored via cellular signals from their phones. Venturing too far from home triggers an alert system, and calls and messages are sent to ascertain the person’s whereabouts. South Korea has an app called Corona100, which alerts users of the presence of any diagnosed Covid-19 patient within a 100-meter radius, along with the patient’s diagnosis date, nationality, age, gender, and prior locations. (A map version of the app called Corona Map similarly plots locations of diagnosed patients to help those who want to avoid these areas.)

Preview(opens in a new tab)

It is impossible to mention systems such as these without some raising concerns about privacy. The Singapore SmartTracker will save data for only 21 days, and the names of the ill and their contacts will not be shared with others. Wired ran an article on privacy risks of the Google/Apple system and concluded purported risks were quite small.

A bigger question is whether the government should be allowed under any circumstances to require people to sign onto a new contact-tracing app. Observers worry that without very widespread adoption, the benefits of such apps will dramatically decline. One can make an argument, which underlines the general case for disease quarantines, that if people do not quarantine themselves and then become sick, the costs fall not just on themselves but on others they might infect. However, even Singapore, a country without the robust culture of privacy we have in the U.S., has not been willing to require people to install SmartTracker, and only about 20% have done so.

In other words, these efforts are still in the earliest stages — but we should be tracking how combating coronavirus has entered the digital age.”

Surveillance In A Pandemic: Preserving Civil Liberties

Standard
Image: POGO

THE PROJECT ON GOVERNMENT OVERSIGHT

Surveillance is unlikely to provide much value in the United States until testing dramatically improves. Cell phone tracking faces significant technical hurdles. Surveillance programs must have guardrails. There are lessons we can learn from other countries that are enacting a variety of surveillance measures. 

______________________________________________________________________________

“In this virtual briefing, we examine surveillance measures in response to the COVID-19 pandemic. The discussion looks at the obstacles to effective contact tracing systems, and what principles should guide the government if it does choose to enact public health surveillance measures as part of its pandemic response. 

Some key takeaways include:

  • Surveillance is unlikely to provide much value in the United States until testing dramatically improves: Without a quick and robust testing system it will be impossible to create an effective contact tracing system, even with intensive surveillance measures.
  • Cell phone tracking faces significant technical hurdles: Measures currently being considered, such as the Apple and Google Bluetooth project, have a limited ability to accurately identify the types of contacts that pose a high risk of infection, which could lead to an ineffective system that generates false alarms and loses the public’s trust.
  • Surveillance programs must have guardrails: There are numerous limits that could be placed on any surveillance measures to protect civil liberties and prevent mission creep, such as prohibiting use other than for public health purposes and creating a timeline for deleting data.
  • There are lessons we can learn from other countries that are enacting a variety of surveillance measures. Some of those programs may be effective, but others appear more designed to facilitate draconian enforcement and support repressive regimes.”

Technology Alliances And Our Post-Pandemic Future

Standard
Image: “Democomp.com

C4ISRNET

No one country can expect to achieve its full potential by going it alone, not even the United States.

An alliance framework for technology policy is the best way to ensure that the world’s democracies can effectively compete economically, politically, and militarily in the 21st century.

________________________________________________________________________

“There’s no question the post-corona world will be very different. How it will look depends on actions the world’s leaders take. Decisions made in coming months will determine whether we see a renewed commitment to a rules-based international order, or a fragmented world increasingly dominated by authoritarianism. Whomever steps up to lead will drive the outcome.

China seeks the mantle of global leadership. Beijing is exploiting the global leadership vacuum, the fissures between the United States and its allies, and the growing strain on European unity. The Chinese Communist Party has aggressively pushed a narrative of acting swiftly and decisively to contain the virus, building goodwill through ‘mask diplomacy’, and sowing doubts about the virus’ origin to deflect blame for the magnitude of the crisis and to rewrite history. Even though the results so far are mixed, the absence of the United States on the global stage provides Beijing with good momentum.

Before the pandemic, the world’s democracies already faced their gravest challenge in decades: the shift of economic power to illiberal states. By late 2019, autocratic regimes accounted for a larger share of global GDP than democracies for the first time since 1900. As former U.K. foreign secretary David Miliband recently observed, “liberal democracy is in retreat.” How the United States and like-minded partners respond post-pandemic will determine if that trend holds.

There is urgency to act — the problem is now even more acute. The countries that figure out how to quickly restart and rebuild their economies post-pandemic will set the course for the 21st century. It is not only economic heft that is of concern: political power and military might go hand in hand with economic dominance.

At the center of this geostrategic and economic competition are technologies — artificial intelligence, quantum computing, biotechnology, and 5G — that will be the backbone of the 21st century economy. Leadership and ongoing innovation in these areas will confer critical economic, political, and military power, and the opportunity to shape global norms and values. The pre-crisis trajectory of waning clout in technology development, standards-setting, and proliferation posed an unacceptable and avoidable challenge to the interests of the world’s leading liberal-democratic states.

The current crisis accentuates this even more: it lays bare the need to rethink and restructure global supply chains; the imperative of ensuring telecommunication networks are secure, robust, and resilient; the ability to surge production of critical materiel, and the need to deter and counteract destructive disinformation. This is difficult and costly — and it is best done in concert.

Bold action is needed to set a new course that enhances the ability of the world’s democracies to out-compete increasingly capable illiberal states. The growing clout of authoritarian regimes is not rooted in better strategy or more effective statecraft. Rather, it lies in the fractious and complacent nature of the world’s democracies and leading technology powers.

In response, a new multilateral effort — an alliance framework — is needed to reverse these trends. The world’s technology and democracy leaders — the G7 members and countries like Australia, the Netherlands, and South Korea — should join forces to tackle matters of technology policy. The purpose of this initiative is three-fold: one, regain the initiative in the global technology competition through strengthened cooperation between like-minded countries; two, protect and preserve key areas of competitive technological advantage; and three, promote collective norms and values around the use of emerging technologies.

Such cooperation is vital to effectively deal with the hardest geopolitical issues that increasingly center on technology, from competing economically to building deterrence to combating disinformation. This group should not be an exclusive club: it should also work with countries like Finland and Sweden to align policies on telecommunications; Estonia, Israel, and New Zealand for cyber issues; and states around the world to craft efforts to counter the proliferation of Chinese surveillance technology and offer sound alternatives to infrastructure development, raw material extraction, and loans from China that erode their sovereignty.

The spectrum of scale and ambition this alliance can tackle is broad. Better information sharing would yield benefits on matters like investment screening, counterespionage, and fighting disinformation. Investments in new semiconductor fabs could create more secure and diverse supply chains. A concerted effort to promote open architecture in 5G could usher in a paradigm shift for an entire industry. Collaboration will also be essential to avoiding another pandemic calamity.

Similar ideas are percolating among current and former government leaders in capitals such as Tokyo, Berlin, London, and Washington, with thought leaders like Jared Cohen and Anja Manuel, and in think tanks around the world. The task at hand is to collate these ideas, find the common ground, and devise an executable plan. This requires tackling issues like organizational structure, governance, and institutionalization. It also requires making sure that stakeholders from government, industry, and civil society from around the world provide input to make the alliance framework realistic and successful.

No one country can expect to achieve its full potential by going it alone, not even the United States. An alliance framework for technology policy is the best way to ensure that the world’s democracies can effectively compete economically, politically, and militarily in the 21st century. The links between the world’s leading democracies remain strong despite the challenges of the current crisis. These relationships are an enduring and critical advantage that no autocratic country can match. It is time to capitalize on these strengths, retake the initiative, and shape the post-corona world.”

https://www.c4isrnet.com/opinion/2020/04/14/technology-alliances-will-help-shape-our-post-pandemic-future/

5 Cyber Issues The Coronavirus Lays Bare

Standard
Image: “FirstGov

FIFTH DOMAIN

As vast segments of society are temporarily forced into isolation to achieve social distancing, the internet is their window into the world.

The pandemic also lays bare the many vulnerabilities created by society’s dependence on the internet. These include the dangerous consequences of censorship, the constantly morphing spread of disinformation, supply chain vulnerabilities and the risks of weak cybersecurity.”

—————————————————————————————————————-

“Intellectual property and proprietary data protection should be tailored to your organization, its industry relationships, people and practices.  It must grow as the company grows, adapt to changing conditions and be ever-sensitive to risk.
The best intellectual property protections are well understood, practical, teaming relationships among partners, employees, industry and government.  All sides in such relationships lose if disclosure or violations occur. 

“As more and more U.S. schools and businesses shutter their doors, the rapidly evolving coronavirus pandemic is helping to expose society’s dependence — good and bad — on the digital world.

Entire swaths of society, including classes we teach at American University, have moved online until the coast is clear. Online social events like virtual happy hours foster a sense of connectedness amid social distancing. While the online world is often portrayed as a societal ill, this pandemic is a reminder of how much the digital world has to offer.

1. China’s censorship affects us all

The global pandemic reminds us that even local censorship can have global ramifications. China’s early suppression of coronavirus information likely contributed to what is now a worldwide pandemic. Had the doctor in Wuhan who spotted the outbreak been able to speak freely, public health authorities might have been able to do more to contain it early.

China is not alone. Much of the world lives in countries that impose controls on what can and cannot be said about their governments online. Such censorship is not just a free speech issue, but a public health issue as well. Technologies that circumvent censorship are increasingly a matter of life and death.

2. Disinformation online isn’t just speech — it’s also a matter of health and safety

During a public health emergency, sharing accurate information rapidly is critical. Social media can be an effective tool for doing just that. But it’s also a source of disinformation and manipulation in ways that can threaten global health and personal safety — something tech companies are desperately, yet imperfectly, trying to combat.

Facebook, for example, has banned ads selling face masks or promising false preventions or cures, while giving the World Health Organization unlimited ad space. Twitter is placing links to the Centers for Disease Control and Prevention and other reliable information sources atop search returns. Meanwhile, Russia and others reportedly are spreading rumors about the coronavirus’s origins. Others are using the coronavirus to spread racist vitriol, in ways that put individuals at risk.

Not only does COVID-19 warn us of the costs — and geopolitics — of disinformation, it highlights the roles and responsibilities of the private sector in confronting these risks. Figuring out how to do so effectively, without suppressing legitimate critics, is one of the greatest challenges for the next decade.

3. Cyber resiliency and security matter more than ever

Our university has moved our work online. We are holding meetings by video chat and conducting virtual courses. While many don’t have this luxury, including those on the front lines of health and public safety or newly unemployed, thousands of other universities, businesses and other institutions also moved online — a testament to the benefits of technological innovation.

At the same time, these moves remind us of the importance of strong encryption, reliable networks and effective cyber defenses. Today network outages are not just about losing access to Netflix but about losing livelihoods. Cyber insecurity is also a threat to public health, such as when ransomware attacks disrupt entire medical facilities.

4. Smart technologies as a lifeline

The virus also exposes the promise and risks of the “internet of things,” the globe-spanning web of always-on, always-connected cameras, thermostats, alarm systems and other physical objects. Smart thermometers, blood pressure monitors and other medical devices are increasingly connected to the web. This makes it easier for people with pre-existing conditions to manage their health at home, rather than having to seek treatment in a medical facility where they are at much greater risk of exposure to the disease.

Yet this reliance on the internet of things carries risks. Insecure smart devices can be co-opted to disrupt democracy and society, such as when the Mirai botnet hijacked home appliances to disrupt critical news and information sites in the fall of 2016. When digitally interconnected devices are attacked, their benefits suddenly disappear — adding to the sense of crisis and sending those dependent on connected home diagnostic tools into already overcrowded hospitals.

5. Tech supply chain is a point of vulnerability

The shutdown of Chinese factories in the wake of the pandemic interrupted the supply of critical parts to many industries, including the U.S. tech sector. Even Apple had to temporarily halt production of the iPhone. Had China not begun to recover, the toll on the global economy could have been even greater than it is now.

This interdependence of our supply chain is neither new nor tech-specific. Manufacturing — medical and otherwise — has long depended on parts from all over the world. The crisis serves as a reminder of the global, complex interactions of the many companies that produce gadgets, phones, computers and many other products on which the economy and society as a whole depend. Even if the virus had never traveled outside of China, the effects would have reverberated — highlighting ways in which even local crises have global ramifications.

Cyber policy in everything

As the next phase of the pandemic response unfolds, society will be grappling with more and more difficult questions. Among the many challenges are complex choices about how to curb the spread of the disease while preserving core freedoms. How much tracking and surveillance are people willing to accept as a means of protecting public health?

As Laura explains in “The Internet in Everything,” cyber policy is now entangled with everything, including health, the environment and consumer safety. Choices that we make now, about cybersecurity, speech online, encryption policies and product design will have dramatic ramifications for health, security and basic human flourishing.”

https://www.fifthdomain.com/opinion/2020/04/09/5-cyber-issues-the-coronavirus-lays-bare/

Air Force To Pump New Tech Startups With $10M Awards

Standard

BREAKING DEFENSE

The service has been experimenting with ‘pitch days’ across the country over the last year, such as the Space Pitch Days held in San Francisco in November when the service handed out $22.5 million to 30 companies over two days. 

The first-of-its kind event in Austin, called the Air Force Pitch Bowl, will match Air Force investment with private venture capital funds on a one to two ratio

_____________________________________________________________________________

“PENTAGON: The Air Force will roll out the final stage in its commercial startup investment strategy during the March 13-20 South By Southwest music festival, granting one or more contracts worth at least $10 million to startups with game-changing technologies, service acquisition chief Will Roper says.

So, if the Air Force investment fund, called Air Force Ventures, puts in $20 million, the private capital match would be $40 million.

AFWERX, the Air Force’s innovation unit, has one of its hubs in Austin.

“This has been a year in the making now, trying to make our investment arm, the Air Force Ventures, act like an investor, even if it’s a government entity,” Roper explained. “We don’t invest like a private investor — we don’t own equity — we’re just putting companies on contract. But for early stage companies, that contract acts a lot like an investor.”

The goal is to help steer private resources toward new technologies that will benefit both US consumers and national security to stay ahead of China’s rapid tech growth, Roper told reporters here Friday.

The Air Force wants to “catalyze the commercial market by bringing our military market to bear,” he said. “We’re going to be part of the global tech ecosystem.”

Figuring out how to harness the commercial marketplace is critical, Roper explained, because DoD dollars make up a dwindling percentage of the capital investment in US research and development. This is despite DoD’s 2021 budget request for research, development, test and evaluation (RDT&E) of $106.6 billion being “the largest in its history,” according to Pentagon budget rollout materials. The Air Force’s share is set at $37.3 billion, $10.3 billion of which is slated for Space Force programs. 

“We are 20 percent of the R&D is this country — that’s where the military is today,” Roper said. “So if we don’t start thinking of ourselves as part of a global ecosystem, looking to influence trends, investing in technologies that could be dual-use — well, 20 percent is not going to compete with China long-term, with a nationalized industrial base that can pick national winners.”

The process for interested startups to compete for funds has three steps, Roper explained, beginning with the Air Force “placing a thousand, $50K bets per year that are open.” That is, any company can put forward its ideas to the service in general instead of there being a certain program office in mind. “We’ll get you in the door,” Roper said, “we’ll provide the accelerator functions that connect you with a customer.

“Pitch days” are the second step, he said. Companies chosen to be groomed in the first round make a rapid-fire sales pitch to potential Air Force entities — such as Space and Missile Systems Center and Air Force Research Laboratory — that can provide funding, as well as to venture capitalists partnering with the Air Force.

As Breaking D broke in October, part of the new acquisition strategy is luring in private capital firms and individual investors to match Air Force funding in commercial startups as a way to to bridge the ‘valley of death’ and rapidly scale up capability.

Roper said he intends to make “maybe 300 of those awards per year,” with the research contracts ranging from $1 million to $3 million a piece and “where program dollars get matched by our investment dollars.”

The final piece of the strategy, Roper explained, is picking out the start-ups that can successfully field game-changing technologies.

“The thing that we’re working on now is the big bets, the 30 to 40 big ideas, disruptive ideas that can change our mission and hopefully change the world,” Roper said. “We’re looking for those types of companies.”

The Air Force on Oct. 16 issued its first call for firms to compete for these larger SBIR contracts under a new type of solicitation, called a “commercial solutions opening.” The call went to companies already holding Phase II Small Business Innovation Research (SBIR) awards. The winners will be announced in Austin.

If the strategy is successful, Roper said, the chosen firms will thrive and become profitable dual-use firms focused primarily on the commercial market.

“The, we’re starting to build a different kind of industry base,” Roper enthused. “So, we’ve gotta get the big bets right. Then most importantly, if you succeed in one of the big bets, then we need to put you on contract on the other side, or else the whole thing is bunk.”