Category Archives: Global economy

The Next $10 Billion Chapter In The Veterans Administration Health Care Systems Development Saga

Standard

VA New System

Editors’ Note:  The story herein on “FEDSCOOP” announces the latest trip on a decades- long road of efforts by the Veteran’s Administration to connect the  health care systems of the military with those of the VA and establish state of the art records keeping for veterans.  

This sole source, non-competitive, contract award to CERNER,  a commercial firm in lieu of in-house systems development  is a major change in approach from past efforts that have cost billions and led to shut downs and start overs. 

Having seen these types of government systems management challenges from the inside for over 4 decades I find myself sincerely doubting that both the scope and the price tag are final.   For historical perspective, please see: 

A VETERAN CONNECTS THE DOTS IN THE MILITARY AND VETERANS HEALTH CARE SYSTEMS MAZE   

Ken Larson

_______________________________________________________________________________________

“FEDSCOOP”

“The Department of Veterans Affairs announced Thursday that it has officially signed a contract with Cerner for a new electronic health record (EHR) system.

The inked contract is worth up to $10 billion over 10 years.

“With a contract of that size, you can understand why former Secretary [David] Shulkin and I took some extra time to do our due diligence and make sure the contract does what the President wanted,” acting Secretary Robert Wilkie said in a statement. “President Trump has made very clear to me that he wants this contract to do right by both Veterans and taxpayers, and I can say now without a doubt that it does.”

The new EHR will be “similar” to that used by the Department of Defense, which will allow patient data will be “seamlessly” shared between the two. This has been a major pain point with the Department’s current EHR, the Veterans Information Systems and Technology Architecture, or VistA.

Wilkie reiterated Shulkin’s comments, from March, that the VA will learn from some of the DOD’s challenges in deploying its new EHR, known as MHS Genesis, and will not fall prey to the same pitfalls, which have plagued early pilots of the system and led to a report calling it “neither operationally effective nor operationally suitable.”

“VA and DoD are collaborating closely to ensure lessons learned at DoD sites will be implemented in future deployments at DoD as well as VA,” Wilkie said. “We appreciate the DoD’s willingness to share its experiences implementing its electronic health record.”

“Signing this contract today is an enormous win for our nation’s Veterans,” Wilkie said. “It puts in place a modern IT system that will support the best possible health care for decades to come. That’s exactly what our nation’s heroes deserve.”

However big an announcement this may be, actual rollout of the new EHR will take time. At an event in January, former VA CIO Scott Blackburn told the crowd to expect another 10 years of VistA.”

https://www.fedscoop.com/va-ehr-cerner-10-billion-robert-wilkie/

 

 

Advertisements

Silicon Valley Will Never Love The Pentagon

Standard

Silcon Valley will Never Love DOD

“C4ISRNET.COM”

“In early April the New York Times reported 3,100 Google employees signed a letter asking the company to pull out of a DoD program called Project Maven.

In short, that program would use Google’s artificial intelligence to help identify objects in drone video. Eventually, those objects could become targets. Google employees objected to this collaboration and that their talents were used as a weapon of war.”

48172538.cached

[RELATED:  She Kills People From 7,850 Miles Away  ]

___________________________________________________________________________________________

“C4ISRNET”

“For years, senior Department of Defense leaders have preached a message of speed. Buy faster. Test faster. Fail faster. Succeed faster. Get new capabilities out to the troops faster.

Faster, faster, faster.

Representatives from industry nod and say yes, faster is a start but, honestly, even faster would be better.

And so, the question naturally becomes, if everyone wants to go faster — the leaders want to go faster, and the folks on the front line want to go faster and the defense industry wants to go faster — what’s the holdup?

Inevitably, the answer is middle management. DoD bureaucracy is mired in the habit of moving slow. How it was is how it will forever be.

The problem, almost everyone says, is culture.

For several years now, the Pentagon has been reaching out to Silicon Valley as a way to, you guessed it, move faster. It has opened offices and assembled boards and advisors with Silicon Valley luminaries serving as liaisons to the Pentagon. Senior leaders have made approximately a billion jokes about having to wear a hoodie to work. The head of Google’s parent company, Alphabet Inc., is on the board of the Pentagon’s advisory committee.

Pentagon leaders have not made a convincing case as to why their dollars and their vision to change the world are any more altruistic than the next guy with billion-dollar pockets. Again, but this time with a West Coast flavor, the problem is DoD’s culture.

Disruption does not come clean or easy. It requires making people in long-held institutions unhappy.

If DoD wants to move faster, it has a choice: It can disrupt institutions in Washington or disrupt institutions on the West Coast. But if it wants wholesale change, as leaders often claim, it will have to choose workers on one coast to make unhappy.”

https://www.c4isrnet.com/opinion/2018/05/15/silicon-valley-will-never-love-dod/

 

 

US Remains Top Military Spender

Standard

 

Military_Spending_Indy_0 Portside dot org

“DEFENSE NEWS”

“Worldwide military spending is estimated to have reached $  1.7 trillion in 2017, according to a new report from the Stockholm International Peace Research Institute. This is the highest level of military expenditure since the end of the Cold War.

Although U.S. spending has decreased from 2008 levels by 14 percent, it still spends 2.7 times more than the next highest spender, China.”

___________________________________________________________________________________________

“The top five biggest spenders were the United States, China, Saudi Arabia, Russia and India, which accounted for 60 percent of global military spending.

China, Russia and India saw dramatic increases in spending since 2008. According to the report Chinese military spending in 2017, approximately $228 billion, has increased 110 percent since 2008, with Russian and Indian spending growing by 36 and 45 percent to $69.4 billion and $66.3 billion, respectively.

Between 2016 and 2017, China increased military spending by 5.6 percent, Saudi Arabia by 9.2 percent and India by 5.5 percent. Despite announcing a new host of nuclear weapons and completing the country’s largest military exercises in history, Russia’s spending fell by 20 percent in the same time frame.

“The increases in world military expenditure in recent years have been largely due to the substantial growth in spending by countries in Asia and Oceania and the Middle East, such as China, India and Saudi Arabia,” said Dr Nan Tian, researcher with the SIPRI Arms and Military Expenditure program. “At the global level, the weight of military spending is clearly shifting away from the Euro–Atlantic region.”

Out of the top 15 military spenders, only the U.S., United Kingdom and Italy had a decrease in spending over the last decade.”

https://www.defensenews.com/industry/2018/05/02/us-remains-top-military-spender-sipri-reports/

 

Defending Hospitals Against Life-Threatening Cyber Attacks

Standard
Defending Hospitals Against Cyber Attack phys.org

Image:  phys.org

“FIFTH DOMAIN”

“Hospitals are unlike other companies in two important ways. They keep medical records, which are among the most sensitive data about people.

And many hospital electronics help keep patients alive, monitoring vital signs, administering medications, and even breathing and pumping blood for those in the most dire conditions.”

__________________________________________________________________________________________

“A 2013 data breach at the University of Washington Medicine medical group compromised about 90,000 patients’ records and resulted in a US$750,000 fine from federal regulators. In 2015, the UCLA Health system, which includes a number of hospitals, revealed that attackers accessed a part of its network that handled information for 4.5 million patients. Cyberattacks can interrupt medical devices, close emergency rooms and cancel surgeries. The WannaCry attack, for instance, disrupted a third of the UK’s National Health Service organizations, resulting in canceled appointments and operations. These sorts of problems are a growing threat in the health care industry.

Protecting hospitals’ computer networks is crucial to preserving patient privacy – and even life itself. Yet recent research shows that the health care industry lags behind other industries in securing its data.

I’m a systems scientist at MIT Sloan School of Management, interested in understanding complex socio-technical systems such as cybersecurity in health care. A former student, Jessica Kaiser, and I interviewed hospital officials in charge of cybersecurity and industry experts, to identify how hospitals manage cybersecurity issues. We found that despite widespread concern about lack of funding for cybersecurity, two surprising factors more directly determine whether a hospital is well protected against a cyberattack: the number and varied range of electronic devices in use and how employees’ roles line up with cybersecurity efforts.

A wide range of devices

A major challenge in hospitals’ cybersecurity is the enormous number of devices with access to a facility’s network. As with many businesses, these include mobile phones, tablets, desktop computers and servers. But they also have large numbers of patients and visitors who come with their own devices, too – including networked medical devices to monitor their health and communicate with medical staff. Each of these items is a potential on-ramp for injecting malware into the hospital network.

Hospital officials could use software to ensure only authorized devices can connect. But even then, their systems would remain vulnerable to software updates and new devices. Another key weakness comes from medical equipment offered as free samples by device manufacturers who operate in a competitive market. They’re often not tested for proper security before being connected to the hospital network. One of our interviewees mentioned:

”In hospitals … there’s a whole underground procurement process whereby medical device vendors approach clinicians and give them lots of stuff for free that eventually makes its way on to our floors, and then a year later we get a bill for it.”

When new technologies bypass regular processes for purchase and risk assessment, they aren’t checked for vulnerabilities, so they introduce even more opportunities for attack. Of course, hospital administrators should balance these concerns against the improvements in patient care that new systems can bring. Our research suggests that hospitals need stronger processes and procedures for managing all these devices.

Staff buy-in

Getting hospital administrators to understand the importance of cybersecurity is fairly straightforward: They told us they’re worried about costs, institutional reputation and regulatory penalties. Getting medical staff on board can be much more difficult: They said they’re focused on patient care and don’t have time to worry about cybersecurity.

People typically treat cybersecurity protections as secondary to what they’re trying to get done. One person we interviewed described why some staff committed the cardinal cybersecurity sin of sharing a password:

“To use an ultrasound machine [you need a password, which] has to change every 90 days. [Staff] just want to use the ultrasound machine. It’s not holding a lot of patient data … so they create a shared login so that they can provide patient care.”

The needs can vary widely across a hospital, in ways that can be surprising – such as access to sites likely to carry malicious software. A chief information officer at a research hospital told us,

“I personally believe that hardcore pornography has no purpose on hospital supported devices. What did I do five years ago? I put up internet content filters that prevented people from navigating to pornography. Within five minutes, the director of psychiatry calls to tell me that we have a grant to study pornography in a medical context [so we had to modify our filters].”

These experiences are why we concluded that budget limitations are not as crucial to hospital cybersecurity as employee involvement. A hospital can buy as many pieces of hardware and software as it wants. If workers aren’t following organizational procedures, the technology won’t keep hospitals safe. Our research suggests that cybersecurity is as much about managing people as it is about technology.

Compliance is not security

The threat is nationwide, and keeps getting harder to defend against, as one chief information security officer told us:

“The nature of attacks is increasingly sophisticated. It used to be my biggest threat was … students. Today, it’s state-sponsored attacks, terrorism and organized crime. It’s more threats than ever before of a more serious nature.”

Unfortunately, many hospital administrators seem to believe that protecting data is as simple as meeting state and federal regulations. But those are minimum standards that don’t adequately address the threat. As one of our interviewees said,

“Compliance is a low bar. I guarantee that little health care organizations and hospitals would do nothing (without regulation). They would have a piece of paper on a shelf called their security policy. It’s needed as a backstop to get companies at least thinking about it. But being compliant does not solve the greater risk management problem.”

Our research shows that hospitals need to think beyond compliance. Also, with so few hospitals well defended against cyberattacks, all hospitals appear more attractive as potential targets. In our view, it’s not enough for hospitals to improve their own defenses – nor for regulators to raise standards. They should manage, and evaluate the security of, the devices on their networks and ensure medical staff understand how good cyber-hygiene can support good patient care. Further, policymakers, health care leaders and hospitals themselves should work together to make the industry as a whole less susceptible to attacks that threaten people’s privacy and their very lives.”

https://www.fifthdomain.com/opinion/2018/04/25/defending-hospitals-against-life-threatening-cyberattacks/

Senate Report Details FEMA Disaster Response Contracting Failures

Standard

“THE PROJECT ON GOVERNMENT OVERSIGHT (POGO)”

“The report details many shortcomings of the state of FEMA contracts for disaster response supplies. Before awarding a contract, federal agencies must assess contractor capabilities to deliver the required goods and services. For the most part, FEMA failed to do this. 

A $156 million FEMA contract with the Georgia-based consulting firm Tribute Contracting LLC was terminated “for cause,” having only delivered 50 thousand of the required 30 million meals.  Oddly, the firm, which had little experience in this level of disaster work, consisted of just one person, calling into question why it was tapped for such an important and massive contract. “

________________________________________________________________________________________

“The 2018 hurricane season starts in just over a month. Considering the severity and impact of last year’s storms, the nation should ask if we are adequately prepared for the next major disaster. Unfortunately, the findings of a recent Congressional investigation raise serious concerns.

recent report from the staff of Senator Claire McCaskill (D-MO), Ranking Member of the Committee on Homeland Security and Governmental Affairs, calls into question an important aspect of disaster preparations by the Federal Emergency Management Agency (FEMA). The report details many shortcomings of the state of FEMA contracts for disaster response supplies.

During the first few days after a major disaster, FEMA is called upon to provide vital supplies to the affected communities. FEMA relies on a network of large supply centersthat can quickly respond, delivering thousands of pallets of basic commodities such as water, food, blankets, plastic tarps for emergency shelter and repairs, electrical generators, and other supplies and equipment. For disasters the size of the 2017 hurricanes that struck the southeastern states and Caribbean, FEMA also has to quickly engage with the private sector to procure and deliver large additional amounts of these same basic commodities.

FEMA is supposed to have “prepositioned” contracts in place before a major disaster. While no one can predict all the needs for a specific disaster, the basic commodities that are needed in very large, easily deliverable quantities don’t change. To ensure that continued delivery is uninterrupted, FEMA should have contracts for these supplies already vetted and ready to act on. This strategy follows current law, which correctly requires that FEMA follow a “contracting strategy that maximizes the use of advance contracts to the extent practical and cost-effective.”

The McCaskill report details how FEMA did not adequately prepare for last year’s hurricane season with prepositioned contracts for at least some disaster commodities. For example, of the $206.9 million in plastic sheeting and tarps contracts for the 2017 hurricanes, only 3.5 percent was through prepositioned contracts. In fact, FEMA had only three prepositioned contracts for tarps and none for plastic sheeting before the start of the 2017 hurricane season. After the hurricane disasters struck the United States, FEMA needed to award eleven additional contracts for those basic commodities.

And the new contracts weren’t vetted through the appropriate process. Media outlets had previously reported on contracting failures for plastic sheeting and tarps. However, the McCaskill report described a broader context of contract failure by FEMA. While contracts can fail at times due to reasons beyond the control of an agency, the report gave examples of glaring problems in FEMA’s review process. For example, FEMA awarded $73 million in new contracts for plastic sheeting and tarps to companies that had formed just months earlier and had little or no experience with the product.

It is worth noting that there were other reported FEMA contracting failures beyond what was examined in the McCaskill report. Worse, in 2016, the Government Publishing Office (GPO) terminated “for default” an unrelated Tribute contract to make 3,000 tote bags, and excluded the company from receiving further contracts above $35,000 until January 7, 2019, unless “there is a compelling reason.” The GPO’s contract exclusion should have raised red flags for FEMA because the federal government’s own database clearly lists the Tribute contract prohibition.

Most importantly, the McCaskill report revealed that many of the problematic contracts resulted in delayed delivery of the commodities to those in need within affected communities.

During a hearing of the Senate Homeland Security and Governmental Affairs Committee on April 11, FEMA Administrator William “Brock” Long discussed the report, admitting that “I realize we got work.” He assured the panel that FEMA will address the contracting problems.

POGO will continue to press federal agencies to adequately prepare for the next major disaster. A good place to start would be to improve contracting procedures at FEMA in order to ensure that vital supplies and services reach those suffering in the aftermath of a disaster.”

http://www.pogo.org/blog/2018/04/senate-report-details-major-disaster-response-contracting-failures.html

 

Atlanta Was Not Prepared To Respond To A Ransomware Attack

Standard
Atlanta Ransomware

Image: Dan X. O’Neil

“STATESCOOP”

“A month after the SamSam ransomware virus infected its computer systems, Atlanta’s city government still struggles to provide several services to its residents.

The city is scrambling to dig out from arguably the highest-profile ransomware incident on U.S. soil yet, shelling out nearly $2.7 million in emergency contracts to IT consultants and crisis managers.”

________________________________________________________________________________________

“Water and sewer bills can’t be paid online or over the phone, and business licenses can only be obtained in person. Public Wi-Fi at Hartsfield-Jackson International Airport, the country’s busiest airport, was down for two weeks. City council members reported losingdecades’ worth of correspondence. The municipal courthouse only regained the ability to schedule traffic-ticket hearings on April 16.

Atlanta officials may eventually give full accounting of how the March 22 ransomware attack was allowed to happen, and why the recovery process has been so slow and out of the public view. (The city last issued an official update on March 30.) But the hack hit just the right conditions to sow mayhem: In the weeks since officials were locked out of their systems for a $51,000 ransom demand, it’s been revealed that Atlanta’s municipal IT was woefully disorganized and outdated. Couple that with the recent swearing-in of Mayor Keisha Lance Bottoms, who by her own admission had not devoted much attention toward cybersecurity, and Atlanta became a ripe target for digital bedlam.

As recently as January, the city auditor was excoriating officials for a lax approach toward cybersecurity that left the government with obvious vulnerabilities, obsolete software and an IT culture driven by “ad hoc or undocumented” processes, according to a report published that month by the auditor’s office.

Not everyone is looking for someone to blame, though. Amid all the frustration that the cyberattack has caused, there’s one push for Atlanta to conduct a “blameless” review of the episode. But that seems like something that’s still a long way off from happening. Whatever the case, the attack was not surprising to cybersecurity experts.

“Atlanta is a fairly typical path,” said Max Kilger, a business professor who specializes in cybersecurity at the University of Texas at San Antonio. “These guys seem to be targeting organizations that work for the public good. There’s an urgency when a city gets taken down. The ransomware people are basically counting on that to leverage a payment out of these targets.”

Better to spend now than pay later

By all known accounts, Atlanta hasn’t paid up, though the mayor’s public remarks about it have been inconclusive. “Everything is up for discussion,” Bottoms said six days into the hack. The involvement of the FBI, which recommends ransomware victims refuse their attackers’ demands, suggests Atlanta hasn’t given in.

Kilger said a city as large as Atlanta, with a $2.1 billion budget, is a tempting target for ransomware operators because the ransom demand is so paltry compared the city’s pocketbook. Even if Atlanta won’t pay, the hackers behind the SamSam ransomware are still running a tidy operation — collecting nearly $850,000 since their first attack in late 2015, according to analyses of the SamSam group’s bitcoin wallet. That includes payments from ransomware victims that did pay the bounties to recover their data, including Hancock Regional Hospital in Indiana and Yarrow Point, Washington, an affluent town of 1,000 residents just east of Seattle.

But in those cases, the targets went against the FBI’s advice. The bureau recommends against acceding to ransom demands for the simple reason that a ransomware victim has no guarantee that its attacker won’t “shoot the hostage” anyway. “Paying a ransom doesn’t guarantee an organization that it will get its data back — we’ve seen cases where organizations never got a decryption key after having paid the ransom,” the FBI advises.

If there’s money going anywhere, it’s to consultants. In the month since the hack, Atlanta has doled out more than half a dozen emergency contracts to cybersecurity firms like Secureworks, Fyrsoft, and CDW, and consulting services from Ernst & Young and Edelman to manage the public response. In Colorado, where a SamSam attack in February took out internal systems at the state’s transportation department, officials have spent between $1 million and $1.5 million on recovery so far.

Government IT officials might find it’s better to spend more money up front hardening their cybersecurity, rather than shelling out after a hack.

“If I were an executive, I would look at the risk equation,” said Walter Tong, a security architect at the Georgia Technology Authority, which manages the state’s IT infrastructure. ”Is it worth spending the money or paying the ransom? I would not like to be in that kind of position.”

IT complacency

Tong’s office is not working on Atlanta’s recovery; he said it doesn’t offer the kinds of recovery services the city needs right now. But he said he knows the job of rebuilding the city’s computer systems will be a long one.

“It takes a while to rebuild and reconstruct applications and network devices,” Tong said. “Hackers choose targets and they find ways of getting there, whether it’s to cause a disruption of service or destruction of data, or both.”

Unlike other ransomware programs that take over networks when a user opens a phishing email or inadvertently runs a malignant program, SamSam infiltrates systems with brute-force attacks like guessing weak or default passwords until one breaks through. SamSam often targets Java-based application servers or Microsoft’s Remote Desktop Protocol.

Tong said his office often looks for those kinds vulnerabilities in network settings and older devices. Had Tong’s team examined Atlanta’s systems, they would’ve found those conditions in abundance. The city auditor’s January report found nearly 100 government servers running on Windows Server 2003, which Microsoft stopped supporting in 2015.

“You can spend a lot of time on educating, making sure your network devices are patched and secure,” Tong said. “But once it happens, you have to have an instant response plan.”

The January audit report suggests Atlanta was nowhere near ready to deal with a cyberattack. Monthly scans conducted over the course of the audit, found between 1,500 and 2,000 security vulnerabilities in Atlanta’s systems. In fact, the number of IT security flaws grew so large, that city agencies slid into a habit of inaction, the audit stated.

“The large number of severe and critical vulnerabilities identified by the monthly vulnerability scan results metric has existed for so long the organizations responsible for this area have essentially become complacent and no longer take action other than to update the monthly report,” the document reads. “The significance of such a backlog of severe and critical vulnerabilities without corrective actions is evidence of procedural, technical or administrative failures in the risk management and security management processes.”

Don’t play the blame game

Whether the hackers who hit Atlanta knew it at the time, the ransomware arrived less than three months into the term of a new mayor who admitted after the hack that cybersecurity had not been one of her administration’s priorities. That was a shift from her predecessor, Kasim Reed, who often played up Atlanta’s emergence as a hub for the cybersecurity industry: The city is home to companies like SecureWorks and Bastille, and Reed went on trade missions to Israel to get that country’s cybersecurity firms to investin Atlanta. Internally, Reed’s chief information officer, Samir Saini oversaw some IT upgrades, like moving city employees from Microsoft Exchange servers to Microsoft’s cloud services.

Saini was snatched away by New York Mayor Bill de Blasio in January, leaving Saini’s former deputy, Daphne Rackley, as the interim CIO. Then on April 9, Bottoms shook up the city’s leadership by asking everyone in her 35-member cabinet, which is still comprised mostly of holdovers from Reed’s administration, to submit letters of resignation. Bottoms hasn’t announced who she’ll be keeping and who she’ll be replacing, but the ransomware attack has made the CIO job a crucial one to watch.

“Just as much as we focus on our physical infrastructure, we need to focus on the security of our digital infrastructure,” Bottoms said a few days after the hack.

But blame for the ransomware attack and responsibility for making sure it doesn’t happen again aren’t necessarily synonymous. Code for Atlanta, a Code for America brigade that advocates for better technology in municipal government, wants Bottoms to eventually order a report that avoids assigning blame.

The idea of a “blameless post-mortem” is widely attributed to developers at the craft site Etsy. In a 2012 post on Etsy’s developer blog, John Allspaw, then a senior vice president at the company, wrote that software engineers respond better to errors and accidents when they know there’s not an overt threat of punishment.

“[A]n engineer who thinks they’re going to be reprimanded are disincentivized to give the details necessary to get an understanding of the mechanism, pathology, and operation of the failure,” Allspaw wrote. “This lack of understanding of how the accident occurred all but guarantees that it will repeat. If not with the original engineer, another one in the future.”

Other companies, including Google, have since adopted that model of review after things go wrong. Code for Atlanta believes that model could work in the public sector, too.

“We want folks in city government to be accountable, but for us it’s more about a culture change,” the group’s leader, Luigi Ray-Montanez, told StateScoop. “When I was at city hall I saw this poster warning people to be wary of cyberattacks. It seems like they were aware of internet culture, but obviously mistakes were made.”

Atlanta City Auditor Amanda Noble told reporters when the audit was first publicized that city officials had started to upgrade their IT security when the ransomware attack hit. But the majority of recommendations the audit made are unlikely to be completed until the third and fourth quarters of 2018.

Despite a recent push to make her government more transparent — including plans to create websites on which the public can track city contracts and municipal data — Bottoms hasn’t given an official statement on the ransomware recovery in weeks. Her office has not responded to requests for an update. Rackley, the acting CIO, has not responded to requests for an interview.

Tong, the security architect for the Georgia Technology Authority, said the city’s current silence might be at the behest of the investigators.

“It’s an active investigation and they likely can’t disclose what’s going on,” he said.

The recovery time for a ransomware victim that doesn’t pay off its attacker can be long. The Colorado Department of Transportation was only 80 percent back online six weeks after it was hit by the SamSam virus. Atlanta’s systems have been flickering back on in spurts, with many public services still rolled back to the pen-and-paper era.

Atlanta’s IT professionals and the contractors it’s hired in the wake of attack are scrambling to patch the holes and upgrade to more secure systems. But lingering out there now, for Atlanta and everywhere else, is the threat of more ransomware attempts to come.

“This is one of many ransomware attacks, and there will be many more,” Kilger, the Texas professor, said. “It’s going to get worse.”

https://statescoop.com/atlanta-was-not-prepared-to-respond-to-a-ransomware-attack

Federal Workers Earn 32% Less Than Private Sector Employees Doing The Same Jobs

Standard
Fed Emloyee Salaries

Federal employees see nearly 32 percent less on their paychecks than their private-sector counterparts, according to a recent report by the Federal Salary Council’s Locality Pay Working Group. (Getty Images)

“FEDERAL TIMES”

“Federal employees on average see a 31.86 percent difference between their paychecks and those doing the same work in the private sector according to an April 10, 2018, report submitted to the Federal Salary Council by its Locality Pay Working Group.”

______________________________________________________________________________________

“The working group calculates the pay gap between federal employees and their private-sector counterparts by taking sample data from the Bureau of Labor Statistics’ National Compensation Survey in areas of the country in which federal employees receive locality pay and averaging those pay rates into a format that is comparable with federal general schedule rates.

Federal employees can receive locality pay on top of what the general schedule rates allow for their position if the government has determined that the cost of living in that locality is higher than the rest of the U.S.

These 46 established and four pending locality pay areas can span wide swaths of the U.S., such as the entire states of Hawaii and Alaska, to make up for cost-of-living expenses.

The Washington-Baltimore-Arlington locality, for example, would have seen a nearly 88 percent pay disparity from 2015 to 2017 without the addition of locality pay, according to the report.

The target disparity for the whole of the federal workforce is five percent, according to the report, giving the government a long way to go to bring employee pay in line with targets.

In 2017 and 2018 reports, the Council recommended that Burlington, Vermont; Virginia Beach, Virginia; Birmingham, Alabama; and San Antonio, Texas, be established as new locality pay areas, and the President’s Pay Agent approved that recommendation, though the regulatory process to make that change has yet to be undertaken.

For 2019 pay, the working group also recommended that Corpus Christi, Texas, and Omaha, Nebraska, be established as locality pay areas, as pay disparities in those areas have exceeded the rest of the U.S. by more than 10 percent in the past three years.

Federal employee base pay has seen fairly steady increases since 2014, hovering at or just above one percent. U.S. code calls for increases in basic pay equal to the percentage increase in the Employment Cost Index minus half a percent. As the ECI increased to 2.6 percent in September 2017, the GS basic pay increase for 2019 should be 2.1 percent.

The working group’s report was submitted during an April 10, 2018, meeting of the entire Federal Salary Council, whose full report to the Pay Agent will be made available in the coming weeks.”

https://www.federaltimes.com/management/pay-benefits/2018/04/12/federal-employees-face-nearly-32-percent-pay-disparity-with-private-sector/

How Does A Combat Vet Feel When Hearing A Civilian Say, “We Shouldn’t Be Over There, We Should Worry About Ourselves”?

Standard

Rose Covered Glasses”  

“The civilian must accept his or her role in the issue. Elected representatives appropriate money and approve U.S. activities in other countries.

Solders go where they are ordered by their commander. If the civilian wishes change, then change can be at hand if the elected official is contacted and a strong input from the citizenry makes the demand heard.”

Quora Veterans Opinions on Today’s Warfare

______________________________________________________________________________________

“FOREIGN POLICY”

“Asking warriors to do everything poses great dangers for our country — and the military. Our armed services have become the one-stop shop for America’s policymakers.

Here’s the vicious circle in which we’ve trapped ourselves: As we face novel security threats from novel quarters — emanating from nonstate terrorist networks, from cyberspace, and from the impact of poverty, genocide, or political repression, for instance — we’ve gotten into the habit of viewing every new threat through the lens of “war,” thus asking our military to take on an ever-expanding range of nontraditional tasks.

But viewing more and more threats as “war” brings more and more spheres of human activity into the ambit of the law of war, with its greater tolerance of secrecy, violence, and coercion — and its reduced protections for basic rights.”

Central Asia’s Economic Evolution From Russia To China

Standard

central-asia-snow Russia to China

“STRATFOR”

“Central Asia has restructured its economic links over the past decade, as China has outpaced Russia in the region on trade, investment and infrastructure development.

Russia maintains its influence in Central Asia, however, and China so far has been careful to make sure its economic initiatives in the region largely complement Moscow’s interests.”


“Central Asia has undergone a significant economic transformation in recent years as trade and investment in the region have shifted away from Russia and toward China. Russia remains a major economic force in Central Asia, and China’s rise in the region complements its interests in many ways — or at least doesn’t directly contradict them. But Central Asia’s growing economic dependence on China and Beijing’s increasing political and security influence in the region could foster increased tensions between the two powers.

The Traditional Player: Russia

Russia has been the dominant external player in Central Asia since the 19th century, when the Russian Empire conquered the region to protect itself from foreign rivals and establish a defensive anchor in the Tian Shan mountain range and Karakum desert. After the Russian Revolution in 1917, Central Asia became part of the Soviet Union, which dramatically reshaped the region. The Soviet government redrew Central Asia’s borders to create five republics, largely sealing the region off from the outside world. Central Asia’s republics incorporated top-down, centralized political systems and adopted the Russian language as a lingua franca.

At the same time, they underwent a process of industrialization and collectivization familiar to the rest of the Soviet Union. The process developed large-scale industry and agricultural production in the region and integrated the republics into the Soviet economy and military-industrial complex. Central Asia’s abundant resources — including oil, natural gas, minerals and cotton — went toward sustaining the Soviet economic machine, and road, railway and pipeline networks linked the region to Russia.

Even after the collapse of the Soviet Union in 1991, Central Asia kept many of its connections to Russia. The country remained the largest trade partner for each of the Central Asian states for the first two decades following their independence, importing energy resources and other goods from the region while exporting goods such as refined fuels. Over the past decade, however, Russia’s trade and investment ties with Central Asia have diminished. China has been a big factor in the decline.

Central Asian Trade With China and Russia

The Influential Newcomer: China

Central Asian independence in the 1990s coincided with the beginning of China’s economic rise. Beijing’s growing appetite for commodities to fuel its burgeoning manufacturing sector spurred a major push into Central Asia, one that really took off in the 2000s as China began to invest in infrastructure projects to access the region’s resources, particularly oil and natural gas. Among these were the Kazakhstan-China oil pipeline, the first section of which opened in 2003, and the Central Asia-China natural gas pipeline, which began operating in 2009. Both pipelines have expanded significantly over the years. In 2017, the Kazakhstan-China oil pipeline transported 12.3 million tons of oil and 44 billion cubic meters (bcm) of natural gas in 2017, while the Central Asia-China natural gas pipeline sent 34 bcm of natural gas in 2016.

Just as China was ramping up its energy imports from Central Asia, Russia was decreasing its own. Russia, a major oil and natural gas producer, didn’t need Central Asian energy to fuel its economy. Instead, it would send the energy it imported from Central Asia to Europe to sell at a premium. An energy glut in Europe in the late 2000s removed the incentive driving Russia’s energy imports from Central Asia and created a substantial shift in the region’s energy ties — and by extension its economic ties.

Turkmenistan offers a case in point. Before 2009, the country sent around 90 percent of its natural gas supplies to Russia. But after a pipeline explosion in 2009 — caused by a rise in pressure resulting from Russia’s failure to tell Turkmenistan that it had decreased its imports — Turkmen exports to Russia declined precipitously, from more than 40 bcm in 2008 to zero by 2017. Turkmenistan subsequently began exporting much of its natural gas to China instead, sending nearly 30 bcm by 2017, up from about 4 bcm in 2010. A price dispute with Iran, in fact, has made China Turkmenistan’s only natural gas customer. And because natural gas accounts for 80 percent of the government’s revenue and 35 percent of the country’s gross domestic product, the Turkmen economy now depends overwhelmingly on Beijing.

The restructuring of Central Asia’s energy ties is apparent in the region’s broader trade levels, too. In the 1990s, total trade between China and Central Asia was less than $1 billion annually. By 2017, the figure had reached $30 billion, compared with $18.6 billion in total trade between Russia and Central Asia. China outpaces Russia in total trade with all Central Asian countries except for Kazakhstan, and in certain cases like Turkmenistan — where China accounts for 44 percent of the country’s total trade while Russia makes up only 7 percent — the discrepancy is large.

Key Connectivity Projects in Central Asia

China also has invested billions of dollars to develop transport infrastructure, as part of its Belt and Road Initiative, and manufacturing facilities. The infrastructure projects include a freight railway linking the Chinese port of Lianyungang with the Kazakh city of Almaty, and plans for two rail corridors between southern China and Central Asia. In terms of industry, meanwhile, China has built a metallurgical plant in Tajikistan that opened in November 2017, and Chinese telecommunications companies Huawei and ZTE Corp. have established assembly plants in Uzbekistan. Beijing also plans to develop the Kazakh city of Khorgos into a logistics and manufacturing hub.

Economic Overlap and Common Interests

In trade and investment in Central Asia, China has surpassed Russia in recent years. That doesn’t mean, however, that China is entirely superseding Russia in the region. Remittances, for example, are still a mainstay of Russian economic influence in Central Asia. Russia is the primary destination for Central Asian migrants working abroad, and remittances from the more than 3 million Central Asians who currently live and work in Russia make up a substantial part of the region’s economies. In smaller countries that don’t export energy, such as Kyrgyzstan and Tajikistan, this source of revenue is especially important.

Kyrgyzstan received more than $2.2 billion in remittances from Russia in 2017, according to data from Russia’s central bank. The sum exceeds China’s trade with Kyrgyzstan and accounts for more than 30 percent of the Central Asian state’s GDP. Similarly, Tajikistan received over $2.5 billion in remittances from Russia last year — more than its total trade with China. Given that nearly every family in Kyrgyzstan and Tajikistan has a member working in Russia, remittances give Moscow an important means of influencing these countries.

China’s rise as a trade and investment partner in Central Asia does not necessarily conflict with Russia’s interests and strategy in the region. Since the end of the Soviet Union, Russia hasn’t been a major investor in infrastructure in Central Asia, nor does it have the kind of capital that Beijing has to develop such projects. In addition, Russia doesn’t need Central Asia’s raw materials the way China does, and China doesn’t need the region’s low-wage labor force the way Russia does. The two countries’ different economic structures and imperatives in Central Asia are in many ways compatible.

China’s rise as a trade and investment partner in Central Asia does not necessarily conflict with Russia’s interests and strategy in the region.

Furthermore, both countries have an overlapping interest in trying to stabilize Central Asia to protect their interests there and to keep militancy from reaching their borders. China’s growing economic presence in the region has alleviated some of the pressures the region has faced because of low global energy prices, decreased trade with Russia and rapidly growing populations. And Beijing has been careful to coordinate or consult with Moscow on the economic initiatives it pursues in Central Asia, including the Belt and Road Initiative. Consequently, Russia welcomes Chinese influence in the region, which not only has helped stabilize Central Asia, but has also benefited Moscow in its own relationship with Beijing. China, after all, has become a key trade partner and investor in Russia since sanctions from the European Union and United States have reduced its economic ties with the West.

Potential Friction Points

Even so, as China’s profile in Central Asia continues to rise, and as Russia faces increasing economic challenges, several factors in the region could cause strife between Moscow and Beijing. China’s stronger economic presence in Central Asia, for example, inevitably will lead to a stronger security presence so that Beijing can safeguard its interests. In fact, Beijing already is taking on a more prominent role in counterterrorism initiatives with Central Asian states, and reports suggest that its security presence is growing in countries such as Tajikistan. These measures so far have taken place in coordination with Russia. But if and when China starts to pursue measures unilaterally or to build military bases in the region, relations between Moscow and Beijing could take a turn.

Their institutional ties to Central Asia could also prove to be a sticking point for Russia and China. Most Central Asian states are members of the Moscow-led Eurasian Economic Union and the Collective Security Treaty Organization, blocs designed to entrench Russia’s influence in the member states at the expense of other foreign powers. If China’s Belt and Road Initiative were to become more formal and exclusive, it could conflict with Russia’s interests in the Eurasian Economic Union. China’s attempt to involve Central Asia in its international integration plans will further test Moscow’s role as the leading external power in the region.

The Shanghai Cooperation Organization (SCO), likewise, could become a source of contention. China views the bloc, of which it and Russia are both members, as an important platform for regional integration on economic issues with Central Asia. Russia, on the other hand, has preferred to keep the bloc focused solely on security matters. This difference is likely a driving force behind Moscow’s efforts to include India and Pakistan in the SCO as counterweights to China. As the bloc continues to evolve and perhaps expand, it will serve as an indicator of how the relationship between Moscow and Beijing is changing.

These factors could test the balance of power that Russia and China have maintained up to this point. If signs of Moscow and Beijing working against each other in Central Asia begin to emerge, they could spell the start of a strategic shift in the region and in the Russia-China relationship.”

China and Russia

U.S. Air Force To Outsource All Traditional IT And Concentrate on Mission/Security

Standard
Air Force Outsource IT

Image:  EVERYTHING POSSIBLE/SHUTTERSTOCK.COM

“NEXT GOV’

“Many agencies and departments manage IT services like email, calendars and the like across their enterprises.

According to one of its top tech officials, the U.S. Air Force is trying to get out of that business, preferring instead to contract those services to commercial vendors.”


“We want to get totally out [of that business],” said Frank Konieczny, chief technology officer for the Air Force. Konieczny spoke Wednesday at the ATARC Federal Cloud Computing Summit.

Faced with an IT workforce shortage, Konieczny said it makes more sense to outsource the work to industry entities than to continue training a revolving door of airmen.

“We don’t want to manage anything that’s IT, so we are pushing everything out to other vendors, commercial vendors, even for our own bases,” Konieczny said. “We’re going to outsource all that capacity and data centers at the base level as well. We do not have enough airmen to actually do the jobs, so we’d rather buy the expertise from several contractors as opposed to training people. That’s not their mission in life.”

Increasingly, the Pentagon, intelligence community and military branches have looked at commercial vendors to develop IT solutions in areas like emailelectronic health records, and infrastructure. Those moves typically have a large impact on existing workforce, freeing up federal IT personnel to perform other duties. ”

http://www.nextgov.com/emerging-tech/emerging-tech-blog/2016/01/air-force-cto-we-dont-want-manage-it-anymore/125153/