Tag Archives: technology

We Need to Audit the Pentagon

Standard

videopentagon575

“THE PROJECT ON GOVERNMENT OVERSIGHT (POGO)”

“In 1994 Congress passed legislation requiring every federal agency to be auditable.

Since then every agency has complied—except for the Department of Defense.

“We have known for many years that the Department’s business practices are archaic and wasteful, and its inability to pass a clean audit is a longstanding travesty,” Chairs John McCain (R-AZ) and Mac Thornberry (R-TX) of the Senate and House Armed Services Committees said recently in a joint statement. “The reason these problems persist is simple: a failure of leadership and a lack of accountability.”

The Department’s… inability to pass a clean audit is a longstanding travesty

Increasing Pentagon spending under these circumstances is the opposite of fiscal responsibility. In fact, giving the Pentagon $54 billion and finding out why later is bad budgeting.

Both the Republican and Democratic party platforms included the need to audit the Pentagon, and Congress should resist calls to give more money to an agency they know to be irresponsible with taxpayer dollars.

You can learn more about the seemingly endless saga surrounding the Pentagon’s utter failure to get a clean audit opinion here.”

http://www.pogo.org/straus/issues/defense-budget/2017/pentagon-audit-needed-oversight.html

 

 

 

 

 

NATO Agency Seeking Bids for IT Modernization Program

Standard

NATO IT

Photo: NATO officials discuss future cyber initiatives at the NATO Communications and Information Agency. (NATO)

“NATIONAL DEFENSE MAGAZINE”

“The program will span at least four contracts and be worth up to $537 million, and is expected to be completed by mid-2018.

NATO’s communication and information technology arm is seeking industry partnerships as it takes on a multi-year modernization effort for its information-technology systems, according to the organization’s acquisition director.

The NATO Communications and Information Agency — which runs the information technology, communications and command and control for the multinational organization — has opportunities for defense and IT companies in various stages of the modernization program, Peter Scaruppe told National Defense in February.

“The IT modernization program is a very important one because it basically replaces all of the IT in all the NATO locations, and for all the NATO forces,” he said.

The program entails: streamlining NATO’s IT service offerings to increase efficiency and effectiveness; using a customer-funded delivery system to increase the flexibility and scalability of IT services; delivering services from a centralized set of locations; and implementing increased cyber security measures, according to the agency.

Next on the priorities list is introducing a cloud-based services enterprise design by this summer, which Scaruppe called a major part of the modernization program.

“Storage is an important issue for all current and future IT programs, because with big data and the availability of big data, it is increasingly important,” he said. “We are anxious to see what companies will provide.”

NCIA Agency also plans to develop new data centers in Mons, Belgium, and Lago Patria, Italy, by early 2018, Scaruppe said. A third site has not yet been publicly revealed, but is being considered as an option “if and when we need it,” he said.

“This is for the IT support and operational support for NATO locations and operations,” he said.

NCI Agency has made concerted efforts in recent years to work more closely with industry to beef up its cyber defense capabilities. The agency contracts out about 80 percent of its work to the defense and security industries of NATO’s 28 current member-nations, Scaruppe said.

This year, the agency will host its annual industry conference in North America for the first time since it kicked off six years ago, rather than in a European country, “to note the transatlantic alliance,” he said.

The theme of the NCIA Agency Industry Conference and AFCEA TechNet International — which will be held in late April in Ottawa, Canada — is “Sharpening NATO’s Technological Edge: Adaptive Partnerships and the Innovative Power of Alliance Industry.” The conference builds upon last year’s theme of why innovation is important to NATO’s technological needs, Scaruppe said.

“Especially in the IT and cyber world, we know that there are a lot of innovators out there … not exactly keen on working with an 800-pound gorilla like NATO,” he said. “Some are not familiar with the process, [so] we need to catch the right innovators.”

One major part of the conference is dedicated to innovation challenges where agency officials and industry will discuss pre-determined areas of study, he said. “We did this last year, very successfully, and we got lots of proposals, many more than we thought we would get.”

Conference attendees will learn of upcoming business opportunities with an overall budget of about $3.2 billion over the next two to three years, Scaruppe said.

Businesses also have the change to speak with agency experts ahead of potentially bidding on a project.

“We do this every year, but we’re dedicating a lot more time to this part than usual [this year],” he said, adding that the agency hopes to attract more U.S. and Canadian industry members as a result.

Attendance rates at previous conferences have been about 70 percent European-based, Scaruppe said.

The agency is also looking to attract more cyber experts through the conference by running a next-generation skills exercise and innovators program, he said.

“We have a lot more work than we have staff for — and the same is true with the private companies — [and] we want to find innovative ways of how to attract these people, how to retain these people and also keep us current in the cyber exercise.”

http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=2448

 

 

 

What Mark Thompson Has Learned Covering the Military for 40 Years

Standard
550-billion-pentagon-budget-cartoon-600x396_orig

Image:  “Otherwords.org”

“Scant public interest yields ceaseless wars to nowhere”

 

“Straus Military Reform Project – Center for Defense Information at POGO”

“It turns out that my spending four years on an amusement-park midway trying to separate marks from their money was basic training for the nearly 40 years I spent reporting on the U.S. military.

Both involve suckers and suckees. One just costs a lot more money, and could risk the future of United States instead of a teddy bear.

But after 15 years of covering U.S. defense for daily newspapers in Washington, and 23 more for Time magazine until last December, it’s time to share what I’ve learned. I’m gratified that the good folks at the nonpartisan Project On Government Oversight, through their Straus Military Reform Project, are providing me this weekly soapbox to comment on what I’ve come to see as the military-industrial circus.

As ringmaster, I can only say: Boy, are we being taken to the cleaners. And it’s not so much about money as it is about value. Too much of today’s U.S. fighting forces look like it came from Tiffany’s, with Walmart accounting for much of the rest. There’s too little Costco, or Amazon Prime.

There was a chance, however slight, that President Trump would blaze a new trail on U.S. national security. Instead, he has simply doubled down.

We have let the Pentagon become the engine of its own status quo.

For too long, the two political parties have had Pavlovian responses when it comes to funding the U.S. military (and make no mistake about it: military funding has trumped military strategy for decades). Democrats have long favored shrinking military spending as a share of the federal budget, while Republicans yearn for the days when it accounted for a huge chunk of U.S. government spending. Neither is the right approach. Instead of seeing the Pentagon as the way to defend against all threats, there needs to be a fresh, long-overdue accounting of what the real threats are, and which of those are best addressed by military means.

The Defense Department’s Quadrennial Defense Review, which is supposed to do just that every four years, has become an engine of the status quo. The Pentagon today is little more than a self-licking ice cream cone, dedicated in large measure to its growth and preservation. Congress is a willing accomplice, refusing to shutter unneeded military bases due to the job losses they’d mean back home. The nuclear triad remains a persistent Cold War relic (even former defense secretary Bill Perry wants to scrap it), with backers of subs, bombers and ICBMs embracing one another against their real threat: a hard-nosed calculus on the continuing wisdom of maintaining thousands of nuclear weapons on hair-trigger alert.

Unfortunately, it’s getting worse as partisan enmity grows. It’s quaint to recall the early congressional hearings I covered (Where have you gone, Barry Goldwater?), when lawmakers would solemnly declare that “politics stops at the water’s edge.” The political opposition’s reactions to Jimmy Carter’s failed raid to rescue U.S. hostages held in Iran in 1980 that killed eight U.S. troops, and to the loss of 241 U.S. troops on Ronald Reagan’s peacekeeping mission in Beirut in 1983, was tempered.

But such grim events have been replaced Hillary Clinton’s Benghazi and Donald Trump’s Jan. 29 special-ops raid in Yemen. Rancid rancor by both sides cheapens the sacrifice of the five Americans who died. It only adds a confusing welter of new rules designed to ensure they aren’t repeated. Yet mistakes are a part of every military operation, and an unwillingness to acknowledge that fact, and act accordingly, leads to pol-mil paralysis. It’s amazing that the deaths of Glen Doherty, William “Ryan” Owens, Sean Smith, Chris Stevens and Tyrone Woods seem to have generated more acrimony and second-guessing than the wars in Afghanistan and Iraq, in which 6,908 U.S. troops have died.

There is today a fundamental disconnect between the nation and its wars. We saw it in President Obama’s persistent leeriness when it came to the use of military force, and his successor’s preoccupation with spending and symbolism instead of strategy. In his speech to Congress Feb. 28, Trump mentioned the heroism of Navy SEAL Owens, but didn’t say where he died (Yemen). Nor did he mention Afghanistan, Iraq or Syria, where nearly 15,000 U.S. troops are fighting what Trump boldly declared is “radical Islamic terrorism.”

But he did declare he is seeking “one of the largest increases in national defense spending in American history.” His $54 billion boost would represent a 10% hike, and push the Pentagon spending, already well beyond the Cold War average used to keep the now-defunct Soviet Union at bay—even higher.

“We are going to have very soon the finest equipment in the world,” Trump said from the deck of the yet-to-be-commissioned carrier Gerald R. Ford on Thursday in Hampton, Va. “We’re going to start winning again.” What’s surprising is Trump’s apparent ignorance that the U.S. military has had, pound-for-pound, the world’s finest weapons since World War II. What’s stunning is his apparent belief that better weapons lead inevitably to victory. There is a long list of foes that knows better.

It’s long past time for a tough look at what U.S. taxpayers are getting for the $2 billion they spend on their military and veterans every day. It would have been great if Trump had been willing to scrub the Pentagon budget and reshape it for the 21st Century. But the U.S. has been unwilling to do that ever since the Cold War ended more than 25 years ago. Instead, it simply shrunk its existing military, then turned on a cash gusher following 9/11.

I know many veterans who are angered that their sacrifice, and that of buddies no longer around, have been squandered in Afghanistan and Iraq.

I recall flying secretly into Baghdad in December 2003 with then-defense secretary Donald Rumsfeld. The bantam SecDef declared on that trip that the U.S. military had taken the “right approach” in training Iraqi troops, and that they were fighting “well and professionally.” Last month, Defense Secretary Jim Mattis, the fifth man to hold that job since Rumsfeld, declared in Baghdad that the U.S. training of the Iraqi military is “developing very well.” His visit, like Rumsfeld’s 14 years earlier, wasn’t announced in advance.

Even as Army Lieutenant General H.R. McMaster, Trump’s national security adviser, tries to chart a path forward in Iraq, it’s worth remembering that he earned his spurs 26 years ago as a captain in a tank battle with Iraqi forces.

If we’re going to spend—few would call it an investment—$5 trillion fighting in Iraq and Afghanistan (and Syria, and Yemen), don’t we, as Americans, deserve a better return?

The problem is that the disconnect between the nation and its wars (and war-fighters) also includes us:

  • Our representatives in Congress prefer not to get their hands bloodied in combat, so they avoid declaring war. They prefer to subcontract it out to the White House, and we let them get away with it.
  • Through the Pentagon, we have subcontracted combat out to an all-volunteer force. Only about 1% of the nation has fought in its wars since 9/11. We praise their courage even as we thank God we have no real skin in the game.
  • In turn, the uniformed military services have hired half their fighting forces from the ranks of private, for-profit contractors, who handle the critical support missions that used to be done by soldiers. The ruse conveniently lets the White House keep an artificially-low ceiling on the number of troops in harm’s way. We like those lower numbers.
  • Finally, we have contracted out paying for much of the wars’ costs to our children, and grandchildren. We are using their money to fight our wars. They’ll be thanking us in 2050, for sure.

Until and unless Americans take responsibility for the wars being waged in their name, and the weapons being bought to wage them, this slow bleeding of U.S. blood and treasure will continue. “We have met the enemy,” another Pogo once said, “and he is us.”

http://www.pogo.org/blog/2017/03/military-industrial-circus-national-security-column.html

mark-thompson-230

2By: Mark Thompson, National Security Analyst

Mark Thompson Profile

Mark Thompson writes for the Center for Defense Information at POGO.

 

Intelligence Advanced Research Projects Activity (IARPA)Hits Stride Funneling Collaborative New Technology

Standard

iarpa

“NATIONAL DEFENSE MAGAZINE”

“The Intelligence Advanced Research Projects Activity  technology incubator celebrated its 10th year by transitioning a large number of programs to its clients.

12 new research programs, two new challenge prizes, 46 workshops with 2,700 attendees, 250 peer reviewed publications, and 22 technologies being transitioned to one of its client agencies.

It has worked with 500 organizations — half universities or small colleges, a quarter small businesses, and a quarter a mix of large companies, federal laboratories and federal agencies said Jason Matheny, IARPA director, said at the National Defense Industrial Association’s Special Operations/Low Intensity Conflict conference.

It serves 17 intelligence agencies in the U.S. government. “Their problem sets are broad,” he said. They involve everything from the hard sciences such as physics, biology and chemistry to political science and psychology with neuroscience, computing and engineering kicked in.

“The way that I used to describe this to my family was that we are the United States’ version of Q Branch from the James Bond movies,” he said. Except when his daughter came to visit on family day, she remarked that it was just a bunch of filing cabinets with contracts inside.

“We have outsourced Q Branch. … We fund the best and the brightest in academia and industry to solve our hardest problems,” he said.

The agency modeled itself after the Defense Advanced Research Projects Agency because it was so successful, Matheny said.

Over the past decade, IARPA has emerged as the largest funder of academic research into quantum and superconducting computing. It also pours money into machine learning, speech recognition, imagery analysis, facial recognition, and automated video analysis.

About one-third of its budget is put toward human judgment programs. This field helps analysts make better assessments based on partial data or wrong information, Matheny said. “How can they make more accurate judgments quickly? How can they resist certain universal cognitive biases?”

“Ultimately, judgments in the intelligence community come down to a human being. We haven’t automated analysis and we don’t expect to automate that kind of analysis,” he added.

Other technologies it’s pursing include sensors that can pick up chemical traces from stand-off distances and in-place unattended chemical sensors that can be dormant for years, then “phone home” when it detects an agent. It’s also looking at detectors for nuclear weapons and synthetic genomes in the environment.

“Very” quiet unmanned aerial vehicles and persistent undersea sensors are two other needs, he said.

New opportunities include the Janus program, which focuses on the hard facial recognition problem, he said. “Let’s say you have faces that are covered, that are captured from an angle with very low resolution cameras or video.” The goal is to piece together various images from multiple angles and try to compose a
composite facial image.

It’s also looking into high-resolution 3D modeling created from overhead imagery. “Can you build a 3D model of not just a building, but an entire city with 5 centimeter accuracy?” If so, that could be helpful for special operators planning raids, he added.

It is also searching for knowledge discovery tools in multi-lingual domains. This is intended for languages for which there isn’t a common automatic translation system such as those provided by Google.

IARPA prefers a competitive set up. It issues similar contracts in parallel to pursue the same technical goal. Multiple teams then research the same target. “We obsessively keep score. We spend about a quarter of our budget on testing and evaluation. And then we exercise options … for the teams that are outperforming others,” Matheny said.

This is stressful for the teams but results in more innovation, more quickly “in ways we don’t see otherwise in federal contracting,” he said.

“Prize challenges are one of the more cost-effective ways we have for funding innovation,” he said. The organization has found hobbyists willing to solve problems for $10,000 prize purses. The competition levels the playing field for anyone who is able to participate.

Like DARPA, it issues broad area announcements that it always keeps open so it can rapidly provide seed money for those with good ideas. The “informal process” begins with as little as a paragraph describing an idea, followed by a phone call with a program manager. “The program manager has been trained to be brutally honest — to give a thumbs down on an idea that we don’t want to see a full proposal on, or a thumbs up.”

The phone conversation is key, Matheny said. “If the program manager tells you they really want to see a proposal, they really do want to see that proposal.” Ninety percent who are asked for a full proposal go on to be funded, he noted. The more formal way of proceeding only resulted in 20 percent moving forward, he added.”

http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=2419

 

 

 

 

 

DOD Opens Web Sites to “White Hat” Hackers

Standard

hack-the-pentagon-graphic-768x512

“BREAKING DEFENSE”

“DOD will allow white hat hackers to test all its unclassified public websites.

The bigger the problem, the bigger the payout, with Hack The Pentagon going as high as $15,000 and the forthcoming Hack The Army likely to go higher.

First, a new policy released today encourages anyone  to look for weaknesses in any public DoD site, as long as they report what they find. Then, for a select subset of hackers and sites, “bug bounty” programs go further by offering cash rewards to registered hackers for finding problems in selected sites.

Bug bounties for white hats are old hat for tech companies, but they’re still a new idea for much of the wider commercial sector, let alone the staid Defense Department. Defense Secretary Ashton Carter has pushed hard to bridge the gap between the Pentagon and Silicon Valley. He created a special contracting outpost in Palo Alto, DIUx (Defense Innovation Unit, Experimental), and set up a Defense Digital Service to bring IT experts into the Pentagon on roughly one-year tours to shake things up

Chris Lynch heads the DDS. “We have actively dissuaded people from telling us vulnerabilities,” Lynch told reporters at an embargoed briefing before the new policy’s release. In one case he’s personally familiar with, a private security researcher was doing routine scans of large portions of the website that happened to include .mil sites. “The Department of Defense had actually reached out…and said, ‘please don’t scan us,’” Lynch said. “I think that that’s crazy.”

Hack The Pentagon’s very success highlighted other problems. The program only rewarded researchers for finding vulnerabilities in specific, enumerated websites. But some participating hackers found “out of scope” vulnerabilities in other websites. When they tried to report the problems, they found no procedure to do so, no policy and no point of contact.

“It turns out we had no process,” said Charley Snyder, senior cyber policy adviser in the Office of the Secretary of Defense. Patriotic hackers ended up emailing their vulnerability reports to the Pentagon webmaster — which is kind of like calling 911 and getting voicemail — or even posting them on Twitter.

So in parallel to setting up Hack The Army, which offers bug bounties for vulnerabilities inArmy recruiting-related sites, the Pentagon also wrote up an across-the-board policy for reporting vulnerabilities in any public-facing Defense Department website. (If you channelMatthew Broderick and hack the nuclear command and control system, sorry, you’re still not covered).

Based on private-sector Vulnerability Disclosure Policies, the Pentagon VDP sets certain expectations for researchers. For example, don’t disrupt Pentagon business by conducting Denial of Service (DOS) attacks, said Snyder, and “don’t just run crazy automated scans that are just going to generate a lot of low-level stuff.” In return, well-behaved white hackers who find real vulnerabilities will have a channel to report them without fear of legal repercussions, which has prevented at least some reporting in the past.

“We don’t care where the information comes from. We just want an avenue for you to deliver this information to us,” said Lisa Wiswell, who works for Lynch as a “bureaucracy hacker” in the Defense Digital Service. (In a sign of shifting cultures, while Wiswell has spent 10 years in government, mostly in DoD, like Lynch she was so casually dressed I initially mistook her for a fellow reporter; Snyder, by contrast, wore a suit). Wiswell is running the bug bounty programs.

The bounties are more targeted than the DoD-wide Vulnerability Disclosure Policy, Wiswell made clear. They’re also getting increasingly challenging — both for the hackers and for DoD. Hack The Pentagon only rewarded participants for finding vulnerabilities in a set list of “static” websites like Defense.gov which publish information for the general public. Hack The Army will cover Army recruiting websites, which are still by their nature aimed at the public but which take in data important to the day-to-day functioning of the service’s recruiting operation.

Only hackers who register with private sector firm HackerOne will be allowed to participate, said Wiswell, and only those who pass a background check can actually receive a bounty payment. (Until that point, a participant can stay pretty anonymous). For future bug bounties targeting more sensitive websites, Wiswell said, the Pentagon has contracted with security firm Synack, whose ex-NSA founders have a list of exhaustively vetted hackers for work requiring discretion.

To anyone nervous about opening up Pentagon systems to such outside scrutiny, Snyder points out DoD computers are under real attack from real adversaries every day. “The bad guys are certainly not waiting for an invitation,” he said. Now, at least, the good guys have one.”

Hack Us, Please: DoD Opens Websites To ‘White Hat’ Hackers

 

US Weapons Exports End FY 2016 at $33.6 Billion

Standard

us-weapons-exports

“DEFENSE NEWS”

“The US hit $33.6 billion for foreign weapon sales in fiscal year 2016.

The Defense Security Cooperation Agency (DSCA) announced Tuesday that it cleared $2.9 billion of Foreign Military Financing-funded cases; $5.0 billion in Building Partner Capacity-funded cases; and $25.7 billion funded by partner nations.

Among sales that were cleared in 2016 were $785 million from the UAE for munitions such as the GBU-10, announced in July; $1.2 billion from Australia for AIM-120D air-to-air missiles; and $1.15 billion from Saudi Arabia for M1A2S tanks and M88Al/A2 vehicles.

The drop from the 2015 total was predicted last month by DSCA head Vice Adm. Joseph Rixey, who argued that the total overall figure is not a barometer his agency uses to judge its success.

“We don’t look at sales like a benchmark we’re trying to capture. It’s not a number we’re trying to go for. Sales is really a fundamental result of foreign policy. We just have to understand what kind of workforce we’re going to need to prosecute those sales,” Rixey said then. “It’s nothing more than a tool for us to anticipate what we’re going to anticipate and work with.”

As an example, Rixey pointed out that if the long-awaited sale of fighter jets to Kuwait, Qatar and Bahrain had been cleared in 2016, as many had expected, the total would have eclipsed the record-setting year of 2015.”

http://www.defensenews.com/articles/us-weapons-exports-end-2016-at-336b?utm_source=Sailthru&utm_medium=email&utm_campaign=DFN%20EBB%2011.9.16&utm_term=Editorial%20-%20Early%20Bird%20Brief

The Coming Cyber Crisis and How to Handle It

Standard

ingrammicroadvisor-dot-com

      Image: ingrammicroadvisor.com

“NEXT GOV”

“Five high-level priorities from experts and former federal officials.

The U.S. faces ongoing cyber threats from Iran, North Korea, and terrorist and criminal groups. Russia, has brazenly hacked a major political party and China continues to pilfer company secrets for economic advantage.

Build a Real Cyber Strategy

The Obama administration has published dozens of strategies, frameworks and guidelines aimed at shoring up vulnerabilities in government computer systems, bolstering private sector security and promoting peace in international cyberspace.

When it comes to responding to real-world cyber events, however—whether it’s the China-linked breach of records about more than 21 million current and former federal employees from OPM or an encrypted iPhone used by San Bernardino shooter Syed Farook—the administration has typically been caught without a firm plan or position and been left to make policy on the fly, analysts say.

Ideally, the next president should develop a series of big-picture cyber priorities clear enough the average citizen could predict his or her responses to some new challenge as reliably as she could to a new environmental challenge, said Jason Healey, senior research scholar at Columbia University’s School of International and Public Affairs and a former director of infrastructure protection at the White House.

“We know President Trump would focus on cheap energy, not the environment, and President Clinton would care more about the environment,” Healey said. “But do these administrations think that the government or the private sector is the locus of activity when it comes to cyber defense? I don’t know. Do we think it’s more important to use cyber as an espionage weapon or to plug holes in the internet? I don’t know … If we wanted to get rid of malaria, we’d create a vision, set a goal, arrange priorities around that goal and measure toward it. I don’t see why we can’t do that here.”

Create Playbooks

Even the best policy won’t provide perfect guidance for every situation, especially because cybersecurity, by its very nature, is bound up in numerous other issues ranging from national security and economic security to personal privacy and online innovation.

The solution is to integrate cyber into the administration’s broader planning, said Frank Cilluffo, director of The George Washington University’s Center for Cyber and Homeland Security and a former special assistant to the president for homeland security during the Bush administration.

The Democratic National Committee hack, “was that a cyber problem or a Russia problem? Well, obviously, it was a mixture of both,” Cilluffo said.

That means the administration needs to have plans in place to deter aggression and to respond when it happens, he said.

“Russia is not the same as China, which is not the same as Iran or a foreign terrorist organization or criminal enterprise,” Cilluffo said. “We need to have playbooks in place so we’re not opining out loud in the midst of crises.”

Build Cyber Norms

The government has endorsed a handful of norms for how nations ought to act in cyberspace, including several promulgated by a United Nations group of government experts. The scope of cyber threats has shifted so rapidly, however, the U.S. often seems to be left deciding what’s out of bounds after it’s happened rather than before.

The next administration should work toward a broader global consensus on what’s acceptable and unacceptable in cyberspace, experts said. That will include setting hard limits on what counts as merely espionage, which is generally considered acceptable in cyberspace, and what goes a step beyond espionage, such as Russia’s alleged release of hacked DNC emails during the 2016 election.

It also means showing restraint when increased militarization of cyberspace might be otherwise beneficial, said Bruce McConnell, global vice president of the EastWest Institute think tank and a former deputy undersecretary for cybersecurity at the Homeland Security Department.

“As the U.S. continues to grow [its cyber] capability, it has the effect of making other countries do the same thing,” McConnell said. “I think it’s incumbent on leaders of the free world to step back and ask ‘what are the limits on this?’”

Choose Priorities

One thing that’s delayed progress in defensive cybersecurity has been taking on too much at once, said Martin Libicki, an adjunct management scientist at the RAND Corporation and visiting professor at the U.S. Naval Academy.

Instead of a program to secure critical infrastructure against cyberattacks, Libicki recommended a narrower but more ambitious program to fully secure the electrical grid.

“The tendency is to go off in five different directions and not make much progress in any direction,” Libicki said. “Electricity is more specific than critical infrastructure. If you say critical infrastructure, you end up throwing in the kitchen sink. You can be specific and say ‘whatever happens, the power will not run out,’ and you can say to banks and telecoms ‘here are lessons learned to apply to other critical infrastructure.'”

Shift Focus to the Private Sector

Finally, the next president should figure out ways to better incentivize the private sector to improve its own security.

Some of that should come in the forms of research and development conducted or funded by government research agencies both into how basic security measures and into how cyber insurance and other incentives can improve security, said Ian Wallace, co-director of New America’s Cybersecurity Initiative and a former defense policy counselor at the British Embassy in Washington.

Regulatory agencies such as the Securities and Exchange Commission should also focus on ways to make security a higher priority for shareholders and for companies during mergers and acquisitions, said Columbia University’s Healey.

“The private sector is the most important actor,” Healey said. “That means shareholders need to get involved if a company isn’t taking responsibility. We need to look for places where a small bit of government action can have an outsize impact.”

http://www.nextgov.com/security/2016/11/next-president-will-face-cyber-crisis-heres-how-handle-it/132953/?oref=ng-HPtopstory&&&utm_term=Editorial%20-%20Early%20Bird%20Brief

 

 

 

Department of Homeland Security Spending to Grow

Standard

jon_budget_dhs

“NATIONAL DEFENSE MAGAZINE”

“Discretionary budget authority increased from $39.8 billion to $41 billion.

The department is seeking to develop next-generation systems that leverage advancements in the “internet of things,” digital transformation, data analytics and cybersecurity.

The Department of Homeland Security is one of the few federal agencies increasing the amount of money it obligates to contractors, according to a recent report by market analysis firm Govini.

The growth is due to overall budget increases and the allocation of a larger share to contracts, said the report, “2017 Fiscal Year Outlook: Department of Homeland Security.”

“The topline trend means that DHS is prioritizing purchases of products and services over additional personnel and other internal resources,” the report said.

The department is seeking to develop next-generation systems that leverage advancements in the “internet of things,” digital transformation, data analytics and cybersecurity, it said. “These investments are intended to fill capability gaps, automate procedures that currently present security risk and bring about operating efficiency all while lowering personnel costs.”

Customs and Border Protection, the Transportation Security Administration and the Office of Procurement Operations fueled a 16 percent increase in overall DHS contract obligations to $14.6 billion in fiscal year 2016, a $2 billion bump from 2013, the report noted.

Obligations from each agency are projected to continue to increase by at least 3 percent in 2017, it said.

“Providers of advanced technology and technical services should target CBP as it plans to invest in next-generation detection devices that provide the operational advantages of automation,” it said.

TSA is projected to spend $200 million on improving baggage screening technology. Support for the agency in the coming years is “likely to be strong,” regardless of whether former Secretary of State Hillary Clinton or businessman Donald Trump becomes the next president, the report said.

The Coast Guard is undergoing a major recapitalization effort. Big-ticket items in the expected buy include: $240 million for fast response cutters; $100 million for offshore cutters; and $150 million to begin work on a polar icebreaker. Fiscal year 2017 will be a “strong year” for the  Coast Guard’s industry partners, the report said.

Cybersecurity has been identified as a key investment area for DHS and the Defense Department going forward. Cyber attacks launched by Russia, China and non-state actors are a growing concern among U.S. officials and politicians.

“The flood of cyber spending will continue under either a Trump or Clinton presidency,” the report said. “The threat is simply far too large to ignore.”

http://www.nationaldefensemagazine.org/archive/2016/november/Pages/DHSContractSpendingSettoGrow.aspx

Plutonium Disposal Plant 41 Yrs Behind Schedule – Over Budget & Pointless

Standard

plutonioum-disposal-plant

                                         The MOX Facility in South Carolina. Photo via Google Earth

“WAR IS BORING”

“The Army Corps of Engineers stated that MOX won’t be finished and ready for operations until 2048 — putting it 41 years behind schedule.

Latest completion cost estimate went from  $1.6 billion to a staggering $17 billion .

It is now pointless after Russia pulled out of a major nuke treaty.


 Imagine you have a contractor working on your house. They quoted you a price and told you the project would be done in no time. Sure, you realize costs will probably go up some and the schedule will slip due to an unexpected problem or two.

But months turn into years, years turn into a decade, and now, 14 years later, you find that they’ve already spent five times their original estimate and they aren’t even halfway done!

That’s the situation the Department of Energy is facing with the contractor building a nuclear fuel facility in South Carolina.

The Mixed Oxide Fuel Fabrication Facility, known as MOX, is a multi-billion dollar boondoggle that is behind schedule, over budget and will never be able to complete its mission.

MOX was originally conceived as part of an agreement between the United States and Russia in which each country pledged to dispose of weapons grade plutonium. But that was back in 2000.

As cost overruns and technical failures have become clear, the Department of Energy asked Congress to cancel the program in 2016. The South Carolina delegation, defending jobs in their districts, pushed back and claimed doing so would violate the agreement.

Last week, Russian Pres. Vladimir Putin announced he would be withdrawingfrom the agreement. Without Russia being party to the agreement, the last remaining pretense for this boondoggle is shattered.

Congress will soon be reviewing the budget for fiscal year 2018 and should ensure that funding for this project is ended once and for all.

The new independent cost estimate shows that finishing the construction of the MOX facility has gone from $1.6 billion to a staggering $17 billion — more than 10 times the original projection.

And while the facility was supposed to be fully constructed in 2007, the Army Corps of Engineers stated that MOX won’t be finished and ready for operations until 2048 — putting it 41 years behind schedule.

But even if Congress decides to accept spending $17 billion in taxpayer dollars and waiting 41 extra years for the facility, the project will never work.

MOX technology dates back to the 1960s and has caused experts to raise concerns about the technical viability of the U.S. facility should it ever be completed and become operational. In 2014, Energy Department experts concluded that U.S. implementation of MOX technology still remains a “significant risk.”

Moreover, even if the facility were to work perfectly and produce the mixed oxide fuel as intended, there aren’t any commercial nuclear reactor companies interested in purchasing it. In 2008, the project lost its only potential customer and hasn’t been able to find a single replacement.

What is even more unbelievable is that $17 billion isn’t even the bottom line for this monstrosity. Other independent estimates have found that over the facility’s lifetime, which includes the costs of operating the plant for 20 years on top of construction costs, MOX will cost taxpayers $110 billion.

The fact that these cost estimates come from independent sources is important. For the last several years the contractor in charge of the MOX project, CB&I AREVA MOX Services, has been spreading misleading facts and figures about the project’s true costs.

These contractor statements have been proven wrong time and time again by the Department of Energy, independent sources and reality. The new Army Corps analysis exposes just how the contractors’ optimistic estimates border on delusional.

For example, the contractors stated earlier this year that finishing the job will cost $3 billion; the Army Corps found the contractors’ estimate should have come closer to $10 billion. The contractors’ calculation, they found, had serious problems which led to the inaccuracies.

“The MOX Services estimate-at-completion is not credible because it was developed using unrealistic production and productivity rates, artificially low escalation, inappropriate allocation of management reserves and contingency that is not time phased across the project duration, and lack of escalation applied to these reserves,” the Army Corps’ report stated.

Based on its calculations the MOX project is only 28 percent complete, not 48 percent as the contractor has asserted.

What CB&I AREVA MOX Services also seem to conveniently forget in its calculations is that the project is running on at least a 25 percent rework rate, meaning approximately a quarter of the work already done will have to be re-done — the project takes one step back for every four steps forward.

This includes everything from walls that were installed incorrectly to piping that was ordered but didn’t meet specifications.

These kinds of mistakes led to CB&I AREVA MOX Services receiving only half of its possible contract award fee in 2015. “Overall performance is below the level needed for successful project completion, as culminated in cost overruns and schedule delays,” the government documents stated.

They cited the contractor’s poor management of the project and failure to adequately perform random drug testing. Still, CB&I AREVA MOX Services received $4.33 million of the possible $8.86 million in bonuses for that year.

It may seem remarkable that CB&I AREVA MOX Services has managed to retain the contract after so many missteps, but it could be the result of a very successful lobbying effort.

The two companies that make up CB&I AREVA MOX Services, Chicago Bridge & Iron Works (CB&I) and AREVA, spent a total of $2.4 million lobbying the government in 2015 on various issues including the MOX project. In the first two quarters of 2016 alone the groups have spent $1.4 million.

That amount doubles when including other organizations, like the International Brotherhood of Electrical Workers, that listed MOX as a lobbying objective.

The contractor has effectively lined up several senators and representatives who have made sure that taxpayer dollars continue to flow to the MOX project, and thus to CB&I AREVA MOX Services.

Sens. Lindsey Graham (R-SC) and Tim Scott (R-SC), and Reps. Joe Wilson (R-SC), James Clyburn (D-SC) and Rick Allen (R-GA) have done their best to support MOX. During the budget process this year, Wilson wrote a letter to the House Committee on Appropriations Subcommittee on Energy and Water Development urging them to continue funding the MOX program. Clyburn and Allen also signed the letter.

It comes as no surprise that Reps. Wilson and Clyburn as well as Sen. Scott are among the AREVA Group’s top recipients for campaign donations. Also on the list are Reps. Mike Simpson (R-ID) and Marcy Kaptur (D-OH), the Chairman and Ranking Member of the Energy and Water Appropriations Subcommittee, which determines annual funding for MOX.

At this point the MOX project is nothing more than pork barrel politics.

“We are confident [the MOX project] is not feasible in this environment. We are going down a road spending money on something that will never happen. Unfortunately, that seems to us to be a very large waste of taxpayer money,’’ DOE Associate Deputy Secretary John MacWilliams told The State reporter Sammy Fretwell on a tour of the construction site.

MOX is unaffordable, 41 years behind schedule, and will never work.

And now that Russia has withdrawn from the agreement, the United States would be the only country trying to uphold it. Congress’s decision to continue funding this disaster was based on grossly inaccurate information about both the cost and performance of this project.

But they have time to revisit this decision with unbiased facts and analysis before the next budget decisions need to be made. There are cheaper and faster ways to dispose of the plutonium, methods that the Energy Department is already exploring.

There is no reason Congress should continue forcing taxpayers to fund such an obvious boondoggle.”

https://warisboring.com/the-u-s-governments-plutonium-disposal-plant-is-wait-for-it-41-years-behind-schedule-a611e606d98#.llmqdhxv2

Industry Consensus Forming Around Cyber Security

Standard

cyber-security-industry-4-oct-2016-copy-jpg-scale-large

“MILITARY AND AEROSPACE ELECTRONICS”

“There’s much more to cyber security than hackers and attempts to thwart their efforts.

Moreover, there’s billions of dollars pouring into the cyber security industry today, which represents opportunities for a wide variety of companies.

Unfortunately cyber security has come to depict a range of nefarious computer break-ins by shadowy hackers with cryptic names that compromise the credit card accounts of retail store patrons, emails by notable politicians, and the control of cars and unmanned aircraft.

There’s a plethora of descriptive terms in the cyber industry today, among them system security, system integrity, and trusted systems. There have been terms that were in vogue in previous years that have fallen by the wayside, such as information assurance (IA), that authorities such as the U.S. Department of Defense (DOD) are abandoning.

In fact DOD officials issued an instruction last August to amend DOD Directive 5134.01, which establishes policy and assigns responsibilities to minimize the risk that DOD’s warfighting mission capability will be impaired due to vulnerabilities in system design or sabotage or subversion of a system’s mission-critical functions or critical components by foreign intelligence, terrorists, or other hostile elements.

The changes specifically substitute the word “cybersecurity” for information assurance. Why the government wants to join cyber and security into one word is beyond me, but I digress.

From this it appears that DOD leaders are setting on the term cyber security to describe outside interference to military computer systems and the embedded computing technology that underlies many of today’s sophisticated weapon systems.

Certainly that outside interference, described as vulnerabilities in system design or sabotage or subversion of a system’s mission-critical functions could be intentional, such as the results of hackers, or also could include bits and pieces of computer programs, or bugs, that in certain circumstances could undermine or otherwise interfere with other parts of the program.

The terms system security, system integrity, and trusted systems are describing aspects of the same thing: cyber security. Realizing this can help define what cyber security really means, and more importantly, can reveal a new perspective of the emerging new cyber security industry.

Much of this became clear to me this week while talking with computer experts attending the Association of the U.S. Army (AUSA) conference and trade show in Washington. Some of these people realize they’re part of the cyber security industry, and some don’t.

The computer scientist and companies involved with system security, system integrity, trusted systems, and perhaps even anti-tamper are working the same side of the street. These companies aren’t involved in separate and distinct endeavors; they’re all part of the cyber security industry.

So what does this mean? Well for one thing it places many embedded computing companies like Mercury Systems, Curtiss-Wright Defense Solutions, Extreme Engineering Solutions, and Abaco firmly in the cyber security camp.

It’s true, then that not only the big prime contractors like Lockheed Martin, Boeing, Raytheon, and Lockheed Martin are doing cyber security. We’re talking about an already-large and growing technology ecosystem that runs the gamut from software hypervisors all the way up to large and complex computer programs that run big weapons platforms like jet fighters, main battle tanks, surface warships, and unmanned vehicles.

There are plenty of enabling technologies that come to bear on cyber security today, and plenty that will become part of this emerging ecosystem in the future.

Perhaps the first step in jump-starting this new industry is to acknowledge that many of us are taking separate paths toward the same destination. So how many out there are part of the new cyber security industry?”

http://www.militaryaerospace.com/articles/2016/10/cyber-security-emerging-new-industry.html?cmpid=enl_MAE_EmbeddedComputing_2016-10-10&eid=297842363&bid=1551728