Skip to content

March 17, 2012

March 26, 2012

17Mar2012

Newswire

No budget? No pay. According to two former U.S. senators, if Congress can’t pass a spending bill, members shouldn’t collect a paycheck: George Voinovich and Evan Bayh

Published: Saturday, February 25, 2012

Cleveland Plain Dealer

While we were public servants, our constituents counted on us to represent them well in Washington. It was our job to deliver to the best of our abilities.

Unfortunately, both today and while we were in office, Congress has simply been unable to deliver on one of its most fundamental responsibilities — passing, on time, the spending bills necessary to fund and run the government.

It has been more than 1,000 days since Congress last passed a budget on time, and well over a decade since it did so with all appropriations bills.

While in office, we were paid regardless of whether we passed a budget, let alone on time. We were paid whether or not we did our jobs, and this is simply not right. Citizens don’t get paid if they can’t do their jobs, and neither should Congress.

This is the basic concept behind the bipartisan No Budget, No Pay Act, which is to receive a hearing from the Senate Homeland Security and Governmental Affairs Committee on March 14.

No Budget, No Pay holds members of Congress accountable for doing their job on time. If Congress doesn’t pass a budget and spending plan by Oct. 1, members will not be paid until all spending bills are completed and sent to the president.

The No Budget, No Pay Act is one of a dozen proposals designed to fix congressional dysfunction by No Labels (NoLabels.org), a group of Republicans, Democrats and independents dedicated to making American government work again.

As former governors of neighboring states, we were obligated to present and execute a budget. Both of us worked with our opposing party to ensure that this most basic function of government got done.

Unfortunately, our experiences in the Statehouse were not replicated in Washington. In two terms in the Senate, we saw both the very best and very worst Washington had to offer. While a number of senators worked in good faith across the aisle, it was akin to pushing a boulder up a mountain. Various interests rewarded allegiance to ideology and encouraged members to remain in their partisan corners.

Members struggle to accomplish anything in this system, and the failure of Congress to pass a budget has tangible, negative impacts across America. When spending bills aren’t passed, Congress must either shut down the government or rely on temporary spending legislation. We watched these stopgap measures create uncertainty and inefficiency in the federal government, hurting agencies’ ability to effectively plan for the future and costing taxpayers additional money.

Uncertainty in the budgeting process has lasting consequences. It affected our veterans when the Veterans Health Administration was forced to delay hundreds of millions of dollars in repairs to veterans’ hospitals.

The lack of a binding budget affected the health and wellness of our society when the Food and Drug Administration was unable to hire and train enough people to perform safety inspections. And in 2011, the National Institutes of Health had to postpone grants for cutting-edge medical research.

Just this past year, budget uncertainty caused the Department of Defense to delay critical maintenance of Humvees and cancel research on next-generation weapons systems.

Budget uncertainty also fuels dysfunction when, instead of a binding budget, Congress must resort to enormous end-of-year omnibus spending bills to continue funding critical initiatives. Members are forced to vote for a veritable kitchen sink of unnecessary provisions in order to fund the necessary programs in the bill.

The persistent failure of Congress to pass a budget remains as unacceptable today as when we were in Congress. Our constituents sent us to Washington to do the work of the American people, and systemic gridlock has harmed the very people we were sent to represent.

The American people have sent a message, and it’s time their public servants in Congress heard it. Only 9 percent approve of the job Congress is doing, while 88 percent support the No Budget, No Pay initiative, according to a recent No Labels poll.

To begin to truly change Washington, we need to pass the No Budget, No Pay Act into law. While the bill may not be a cure-all for congressional dysfunction, it’s a good place to start. Call your senator or member of Congress. Raise this issue with anyone running for Congress this year. Let them know you support No Budget, No Pay and ask them to co-sponsor the bill.

George Voinovich is a former Republican senator and governor of Ohio. Evan Bayh is a former Democratic senator and governor of Indiana.

 

 

Attorney general warns of job cuts, furloughs

Federal Times

By SEAN REILLY | Last Updated:March 9, 2012

 

The Justice Department would have to eliminate jobs and furlough employees for an average of 25 days if automatic budget cuts take effect in January, said Attorney General Eric Holder.

“It would be something that would just simply be devastating,” Holder said at a Thursday hearing of the Senate Appropriations subcommittee that helps set Justice’s annual budget.

Jobs eliminated would be “a pretty substantial number,” Holder said. While he did not say how many employees could face furloughs, those affected would include agents with the FBI, Drug Enforcement Administration, Bureau of Alcohol, Tobacco, Firearms and Explosives, as well as trial attorneys.

 

The cuts, required under the debt ceiling legislation approved last August, will kick in if Congress fails to reach a deal on cutting at least $1.2 trillion from future federal deficits through 2021. A first attempt foundered last fall when a congressional “supercommittee” could not agree on a deficit-cutting package. Many experts now don’t expect any serious movement on the issue until after the November elections.

The across-the-board reductions would be split equally between defense and non-defense programs. They would cost the Justice Department about $2.1 billion next year, Holder said, or almost an 8 percent cut, and would also reduce the amount of money for state and local law enforcement programs.

“The consequences are not restricted to simply what happens to the Justice Department here in Washington and in our field offices,” Holder said

 

U.S. Air Force, Air Guard Lock Horns Over Cuts

Defense News

Mar. 12, 2012 – 05:33AM |

By KATE BRANNEN and MARCUS WEISGERBER

As the U.S. Air Force goes head-to-head with the Air National Guard and governors from around the country, all eyes are watching to see how the Air Force fares in its effort to shed reserve capabilities as it deeply cuts spending.

So far, the Air Force has taken heat not only over its plan to cut Air Guard force structure and aircraft, but also the tactics it’s using to make its case on Capitol Hill.

For example, a briefing by an Ohio Air Guard captain being circulated inside the Pentagon and on Capitol Hill makes the case that the Air Force inflated the life-cycle costs of the transport program as one of the justifications to cancel the effort, which was intended for the Air National Guard.

Guard sources said the move is the latest misstep the Air Force has made in crafting and now defending its budget plan, which cuts 3,900 active-duty, 5,100 Guard and 900 reserve airmen. Air Force leadership, in a statement, said the Guard and active forces worked together on the plan.

This is all happening as the country’s adjutants general — the leaders of the Air and Army Guard within their states — were scheduled to meet in Washington over the weekend for the annual spring meeting of the board of directors of the National Guard Association of the United States (NGAUS).

The board meeting is a chance for the adjutants general to reinforce their opposition to the Air Force’s plan and vow to do everything they can, working with Congress, to reverse it, said Army Maj. Gen. Frank Vavala, the adjutant general for Delaware and chairman of the NGAUS board of directors, in a March 9 interview.

The Army is watching this fight closely. It wants to see if the Air Force will get away with drastically reducing its Guard structure, one Army source said. A lot is at stake in this first round of fighting, and the lessons that emerge from it will shape where the Army decides to cut its force structure, the source said.

“I think the Army is looking out there to see how the Air Force fares before they take a run at us,” Vavala said.

The Air Force’s plans have drawn the ire of almost all of the country’s governors, who asked Defense Secretary Leon Panetta, in a Feb. 29 letter, to reconsider the proposed Air Guard cuts.

Opposition is so strong that the Council of Governors — an organization that includes governors from across the country, as well as DoD leaders — has taken the unusual step of developing an alternative proposal for how the Air Force can make its cuts. The price tag for the proposal, which remains under tight wraps, is being worked out by the Air National Guard staff and Headquarters Air Force staff, Air National Guard head Lt. Gen. Harry “Bud” Wyatt said on Capitol Hill March 7.

The Council of Governors, which includes nine state leaders, was created to give the states access and a voice with the Defense Department, Vavala said. Obviously, the Air Force did not include them in their deliberations, he said.

“Right now, there is active negotiation between the National Governors Association and the Department of the Air Force on this plan to take the Guard down,” Vavala said. “We’re hoping to see some movement.”

The C-27J is one piece of this larger picture, he said.

“It’s not rocket science to know that Ohio is upset about the loss of the C-27 and actually, as a taxpayer, I’m offended by it too,” Vavala said.

The Ohio Guard operates the C-27J in Afghanistan. It is the only unit that has used the plane in combat.

“Here, we’ve got a brand new airframe that’s already proven its ability to fly that last tactical mile and we’re going to send it to the boneyard. Talk about flawed logic, that’s got to be paramount,” Vavala said.

Air Force officials have said the decision to cancel C-27J was driven by a shift in strategy and dropping budgets, adding that they can meet mission requirements with their existing fleet of C-130 and C-17 transports.

But C-27J supporters say the smal-ler planes are uniquely capable of reaching units in austere locations.

A 37-page briefing by Ohio Air National Guard Capt. Dave Lohrer contends the Air Force has intentionally inflated the life-cycle costs of the C-27J in documents provided to Congress to help justify the service’s decision to cancel the program. The aircraft is built by L-3 Communications and Italian firm Alenia Aermacchi.

In comparing the twin-engine aircraft to the larger four-engine C-130, the Air Force used worst-case scenarios to boost the C-27J’s lifecycle costs by hundreds of millions of dollars per year, the briefing says.

Air Force leadership, which has spent the past month defending its decision to cancel the C-27J program during congressional hearings, has repeatedly said the service could not afford to fly and maintain the fleet.

“The C-27 life-cycle cost over 25 years is $308 million an aircraft,” Air Force Chief of Staff Gen. Norton Schwartz told the House Armed Services Committee on Feb. 28, using the number Lohrer questions in his briefing. “For the C-130J, it’s $213 million per aircraft. For the C-130H, it’s $185 million per aircraft.”

The briefing by Lohrer states that the Air Force inflated the number of crew and maintenance personnel needed to operate the C-27J. The briefing contends that fewer airmen are needed when compared with the C-130, which needs a flight engineer and navigator.

The Guard contends the Air Force factored an additional 53 people into its analysis, adding more than $112 million to the life-cycle cost estimate. Air Force officials at the Pentagon were huddling last week to counter Lohrer’s analysis, sources said.

When asked for comment, an Air Force spokeswoman forwarded a statement attributed to Schwartz.

“Working with our Guard and Reserve leaders, we used a balanced approach to adjust our Total Force end strength while maintaining the ability to execute strategic guidance. Our Total Force programmed reductions follow detailed assessments of future conflict scenarios and rotational requirements consistent with the new strategic guidance.”

Guard leaders dispute that, saying that while Air National Guard representatives sit in on high-level Air Force budget meetings, they are outnumbered in voting on plans.

“We don’t feel that we were part of the Air Force’s discussions, and we weren’t able to input the fact that our Air National Guard is the country’s most economical force,” Vavala said. “Why would you want to divest yourselves of a battle-proven force that’s got all of this experience and can do it at a fraction of the cost of the active component?

“Don’t forget, the active services didn’t want National Guard Bureau Chief Gen. Craig McKinley on the Joint Chiefs of Staff,” Vavala said. The Guard won that fight with Congress, which made the Guard leader a member of the advisory group in the latest defense authorization act.

While the case mounts against the Air Force’s cuts to the Air Guard, the service is looking to back up the analysis that supports its plans.

The Wall Street Journal reported March 7 that the Air Force had commissioned a Rand Corp. study that supports its claim that Guard units are not necessarily cheaper than the active-duty Air Force.

Asked about the C-27J briefing, the Air Force forwarded a copy of the Rand study to Defense News.

 

 

DHS secret network at the forefront of nationwide intelligence sharing

Nextgov

By Aliya Sternstein 03/12/12

A new directive aimed at easing the sharing of classified information about terrorist threats elevates the role of a little-known but long-established Homeland Security Department secret network, according to Bush administration officials.

DHS Secretary Janet Napolitano on Friday released the guidance, which President Obama called for in an August 2010 executive order, to align security standards for accessing classified data across all levels of government and in the private sector.

The issuance comes as the Defense Department prepares for a military court session later this week charging that Pfc. Bradley Manning wrongfully fed intelligence from the military’s classified network to the anti-secrets website WikiLeaks. The WikiLeaks imbroglio prompted a second presidential order in October 2011 that aims to prevent insiders from sharing confidential government information with unauthorized outsiders.

The new directive positions a DHS-run system called the Homeland Secure Data Network as “the U.S. government’s primary non-defense, secret level classified information network.” The pipeline was initiated in 2005 by then DHS Secretary Michael Chertoff but many people outside the federal government are unfamiliar with it, said Charles E. Allen, the former DHS undersecretary for intelligence and analysis.

The policy states that other classified networks, including the military’s Secret Internet Protocol Router Network (SIPRNET), can interface with the DHS network to allow authorized users entry.

“In some instances the Department of Defense or another federal agency may allow for or sponsor [state, local or tribal] activities for access to its agency owned classified systems,” the policy states. “Access to the DOD-owned SIPRNET or any other federal agency system through the HSDN gateway by [state, local or tribal] personnel shall be at the discretion of DOD or the applicable federal agency.”

On Monday, Allen praised Napolitano for spelling out the role of the network and creating consistency among a morass of executive orders, statutes and regulations on the sharing of classified information nationwide.

This “puts in place a governance structure and uniform security standards to make sure we do not have the kind of disaster the Department of Defense had with security leaks in the war zone,” said Allen, now a principal at the Chertoff Group, a consulting firm founded by the former DHS secretary.

 

Who should protect networks? Lawmakers are deadlocked

Federal times

By ZACHARY FRYER-BIGGS | Last Updated:March 12, 2012

Experts, companies and legislators agree that U.S. companies and infrastructure are at risk as an ever-increasing barrage of cyber attacks threatens to compromise networks and pilfer secrets. They concur that legislation is needed to begin addressing what is an asymmetrical and highly successful equation for attackers.

There ends the accord.

With two vastly different Senate cybersecurity bills — one of which is expected to reach floor debate in the next several weeks — circulating in Congress, the tactics that would best slow the advance of cyber attackers are the subject of fierce debate that could derail both bills. But the need to have a legislative starting point is being emphasized by the Defense Department, and experts said that doing nothing has the greatest pitfalls.

“Great becomes the enemy of good enough, and because we’ve never gotten started, we’ve never had a baseline from which to get started,” said retired Air Force Maj. Gen. Dale Meyerrose, former chief information officer for the Office of the Director of National Intelligence.

“With government there’s usually a crawl, walk, run, maybe even a trot in the middle there, in order to move things forward and make progress,” he said.

Speaking about the bills at the Credit Suisse Pentagon Conference on March 8, Deputy Defense Secretary Ashton Carter said that action was more important than specifics.

“There are several different flavors and I have my favorite, but it’s immaterial,” he said. “We need to do something.”

The bills

The first bill, a bipartisan effort led by Sens. Joe Lieberman, I-Conn., and Susan Collins, R-Maine, would apply a set of cybersecurity standards to many of the private companies that hold nearly 90 percent of the U.S.’ infrastructure. The standards would be overseen by the Department of Homeland Security, which would also take on a critical role exchanging threat information with defense contractors.

Having DHS set and maintain security standards, as well as protect sensitive private-sector threat information, could be a problem because of a lack of trust and confidence in the agency, experts said.

“I think DHS has a lot of problems, and they have not proven themselves to be effective in the cybersecurity arena,” said Jeff Carr, CEO of TAIA Global, a cybersecurity company. “I have no confidence personally that without major changes in the bureaucratic structure of DHS that they’re capable of managing or making improvements in this area.”

The second bill, a Senate Republican effort led by Sen. John McCain, R-Ariz., would create no additional standards or heap responsibility on DHS. It focuses purely on information sharing, a solution backed by the business community as it would avoid additional costs.

“I think that there’s a realization with McCain with providing an alternative that is also supported by the Chamber of Commerce, representing the private sector, that there needs to be complete awareness as they formulate these bills to know what the impact will be, as far as resources required to comply with regulation,” said retired Air Force Lt. Gen. Harry Raduege, former Defense Information Systems Agency director.

Raduege, who leads Deloitte’s Center for Cyber Innovation, said that sharing intelligence, paired with better legal protection for companies that return the favor, could have a significant impact on security.

“What the McCain bill is trying to show is that additional information sharing in exchange for protection from lawsuits would open up a cleaner and better dialogue,” he said.

Other experts said this approach is inadequate because companies would have no incentive to further invest in cybersecurity.

“I can only guess that the motives are political, because the bill itself is not doing anything,” Carr said.

Carr pointed to the business-friendly stance the McCain bill takes, which avoids requirements as its primary purpose. “Nobody’s really trying to cure cancer here,” he said. “What they’re trying to do is keep the drug companies making a profit.”

The obstacles

“The people who say that neither of these bills goes far enough are absolutely correct,” said Meyerrose, general manager for cyber information assurance at Harris.

Meyerrose is not optimistic that legislative change will happen. While in the military, he worked on bills that were designed to improve cybersecurity efforts, but none passed. He sees the current landscape, with the debate over regulation versus company flexibility, unchanged.

“I don’t see anything that’s changed in our legislative approach that leads me to believe that we’re going to get much further on this one,” he said. “The debate about the role of government versus private industry in cyberspace is no different than the debate that we’re having in other parts of our lives. That’s why I’m pessimistic that any one of these is going to get through.”

Lieberman has spent several years producing iterations of the current cyber bill, and although Senate Majority Leader Harry Reid, D-Nev., has said that he will get the bill to the floor for debate, the presence of the McCain bill could create another roadblock.

Even if the Lieberman-Collins bill passes the Senate, Republicans, who control the House of Representatives, favor a threat-sharing approach instead of regulation.

Inaction is potentially devastating, Raduege said.

“There’s too much at stake to let this go without organizing our nation,” he said. “Left by ourselves, we’re not going to get the kinds of mechanisms and authorities that we need. The series of issues and potential expenses are so large that we need to have a comprehensive national strategy, and there’s no other place to pull together a national strategy.”

 

Pentagon taps McAfee, Northrop Grumman to teach military cyber pros

Nextgov

By Aliya Sternstein 03/07/2012

The Pentagon has hired outside help to, among other tasks, train Defense Department cybersecurity professionals on using its networkwide threat-detector, according to contractors awarded the nearly $190 million job. The program, called the Host Based Security System, currently is shielding classified and unclassified Defense networks from WikiLeaks-like data spills, Pentagon officials have said.

Defense giant Northrop Grumman and McAfee, a computer security provider, announced this week that they have been tapped to teach military information security personnel and support contractors how to better operate the McAfee-developed system. After a soldier allegedly transferred volumes of sensitive data to the anti-secrets WikiLeaks website, Pentagon officials said they configured the tool to prohibit the use of CDs and other removable storage devices on the military’s classified network.

Northrup began deploying the system departmentwide in 2008. The scope of the team’s contract, worth up to $189 million over five years, includes designing the program to counter morphing threats and undertaking what McAfee calls the military’s most extensive cybersecurity training program ever. The deal, overseen by the Defense Information Systems Agency, will supply help desk staff and infrastructure support personnel, the contractors said.

“The threats evolve and we continue to evolve ahead of them,” Tom Conway, McAfee’s federal business development director, said on Tuesday evening.

Doyle Choi, a vice president with Northrop Grumman Defense Enterprise Solutions, said the agreement entails helping the government’s cyber workforce to become more proficient on the system and “understanding how to adapt this capability to help the customer.”

Pentagon officials say the system stops unauthorized applications from executing and spots rogue systems on the classified network. Intruders probe military information systems millions of times every day — and sometimes successfully, according to the department’s cyber operations strategy.

The defense contractors declined to comment on coming enhancements but described some commercial features that may be appropriate for military devices in the future. For example, the program may be able to apply Pentagon network controls to an employee’s home Internet connection when the employee is using a government-issued computer. In practice, this would mean that if the office network blocks users from sending sensitive information stored in the machine, such as Social Security numbers, the person’s work computer at home would follow the same rules.

Another possibility: BYOD, or bring your own device. Right now, the Pentagon bans personal cellphones from accessing its networks. Conway expects, however, that within several years Defense may permit more consumer devices on to the networks and will need the security system to ensure that happens safely.

 

$200 Oil and the Moscow-Beijing Alliance

An exclusive conversation with Nouriel Roubini and Ian Bremmer on the toll of war with Iran — and why China and Russia just don’t care anymore what the United States thinks of them.

Foreign Policy

INTERVIEW BY BENJAMIN PAUKER |MARCH 9, 2012

It’s a mixed bag these days. Europe appears to have arrested its fall into the abyss and the U.S. economy is finally looking up. But with a looming consensus that war with Iran is in the offing and Putin’s recent return to power in Russia, geopolitical chaos lurks around the corner. Foreign Policy once again turned to Nouriel Roubini — who’s always good for a little doom and gloom — and Ian Bremmer to make sense of the ticking time bombs. And they didn’t hold back.

When asked about the consequences of war in Iran, Roubini sees prolonged high oil prices “$170, $180, $200 a barrel” and warned of the knock-on consequences: “the last three major global recessions … were all caused by a geopolitical shock in the Middle East that led to spike in oil prices.” But Bremmer’s not buying all the war hype: “the Obama administration does not want to engage in military strikes against Iran — and they sure as hell are going to resist it, no matter what — before the elections.”

When it comes to metaphors, the pair of prognosticators didn’t disappoint: Roubini still sees a dark outcome in Europe — “a slow-motion train wreck” — while Bremmer sees the Chinese economy as a “very, very fast car” hurtling down a highway … “the problem is that there’s a bend in the road coming up and there’s no steering.”

But the real surprise comes at the end of the conversation, where Roubini and Bremmer both worry about instability in Moscow and Beijing bringing the two nations together — but it might be less a case of keeping your friends close than keeping your enemies closer.

 

Foreign Policy: February’s job numbers are out, the third straight month of 200,000-plus gains, but unemployment stays steady. Are we seeing the green sprouts of an economic recovery here?

 

Nouriel Roubini: My feeling is that the economic data are mixed. Certainly creating 200,000 jobs per month as opposed to only 100,000 is a positive signal. But while the data for the last 2 to 3 months were consistently surprising on the upside, some recent data suggests an element of caution. For example, real consumption spending has been flat for three months in a row. Durable goods orders — a proxy for capital spending by the corporate sector — are sharply down in January after the tax advantages expired at the end of last year. Construction spending is still down. Home prices are still falling. Today, the number on the trade balance in January came in worse than expected. So if you look at the macro supply data it looks better. But the demand data, whether it’s consumption or residential or net exports, suggests there’s still softness.

 

My view of it is still that economic growth is going to be soft, anemic, and below-trend. I think the tail risk of an outright recession conditional on external shock, like eurozone turmoil or oil or China is a small risk right now compared to six months ago. But I think the data is not consistent with the views that we are going to start growing at 3 percent plus in the next 12 months.

 

Growth for this year is going to be maybe 2 percent. And by next year, what’s going to happen is that — regardless of whether Obama is reelected or a Republican (say, Romney) there will be, first of all, a meaningful fiscal drag, because mandated spending cuts start to be triggered if they refuse to do the draconian spending cuts on defence or discretionary funds. All the tax cuts — dividends, capital gains, estate, income taxes — expire and not all of them are going to be fully renewed. The payroll tax cut is also supposed to be one year, now it’s two years, but we cannot have it forever. And discretionary transfer payments are going to be reduced and government spending is on the way down. So you have a fiscal drag. Disposable income growth has been boosted for the last year and a half … so some of the growth of last year and this year has been stolen from the future. And because of the fiscal drag and the effect of that on household disposable income, I see further economic softness even next year.

 

Ian Bremmer: From my perspective — not to disagree with anything Nouriel was saying — but we are, broadly speaking, in 2012, we’ve entered the post 9/11 era. We’re not going after Bin Laden or al Qaeda. We’re out of Iraq, we’re getting out of Afghanistan, and we’re entering the post-crisis period.

 

Really, since 2008, if it’s not been one thing, it’s been something else. We no longer believe that there’s meaningful likelihood that a shock is going to send the world back into recession. That’s in part true because of the strengthening of American numbers. Nouriel’s right, these are not exciting growth numbers — this isn’t the robust bounce-back that we think is going to power a global economy with the kind of figures you saw before the crisis, but it’s a very different environment from the last four years. That’s very important in terms of getting consumer confidence back, but it’s also very important in terms of the orientation of CEOs to start spending some of the major cash that they’ve left off the table. I think the answer that they’ll start doing it — and not just in the United States. I don’t want to say they’re getting ebullient, but they’re less fearful about medium and long-term trajectory.

 

And it’s clearly true in Europe as well, where just six months ago, you had folks saying “oh my god, even if I don’t know how to assess it, there’s a possibility that the euro’s just going to fall apart.” They’re not worried about that now. From that perspective, we’re in a much better macro environment than we have been.

 

FP: Ian, how much of this has been because Europe did actually get its political act together, that it came through with the requisite bailouts for Greece, and stemmed the immediate, pressing concern of a massive default?

 

IB: I think it’s about three things. First, it’s about the U.S. numbers being higher that what any of the broad consensus views were six or 12 months ago. Some of that is real. People underestimated how bad the recession was going to be in the United States. They also underestimated how much resiliency the U.S. economy would develop in 2012. Second, you have Europe, which is a very big piece of that, and it’s not just about putting together a couple meaningful bailout programs for the Greeks. It’s also about sticking with austerity, with vastly improved governance in Spain, Portugal, and Italy — especially Italy, where the new leadership of Mario Monti and the ability to get the broad political spectrum actually together on budget and competitiveness in a country that does actually manufacture things and has a long-term trajectory in a way that Greece does not. I think that’s very meaningful, as is the structural movement toward eventual fiscal compact.

 

But I think the third point, which is a meaningful one, is that in that last six months, we haven’t had another Fukushima — we haven’t had North Korea blow up; we haven’t had a war with Iran. There are a lot things making headlines, especially in the Middle East, but frankly, from a geopolitical period, the last few months of American recovery have not been accompanied by any real, horrifying external shocks. And we should recognize that, because in this geopolitical environment, we can’t count on that.

 

NR: I agree that some of the tail risk of an outside default or eurozone exit by Greece is lower. But the periphery’s recession is not going to improve and markets eventually are going to start to worry again. Unemployment is rising, the recession is deepening, the election in France could be disruptive, a referendum in Ireland, elections in Greece — there are lots of elements potentially spooking the markets and widening spreads again. I think that the risk of a southern collapse of the eurozone is lower, but it’s still a slow-motion train wreck.

 

FP: Let’s talk about spooking the market a bit, then. The one that everyone is concerned about — and that’s obviously being priced into the oil market already — is the concern over an Israeli attack on Iran. How imminent do you think that is?

 

NR: I’m not the geopolitical expert and I will let Ian and others figure out the probability of an attack on Iran this year before the U.S. election or after the election — or of an Israeli attack alone. Whether it’s 20 percent, or 30 or 50 — I think that view will change over time. But it’s likely that the second quarter of 2012 is going to be the period when final round of giving a chance to diplomacy is going to be attempted. If that fails, maybe at that point both the U.S. and Israel are going to say, “Unless you back down, we may eventually attack you.” So you have to time how much these things are going to affect markets.

 

But even without an attack outright, there’s a war of words between the U.S., Israel, and Iran, and this war of words has been escalating. There is also a covert war, because Israel and the U.S. allegedly have been killing some of the scientists, engaging in sabotage through cyberwarfare, and now Iran is reacting. They’ve tried to kill a bunch of Israeli diplomats around the world and, if sanctions become more binding, they could start making noises about other threats. Brent [Crude] that used to be $90 per barrel is already in the $120-125 range. But if that war of words and covert war escalates, there’s a possibility that — even short of a military confrontation — oil prices could become high enough that it becomes material for the economy.

 

I would not underestimate the effect of gasoline today, in a number of U.S. states, being already at $4.00 a gallon — and it could be so in many other states. Psychologically, once you’re above the $4 mark, it has an impact on consumer confidence. And in the summer, prices tend to go up another 20 or 30 cents. The higher those oil prices are, the higher the chance that has a negative effect on consumer confidence, on disposable income, and on the economy. And it’s not just in the U.S. — the price of oil is very high in Europe and in many other parts of the world. So I would let other people assess the risk of a conflict, but confidently I see oil prices from here going higher, rather than lower. The one thing I worry about more than the eurozone is oil.

 

FP: Ian, what’s the calculus for Obama regarding high oil prices and another war in the Middle East?

 

IB: Well first of all, if you look at the assessments, whether it’s on Intrade or anywhere else, people at this point believe that Obama is going to get reelected, and that’s with understanding about oil, about gas, about Iran. I’m not saying that these guys are massively sophisticated, but the markets speak in a holistic way about this. I certainly agree that the risk for Europe has gone down radically, in terms of its ability to cause real problems for Obama before November. The risk of Iran and oil has gone up; it has not replaced it, but it has gone up. It is not as big a problem as Europe was in my view. But it is a big problem.

 

FP: Really? It’s something that Americans did not seem to care about at all.

 

IB: The White House was very concerned about Europe blowing up. But I think oil absolutely is more politically relevant; it’s something the Republicans can actually get their teeth into.

 

Let’s look at what’s actually likely to happen with Iran going forward. The first broad point going forward is that, in the same way that you should not trust eurozone coverage coming out of London because of the overwhelmingly negative bias, the same thing is true with coverage of Iran in the United States — you only get one side of the picture. Overwhelmingly, it is going to be the Israeli side, and it tend to overegg the likelihood that catastrophe is imminent. “We can’t live with an Iranian bomb,” they say even though we live with one in Pakistan and North Korea, so at some point or another we’re heading for blows.

 

I don’t’ care what percentage you want to put on it, and I do geopolitics here, right? My point is: If you read the press, it seems to indicate that it is inevitable that there will be blows between the U.S. and Iran. That is clearly not true.

 

It is true that in the second quarter, we will see an effort to ramp up sanctions that have been already been put in place but need to be implemented, and a real effort at negotiations. But you’ve also seen recent successful parliamentary elections in Iran that were not preceeded by demonstrations. We’ve seen [Ayatollah] Khamenei come out and say almost unprecedentedly positive things about the Obama administration and the United States. So clearly, they’re going to give a few months of negotiations a chance — and that means that right now, in the short term, the geopolitics of Iran is being hyped more than it should be.

 

Over the longer term, the Obama administration does not want to engage in military strikes against Iran — and they sure as hell are going to resist it, no matter what — before the elections. The Israelis don’t want to engage in strikes either. There was a recent poll in Haaretz that came out just yesterday: 58 percent of Israelis oppose unilateral strikes against Iran. Netanyahu has to deal with that, however popular he is. And remember: Netanyahu hasn’t made a decision that he is going to attack. What Netanyahu understands is that the best thing for him to do is pretend that he’s going to attack. Then, at the very least, he has to be talked down from the ledge by the Americans and he’s in a better position to demand concessions if he doesn’t attack — because it’s such a horrible thing for Israel and so on.

 

I think that the danger is that you do see an escalatory tit-for-tat that can eventually bring the U.S. into play, that puts a higher geopolitical premium on oil, and brings about a higher likelihood of military conflict. But I actually think the likelihood of the Israelis unilaterally going into Iran and blowing up their nuclear program — which is a broad, long, dangerous campaign — that’s relatively unlikely, and it’s quite unlikely before U.S. elections.

 

FP: Nouriel, what’s the worst-case economic scenario if Israel does attack Iran?

 

NR: The worse-case scenario is a protracted conflict. If there’s an effect on the supply of oil and gas from the Gulf, and production and exports from Iran go for a while to zero, oil could go to $170,$180, $200 a barrel.

 

Then, the question is how long it remains there. Of course, there are now discussions in Washington on how to respond. The amount of oil in the Strategic Petroleum Reserve is finite, but if you’re not going to use it in this situation, when else are you going to use it?

 

The reality is that if you think about the last three major global recessions, there were all caused by a geopolitical shock in the Middle East that led to spike in oil prices. The Yom Kippur War in 1973 led to the global recession from 1974 to 1979; the Iranian revolution in 1979 led to spike in oil prices and the 1980-1982 recession; and even in 1990, the Iraqi invasion of Kuwait brought a temporary spike in oil prices that led, among other factors, to a U.S. and global recession.

 

So if the conflict is severe and protracted and the increase in oil prices in significant, I would say we’re talking about not just a U.S. recession but a global recession. And this time around, we’re also coming out of a global financial crisis where now we have a huge amount of private and public debt in many advanced economies, like we did not have in 1973 or 1979 or 1990. So the global economy could not take a kind of protracted oil shock coming at a time where there’s already a painful process of deleveraging, with fragility in the balance sheets of governments and the private sector as well.

 

FP: Ian, you just got back from China, which.is still buying Iranian oil and has been intransigent in the Security Council (along with Russia) on condemning the crackdown in Syria. And now, as the country seems to be prepping for the ascension of Xi Jinping to head of state, it lowers its GDP growth outlook to around 7.5 percent. Is this more of a political or an economic hedge?

 

IB: 62 percent of China’s GDP is now state-owned enterprises. That number has actually gone up from what it was before. China’s consumption is going up, but it’s not going up as fast as state investment is. The World Bank report that came out at the end of February was an excellent report: it was comprehensive, it showed exactly what the Chinese need to do. And the Chinese government also cosponsored it, that’s great. But there’s nothing new there. They need to fundamentally rebalance, they need transparency in their economy, they need to move away from labor-intensive state investment, and they need to move away from state-owned enterprises that are inefficient. I do not see any political will to do that on the part of the senior leadership in China, and I don’t see that changing with Xi Jinping and his colleagues following their ascension to power later on this year. And I think that’s the real problem.

 

Nouriel and I wrote this piece in the Wall Street Journal a few months ago where we came to the conclusion that, long-term, the biggest can being kicked down the road is China. I feel more strongly about that having just come back from there. Look, China’s a very, very fast car; it’s got a very big engine and it’s been going down a very long, straight highway for a few years now. The problem is that there’s a bend in the road coming up and there’s no steering on this Chinese car, and I don’t think we’re going to see any. That should really concern us.

 

Also, the U.S.-China relationship continues to deteriorate. I mean, you’re right, they vetoed the Syrian Security Council resolution — they did not abstain, they vetoed. And they did it a week before Xi Jinping came to the United States. They do not care.

 

The U.S. is not the demographic. They’re not trying to impress us. They’re not trying to offend us unnecessarily — but they don’t really care what we have to say. You’ve seen that in the recent Senate legislation as well, which is really trying to push the Chinese on currency. The Chinese response was absolute indifference.

 

But they’ve got massive internal challenges that they are not addressing in a structural systemic way — and that in the long-term will bite them in the ass and creates vastly more volatility around economic and political trajectories.

 

FP: Is there a downside volatility to China not being a responsible power, if they continue to refuse to step up to the table and act as an emerging superpower?

 

IB: Hillary Clinton made it very clear, you don’t criticize your banker. Their ability to do what they want from a human rights perspective — despite the fact that their record is vastly worse than that of any developed country — is not one that we’re going to particularly ding them for. But there are other issues that will come up.

 

Clinton recently gave a speech where she said that America welcomes China’s peaceful rise, if they act responsibly. Well, assuming that they don’t act responsibility — and there’s no one in the administration right now that thinks that they do (and that also includes a prospective Romney administration) — then what do you do? Then the American pivot to Asia becomes a hedge, and then American strategy in Asia starts looking to the Chinese a lot more like containment. So, in other words, your relationship between the two largest economies in the world deteriorates dramatically, and that has enormous implications in terms of volatility of the global economic environment. This is by far the biggest medium-term risk out there. It’s not the Middle East, it’s not Europe, it’s this — because these are the world’s two largest economies.

 

FP: Nouriel, speaking of ascensions to power, what do you think about Vladimir Putin’s election? Do you see any willingness in him to reform the Russian economy or is he just sort of coasting along on high oil prices? And how long is that leash?

 

NR: Russia used to grow at 8 percent a year between 1998 and 2008. Then the global financial crisis happened and there was a contraction, but since then their economic record has been between 3.5 to 4 percent — even with oil prices going from $30 a barrel in 2009 to well above $100 now. And the problem with Russia is that unless you do structural reforms by reducing the role of the government in the economy and state-owned enterprises, and developing the private sector more — unless you do a variety of market-oriented structural reforms — the potential growth rate of Russia may not be much higher than 4 percent. And in an economy where there’s a huge amount of rent extraction occurring because of an excessive reliance on oil, energy, and raw material, and as long as those prices are high, the incentive to do reforms is going to be limited. Yes, now there’s a movement especially in Moscow and in the middle classes that is resisting him. But Putin won. We’ll see how much that is a reflection of the majority vote as opposed to ballot rigging. He may be slightly weakened compared to what he was a year ago, and he might be nudging a little more to the center and offering slightly more reforms than he would have otherwise done, but in my view reforms in Russia are going to occur at a mediocre, suboptimal pace relative to what’s desirable. They’ll be cosmetic rather than radical.

 

FP: Ian, was the “reset” a failure?

 

IB: Well, it’s over. Bush’s effort, post 9-11, was a bit of a reset as well. It failed. Who lost Russia? Clinton. That also failed. We’ve now gone through three complete cycles of up and down with Russia. Historically, a lot of the down has come from the United States. This time it’s come from Russia, because Putin is not somebody that the U.S. administration is going to work well with, and Putin himself is not well oriented towards the United States. In China, you see very incremental changes in foreign policy and disposition towards the rest of the world because it’s run by consensus. In Russia, it is not. Foreign policy is run by one person with very few checks and balances on his power.

 

And Putin’s under pressure domestically, which makes him even more unwilling to play nice with the Americans. Most of the people that he’s brought in around him are folks with a strong nationalist orientation. Everything that we see from Moscow suggests that the U.S.-Russia relationship will deteriorate pretty dramatically, and the real question there is: If U.S.-Russia relations deteriorate dramatically and U.S.-China relations deteriorate dramatically, and since Putin has had very nice things to say about China recently, are we going to see a real orientation of those two countries together?

 

There are a lot of challenges to doing that — demographic challenges, issues of anti-Chinese discrimination on the part of the Russians — but from an energy perspective, it’s very interesting. From an arms perspective, it’s very interesting and very problematic for the United States. I think that’s one thing we should watch carefully.

 

FP: Do you think there’s going to be heightened tensions, or does Russia not really matter all that much anymore?

 

IB: It doesn’t matter anywhere near China. I mean, if we had had this entire conversation and you didn’t bring up Russia once, I would have been okay with that. But it does matter — and more for the Europeans than it does for the United States. Nouriel and I both believe that Russia should not be a BRIC. The BRICS are the countries that are going to be dominant — but look at Russian GDP slowing down, major capital flight, a civil service that doesn’t run effectively, massive corruption, terrible demographics. We would kick Russia right out of the BRICs.

 

NR: On Russia, Ian, you’re right that Russia and China may get closer to each other, but I think the biggest strategic threat to Russia is China. You’ve got a land mass in Siberia that is as big as the United States, where there are barely 15 million people, and there are millions of Chinese now moving across the border of Mongolia — buying land, starting to produce. As you know, possession is nine-tenths the law. So strategically, at some point, Russia’s going to realize that the only one who can defend them from losing Siberia is the United States and Europe. So I don’t understand the logic of their views. They’ll be better off being friends with the U.S. and Europe than with China.

 

IB: I get your point. I think strategically, there’s a lot to be said for that, but China’s got a lot of money and needs energy. Russia’s got a lot of energy and Putin wants to show some quick wins. You see that Russia and China are both on the same side on Syria and Iran — and my guess is that Hu Jintao decided to go with the Security Council veto rather than the abstention only after Putin called him personally before that vote. And they’re both increasingly having problems with the United States for very different reasons: because of the Arab Spring, because of general views toward democracy, human rights, etc. From a purely realpolitik perspective, if there was nothing happening domestically within these countries — if we’re moving chess pieces on the board — I can see a lot of reasons why the Russians would want to go long-term with the United States. But I think there’s a lot more going on than that in Russia right now.


Ian Bremmer is president of Eurasia Group and author of The End of the Free Market: Who Wins the War Between States and Corporations? Nouriel Roubini, professor of economics at New York University’s Stern School of Business, is co-founder and chairman of Roubini Global Economics.

Benjamin Pauker is senior editor at Foreign Policy.

 

Ignoring sequestration won’t make it vanish

Washington post

By Walter Pincus,

Let’s think about the unthinkable — sequestration.

On Jan. 2, 2013, it will kick in if Congress can’t reach agreement before then on $1.2 trillion in cuts or added revenue over the next 10 years. Sequestration will be avoided if Congress passes legislation that President Obama will sign that undoes the legal requirement in the 2011 Budget Control Act.

Otherwise, on Jan. 2 the government must begin imposing the first of 10 years of across-the-board reductions in discretionary spending accounts for defense ($500 billion) and non-defense ($700 billion).

For the Pentagon, that would be in addition to the $487 billion reduction already built into the next 10 years. The impact, according to Defense Secretary Leon Panetta, would be “devastating.” Deputy Defense Secretary Ash Carter last week called it the equivalent of “assisted suicide for the DoD [Defense Department].”

Just how bad would it be? One-quarter of Defense’s fiscal 2013 budget will already have been spent and the required additional $50 billion in cuts for the rest of the fiscal year would be much deeper. They would be even worse if the president exempts military pay, which is one-third of core Pentagon spending.

That prospect hung in the air Thursday, when 300 defense industry representatives, investors and journalists heard Rep. Adam Smith (D-Wash.), the ranking minority member on the House Armed Services Committee, tell them, “A good chunk of Congress is in denial about the deficit.”

The same applies to the rest of the country.

Although Smith added, “We have to avoid sequester” and was “confident it would never happen,” he could not predict what was going to prevent it. He painted a grim picture.

There would be a “stalemate if you can’t get tax cuts,” he said, and if a suitable compromise is not found, Democrats will just “allow some of the Bush tax cuts to expire,” which would help offset the $1.2 trillion. Smith finally predicted that if anything was to be approved to head off sequestration, it “has to happen during a lame-duck session” following the Nov. 6 presidential and congressional elections.

After lawmakers appeared at the day-long 2012 Credit Suisse/McAleese and Associates-sponsored Pentagon Conference, 11 senior Defense civilian and military officials paraded to the podium. Led by Carter and including Navy Secretary Ray Mabus, Defense Comptroller Robert Hale, and Air Force Chief of Staff Gen. Norton Schwartz, each one mentioned or was asked about sequestration. No one said they thought it would occur, though none knew what would stop it.

Carter, as Panetta told Congress earlier, said the Defense Department has yet to plan for sequester. The department was awaiting instructions from the Office of Management and Budget (OMB) which Carter said he expected to come “this summer.” Meanwhile, he said OMB and Pentagon lawyers are studying whether the across-the-board reductions will be applied to broad accounts, such as shipbuilding, or equally to each program, such as the new carrier, CVN-78, the USS Gerald R. Ford.

Hale said should sequester occur, he expected there would be some furloughs for civilian employees as a quick way to save funds. He estimated it would disrupt investment programs by 10 percent. He hoped the department would be able to selectively reduce programs rather than cutting each by the same amount.

Schwartz noted one unmentioned possible consequence of sequester. He said the contract with Boeing Co. to build the KC-46 air refueling tanker probably would have to be reopened since sequester could limit the payment program.

Mabus mentioned fuel as an unplanned cost increase that must be met, sequestration or not. He said the Navy’s 2012 plan called for paying $88 a barrel, but it had already risen to $107 a barrel. For the Navy, every dollar increase adds another $31 million to its costs, he said. Hale later picked up on fuel costs, saying they became a crisis when the price hit more than $100 a barrel, creating a $17 billion expense department-wide. As a result, Hale said they had to make up for the current increase looking “first at any operating accounts that are under-executing. But frequently the sources come from the investment accounts,” meaning procurement programs.

Hale said he feared the lack of congressional progress on sequestration was scaring “our own people [in the Defense Department] and the investment community.” While he, too, doesn’t think it will happen, he noted Congress will need to pass a new law if it is to be headed off.

Hale suggested a legislative “perfect storm” could develop in December, when a lame-duck Congress may be faced with approving a continuing resolution to cover fiscal 2013 appropriations, the need to increase the debt ceiling and legislation to stave off sequestration.

So far only two moves to stop sequester have minimal initial support. One bill introduced by Rep. Howard P. “Buck” McKeon (R-Calif.), chairman of the House Armed Services Committee, would accomplish just the first year of new, required defense savings by having attrition cut the federal workforce by 10 percent over 10 years. A bill in the Senate, co-sponsored by six Republicans, continues the pay freeze on federal employees through June 2014 and reduces the civilian workforce by hiring only two workers for every three who leave.

Neither has bipartisan backing and both probably would face a presidential veto.

Panetta, who has been involved in budget battles as a chairman of the House Budget Committee, OMB director and White House chief of staff, told the House Budget Committee Feb. 29 that he hoped Congress would “put on the table, not just discretionary alone, but mandatory spending and, yes, revenues. That is the responsible way to reduce deficits and the responsible way to avoid the sequester.”

“The Pentagon finds it ridiculous that Congress continues to avoid the tough discussions on sequestration,” a senior defense official said Monday.

In today’s political atmosphere of “party first,” I doubt that Panetta’s hopes will be fufilled, especially in a post-election, down-to-the-wire December showdown played against threats of a government shutdown and debt default.

 

DOD Proposes Disposable Satellites To Aid Soldiers

DARPA’s SeeMe program aims to use small disposable satellites to provide soldiers in remote locations with images of their surrounding terrain.

By Elizabeth Montalbano, InformationWeek
March 13, 2012
URL: http://www.informationweek.com/news/government/security/232602530

The Defense Advanced Research Projects Agency (DARPA) is working on small, disposable satellites that will give soldiers images of their surrounding location via handheld mobile devices, according to the agency. This information is often difficult for them to access from remote locations with limited satellite coverage.

The Space Enabled Effects for Military Engagements (SeeMe) program aims to create constellations of up to two dozen satellites, each lasting 60 to 90 days in orbit not far above the earth, according to the agency. After their useful time is up, the satellites will de-orbit and burn up without leaving space debris.

Soldiers will use handheld devices to communicate with the satellites, basically pressing a button requesting that a satellite “see me” to download location images in less than 90 minutes, according to DARPA.

To keep the cost of the satellites to $500,000 apiece or less, DARPA aims to use off-the shelf components–such as those used by the mobile phone industry–to develop the technology, said DARPA program manager Dave Barnhart in a statement. It also aims to develop advanced optics, power, propulsion and communications technologies to keep the size and weight of the satellites down, he said.

SeeMe will be a companion technology to the DOD’s use of unmanned aerial vehicles (UAVs) to provide location information and images for soldiers, but which are limited by the aircrafts’ need to refuel, Barnhart said.

“With a SeeMe constellation, we hope to directly support warfighters in multiple deployed overseas locations simultaneously with no logistics or maintenance costs beyond the warfighters’ handhelds,” he said.

To meet potential bidders and generate ideas about how to proceed with the project and meet its low-cost and development goals, DARPA will hold an industry day on March 27.

DARPA already has a number of satellite projects under way, and SeeMe may leverage one–the Airborne Launch Assist Space Access (ALASA)–that’s developing a better launch system for small satellite payloads, the agency said. Typically, smaller satellites must hitch rides on rockets carrying larger satellite payloads, but the agency wants to build a dedicated system for rapid and less expensive launch of payloads under 100 pounds.

SeeMe joins other DARPA efforts aimed at giving soldiers in remote locations better communications capabilities. DARPA recently unveiled a pair of wireless networking projects to that end–one called Mobile Hotspots to create a scalable, mobile, millimeter-wave communications backbone, and another called Fixed Wireless at a Distance to build a fixed-mobility infrastructure to connect limited-range warzone mobile networks to provide more reliable mobile device coverage.

 

LightSquared hires all-star lawyers in bid to save company

The Hill

By Brendan Sasso – 03/13/12 04:57 PM ET


Former Bush administration solicitor general Ted Olson and Eugene Scalia, Justice Scalia’s son, will represent LightSquared.

Wireless startup LightSquared has hired prominent conservative lawyers Ted Olson, a former U.S. solicitor general, and Eugene Scalia, a son of Supreme Court Justice Antonin Scalia, as it tries to save its multibillion-dollar plan to build a nationwide 4G wireless network, the company confirmed Tuesday.

Although the Federal Communications Commission (FCC) granted LightSquared a conditional waiver to move forward last year, the commission is now moving to block the company’s network over concerns that it would interfere with GPS devices.

The hiring of two prominent litigators may indicate that LightSquared is preparing to challenge the FCC’s decision in federal appeals court.

Olson successfully argued before the Supreme Court in Bush v. Gore, the decision that ended the Florida recount and handed the presidency to George W. Bush. Olson, along with his Bush v. Gore opponent David Boies, is now leading the federal lawsuit to overturn California’s Proposition 8 ban on gay marriage.

Eugene Scalia served as the top lawyer at the Labor Department and more recently represented Boeing in its legal battle with the National Labor Relations Board.

The hiring of two famous conservative lawyers is notable because some Republicans have accused the FCC and the White House of showing inappropriate favoritism to LightSquared before pulling its waiver.

Sen. Chuck Grassley (R-Iowa) has pledged to block President Obama’s two FCC nominees until the agency releases internal documents on its review of the company.

The White House and the FCC have denied giving any special treatment to LightSquared, but expanding broadband access has been a top priority for both agencies.

Testing showed that LightSquared’s signal does not bleed into the GPS band. Instead, the problem is that GPS receivers are too sensitive to filter out LightSquared’s powerful cell towers operating on nearby frequencies.

LightSquared argues the GPS industry is responsible for building receivers that only listen to their own designated frequencies, but GPS companies argue that LightSquared is trying to build a cellphone network relying on frequencies that should only be used by satellites, which transmit much fainter signals.

 

Cyber-blackout at Commerce Dept: Tell us your stories

Posted at 08:00 AM ET, 03/14/2012

Washington Post

By Lisa Rein


The
Economic Development Administration, a small job-development agency in the Commerce Department that gives out grants to low-income communities, is in its eighth week of a cyber-blackout.

Commerce officials say they still haven’t determined what is behind the virus that has affected all of EDA’s computers since mid-January, prompting the government to take the network off-line.

The Post is researching a story on how EDA employees have managed this long with little or no e-mail or Internet connections.

 

Economic development agency still out of network

March 2, 2012

By Lisa Rein

Employees at a small job-development agency in the Commerce Department have now been without computers or Internet access for six weeks.

This sounds impossible. But according to the Economic Development Administration, it’s true. A virus of still-undetermined-origin attacked the place in mid-January, and the cyber-security experts called in to figure out what went wrong are still working on the problem.

“Over the past several weeks, the Department of Commerce IT security team, US-CERT, and an external team of experts have been working with EDA to conduct tests and isolate the origin of the virus,”agency spokeswoman Cleve Mesidor said in a statement after the Post requested an update.

“While the forensic analysis takes time, the need for additional analysis is not standing in the way of restoration activities,” she said.

In other words, work is still getting done—$10 million in grants have been issued in the last six weeks, officials said — although how fast or efficiently is unclear.

The EDA cut off all of its computer networks on Jan. 20 after it became clear that the agency’s system was targeted. Cyber experts said such a prolonged outage points to hackers, possibly from a foreign country, who could be seeking access to business secrets behind the economic development grants the EDA awards to distressed communities around the country to create jobs. But Commerce officials say they still do not know the exact cause. The agency is not saying whether data were stolen.

Mesidor said the EDA’s technology team has set up a new e-mail server that is issuing new addresses, Blackberries and laptops to some employees. An interim Web site also was created.

The attack follows hacking of e-mail systems at the Defense and State departments in recent years and a serious attack on the computer system of the Bureau of Industry and Security, another Commerce bureau that handles sensitive information.

A recent report to Congress blamed China and Russia for an accelerating theft of information from the computer systems of U.S. government agencies, businesses and research institutions.

The Eye would like to hear from employees inside the agency about how they’re getting their work done. Please get in touch! Reinl@washpost.com.

 

Obama and Cameron pledge to work together on cybersecurity

The Hill

By Brendan Sasso 03/14/12 12:53 PM ET

President Obama and United Kingdom Prime Minister David Cameron agreed to work to together to defend against cyberattacks on private and government computer systems on Wednesday.

The agreement was announced as part of Cameron’s visit to the White House.

The leaders promised to focus on protecting the rights of Internet users and condemned Syria and Iran for suppressing their citizens’ ability to speak openly online.

Obama and Cameron said their governments will share information about cyberattacks and will step up joint planning efforts to anticipate and prepare for future online threats. The FBI and the United Kingdom’s Serious Organized Crime Agency will work together to detect fraud and hunt down cybercriminals.

“We cannot be secure in cyberspace without sharing with one another the knowledge of the threats we face, and our policies for confronting them,” the countries said, according to the White House’s fact sheet on the agreement.

The leaders promised to bring technology and Internet connectivity to the world’s poorest countries through international aid, diplomacy and other projects.

The agreement describes cyberattacks as a threat to “economic security.” The White House also noted that Obama has proposed a framework for cybersecurity legislation and is pushing Congress to enact the measure.

 

 

Senate OKs bill allowing phased retirements, higher transit subsidy

Federal Times

By STEPHEN LOSEY | Last Updated:March 14, 2012

The Senate passed a transportation bill Wednesday that would allow federal employees to retire part-time and work part-time at the end of their careers.

The bill, S 1813, easily passed the Senate, 74-22. It will now head to the House, where House Speaker John Boehner, R-Ohio, has pledged to bring it up for a vote.

The phased retirement amendment added to the bill represents a victory for the Obama administration, which proposed the idea last month as part of its fiscal 2013 budget proposal. The White House wants to allow the roughly 500,000 feds who are eligible for retirement to work part-time at the end of their careers, while receiving reduced pensions and continuing to accrue future retirement benefits.

Those employees would have to spend at least 20 percent of their time mentoring younger employees.

Law enforcement officers, firefighters, air traffic controllers and nuclear materials couriers, who all face a mandatory retirement age, would be barred from taking a phased retirement.

The phased retirement amendment, sponsored by Sen. Max Baucus, D-Mont., calls for using the $465 million it is expected to save to pay for roads and schools in rural areas.

But while federal employee unions are generally supportive of the idea of phased retirements, the American Federation of Government Employees opposed the Baucus amendment on grounds that it would use the estimated cost savings to pay for projects unrelated to federal employees.

The bill also would increase federal employees’ mass transit subsidy to $240 per month, the same amount they now get for a monthly parking benefit. Last year, both subsidies were $230, but the mass transit benefit dropped to $125 per month when 2012 began.

The National Treasury Employees Union praised the passage of the increased transit subsidy.

“Improving transit benefits will prove incredibly important to all working people that use, or would like to use, public transportation, and are seeking critical relief for commuting costs,” NTEU President Colleen Kelley said.

The Senate on Tuesday rejected another transportation bill amendment, from Sen. Pat Roberts, R-Kan., that would have extended the pay freeze through the end of 2013.

 

Tablet Ownership Skyrockets Among College Students

Covergemag.com

By Tanya Roscorla

on March 14, 2012

Tablet ownership among college students has more than tripled since last year, according to survey results released Wednesday, March 14. As students bring more tablets to college, IT leaders likely will be forced to change the way they provide services and interact with students.

Out of approximately 1,200 college students surveyed online in January by Harris Interactive, 25 percent have a tablet. Last year, that number was only 7 percent.

The survey, commissioned by the Pearson Foundation, dovetailed with an updated 2012 forecast for tablet production. On Tuesday, March 13, the International Data Corp. changed its forecast from 87.7 million units to 106.1 million units. This revision reflected strong Q4 results in the tablet market — partly due to the introduction of the Kindle Fire.

Tablet adoption also is rising among the general U.S. population. Between mid-December and January, the percentage of adults who owned tablets jumped from 10 to 19 percent, according to the Pew Internet & American Life Research Project. In two post-holiday surveys of 2,000 people, 24 percent of tablet owners were 18 to 29 year olds.

The largest user base came from the 30- to 49 year-old range, at 27 percent. Combined, the surveys have a margin error of plus or minus 2.4 percentage points.

The 2012 NMC Horizon Report suggested that tablet adoption would become mainstream in the education space within a year or less.

In a world where students will own devices and universities won’t, campuses need to figure out the role of their IT organization, said A. Michael Berman, a member of the 2012 Horizon Project Higher Education Advisory Board and the vice president for technology and communication at California State University Channel Islands.

In general, universities are anticipating two major changes: End-users will own devices. And tablets will be so inexpensive and common that students won’t need to search for and process information at computer labs.

“The idea that you would go somewhere to use something that you don’t have — to do those kinds of activities — is really going to be obsolete,” Berman said.

In a few more years, instructors likely will expect students to bring tablets, smartphones and other devices to class. Because tablets should become cheaper, more college students should be able to pay for them.

“The biggest impact will be on teaching and learning because most of us have operated from the premise that computing power is scarce, so you have to go somewhere to get it,” Berman said.

But the shift to tablets also presents challenges, such as distributing software and other tools, and managing security.

“I think that it’s easy to see what the general trend is, but it’s really hard to understand the implications,” Berman said.

While it’s too early to tell what these changes mean, IT leaders know they’re coming and that they should try to figure them out as best as they can.

You may use or reference this story with attribution and a link to
http://www.convergemag.com/infrastructure/Tablet-Skyrockets-College-Students.html

 

Cyber Challenge: Privacy Groups Unhappy With Security Bills

CQ WEEKLY – IN FOCUS
March 10, 2012 – 12:00 p.m.

By Tim Starks, CQ Staff

Long gone are the days in the debate over cybersecurity legislation when the most furious conflict was between lawmakers and privacy advocates over whether the president would get the power to shut down the entire Internet in a cyber emergency.

Now, none of the most prominent cybersecurity bills contain anything even resembling the much-maligned “kill switch,” and the debate has shifted to whether new security regulations are needed to protect the most vital privately owned digital infrastructure from hackers, spies and criminals.

But privacy and civil liberties groups remain unhappy with the competing cybersecurity bills and how they promote sharing threat information between the government and private companies. The proposals, says Michelle Richardson, legislative counsel for the American Civil Liberties Union, range from “slightly bad” to “horribly bad.”

And the removal of any legislative language dealing with executive branch powers during a cyber emergency hasn’t changed the overall trend, says Lee Tien, senior staff attorney at the Electronic Frontier Foundation. “The trend is basically that they don’t do very much to address privacy and civil liberties,” Tien says.

While the debate’s shift from the kill switch to regulatory policy removed a big bone of contention for privacy groups, it introduced a new one. Business groups pushed back against new regulations, instead calling for a different way to address threats to computer networks: sharing information about those threats.

The provisions aimed at fostering that sharing are worrying privacy advocates, too. Richardson says the ACLU’s concerns revolve around what kind of information is shared, and with whom. In the Senate, she says, the bill that best addresses those issues is sponsored by Connecticut independent Joseph I. Lieberman, chairman of the Homeland Security and Governmental Affairs Committee, and several other top lawmakers. In the House, she says, the best bill is sponsored by Dan Lungren, a California Republican.

Those bills contain stronger requirements that businesses change data about individuals to make them anonymous before sending them to the government, Richardson says. They also use a civilian department, Homeland Security, as the hub of information sharing.

Two other proposals that deal heavily with information sharing — one from House Select Intelligence Chairman Mike Rogers, a Michigan Republican, and another from the top Republican on the Senate Armed Services Committee, John McCain of Arizona — are unpopular with privacy advocates.

Richardson says those bills have fewer requirements for making data anonymous and that the Rogers bill doesn’t define what kind of information businesses could share with the government. The McCain bill relies on components of the Defense Department, such as the National Security Agency and U.S. Cyber Command, as information-sharing hubs, while the Rogers bill doesn’t specify which federal agency would be in charge.

Another organization, the Constitution Project, also has concerns about how each bill governs what information businesses could share, as well as how that information could be used. The Rogers bill is the “scariest,” says Sharon Bradford Franklin, senior counsel with the group, while the Lieberman bill is more promising. “It’s so hard to know because it’s such a shifting landscape with these new bills coming in,” she says.

Listening to Outsiders

Sponsors of the bills say they are paying heed to privacy and civil liberties.

McCain, for instance, says, “I would be glad to sit down with” privacy groups to address their concerns. But while civil liberties groups worry about his bill’s reliance on the NSA and Cyber Command, McCain says the military is best equipped to defend against assaults that would cripple it. “My first priority is our nation’s security and our ability to fight,” he says.

Rogers’ staff met with privacy groups as he drafted his bill. “We tried to take their input,” Rogers said in a speech March 7 at the Heritage Foundation. “Obviously, everyone isn’t going to be ecstatic.”

Senate Commerce, Science and Transportation Chairman John D. Rockefeller IV, a West Virginia Democrat, says the bill he is cosponsoring with Lieberman compares favorably with the Republican alternative on privacy and civil liberties issues.

Tien says groups such as his have only begun to sound the alarm. “In our community, there is growing concern about these issues,” he says. “It is still just sort of a spark, I think.”

FOR FURTHER READING:
The Lieberman bill is S 2105, the McCain bill is S 2151, the Lungren bill is HR 3674 and the Rogers bill is HR 3523. Background, CQ Weekly, p. 392.

 

Growth in federal retiree numbers, cost projected

Washington Post

Posted at 06:00 AM ET, 03/16/2012

By Eric Yoder

The number of federal retirees will grow by about a tenth over the next decade and spending on those benefits will increase by even more, but that growth will be far outstripped by increases in the Social Security program, the Congressional Budget Office has projected.

CBO made its projections in a series of documents setting baselines for various federal benefit programs. The data are used to predict future government spending under current policy and to gauge the effect of changes in law.

Numerous proposals targeting federal retirement benefits have been introduced in Congress, mainly by Republicans who consider the program too generous in comparison with private-sector offerings.

Federal and postal employees generally fall under one of two retirement systems: the Civil Service Retirement System, covering those first hired before 1984, and the Federal Employees Retirement System for those hired since that year. The former system does not include Social Security, while the latter does but pays a smaller civil service retirement benefit.

While about four-fifths of active workers are covered by FERS, about the same proportion of retirees are drawing benefits under CSRS.

CBO numbers show that as of this year, there are 1.5 million CSRS annuitants with an average monthly benefit of $3,123, plus 543,000 survivor beneficiaries averaging $1,429 in monthly benefits. By 2012, it said, CSRS retiree and survivor beneficiaries will decrease slightly, to 1.4 million and 428,000, as beneficiaries who die are not fully replaced by new retirements of the dwindling number of workers under that system.

Those declines will be more than offset by an increase in FERS beneficiaries as more of that group becomes eligible to retire. The 461,000 annuitants and 45,000 survivors will grow to 1.1 million and 108,000, respectively. The average monthly benefit will rise from $1,147 to $1,671 for annuitants and from $482 to $704 for survivors, CBO said.

The budget office projected that total spending on federal retirement will grow from $73.9 billion to $95.7 billion over that time. It projects inflation increases to benefits ranging from 1.3 to 2.3 percent.

CBO’s projections of spending in Social Security show even greater growth. It said there are 42.8 million current beneficiaries under the main program, called old age and survivors insurance, plus another 9.7 million under its disability program. The figures count all types of beneficiaries, including family members.

Those numbers are projected to grow to 61.8 million and 12.3 million, respectively, by 2022.

The average monthly benefit under Social Security for a retired worker will rise from $1,164 to $1,675 in that time and the average for a disabled worker will grow from $1,064 to $1,480, CBO said.

The combined annual outlays in those programs are projected to double from $660 billion to $1.3 trillion.

CBO separately projected that the number of military retirees will remain about flat at just above 2 million and the number of military survivor beneficiaries also will remain around 300,000. The cost of those benefits is projected to increase from $49 billion to $75.1 billion.

 

House GOP budget to avoid sequester of Defense funds

By Kevin Baron and Nancy Cook

March 15, 2012

House Republicans are planning to pull the defense-spending cuts mandated by sequestration off the table in their version of the budget expected to be released next week, according to two Hill aides.

President Obama and Defense Secretary Leon Panetta have stated they want defense spending to be part of a larger budget deal on taxes and spending. The sequester mandates that both defense and discretionary spending will take a hit beginning next January. Defense spending would account for $600 billion of all mandated cuts over 10 years.

Some Republicans not wanting to flirt with national security have said they want to keep defense out of the negotiations surrounding the sequester, which are expected to last until after the November elections. Panetta has stated any further cuts could be “devastating,” but has insisted Congress should negotiate on taxes and spending in a comprehensive way without pulling defense.

The bill is expected to emulate some aspects of a proposal first introduced by House Armed Services Committee Chairman Buck McKeon, R-Calif., in December. McKeon’s original bill would delay the first year of defense cuts mandated by the sequester, instead offering an equivalent amount through federal workforce cuts. Senate Armed Services Committee ranking member John McCain, R-Ariz., has introduced a similar measure.

Republican defense leaders have protested that the military was taking the brunt of spending cuts. But by firewalling defense from further cuts, House Republicans would need to pay for those expected cuts another way. At a House Budget Committee hearing, Chairman Paul Ryan, R-Wis., told Panetta he felt entitlement spending should be on the table.

“With regards to the Budget Control Act, an across-the-board $97 billion discretionary spending cut will be imposed on January 2, 2013, including devastating cuts to our national security,” Ryan said in statement provided to National Journal. “House Republicans are continuing their efforts to reprioritize the savings called for under the Budget Control Act, because our troops and military families shouldn’t pay the price for Washington’s failure to take action.”

Michael Steel, spokesman for House Speaker John Boehner, R-Ohio, said in a statement, “The Speaker and Chairman McKeon are working towards a shared goal: ensuring that we have $1.2 trillion in additional deficit reduction, but doing it in a way that does not ‘hollow out’ our Armed Forces or jeopardize our national security.”

Republican leaders declined to provide further details.

 


NSA wants to inject more science into computer security

NextGov    

By Aliya Sternstein 03/15/2012

Many information security professionals salivate over discovering a new attack shield, but not as many are interested or are skilled enough to apply the scientific method to their findings, said Tom Longstaff, technical director of the National Security Agency’s systems behavior group. He is on a mission to promote scientific research into computer security for use in the government.

On March 7, the National Science Foundation called for papers for a June symposium on “moving target” research into dynamic defenses intended to constantly confuse intruders.

“I’m really keeping my fingers crossed that we can fill [a full day’s worth of presentations],” said Longstaff, who is organizing the program with several other government and university experts.

The stumbling blocks to employing scientific principles for cybersecurity research include the time required to publish results capable of being replicated, a dearth of peer reviewers in the young field and accurate data capture, he said.

Data analysis is not just a problem for cyber academics. A September 2011 data collection foible at the CERN laboratory in Geneva nearly refuted Einstein’s theory that nothing travels faster than the speed of light. CERN scientists reported they had identified a particle known as a neutrino that broke the light speed limit. But the journal Science last month largely debunked that discovery by finding an error in the experiment’s setup: a faulty connection between a GPS unit and a computer.

Longstaff, who made his comments in a lecture at NSF’s Arlington headquarters, said the physicists who mistakenly thought they had made a major breakthrough in reality performed a public service by clearly writing up and circulating their results so that others could refute them.

Cybersecurity peer reviewers are scarce, he said, because the United States has failed to train information security specialists to critically review their work.

To address the science’s limitations, Longstaff suggested the government fund textbooks and document the knowledge of cyber professionals who know how to practice the scientific approach. Additionally, cybersecurity students should be trained in the scientific method, said Longstaff, who also serves as chairman of Johns Hopkins University’s computer science, information assurance and information systems engineering programs.

But convincing computer whizzes to pursue research rather than incident response may be a tough sell, he said.

“There’s nothing that I’m going to say to someone who wants to do innovation that’s going to make them want to do science,” Longstaff said in an interview after his remarks.

 

Sequestration specter already is making its mark on contractors

GovExec.com

By Charles S. Clark

March 14, 2012

Neither the government nor the aerospace industry can afford to sit and wait for the sequestration required under budget law to kick in on Jan. 2, 2013, an industry chief said Wednesday. The mere threat of across-the-board spending cuts already has had a “chilling effect” on companies that are vital both to the economy and to U.S. national security, said Robert Stevens, chairman and chief executive officer of Lockheed Martin Corp.

Stevens told a Capitol Hill luncheon gathering sponsored by the Aerospace Industries Association that his industry has responded to the budget situation’s “huge disruption” by reducing overhead and cutting investments in training and research and development, as well as imposing “painful” reductions in force.

“We understand the need to address our nation’s fiscal challenges,” he said. “But the prospect of sequestration is another matter entirely,” given the $500 billion in reductions the Pentagon would absorb over 10 years, including $53 billion in fiscal 2013 alone. Such changes would be “divorced from any national strategy and from operational needs,” he said, resulting in “the smallest ground forces since 1940, the fewest ships since 1950, and the smallest Air Force in history.” The country needs a “strategy to preserve the industrial base, not dismantle it,” he added.

Lockheed Martin is part of the association’s ongoing “Second to None” campaign against defense and aerospace industry budget cuts. Near Stevens’ podium the group mounted a large digital clock, a version of which was recently up in New York City’s Times Square, noting the exact number of days, hours, minutes and seconds until the Jan. 2 sequestration. It warns that its industry will lose a million jobs if Congress makes drastic cuts in such areas as defense, the NextGen air traffic management system and the space program.

The association also released a report by Deloitte detailing the financial and economic impact the industry has on the nation, with state-by-state job numbers both direct and indirect. It noted that 19,150 aerospace jobs were eliminated in 2010 and 34,759 in 2011.

Stevens described his industry’s “critical contribution to the economic engine of America” — $324 billion in sales in 2010, adding 2.3 percent to gross domestic product, and $89.6 billion in exports. He called it a “wellspring of innovation and creativity in technological advancement,” citing development of day-to-day essential products in air safety, weather forecasting and communications connectivity, along with weapons systems that “define a generation.”

But he said the modern industry is by necessity “smaller and leaner” and “fragile in the shadow of sequestration.” He said he “can’t begin to judge the impact of a bow wave of $53 billion” in fiscal 2013 on suppliers, partners and contractors, to whom companies are obligated to provide 60 to 90 days’ notice if workers are to lose jobs.

He expects many equity adjustment requests. “To ask us to react instantly in the year of execution would be massively complicated, and we have no real response,” he said. “It’s all yet to be determined.”

To avoid sequestration, Stevens said, Congress should consider three elements to address the nation’s $15 trillion debt: spending cuts in both defense and nondefense areas, an examination of tax policy, and entitlement reform.

Sen. Saxby Chambliss, R-Ga., co-chairman of the Senate Aerospace Caucus, also urged Congress to act soon. “If we think we’re going to wait until a lame-duck session, we’re kidding ourselves,” he told the group. He highlighted the industry’s importance both to national security and to a healthy export economy, noting he represents the Port of Savannah. “We need to make purchases by other countries easier, though we do need to get the most out of each defense dollar,” he said.

Sen. Patty Murray, D-Wash., the other leader of the caucus, praised Lockheed Martin as an important symbol of American corporate leadership, adding it is celebrating the 100th anniversary of the founding of its namesake companies. She stressed the need for the government to invest in the education and training of scientists, mathematicians and engineers. She asked the industry for support for a current amendment to reauthorize the Export-Import Bank of the United States, and implored aerospace companies to hire and train veterans.

 

Air Force to keep one airborne VIP capsule suite — instead of 10

NextGov

By Bob Brewin 03/15/2012

The Air Force has said it will maintain only one controversial airborne VIP suite equipped with a couch and a 37-inch flat-screen TV — instead of the 10 originally planned to transport high officials.

The service additionally operates four VIP pallets equipped with conference tables and airline-type business-class seats. Earlier this month, Air Force officials said they planned to award a sole-source contract for continued support of the VIP suite and pallets.

The Air Force initially intended to buy 10 of the VIP suites, known as senior leader in-transit conference capsules, until the Project on Government Oversight exposed them as a “breathtaking extravagance” in a highly publicized letter to then-Defense Secretary Robert Gates in July 2008.

Internal documents POGO obtained showed that the Air Mobility Command wanted the $3 million capsules to include “world-class” amenities, including wall-to-wall carpeting, 37-inch flat-screen video monitors, and “aesthetically pleasing” wall and ceiling coverings. The capsules were to be carried on C-130 and C-17 cargo aircraft and KC-135 and KC-10 tanker aircraft.

The four senior leader in-transit pallets, whose total cost POGO estimated at $1.66 million in 2008, featured “four leather business-class chairs with tables” that can be transported in the same aircraft as the capsules, except for the C-130

The Air Force said in a July 2008 press release that military officials would be safer on military aircraft equipped with the airborne VIP systems than on unprotected commercial aircraft.

The Air Force Materiel Command issued a notice on March 5 that it planned to award a sole-source contract to Centerville, Ohio-based SelectTech Services Corp. for continued logistics support for its scaled back collection of capsules and pallets.

A spokeswoman for the Aerospace Sustainment Directorate at Robins Air Force Base, Ga., said SelectTech Services was tapped because it was the only company that met the criteria required to sustain the equipment. She put the value of the first year of the contract at $2.1 million and said it had four option years.

Maj. Michael Andrews, a spokesman for the Air Mobility Command, said the one suite in use today is assigned to the commander of the International Security Assistance Force in Afghanistan, currently Army Gen. John Allen, and consists of two parts — a conference capsule and a quarters capsule. Andrews said the suite seats five passengers: two in bucket seats and three on a couch. The space also includes a table work area between the bucket seats, one 37-inch video screen, and connections for externally provided data and voice communications.

The four pallets can support the secretaries of State and Homeland Security, the National Intelligence director, Defense secretary, Defense deputy secretary, chairman and vice chairman of the Joint Chiefs of Staff, and combatant commanders, Andrews said. They are located at Joint Base McGuire-Dix-Lakehurst, N.J.; Dover Air Force Base, Del.; Joint Base Charleston, S.C.; and Travis Air Force Base, Calif., he said.

Joe Newman, a POGO spokesman, said while the organization does not expect high-level officials to use wooden crates for seats, the continued costs to maintain the capsule and pallets “do no meet the smell test.” Newman said the $2.1 million follow-on contract is “an outrageous amount of money [that] just compounds a previous error.”

This story appeared on Network World at
http://www.networkworld.com/news/2012/031512-dnssec-survey-2012-257326.html

 

40% of U.S. government Web sites fail security test

DoD, CIA among agencies that haven’t adopted extra DNS security measures

By Carolyn Duffy Marsan, Network World
March 15, 2012 01:37 PM ET

 

Learn More

Already an Insider? Sign in

Approximately 40% of federal government agencies are out of compliance with a regulation that requires them to deploy an extra layer of authentication on their Web sites to prevent hackers from hijacking Web traffic and redirecting it to bogus sites.

It’s been more than two years since federal agencies were required to support DNS Security Extensions (DNSSEC) on their Web sites. However, two recent studies indicate that around 40% of federal Web sites have not yet deployed this Internet security standard.

Laggards on adopting this Internet security standard include the Department of Defense and the Central Intelligence Agency, experts say.

DNSSEC solves what’s called the Kaminsky vulnerability, a fundamental flaw in the DNS that was disclosed in 2008. This flaw makes it possible for hackers to launch cache poisoning attacks, where traffic is redirected from a legitimate Web site to a fake one without the Web site operator or end user knowing.

DNSSEC prevents cache poisoning attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption.

It prevents man-in-the-middle attacks as long as every aspect of the DNS hierarchy – including the root zone, top-level domain such as .gov, and individual Web site such as http://www.irs.gov — support the standard. The DNS root zone and the .gov domain are cryptographically signed, so now it is up to individual federal Web sites to deploy DNSSEC in order to bolster end-to-end security of the government’s Web traffic.

Federal agencies were required to support DNSSEC on their Web sites under an Office of Management and Budget mandate issued in August 2008. The deadline for compliance was Dec. 31, 2009.

DNSSEC deployment also is necessary for high marks in agency IT security report cards under the Federal Information Security Management Act or FISMA.

One study, conducted on March 2 by DNS vendor Secure64, indicated that 57% of the 359 federal government Web sites tested had deployed DNSSEC. This study indicated that the other 43% of Web sites had not yet added digital signature technology to their DNS servers.

A similar study, conducted on March 11 by the National Institute of Standards and Technology (NIST), estimated that 59% of federal agencies are running DNSSEC on their Web sites. The NIST study of 1,595 Web sites shows that of the 41% of federal agencies that don’t have DNSSEC deployed, 7% appear to be in the process of deploying it.

Both sets of results indicate slow adoption of DNSSEC among federal Web sites.

DNSSEC is “not on anyone’s radar screen,” says Ray Bjorklund, Chief Knowledge Officer at Deltek, a federal IT market research firm. “I remember hearing of it vaguely a couple years ago, but it’s not coming up with the agency CIOs that I talk to.”

Bjorklund acknowledges that agencies should be taking DNSSEC more seriously given that hactivist-style attacks are on the rise and that U.S. federal agencies are likely targets.

“I don’t know whether it’s inattention by the government, or the government generally believes that it has enough other security measures in effect that this is not going to cause a problem,” Bjorklund says. “But federal CIOs need to understand that government sites can be hijacked. If agencies aren’t paying attention to this, they should.”

The Secure64 study does show some improvement in terms of federal DNSSEC deployment. A year ago, the study found that half of federal Web sites hadn’t deployed DNSSEC. Now that figure is down to 43%.

“In a year, the needle moved from 50% DNSSEC deployment to 57%,” says Mark Beckett, vice president of marketing at Secure64. “It doesn’t seem to be going up that fast year over year. I would have hoped for a bigger leap this year.”

Among the federal agencies that have made progress on DNSSEC deployment in the last year are the Treasury Department and its subsidiaries, including the Internal Revenue Service. Treasury was signing only one of its subdomains last year but appears to be signing everything – including http://www.irs.gov – today.

While the Department of Homeland Security and the White House have deployed DNSSEC on their Web sites, the Defense Department and the CIA appear not to have adopted this extra information security measure yet.

“I find no evidence of any signing going on at the Defense Department with its .mil domain,” Beckett says. “The CIA is still not signed either.”

The Secure64 survey showed that while most cabinet-level departments like the Commerce Department, the Justice Department and the Department of Health and Human Services are cryptographically signed, smaller sub-agencies such as the Agency for Toxic Substances and Disease Registry are not.

Beckett says that of the 57% of federal Web sites that have deployed DNSSEC, 81% have established a chain of trust to their parent domain, which is the optimal configuration for the standard. Additionally, of the 81% of federal Web sites that have established a chain of trust, 98% are validating DNSSEC queries, which is another sign of full compliance with the standard.

“When people have problems with DNSSEC, it’s usually with the key rollover process which is somewhat complicated,” Beckett explained. “You have to allow the right amount of time to pass or else you’ll be in a state where the domain doesn’t validate.”

One development that may prompt federal agencies to give DNSSEC a higher priority in 2012 is a new requirement from NIST that federal agencies must validate DNSSEC queries in their DNS resolution servers. In January, Comcast said it was providing DNSSEC resolution services for its 20 million residential customers.

“NIST recently came out with a new version of one of the FISMA documents. When it is finalized, it will essentially require federal agencies to do the same thing that Comcast is doing: to turn on validation in their cacheing resolvers,” Beckett says. “It’s a draft now and it has to be finalized, which can take many months. But it’s a requirement that’s on the horizon.”

 

 

Republican bill would open federal health plan to all seniors

The Hill

By Amanda Palleschi

March 15, 2012

Republican lawmakers on Thursday proposed replacing Medicare with the health care plan currently offered to federal and congressional employees.

“Medicare as we know it is a false promise. It is unsustainable,” Sen. Lindsey Graham, R-S.C., told reporters. “Why don’t we take a program that’s worked for years in a fashion that people can relate to? If it’s good enough for your senator, it ought to be good enough for you.”

Sens. Rand Paul, R-Ky.; Jim DeMint, R-S.C.; and Mike Lee, R-Utah; co-sponsored the legislation and introduced it Thursday.

The Congressional Health Care for Seniors Act would allow seniors to choose from plans currently offered under the Federal Employee Health Benefit program, beginning in 2014.

The National Active and Retired Federal Employees Association said the bill raised an automatic red flag.

“For more than four decades, the FEHBP has provided a stable, though not overly generous health insurance benefit to federal civilian employees, retirees and their dependents,” NARFE President Joseph Beaudoin said in a statement. “To throw open the doors of the plan to absorb the flood of seniors currently enrolled in Medicare poses certain risks and must be examined closely.”

Paul conceded the plan was not beneficial to federal employees in his synopsis of the bill.

“Federal employees are the one group of people who may have a legitimate argument with the Congressional Health Care Plan for Seniors,” he wrote. “Asking them to share their health care with the elderly will cause their premiums to increase.”

(NB: “not beneficial” means according to the synopsis — “Placing seniors into FEHBP coupled with a separate risk pool for the top 5 percent patients in costs will increase premiums by roughly 24 percent.” )

http://www.govexec.com/pay-benefits/2012/03/republican-bill-would-open-federal-health-plan-all-seniors/41483/

 

Sinclair displays simulators for unmanned aerial vehicles

Unmanned aerial systems program demonstrates new tools.

Dayton Daily News

By Meagan Pant, Staff Writer Updated 8:50 PM Thursday, March 15, 2012

DAYTON — Sinclair Community College’s unmanned aerial systems program lifted off Thursday with a demonstration of new training simulators.

Sinclair invested $350,000 to purchase 10 simulators designed to teach students to operate unmanned aerial vehicles — also known as drones — and its sensors, which can be used in disaster response, to fly over industrial fires, conduct agricultural surveying and more.

The emerging civilian industry is expected to be worth $15 billion worldwide over the next five years, according to the college.

“This is the first training system of its kind (nationally),” said Sinclair President Steve Johnson. “We are certainly leading in the beginning, budding areas of this industry.”

In January, Sinclair installed the simulators, which have two computer screens and two control sticks similar to a video game to move the aircraft and its sensors. The simulator systems are the most sophisticated now being used to train civilians, Johnson said.

Sinclair is also requesting federal approval for a site at the Springfield Air National Guard Base to offer training flights with the goal of providing a cohesive strategy to train students in the classroom and hands-on.

Jobs are expected to grow in design of the equipment, maintenance, operating, managing the data collected by the devices and more, Johnson said.

“The unmanned aerial systems industry by leaps and bounds is one of the highest growth industries we are predicting in the nation,” said Jeff Hoagland, president and CEO of the Dayton Development Coalition.

“We see economic opportunity for our area in the future,” said U.S. Rep. Mike Turner, R-Centerville, who explained that much work remains to be done by Congress to open civilian airspace for the drones.

About 100 students are currently taking courses related to the program for which they can earn a certificate. Trace Curry, 23, entered the program after initially planning to become a pilot. He expects to finish this summer.

“I’m really glad I did it,” he said. “I’m waking up looking forward to class.”

CBO: Obama budget adds $3.5 trillion in deficits through 2022

The Hill

By Erik Wasson – 03/16/12 10:09 AM ET


President Obama’s 2013 budget would add $3.5 trillion to annual deficits through 2022, according to a new estimate from the Congressional Budget Office (CBO).

It also would raise the deficit next year by $365 billion, according to the nonpartisan office.

The CBO estimate is in sharp contrast to White House claims last month that the Obama budget would reduce deficits by $3.2 trillion over the next decade.

The differences between the estimates from CBO and the White House budget office are attributable to different baselines and economic assumptions, and a big reason CBO expects the deficit to spike sharply under Obama’s budget is that CBO’s baseline assumes all the Bush-era tax rates will expire at the end of 2012.

Obama wants to continue the middle-class tax cuts, something reflected in his budget.

The $365 billion increase to the deficit in 2013 that CBO estimates would be caused by Obama’s budget is due to proposals that increase spending by $137 billion and that decrease revenue by $228 billion.

In total, the Obama budget spends $3.7 trillion next year and proposes generating $1.5 trillion from new taxes over ten years.

His budget would increase the size of the national debt held by the public from $10.1 trillion today to $18.8 trillion in 2022, according to CBO.

Under the CBO baseline, which assumess no change to current law, the debt would still rise, but only to $15.1 trillion by 2022.

 
 

According to CBO, the deficit will be $1.3 trillion in 2012—the fourth straight year of trillion dollar deficits despite Obama’s promise to cut the deficit in half after his first term. The Obama budget would increase the deficit by $82 billion in fisceal year 2012, according to CBO’s estimate.

 

DHS secret network at the forefront of nationwide intelligence sharing

Nextgov

By Aliya Sternstein 03/12/2012

A new directive aimed at easing the sharing of classified information about terrorist threats elevates the role of a little-known but long-established Homeland Security Department secret network, according to Bush administration officials.

DHS Secretary Janet Napolitano on Friday released the guidance, which President Obama called for in an August 2010 executive order, to align security standards for accessing classified data across all levels of government and in the private sector.

The issuance comes as the Defense Department prepares for a military court session later this week charging that Pfc. Bradley Manning wrongfully fed intelligence from the military’s classified network to the anti-secrets website WikiLeaks. The WikiLeaks imbroglio prompted a second presidential order in October 2011 that aims to prevent insiders from sharing confidential government information with unauthorized outsiders.

The new directive positions a DHS-run system called the Homeland Secure Data Network as “the U.S. government’s primary non-defense, secret level classified information network.” The pipeline was initiated in 2005 by then DHS Secretary Michael Chertoff but many people outside the federal government are unfamiliar with it, said Charles E. Allen, the former DHS undersecretary for intelligence and analysis.

The policy states that other classified networks, including the military’s Secret Internet Protocol Router Network (SIPRNET), can interface with the DHS network to allow authorized users entry.

“In some instances the Department of Defense or another federal agency may allow for or sponsor [state, local or tribal] activities for access to its agency owned classified systems,” the policy states. “Access to the DOD-owned SIPRNET or any other federal agency system through the HSDN gateway by [state, local or tribal] personnel shall be at the discretion of DOD or the applicable federal agency.”

On Monday, Allen praised Napolitano for spelling out the role of the network and creating consistency among a morass of executive orders, statutes and regulations on the sharing of classified information nationwide.

This “puts in place a governance structure and uniform security standards to make sure we do not have the kind of disaster the Department of Defense had with security leaks in the war zone,” said Allen, now a principal at the Chertoff Group, a consulting firm founded by the former DHS secretary

 

 

Brain drain: Where Cobol systems go from here

When the last Cobol programmers walk out the door, 50 years of business processes encapsulated in the software they created may follow.

Robert L. Mitchell

March 14, 2012 (Computerworld)

David Brown is worried. As managing director of the IT transformation group at Bank of New York Mellon, he is responsible for the health and welfare of 112,500 Cobol programs — 343 million lines of code — that run core banking and other operations. But many of the people who built that code base, some of which goes back to the early days of Cobol in the 1960s, will be retiring over the next several years.

“We have people we will be losing who have a lot of business knowledge. That scares me,” Brown says. He’s concerned about finding new Cobol programmers, who are expected to be in short supply in the next five to 10 years. But what really keeps him up at night is the thought that he may not be able to transfer the deep understanding of the business logic embedded within the bank’s programs before that understanding walks out the door with the employees who are retiring.

More than 50 years after Cobol came on the scene, the language is alive and well in the world’s largest corporations, where it excels at executing large-scale batch and transaction processing operations on mainframes. Cobol is known for its scalability, performance and mathematical accuracy. But as the boomer generation prepares to check out of the workforce, IT executives are taking a fresh look at their options.

In a recent Computerworld survey of 357 IT professionals, 46% of the respondents said they are already noticing a Cobol programmer shortage, while 50% said the average age of their Cobol staff is 45 or older and 22% said the average is 55 or older.

“Organizations are trying not to get backed into a corner because of the skills issue,” says Paul Vallely, mainframe sales director at software vendor Compuware. “I haven’t seen companies move off mainframes due to the Cobol skills shortage yet, but it’s looming.”

For Bank of New York Mellon, which bought its first mainframe in 1955, keeping the core Cobol applications that run the business on the mainframe makes sense. Modernization efforts have made BNY Mellon’s Cobol-based programs more accessible through the use of Web services and up-to-date user interfaces.

But for some noncore applications, and for smaller workloads, organizations have been gradually migrating off of mainframes — and away from Cobol. In some cases, Cobol programs are simply rehosted on Linux or Windows servers; in other cases they’re rewritten in object-oriented languages; and some programs are being replaced with packaged software.

They might want something more flexible, but they just can’t do it. They’re captive to Cobol.

Adam Burden, global application modernization lead, Accenture

“Over the past five years, there has been an acceleration of [some] businesses moving off host platforms,” says Adam Burden, global application modernization lead at Accenture. Often that means leaving Cobol behind by either rewriting it for J2EE or .Net or moving to packaged software.

Gartner estimates that the world has seen about a 5% decline in total Cobol code over the past few years. Much of that decline was due to migrations by small and midsize mainframe shops that move off what they see as a legacy language when they retire the hardware, says Gartner analyst Dale Vecchio.

It’s declining because the functions can be developed by some other building block. “Cobol is no longer needed,” Vecchio says. “There are alternatives.”

Rehosting can get code off the mainframe quickly. One vendor catering to users thinking of pursuing that option is Rockville, Md.-based Micro Focus, whose offerings include a system that will support Cobol programs on a Microsoft Azure cloud.

But rehosting is often seen as just an intermediate step on the way to completely modernizing and transforming Cobol systems.

Cobol’s image problem

A procedural language, Cobol is not perceived to be as agile as object-oriented languages for modern programming needs such as mobile apps and the Web. And despite the availability of state-of-the-art Cobol development environments — including IBM’s Enterprise Cobol on the mainframe and Micro Focus’s Visual Cobol, which integrates well with Microsoft’s Visual Studio development suite for .Net — Cobol is widely viewed as a legacy language.

Nearly half (49%) of the respondents to our survey whose organizations don’t use Cobol said the reason is that the language is simply outdated.

Not everyone agrees, of course. “Cobol has had lasting value, and it’s not broken,” says Kevin Stoodley, an IBM fellow and CTO of enterprise modernization tools, compilers and security at IBM.

A majority of the Computerworld readers who took part in our survey seem to concur with Stoodley: 64% of the respondents said that their organizations still use Cobol — more than any modern language except for Java/JavaScript and Visual Basic. That figure is actually slightly higher than the response rate to a similar question the last time we conducted a survey on Cobol use, back in 2006: In the previous survey, some 62% of the respondents said they still used Cobol.

In the more recent survey, over 50% of the respondents said that Cobol represents more than half of all internal business application code.

“There has been no renaissance for Cobol,” says Accenture’s Burden. “There’s not a whole lot of new development going on. But our clients are enhancing their core applications and continue to maintain them.” Indeed, 53% of the respondents said that they’re still building at least some new business applications in Cobol. The vast majority of that code is still being written for mainframes.

But the fact is that many IT organizations don’t have much choice but to continue using Cobol. Migrating large-scale systems built in Cobol is costly and risky. “They might want something more flexible, but they just can’t do it. They’re captive to Cobol,” Burden says.

The down economy has helped put off the inevitable, says Compuware’s Vallely. “Economic issues provided everyone with a hall pass because not as many folks were looking to retire,” he says. But as the economy improves, retirement plans may pick up too. “Organizations are trying to be more proactive,” he adds.

“No other language has seen as big an impact from changes in the demographics of the workforce as has Cobol,” Vecchio says. Going forward it will become more difficult to maintain a Cobol portfolio.

“The inflection point will come when enough Cobol programmers have retired that an organization can no longer tolerate the risk,” he says. At that point, most of those programs will migrate — but not all.

Rightsizing Cobol

For BNY Mellon, those Cobol batch and transaction processing programs on the mainframe represent an enormous investment. And while Gartner says it’s technically possible to move mainframe workloads of up to 3,000 MIPS, the workload at the bank, which relies heavily on Cobol, consumes 52,000 MIPS of processing horsepower, spans nine mainframes and is growing at a rate of 10% each year.

“The business wants us to make investments in programming that buy them new revenue. Rewriting an application doesn’t buy them any value-add,” Brown says.

Instead, the strategy is to “rightsize” some noncore applications off the mainframe where there’s a business benefit, try to keep mainframe MIPS growth under 5%, and stay the course with the bank’s core Cobol applications by passing on the business knowledge to younger programmers the bank will need to recruit and train. (See “Closing the Cobol Talent Gap.”)

Closing the Cobol talent gap

Where do you find Cobol programmers these days? College graduates with training in Cobol are in short supply. In Michigan, for example, state schools that offer Cobol programming have cancelled classes because of a lack of interest. “They can’t get anyone to enroll,” says Jonathan Miller, director of information systems and services for the government of Michigan’s Saginaw County.

But some colleges are still providing Cobol training — with help from IBM. The mainframe vendor has developed curricula in association with more than 80 colleges and universities ranging from Brigham Young to Texas A&M. “We donate hardware and software, help with the curriculum, and they graduate hundreds of people every year,” says Kevin Stoodley, an IBM fellow and CTO.

Guardian Life Insurance has recruited Cobol programmers from Workforce Opportunity Services, a nonprofit that collaborates with business clients and local colleges to train economically disadvantaged students to fill less popular technology disciplines such as Cobol programming. “They take kids from disadvantaged neighborhoods and provide them as consultants,” says former Guardian CIO Frank Wander, who now has his own consultancy, IT Excellence Institute.

“It’s sort of a work-study program. We have over 200 consultants today in five states, and we’re expanding,” says Workforce founder Art Langer.

BNY Mellon and many other organizations also increasingly rely on outsourcing firms to pick up maintenance and support duties. But for many customers with mission-critical applications, an offshore locale is not the place to keep the institutional knowledge of the business rules behind the code. David Brown, managing director of BNY Mellon’s IT transformation group, says the bank wants those skills in-house.

Fortunately, it’s not all that difficult to cross-train programmers in Cobol. “Right now, it’s pretty easy to hire programmers, and if they understand Java I can bring them back to procedural languages like Cobol,” Brown says. The trick, he says, is to develop a curriculum that teaches not just Cobol, but the business rules behind the code that runs the company. “We need to make sure we can roll that forward,” he says.

Other functions, such as general ledger and reporting, are moving onto distributed computing platforms, where they are either replaced by packaged software or re-engineered into Java or .Net applications.

But Brown still needs Cobol programmers to replace those expected to retire, and the learning curve can last a year or more. That means adding staff and having a period of overlap as Cobol’s secrets get passed on to the next generation. “I’m trying to get those people on board and do the knowledge transfer sooner rather than later,” Brown says.

But that kind of proactive approach, and the extra costs it incurs, can be a hard sell. “We haven’t gotten to the point of feeling the pain yet. When we do, it will happen,” he says.

Brown wouldn’t specify the number of people he’s hoping to hire, but he says that the “real heavy need” will happen in the next five to 10 years, when the original mainframe programmers are expected to retire en force. BNY Mellon currently has “a few hundred” Cobol programmers on staff, Brown says.

Brown’s concerns are well placed, says David Garza, president and CEO of Trinity Millennium Group, a software engineering firm that has handled code transformations for large businesses and government organizations. “Almost every job we get has Cobol in it,” he says, and most of the calls come from organizations that have already lost their collective knowledge of the business logic. At that point, he says, a migration is “a big risk.”

The cost of waiting

Trinity Millennium Group and other vendors like it have established processes for analyzing and extracting the business rules embedded between the lines of Cobol code. “The solutions have come a long way in terms of the ability to extract logic and rules,” says Burden.

But the process is time-consuming and costly. One Millennium client recently spent $1 million to have its Cobol programs analyzed and business logic reconstructed as part of a migration project off of a mainframe. “If they had the legacy programmers there and we had done the exercise with them, it would have cost $200,000 and taken one-tenth of the time,” Garza says. If you wait until that institutional knowledge is gone, he warns, the costs can be as much as 10 times higher than it would have been beforehand.

Compounding the loss of skills and business knowledge is the fact that, for some organizations, decades of changes have created a convoluted mess of spaghetti code that even the most experienced programmers can’t figure out. “Some systems are snarled so badly that programmers aren’t allowed to change the code at all,” Garza says. “It’s simply too risky to change it. They’re frozen solid.”

Package deal

That’s the situation faced by Jim Gwinn, CIO for the U.S. Department of Agriculture’s Farm Service Agency. The USDA’s System/36 and AS/400 systems run Cobol programs that process $25 billion in farm loans and programs. “We have millions of lines of Cobol, and there’s a long history of it being rewritten,” he says. “It has become increasingly difficult to change the code because of the complexity and the attrition of the knowledge base that wrote it.” That’s a big problem because laws that govern farm programs change every year, driving a need to update the code to reflect those changes.

Gwinn hired consultants from IBM, who concluded that rewriting the programs in a different language or rehosting them on a distributed computing platform would be complicated and costly. But the System/36 hardware had to go, so Gwinn decided to bite the bullet: The FSA will move off of its end-of-life mainframe systems by rewriting some of the code in Java and replacing the rest with packaged software from SAP.

But Gwinn says he’ll miss Cobol. “It has been very stable and consistent, with little breakage due to code changes, which you see with Java-based changes,” he says. “And in a distributed environment, you have to balance your workloads a little more carefully.”

Going for a rewrite

The anticipated exit of institutional knowledge and the resulting shortage of Cobol programmers were also primary drivers behind NYSE Euronext’s decision to re-engineer 1 million lines of Cobol on a mainframe that ran the stock exchange’s post-trade systems. While Cobol was dependable, it wasn’t viewed as maintainable in the long run.

Steven Hirsch, chief architect and chief data officer at NYSE Euronext, cites the need to make changes very rapidly as another key reason the stock exchange abandoned Cobol. “Ultimately, the code was not easily changeable in terms of what the business needed to move forward. We were pushing the envelope of what it took to scale the Cobol environment,” he says.

So NYSE Euronext rewrote Cobol programs that run its post-trade systems for Ab Initio, a parallel-processing platform that runs on Linux on high-end Hewlett-Packard DL580 servers. The new environment allows for more rapid development, and the rewrite also eliminated a substantial amount of unnecessary and redundant code that had crept into the original Cobol programs over the years.

If a business’s Cobol code doesn’t need to change much — and many batch and transaction processing programs don’t — the code can be maintained on or off of the mainframe indefinitely. But that philosophy wouldn’t work for NYSE Euronext. “We are a rapidly changing business, and we needed to move faster than our legacy code,” Hirsch says.

As for the stock exchange’s trading systems, that’s all proprietary NYSE Euronext software. “There’s no Big Iron or Cobol,” Hirsch explains. “There’s been no use of mainframes in the trading environment for many years.”

Rehosting: Lift and shift

When it comes to hiring new Cobol programmers, Jonathan J. Miller, director of information systems and services for Saginaw County, Michigan, is struggling. “We’ve lost our systems programming staff,” he says. And like many government IT organizations that have suffered from budget cuts, he doesn’t have much to offer those in-demand Cobol programmers.

Generous government benefits used to attract job applicants even though salaries were lower than they are in the private sector. Now, he says, “our pay hasn’t increased in eight years and benefits are diminished.” To fill in the gap, the county has been forced to contract with retired employees and outsource Cobol maintenance and support to a third party — something that just 18% of the respondents to Computerworld’s survey said they’re doing today.

The Cobol brain drain is starting to become critical for many government organizations, says Garza. “It’s a high-risk problem in many countries we are doing work in. The people have retired. Even the managers are gone. There’s no one to talk to.”

Saginaw County found itself hemmed in by the complexity of its Cobol infrastructure. It has 4 million lines of highly integrated Cobol programs that run everything from the prosecutor’s office to payroll on a 46 MIPS Z9 series mainframe that is nearing the end of its life. With mainframe maintenance costs rising 10% to 20% each year, the county needs to get off the platform quickly.

But commercial software packages lack the level of integration users expect, and Miller’s team doesn’t have the time and resources to do a lot of integration work or re-engineer all of the program code for another platform.

So the county is starting a multiphase project to recompile the code with Micro Focus Visual Cobol and rehost it on Windows servers. An associated VSAM database will also be migrated to SQL Server. Miller hopes that the more modern graphical development suite will make the Cobol programming position, which has gone unfilled for two years, more attractive to prospective applicants. But he acknowledges that finding talent will still be an uphill battle.

A legacy continues

Is there a role for Cobol off the mainframe? “I don’t believe there is. Cobol and the mainframe run well together, and that’s where I want to keep it,” says Brown of BNY Mellon. But the bank is still creating new Cobol components on the mainframe, and it will continue to do so.

That’s a common sentiment among Accenture’s large corporate customers, says Burden. Cobol will continue its gradual decline as midrange systems are retired and businesses continue to modernize legacy Cobol code or move to packaged software. Today, Cobol is no longer the strategic language on which a company builds new applications. But it still represents the “family jewels” of many organizations, Burden says. “They’re enhancing existing applications and adding functionality to them,” he says. “I’ve seen no slowdown in those activities.”

 

If companies can’t find talent to keep that infrastructure going, third-party service providers such as Accenture are ready, says Burden. The scale of Accenture’s support operation is large enough to provide a career track for Cobol programmers, and he notes that it’s easy to cross-train programmers on the language. “We can turn out new programmers quickly. So if clients can’t support Cobol, we will,” he says.

“People make too much of that trend that we’re not graduating enough Cobol programmers,” says IBM’s Stoodley. Preserving the institutional knowledge is what’s critical. “You can make a problem for yourself if you don’t keep your team vibrant,” he says. But as long as there’s a demand for it, “businesses will find people willing to work on Cobol.”

Cobol may have been created for simpler times in application development, but it remains the bedrock of many IT infrastructures. “You have to respect the architecture of Cobol,” Burden says. “I don’t see that changing for another 10 years, or even longer.”

 

Digitally signed malware is increasingly prevalent, researchers say

Malware authors are signing their malicious creations with stolen digital certificates to bypass antivirus detection and defense mechanisms

Lucian Constantin

March 15, 2012 (IDG News Service)

Security companies have recently identified multiple malware threats that use stolen digital certificates to sign their components in an attempt to avoid detection and bypass Windows defenses.

When it was discovered in 2010, the Stuxnet industrial sabotage worm surprised the security industry with its use of rootkit components that were digitally signed with certificates stolen from semiconductor manufacturers Realtek and JMicron.

Security experts predicted at the time that other malware creators would adopt the technique in order to bypass the driver signature enforcement in 64-bit versions of Windows Vista and 7. Given recent developments it seems that they were right.

A backdoor discovered by Symantec in December installed a rootkit driver signed with a digital certificate stolen from an undisclosed company. The certificate was revoked by VeriSign at the owner’s request nine days later.

However, the time window available for the malware to remain undetected was larger than that, because Windows operating systems rarely check certificate revocation lists (CRL), or don’t check them at all, Symantec principal software engineer Mircea Ciubotariu said in a blog post earlier today.

However, even if Windows would check such lists regularly, it wouldn’t make much of a difference for malware that has already been signed with the revoked certificates, because blocking such files is impractical, said Costin Raiu, Kaspersky Lab’s director of global research and analysis.

Raiu gave the stolen Realtek certificate used in Stuxnet as an example. “If Microsoft were to block the loading of all known files signed with that certificate, probably millions of users of RealTek hardware from around the world would find their motherboards, network cards, etc. inoperable,” he said. “Therefore, Microsoft cannot block the execution or loading of files signed with stolen certificates.”

A different malware component identified by Kaspersky Lab researchers during the last few days was signed with a certificate stolen from a Swiss company called Conpavi AG. “The company is known to work with Swiss government agencies such as municipalities and cantons,” said Kaspersky Lab expert Vyacheslav Zakorzhevsky in a blog post.

The threat is detected as Trojan-Dropper.Win32/Win64.Mediyes and is part of a click fraud scheme. However, the signed component is not a driver, but the actual malware installer, also known as the dropper.

Malware authors are interested in signing installers and not just the drivers, because some antivirus solutions assume that digitally signed files are legitimate and don’t scan them, said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor BitDefender.

“Additionally, signed modules are more likely to be included in whitelisting collections meaning, the chance of them being fully analyzed is lower and they remain undetected for longer period of times,” Raiu said.

Another non-driver malware component signed with a stolen digital certificate was recently identified by security researchers from AlienVault as part of an attack against Tibetan activist organizations.

“The malware being used in this attack is a variant of Gh0st RAT (remote access Trojan), a type of software that enables anything from stealing documents to turning on a victim’s computer microphone,” said Jaime Blasco, a security researcher at AlienVault, in a blog post on Tuesday. “Gh0st RAT was a primary tool used in the Nitro attacks last year and the variant we uncovered in these attacks seem to come from the same actors.”

Both Kaspersky Lab and BitDefender have confirmed seeing a steady increase in the number of malware threats with digitally signed components during the last 24 months. Many use digital certificates bought with fake identities, but the use of stolen certificates is also common, Craiu and Botezatu said.

 

The bin Laden plot to kill President Obama

Washington Post

By David Ignatius, Friday, March 16, 10:58 AM

Before his death, Osama bin Laden boldly commanded his network to organize special cells in Afghanistan and Pakistan to attack the aircraft of President Obama and Gen. David H. Petraeus.

“The reason for concentrating on them,” the al-Qaeda leader explained to his top lieutenant, “is that Obama is the head of infidelity and killing him automatically will make [Vice President] Biden take over the presidency. . . . Biden is totally unprepared for that post, which will lead the U.S. into a crisis. As for Petraeus, he is the man of the hour . . . and killing him would alter the war’s path” in Afghanistan.

Administration officials said Friday that the Obama-Petraeus plot was never a serious threat.

The scheme is described in one of the documents taken from bin Laden’s compound by U.S. forces on May 2, the night he was killed. I was given an exclusive look at some of these remarkable documents by a senior administration official. They have been declassified and will be available soon to the public in their original Arabic texts and translations.

The man bin Laden hoped would carry out the attacks on Obama and Petraeus was the Pakistani terrorist Ilyas Kashmiri. “Please ask brother Ilyas to send me the steps he has taken into that work,” bin Laden wrote to his top lieutenant, Atiyah Abd al-Rahman. A month after bin Laden’s death, Kashmiri was killed in a U.S. drone attack.

The plot to target Obama was probably bluster, since al-Qaeda apparently lacked the weapons to shoot down U.S. aircraft. But it’s a chilling reminder that even when he was embattled and in hiding, bin Laden still dreamed of pulling off another spectacular terror attack against the United States.

The terrorist leader urged in a 48-page directive to Atiyah to focus “every effort that could be spent on attacks in America,” instead of operations within Muslim nations. He told Atiyah to “ask the brothers in all regions if they have a brother . . . who can operate in the U.S. [He should be able to] live there, or it should be easy for him to travel there.”

U.S. analysts don’t see evidence that these plots have materialized. “The organization lacks the ability to plan, organize and execute complex, catastrophic attacks, but the threat persists,” says a senior administration analyst who has carefully reviewed the documents.

The bin Laden who emerges from these communications is a terrorist CEO in an isolated compound, brooding that his organization has ruined its reputation by killing too many Muslims in its jihad against America. He writes of the many departed “brothers” who have been lost to U.S. drone attacks. But he’s far from the battlefield himself in his hideout in Abbottabad, Pakistan, where he seems to spend considerable time watching television.

The garbled syntax of bin Laden’s communications may result from their being dictated to several of his wives, according to the U.S. analyst. And his rambling laundry list of recommendations illustrates the problems of communicating with subordinates when it could take several months to receive an answer. The al-Qaeda leader had a “great fear of irrelevance,” the analyst believes.

Because of constant harassment and communications difficulties in Pakistan’s tribal areas, bin Laden encouraged al-Qaeda leaders to leave north and south Waziristan for more distant and remote locations.

Bin Laden had an unlikely managerial focus, for such a notorious terrorist. He discusses the need for “deputy emirs” and “acting emirs” to run regional operations when the local boss is away, and he suggests that emirs should serve two-year terms and write an “annual report to be sent to the central group detailing the local situation.” He allowed a relatively frank exchange with his subordinates, who voiced criticisms about the organization’s errors.

Though open to internal debate, bin Laden and his aides had rigid views about Muslim theology. Atiyah sent his leader a strident letter in June 2009 detailing what he saw as doctrinal errors among other jihadists.

Bin Laden’s biggest concern was al-Qaeda’s media image among Muslims. He worried that it was so tarnished that, in a draft letter probably intended for Atiyah, he argued that the organization should find a new name.

The al-Qaeda brand had become a problem, bin Laden explained, because Obama administration officials “have largely stopped using the phrase ‘the war on terror’ in the context of not wanting to provoke Muslims,” and instead promoted a war against al-Qaeda. The organization’s full name was “Qaeda al-Jihad,” bin Laden noted, but in its shorthand version, “this name reduces the feeling of Muslims that we belong to them.” He proposed 10 alternatives “that would not easily be shortened to a word that does not represent us.” His first recommendation was “Taifat al-tawhid wal-jihad,” or Monotheism and Jihad Group.

Bin Laden ruminated about “mistakes” and “miscalculations” by affiliates in Iraq and elsewhere that had killed Muslims, even in mosques. He told Atiyah to warn every emir, or regional leader, to avoid these “unnecessary civilian casualties,” which were hurting the organization.

“Making these mistakes is a great issue,” he stressed, arguing that spilling “Muslim blood” had resulted in “the alienation of most of the nation [of Islam] from the [Mujaheddin].” Local al-Qaeda leaders should “apologize and be held responsible for what happened.”

Bin Laden also criticized subordinates for linking their operations to local grievances rather than the overarching Muslim cause of Palestine. He chided his affiliate in Yemen for saying an operation was a response to U.S. bombing there. He even scolded the organizers of the spectacular December 2009 suicide attack on the CIA base in Khost, Afghanistan, for describing it as revenge for the killing of Pakistani Taliban leader Baitullah Mehsud. “It was necessary to discuss Palestine first,” lectured bin Laden.

Bin Laden’s focus on attacking the U.S. homeland led to sharp disagreements with his deputy, Ayman al-Zawahiri, who favored easier and more opportunistic attacks on U.S. forces in Iraq, Afghanistan and other areas.

Bin Laden told Atiyah that al-Qaeda’s best chance for establishing an Islamic state was Yemen, which he described as the “launching point” for attacks on the Persian Gulf oil states. “Control of these nations means control of the world,” he wrote. But he worried that the push in Yemen would come too soon, and he advised his colleagues to wait three years, if necessary, before making a decisive move. By fighting too hard in Syria in the early 1980s, he noted, the Muslim Brotherhood “lost a generation of men.”

Bin Laden and his aides hoped for big terrorist operations to commemorate the 10th anniversary of Sept. 11, 2001. They also had elaborate media plans. Adam Gadahn, a U.S.-born media adviser, even discussed in a message to his boss what would be the best television outlets for a bin Laden anniversary video.

“It should be sent for example to ABC, CBS, NBC, and CNN and maybe PBS and VOA. As for Fox News let her die in her anger,” Gadahn wrote. At another point, he said of the networks: “From a professional point of view, they are all on one level — except [Fox News] channel, which falls into the abyss as you know, and lacks objectivity, too.”

What an unintended boost for Fox, which can now boast that it is al-Qaeda’s least favorite network.

From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: