Skip to content

April 28, 2012

April 30, 2012

28April 2012

Newswire

 

Iran says it has recovered data from captured U.S. spy drone

 

By the CNN Wire Staff

updated 6:36 AM EDT, Mon April 23, 2012

http://www.cnn.com/2012/04/22/world/meast/iran-us-plane/index.html

 

Tehran, Iran (CNN) — Iran declared it has “cracked the codes” of the intelligence gathering system of a U.S. spy drone it captured last year for violating its airspace, the nation’s semiofficial media reported.

Tehran bragged about seizing the unmanned U.S. drone aircraft with stealth technology in December and displayed it on national television as a victory for Iran.

On Sunday, an Iranian senior military official declared armed forces have extracted data from it to prove a point to the Pentagon, which they said expressed doubt Tehran could be able to decode it.

“This plane is seen as a national capital for us and our words should not disclose all the information that we have very easily,” Brig. Gen. Amir Ali Hajizadeh was quoted as saying by the semiofficial Fars News Agency.

“Yet, I provide four cues in here to let the Americans know how deep we could penetrate into the intelligence systems and devices of this drone.”

Some data from the drone’s memory device revealed it had flown over the Pakistani hideout of al Qaeda leader Osama bin Laden two weeks before his death in May, according to Hajizadeh.

“Had we not accessed the plane’s softwares and hard discs, we wouldn’t have been able to achieve these facts,” he said.

Iran has also decoded information such as protocols, repairs and flight sorties, said the military leader, who commands the Islamic Revolution Guards Corps’ aerospace forces.

Information shows the drone was in California in October 2010 for repairs and was moved to Afghanistan the following month, where it had problems that U.S. experts could not solve, he said.

The United States did not immediately comment on Tehran’s claims Sunday.

Retired Gen. James “Spider” Marks, a CNN contributor, said the U.S. military should be concerned about this report.

“We have to assume the compromise of the drone is complete,” he said Monday on CNN’s “Early Start.” “They can pick apart different pieces of this drone.”

Marks said the United States needs to be concerned about how Iran can use this information to counter top American technology.

In December, President Barack Obama said the United States asked Iran to return the drone aircraft it claimed to have. At the time, two U.S. officials confirmed to CNN that the missing drone was part of a CIA reconnaissance mission that involved both the intelligence community and military personnel stationed in Afghanistan.

“We’ve asked for it back. We’ll see how the Iranians respond,” Obama had said.

Iranian military officials have vowed not to return the plane.

 

 

Transparency or ‘fishing’? Demand for agency conference data questioned

GovExecom

By Charles S. Clark

April 17, 2012

A far-reaching document request to 23 agencies sent on April 10 by House Oversight and Government Reform Chairman Darrell Issa, R-Calif., may be an expensive burden on agencies for a mere “fishing expedition,” observers told Government Executive.

As he prepared for this week’s hearings on the General Services Administration’s $820,000 Western Regions conference in Las Vegas, Issa wrote to the heads of 23 departments and agencies demanding a list of overnight conferences they had funded since Jan. 1, 2005, that were attended by more than 50 employees.

Specifically, he seeks dates, locations, costs and funding sources as well as names, titles and salaries of department event planners. He also wants addresses or live electronic links to all agency website pages that were used to “promote, track or commemorate department conferences.” The material is due by noon on April 23.

As background in his letter, Issa cited President Obama’s 2009 condemnation of “frivolous” spending on out-of-town conferences. Issa targeted GSA and other major departments, singling out the Social Security Administration for past problem conferences and noting coming conferences in Las Vegas by the Environmental Protection Agency, and the Health and Human Services and Defense departments.

Issa also expressed skepticism about the Consumer Financial Protection Bureau’s recent advertisement to hire an “invitations coordinator” who would make as much as $102,900 a year to book officials’ appearances.

Such “requests for detailed information often are little more than fishing expeditions, to see what other cases a detailed look might bring,” said Donald Kettl, dean of the University of Maryland’s School of Public Policy. “Issa’s request would require a massive investment of government resources — the request itself could waste far more money than it could save, and it would inevitably create a chilling effect on the very government managers responsible for rooting out and eliminating waste. ”

Kettl added, “it’s impossible to defend what GSA did in Las Vegas.” But the agency “has enormous responsibility to leverage billions of dollars of real estate and purchases on behalf of taxpayers. It needs to meet with vendors and landlords, and its staff needs to gather periodically to reinforce the shared mission and to devise smart strategy. In fact, nothing would be more wasteful than not meeting — GSA’s managers would risk being picked off individually by smart private sector operatives who could outmaneuver them if meetings can’t reinforce government policy and strategy.”

Joe Newman, communications director for the nonprofit Project on Government Oversight, said, “there is a need for aggressive oversight of the GSA scandal. In general, we support the chairman [Issa] broadening the scope to include other departments and agencies.” But, he added, “it’s equally important that this not turn into a massive fishing expedition that becomes a drain on resources, and in that regard, limiting the request to overnight conferences attended by more than 50 employees will help do that.”

Paul C. Light, a professor of public service at New York University, says much of the data on agency conferences already exist in the inspector generals’ semiannual reports that could be read by Oversight committee staffers. “They’re pretty dense, so it’s no one’s favorite job,” he said, jokingly adding the congressional committees could bring in a clown and a psychic “in costume, which would make good television.”

But the deeper question, Light said, is why the GSA inspector general didn’t use existing authority to alert Congress to the presence of a significant vulnerability using the tool of the seven-day letter. “The IGs are post hoc investigators, but they could have told Issa 11 months ago,” or they could have used their authority before then “to simply say this conference is canceled,” Light said. The IG’s problem in large part is flat or declining staffing levels, he said.

The GSA conference in the end “is small potatoes, a micro-scandal representing something deeper about the system,” Light said, citing such issues as what is wrong with the government’s personnel system and chain of accountability.

GSA, meanwhile, is reacting with steps that go further than simply preparing documents for Issa. As acting Administrator Daniel Tangherlini told House panels Monday and Tuesday, GSA has consolidated conference oversight in the new Office of Administrative Services.

The office now is responsible for reviewing contracts for conference space, amenities, proposals and budgets; coordinating with events planners; overseeing awards ceremonies, travel and accommodations; procuring new training for employees on conference planning and attendance.


By Charles S. Clark

April 17, 2012

http://www.govexec.com/oversight/2012/04/transparency-or-fishing-demand-agency-conference-data-questioned/41811/

 

 

 

Returning soldiers have more car crashes: study

By Ben Berkowitz | Reuters

BOSTON (Reuters) – Military personnel have 13 percent more car accidents in which they are at fault in the six months after returning from overseas duty than in the six months prior, a USAA study revealed on Tuesday.

USAA, a major insurer catering specifically to the armed forces and their families, based its study on 171,000 deployments by 158,000 of its members over a three-year period ending in February 2010, when combat was still raging in Iraq and Afghanistan.

In many cases, USAA found, soldiers took the driving style that kept them alive on the streets of Baghdad and Kabul and applied it to the suburban roads at home.

The results were most dramatic for returning members of the Army and Marines, whose accident rates rose 23 percent and 12.5 percent, respectively. (Rates were up 3 percent for the Navy and 2 percent for the Air Force).

Not surprisingly, given the experience many soldiers had with improvised explosive devices (IEDs) and other roadside obstacles in combat zones, USAA found “objects in the road” to be the most cited of the 13 accident causes it studied.

The insurer also found a direct correlation between the number of deployments and the rate of accidents — those deployed three or more times had 36 percent more incidents, those deployed twice had 27 percent more and those deployed only once had 12 percent more accidents. A 2009 military study found that, since 2001, deployments for reservists had averaged from 8 to 14 months in duration.

There was also correlation by age (soldiers under 22 were involved in more wrecks than those over 29) and by rank (the more senior a soldier the lower the number of accidents).

“USAA has shared its research with each military branch’s safety center commanders. USAA has also shared the study with academics and traffic safety experts and has taken steps to make USAA members aware of the behind-the-wheel risks for returning troops,” the company, which had 8.8 million members as of the end of 2011, said in the report.

The Army’s Office of Public Affairs declined to comment on the results of the study, saying it was the company’s research project and not the government’s.

The USAA survey adds to the growing body of data on the psychological and physical effects of deployment to war zones.

The U.S. Army said in January that violent sex crimes committed by active-duty soldiers have almost doubled over the last five years, due in part to the trauma of war. In March, Army researchers said one in five soldiers returning from Afghanistan or Iraq after a concussion develop chronic headaches.

(Reporting By Ben Berkowitz; editing by Gunna Dickson)

 

 

FERS retirement fund projects surplus

By STEPHEN LOSEY | Last Updated:April 23, 2012

The Federal Employees Retirement System held a projected $12.2 billion surplus at the end of fiscal 2010, its first surplus in four years.

And the Civil Service Retirement System’s unfunded liability shrank from $663.4 billion at the end of fiscal 2009 to $634.5 billion at the end of fiscal 2010, according to the government’s latest report on the fiscal health of its pension systems.

The Office of Personnel Management released the Civil Service Retirement and Disability Fund annual report for fiscal 2011 at Federal Times’ request.

Republican lawmakers such as Rep. Darrell Issa of California and Rep. Dennis Ross of Florida want to eventually get rid of future federal employees’ FERS pensions, saying such defined benefit plans are expensive and unsustainable and are rapidly disappearing in the private sector.

Issa in October promised to “end the fiscally irresponsible practice of accumulating large unfunded liabilities for retiree pensions” when he proposed doing away with FERS for new employees.

But the latest numbers continue to show that the unfunded liability problem facing federal pensions is entirely due to CSRS’ poor design, which Congress sought to fix in 1986 when it created FERS and began to wind down CSRS.

The more-generous CSRS plan requires both federal employees and the government to each contribute 7 percent of an employee’s paycheck toward the CSRS pension, and did not allow the government to regularly adjust those rates. Because the 14 percent of CSRS payroll that went to fund pensions was not nearly enough to cover the system’s future costs, a massive shortfall grew. This means the government has to contribute additional payments — which reached a record $33.2 billion in fiscal 2010 — each year to cover part of that shortfall.

The FERS law, however, requires federal employees to contribute 0.8 percent of their paychecks toward their pensions, and requires the government to cover the rest of the cost to avoid the accumulation of unfunded liabilities. That is why the government in fiscal 2011 hiked the amount it contributes to FERS pensions from 11.2 percent to 11.7 percent, and in October increased it further to 11.9 percent.

That means that if the FERS pension went away today, as Issa and Ross have called for, it would actually worsen the federal pension system’s total unfunded liability, which was $622.3 billion at the end of fiscal 2010. FERS ran deficits of $1 billion in fiscal 2007, $900 million in fiscal 2008 and $9.7 billion in fiscal 2009.

Between fiscal 1994 and 2006, however, FERS ran projected annual surpluses of up to $14.9 billion. FERS ran projected deficits of between $1.8 billion and $6.1 billion between fiscal 1987 and fiscal 1993, when the plan was in its infancy.

OPM said last October that the two-year federal pay freeze lowered the expected cost of future pension payments, and helped FERS return to the black. The government’s increase to FERS contribution rates also likely helped create that projected surplus.

President Obama has proposed increasing the amount FERS employees contribute toward their pensions from 0.8 percent of each paycheck to 2 percent, and CSRS employees’ contributions from 7 percent to 8.2 percent. Obama expects that would raise $21 billion over a decade, which he would use to reduce CSRS’ massive unfunded liability.

Issa’s and Ross’ offices did not respond to a request for comment from Federal Times. An OPM official was unavailable for an interview.

FERS employees also contribute 6.2 percent of each paycheck to Social Security. CSRS employees neither pay into, nor receive payments from Social Security.

OPM said data on surpluses and unfunded liabilities at the end of fiscal 2011 is not yet available.

 

House panel approves higher pension contributions for feds

Federal Times

By STEPHEN LOSEY | Last Updated:April 26, 2012

The House Oversight and Government Reform Committee on Thursday approved a budget plan that would raise federal employees’ retirement contributions by five percentage points over five years. The increase would effectively mean a 5 percent pay cut for federal employees.

Federal Employees Retirement System employees’ contributions would increase from 0.8 percent to 5.8 percent by 2017, and Civil Service Retirement System employees’ contributions would increase from 7 percent to 12 percent over the same period.

The bill would increase pension contributions by 1.5 percentage points in 2013, 0.5 percentage points in 2014, and one percentage point each year from 2015 to 2017.

Newly hired federal employees beginning in 2013 with less than five years of previous federal service would immediately have to cover 5.8 percent of their FERS pensions, with no phase-in.

 

Lawmakers and their staffs under CSRS, and FERS lawmakers, would see their contributions go up even more, by 8.5 percentage points over five years. FERS congressional staffers’ contributions would increase 7.5 percentage points over five years.

For new employees hired after Dec. 31, the measure would eliminate the FERS Social Security supplement that is available to employees who voluntarily retire before reaching age 62.

The committee also agreed Thursday to a bipartisan amendment, from Rep. Jason Chaffetz, R-Utah, and Rep. Stephen Lynch, D-Mass., to allow federal employees to apply the value of their unused annual or vacation leave toward their Thrift Savings Plan accounts.

The plan to hike federal employees’ pension contributions, which the committee said would save $82 billion over a decade, was denounced by Democratic lawmakers and federal employee groups, who said federal employees have already sacrificed.

“These retirement cuts are absolutely unconscionable,” said National Federation of Federal Employees National President Bill Dougan. “At a time when many federal workers and their families are struggling through the great recession, some in Congress are proposing to increase six-fold the amount they pay toward their retirement. Burdened with two years of frozen pay, increased pension contributions for new hires, and crushing cuts to agency budgets, federal employees are reaching the end of their rope.”

“Republicans’ priorities are crystal clear, and investing in a top-notch workforce competitive with the private sector is not among them,” House Minority Whip Steny Hoyer, D-Md., said in a Federal Times opinion piece.

The changes were required by the 2013 budget proposed by Rep. Paul Ryan, R-Wis., which the House passed on a largely party-line vote March 29. That budget ordered the House Oversight Committee to find at least $79 billion in savings over a decade.

The Ryan budget — and the pension contribution hikes that are part of it — is highly unlikely to pass the Democratic-controlled Senate.

The bill “will die a deserved death when it gets to the Senate,” said Rep. Gerry Connolly, D-Va. “It is wrong.”

But even if the Ryan budget does die in the Senate, the contribution increases could return — perhaps as part of a bill that Democrats cannot reject.

“I think it’s likely that it may well come back,” Hoyer said in an interview with Federal Times.

 

It has happened before. In February, for example, lawmakers struck a deal to pay for a payroll tax holiday extension by raising the pension contributions for newly hired federal employees to 3.1 percent.

Under the measure approved Thursday, those employees would see their pension contributions climb to 5.8 percent immediately.

 

In the age of Stuxnet, U.S. cyber security officials rethink software as their defense

GSN.com

Mon, 2012-04-23 02:59 PM

By: Steven Sprague

 
 

When the Stuxnet virus caused centrifuges to malfunction at Iran’s Bushehr nuclear reprocessing facility last year, it put cyber security officials around the world on notice that a new, more dangerous strain of Advanced Persistent Threat (APT) had appeared.

Post-analysis indicated the Stuxnet virus had altered the basic-input-output system (BIOS) firmware of the facility’s computer control systems. In essence, it targeted the computers’ pre-boot environments, which made it invisible to all software layers that subsequently came online.

The implications were clear: A virus that can alter the BIOS of a computer could grant control over its operating system (OS) and any software layer above it, including security and encryption applications. It could conceivably permit hackers to silently monitor a user’s keystrokes, invade networked machines or assign remote control over online systems.

This emerging class of APTs prompted the U.S. National Institute of Standards and Testing (NIST) to publish guidelines last year for preventing unauthorized changes to BIOS firmware. The agency is now on the verge of issuing subsequent standards for measuring the health of an endpoint BIOS in real-time. Both NIST publications tacitly recognize that software solutions are an antiquated defense against attacks that are already active in the pre-boot phase. One alternative they suggest is to shift the line of defense to a computer’s physical hardware, which offers a deeper and incorruptible foundation for preserving the identity and health of a device.

A very persistent threat

Attacks on BIOS firmware are not a particularly new threat. They’re commonly known as rootkit viruses. When they first appeared during the mid-90’s, they simply disabled a targeted computer. The only fix was to wipe the drive clean, and reinstall the OS. But as Stuxnet illustrates, rootkits have evolved into something far more persistent and insidious. In their emergent form, they can remain intact in the BIOS, even after a hard drive has been reformatted. Further, they can lie dormant for months before being activated remotely or by a certain cue. And, as mentioned, they can exercise invisible control over the entire software stack of a machine, as well as that of networked computers.

Skeptics argue that the threat of such sophisticated attacks is negligible since the diversity of firmware platforms in circulation requires rootkits to be highly tailored to the BIOS of a targeted computer. Yet, again as Stuxnet illustrated, a highly targeted attack can have a very broad impact. Industrial control systems similar to those used at Bushehr are commonly used in gas pipelines, power plants and other key infrastructure, which helps explain why such a “limited” threat became a priority for NIST.

Some of the skepticism surrounding the threat of rootkits may also be fatalism in disguise. In an industry dominated by software security solutions, vulnerabilities in the pre-boot environment can seem like an unpleasant yet inevitable fact of life. They are not, as NIST helped illustrate when it issued Special Publication (SP) 800-147 last year. The document established the first guidelines for ensuring that changes or updates to system BIOS come only from an authorized source.

But SP 800-147 was only the start. NIST recognized that protecting BIOS firmware requires more than passive defenses. Security further demands the ability to monitor those defenses against evolving and persistent threats.

As a result, NIST will soon issue SP 800-155, which outlines methods for actively measuring the health of BIOS firmware in real time, and reporting any unauthorized changes to a remote authority. The question is: What reporting source can be trusted when the pre-boot environment itself — and any software layer operating above it — is suspect? The most readily available solution is the hardware layer operating below system BIOS. More specifically, it is a piece of hardware called the Trusted Platform Module.

Designed a decade ago to thwart APT attacks, the TPM is a cryptographic chip attached to the motherboard of virtually every corporate-class laptop deployed. Today, activated TPMs are capable of storing and reporting measurements from the pre-boot environment. Plus, because their security functionality is embedded within physical hardware, TPMs cannot be compromised or altered by rootkits or other malicious code.

Measuring BIOS integrity

SP 800-155 establishes guidelines defining how to measure, store and report the integrity of a computer’s BIOS to a remote authority in real-time. NIST’s publication is well-detailed and deserves to be read separately. But, in its simplest form, it establishes three key requirements:

1. Provide the hardware support necessary to implement credible Roots of Trust for BIOS integrity measurements;

2. Enable endpoint computers to measure multiple stages of the boot up process prior to execution;

3. Securely transmit measurements of BIOS integrity from the endpoints to IT management.

Again, TPMs can play a central role in fulfilling these requirements. First, as physical hardware, they provide an unalterable baseline — the so-called Root of Trust — for comparison with expected BIOS measurements. TPMs securely store these measurements and, at any point during or after the boot process, can send encrypted reports of BIOS health to a remote central authority, such as an IT manager in a corporate office.

Thanks to NIST SP 800-155, the industry now has the knowledge and the tools to do what it could not before, and block APTs based on rootkit attacks on BIOS firmware. Even better, BIOS monitoring platforms built on NIST’s specifications are already commercially available from vendors like Wave Systems.

Yet, further work remains. NIST’s publications do not provide guidance for attacks targeting computer components, such as the video BIOS on a standard PC video card. Nor do they address attacks on the master boot record, which can cost a user their hard drive. But securing and measuring the integrity of the BIOS environment was an essential first step to making meaningful measurements further up the pre-boot stack. A house is only as strong as its foundation. Thus, NIST was wise to build on a foundation of strong BIOS integrity, and to leverage hardware-based tools, such as TPMs, as the cornerstone.

 

Steven Sprague is CEO of security firm Wave Systems

 

Military may spend $1 billion on satellite program

Brendan McGarry

Tuesday, April 24, 2012

The U.S. military may spend $1 billion during the next decade to piggyback its communications equipment onto commercial satellites.

The Air Force, which plans to ask companies for contract bids as early as September, has heard from “numerous” satellite operators and manufacturers interested in the deal, said George Sullivan, a contract specialist for the service. Boeing Co. and Loral Space & Communications Inc. expect to compete, company executives said.

The Defense Department has been looking for ways to ease stress on its own satellite networks, and has increasingly turned to commercial providers for extra bandwidth to handle demands such as drone surveillance and radio communications.

“The requirement for bandwidth is insatiable,” said Jim Simpson, vice president of business development for Boeing Space and Intelligence Systems, part of the aerospace company.

Contract winners would qualify to fly and operate government equipment on commercial spacecraft. That hitchhiking gear is known in the industry as a hosted payload, which may include sensors or other instruments used to detect missiles, monitor orbital debris and track troops.

The U.S. military may fly more than a dozen hosted payloads during the next decade, said Don Brown, vice president for hosted payloads at Intelsat General Corp., part of closely held Intelsat SA, the world’s largest commercial satellite operator.

That would put the potential value of the Air Force contract at almost $1 billion, assuming it flies 12 payloads at a cost of $82.5 million apiece, the service’s price tag of a demonstration program last year.

There is “pent-up demand” for the business, according to a report published last month by Northern Sky Research, a market research company.

The Defense Department has about 70 experimental payloads, and NASA and other agencies have in stock “instruments sitting on shelves waiting for a ride,” according to the report.

The global market for hosted payloads is expected to at least triple to more than $300 million annually in the next decade, with at least $1.8 billion in total revenue during that period, it states.

The Pentagon has experimented with hosted payloads. It’s a different approach than the current practice of leasing bandwidth, or capacity, on commercial satellites already in orbit.

The military now relies on commercial satellites for about 80 percent of its bandwidth needs, fueled by soaring demand from war zones, said Christopher Baugh, president of Northern Sky Research. Drone video captured over Afghanistan is distributed on satellites owned by companies such as SES SA and Intelsat.

Brendan McGarry is a Bloomberg writer. bmcgarry2@bloomberg.net

http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2012/04/24/BUC51O7OQO.DTL

This article appeared on page D – 2 of the San Francisco Chronicle

 

Pentagon Offers Budget Compromise to Placate States

Defense news

Apr. 23, 2012 – 08:06PM |

By AGENCE FRANCE-PRESSE

 

WASHINGTON — The Pentagon has offered to fund more C-130 aircraft for the Air National Guard to placate state governors complaining about proposed budget cuts that scale back fleet and personnel, officials said April 23.

Facing growing political pressure in an election year from governors and lawmakers in Congress, U.S. Defense Secretary Leon Panetta and Air Force leaders have come up with a compromise that would shift $400 million to the Air National Guard to fund 24 C-130 transport planes, defense officials told AFP.

To pay for the change, money would have to be cut from the Air Force’s budget for active duty airmen and aircraft, the officials said.

The move is unusual as the Pentagon usually makes no major changes to the gargantuan defense budget once it is submitted to Congress, and tends to hammer out compromises with lawmakers in Washington instead of state governors.

 

But the proposal came after Panetta and top officers held a series of meetings with governors on the issue in recent months, said defense officials, who spoke on condition of anonymity.

A bipartisan “council of governors” from various states had proposed a much more dramatic revision of the Air Force budget, moving more money and planes from active duty forces to the Air National Guard, including F-16 fighters, aerial refueling KC-135 tankers and unmanned drone aircraft.

Top defense and Air Force officials rejected the governor’s proposed changes, saying they would pose a threat to combat readiness and place a strain on active duty airmen who they say have had insufficient time back home between frequent deployments, defense officials said.

The compromise offered by the Pentagon was partly based on the idea that C-130 cargo planes are in keeping with the mission of the Air National Guard in US states, where governors turn to the Guard and the reserves to respond to natural disasters.

“We believe this proposal is very much in keeping with the national defense requirements laid out in our strategy and the public safety concerns expressed by the Council of Governors,” Pentagon spokesman Capt. John Kirby said in an email.

“These aircraft play a vital role in our support to civil authorities, particularly in the event of natural disasters. It’s the right thing to do.”

The Defense Department has requested $613 billion for fiscal year 2013, essentially holding spending steady after a decade of massive budgets.

 

 

Analysis: Dow’s new corn: “time bomb” or farmers’ dream?

By Carey Gillam

4/24/2012 12:09:28 AM ET

 

(Reuters) – A new biotech corn developed by Dow AgroSciences could answer the prayers of U.S. farmers plagued by a fierce epidemic of super-weeds. Or it could trigger a flood of dangerous chemicals that may make weeds even more resistant and damage other important U.S. crops.

Or, it could do both.

“Enlist,” entering the final stages of regulatory approval, has become the latest flashpoint in the debate about the risks and rewards about farm technology. With a deadline to submit public comments on Dow’s proposal at the end of this week, more than 5,000 individuals and groups have already weighed in. Dow Agrosciences, a unit of Dow Chemical Co, hopes to have the product approved this year and released by the 2013 crop.

The corn itself is not the issue — rather it is the potent herbicide chemical component 2,4-D that is the center of debate.

The new corn is engineered to withstand liberal dousings of a Dow-developed herbicide containing the compound, commonly used in lawn treatments of broadleaf weeds and for clearing fields of weeds before crops like wheat and barley are planted.

Enlist is the first in a planned series of new herbicide-tolerant crops aimed at addressing a resurgence of crop-choking weeds that have developed resistance to rival Monsanto’s popular Roundup herbicide. It is part of an expanding agricultural arsenal advocates say is key to growing enough food to feed a growing global population.

But while 2,4-D has a long history of effective use, the chemical’s volatile nature also worries environmentalists because winds, high temperatures, humidity can cause traditional forms of the herbicide to migrate from farm fields where it is sprayed to wreak havoc on far-off crops, gardens, and trees that are unprotected from the invisible agent.

Environmentalists are pushing the government to pause before opening the door to what they say could be a destructive turn.

Opponents include some specialty crop farmers who fear 2,4-D herbicide use could cause widespread damage to crops that are not engineered with a tolerance to it. It is so potent that its use is tightly restricted in some areas and at certain times of the year in some U.S. states.

“It is a major issue for farm country,” said John Bode, a lawyer for a coalition of farmers and food companies seeking regulatory restrictions or rejection of Dow’s plans.

“Massive amounts of 2,4-D… can cause major changes, threatening specialty crops miles away,” said Bode, an assistant Secretary of Agriculture in the Reagan administration.

The financial stakes are high as well. Dow projects a “billion dollar value” in a product line that is its biggest challenge yet to the dominance of top seed company Monsanto’s revolutionary Roundup herbicide and its genetically modified “Roundup Ready” seeds. Dow hopes to expand Enlist into soybeans and cotton.

Where Roundup once killed weeds easily, experts say that now, even heavy use of the herbicide using the key chemical glyphosate often fails to kill “super weeds.”

NEW HERBICIDE TEMPERS ‘DRIFT’

Some weed scientists are supportive of Enlist. In the southern third of Illinois, prime corn-belt country, infestations of the invasive water hemp weed have doubled each year over the past three years, according to Bryan Young, weed scientist at Southern Illinois University.

“The de-regulation of Enlist herbicide-tolerant corn will expand grower options for controlling problematic weeds and has proven in my research to be effective as such,” Young wrote to the USDA in a letter supporting Dow’s application.

Dow officials say they are aware of the problems with 2,4-D “drift” and volatility, and that the new herbicide has been formulated to reduce those factors dramatically.

Dow says that if farmers use the new Dow version of 2,4-D properly, drift is reduced about 90 percent, and tests show the new product has “ultra-low volatility.”

Even many opponents of Dow’s new herbicide say it is an improvement of generic rivals using 2,4-D. But they say Dow’s version will be expensive enough that many farmers will probably buy cheaper generics to spray on the 2,4-D-tolerant corn.

Dow acknowledges that lure, but says it will work to steer farmers to its brand.

“I don’t think you can ever guarantee it, but we are doing all we can to try to incentivize people and educate people,” said Tom Wiltrout, Global Strategy Leader for Seeds and Traits at Dow. “We were worried too. That was one of the big debates we had. Chemistry is the key. We think we’ve got an answer.”

David Simmons, an Indiana farmer who grows corn and soybeans but also runs a vineyard and winery, says his young grapevines have suffered significant damage from drifting 2,4-D applications at neighboring farms, forcing him to fight to recover damage claims from fellow farmers’ insurance carriers.

“I’m faced with looking five years down the road. Is it even going to be profitable to grow grapes if I continue to get this damage every summer?” Simmons said.

Due to the already-known effects from “drift,” opponents have requested that some form of an indemnity fund be established to pay loss claims from farms damaged by inadvertent 2,4-D applications. Dow has opposed that safeguard.

HIGH STAKES

Opponents have flooded the U.S. Department of Agriculture with petitions and pleas for either rejection of Dow’s new corn, or strict regulation before use of 2,4-D is expanded into millions of acres in the U.S. agricultural heartland. More than 90 million acres of corn alone will be planted in 2012.

Last week, the Save Our Crops coalition representing more than 2,000 U.S. farmers filed legal petitions with the USDA and the Environmental Protection Agency demanding the government scrutinize Dow’s plans more closely. The group has said it could file a lawsuit to try to stop the new type of corn.

Steve Smith, director of agriculture at Indiana-based Red Gold, the world’s largest processor of canned tomatoes, calls the 2,4-D issue a “ticking time bomb.”

“We are all producers and people who have no problem with new technology. But we see this new piece of it having side effects that we don’t think people have adequately thought of,” said Smith.

Others fear Enlist and 2,4-D may only be only the beginning of a new wave of dangerous farm chemicals. Chemical giant BASF and Monsanto plan to unveil by the middle of this decade crops tolerant to a mix of the chemicals dicamba and glyphosate.

This increasing use of chemicals will only spell worse weed resistance in years to come, warn weed scientists and environmentalists.

“It’s a chemical arms race,” said Andrew Kimbrell, a lawyer at the Center for Food Safety opposed to the new crop systems. “It’s a scary scenario. We won’t be able to do anything with these weeds other than use machetes.”

Instead of using more chemicals in order to plant corn on the same field year after year, U.S. farmers should be rotating crops more, a technique proven to challenge weed resistance, many weed scientists say.

Dow says that while Enlist farmers’ best option for now, it will not be the only long-term solution for weed resistance.

“There is no silver bullet here,” said Joe Vertin, Dow’s global businessleader for Enlist.

 

Working Around Earmark Ban

Members Find Ways to Secure Funds for Home

By Meredith Shiner

Roll Call Staff

April 24, 2012, Midnight

 

Though the Congressional earmark might be dead — or at least in a tea-party-induced coma — lawmaker boasting about funds secured for their states is alive and well as appropriations season kicks into full gear.

 

Banning earmarks in the traditional sense was a top priority for Republicans when they won back the House in 2010, and the president’s call for the ban in his State of the Union the following January reinforced it. But prohibiting pork has not stopped lawmakers from asking the administration to protect their parochial interests. After the Senate Appropriations panel approved two spending bills last week, Senate Appropriations Chairman Daniel Inouye (D-Hawaii) and Sen. Daniel Akaka (D-Hawaii) issued a press release celebrating a $250 million railway project for Honolulu, and Sen. Patty Murray (D-Wash.) praised $65 million in funding for the Pacific Coastal Salmon Recovery Fund, $15 million above President Barack Obama’s proposed budget.

Sources in both parties say this boasting last week is probably just the beginning. Even with the momentum on Capitol Hill trending against government spending, lawmakers looking to show their constituents they’re attentive to their needs likely will brag about budget wins back home — especially in an election year.

“In Washington state, investing in a sustainable salmon population is incredibly important. It’s not only important to the economic, historic, cultural, and recreational identity of our state, but as part of our federal obligation to meet tribal treaty protected fishing rights,” Murray said in an April 19 statement. “This funding will continue to support projects that boost our local economies, create good paying jobs, and restore and protect salmon habitats.”

The funding being touted by Members is already included in the president’s budget, and the committee bills Inouye, Akaka and Murray have cited do not specifically single out their projects for funding, but that doesn’t mean they aren’t making themselves vulnerable to critique.

“Clearly lawmakers are taking credit for projects that were already slated to receive funding but did it in a very earmark-ish manner,” said Steve Ellis, vice president of Taxpayers for Common Sense, who highlighted government spending “gray areas.”

Of course, the line between what is and is not an earmark can be blurry, or at least painted as blurry for those who oppose Congressionally directed spending.

“Typically some of the argument will be these projects weren’t earmarks, that they were actually in the president’s budget,” Ellis said.

 

He added, “[But] I don’t think it goes against the decision to not have earmarks.”

Indeed, it appears the Senate Appropriations Committee has been careful to make sure Congressionally directed spending would not be a problem in the anti-earmark climate.

“The fiscal year 2013 appropriations bills will contain no earmarks, but they will certainly contain funding for dozens of projects that are important to individual Members and to their constituents,” said Inouye spokesman Rob Blumenthal. “All of these types of projects were included in the president’s budget, not at the request of a specific Member of Congress, and each of them have gone through an extensive and, in most cases, multiyear vetting process by the responsible department or agency prior to their inclusion in the president’s request.”

The salmon recovery fund has been included in federal budgets since 2000. And Hawaiian lawmakers have spent years trying to secure federal assistance for what they view as a vital rail project. Sources on both sides of the earmark issue pointed out that the Hawaiian lawmakers did not secure more than what the Obama administration allotted in its budget, a signature move for appropriators in the earmarking era.

“Honolulu has gone through this rigorous process, and certainly Daniel Inouye can be an effective champion for this project and the need for this railway, but it’s not like he can go out on his own and get funds for this project that’s going to transform Honolulu,” said one Senate Democratic aide who described a years-long process and the Appropriations Committee chairman’s involvement in it.

At least for now, leaders in both parties and chambers have committed to moving forward with appropriations bills in regular order. In the Senate committee, only GOP Sens. Ron Johnson (Wis.) and Jerry Moran (Kan.) voted against the baseline levels set by last summer’s Budget Control Act. The overwhelming support for the negotiated appropriations levels was viewed as a statement to House Republicans, who have been fighting to cut spending further.

Senate aides said they anticipate both Republicans and Democrats to champion parochial wins in the pending bills, which Majority Leader Harry Reid (D-Nev.) has said he’d like to have wrapped up this spring.

Privately, many Senate GOP aides laugh at the idea that they won’t tout projects in their states that lawmakers have promoted for years. But that won’t stop others, especially those who are more conservative, from going after Senators, even colleagues of their party, who praise government spending of any kind.

“They’re lining up the targets is what they’re doing,” said one Republican aide to a Member who has fought against earmarks. The aide dismissed those who crow about projects as celebrating the “passage of press release bills.”

“Congress should be focused on ways to reduce our debt and not ways to circumvent the earmark ban,” the aide continued. “There’s a cultural gap between Washington and the country on how you define a good Congressperson. One of the ways lawmakers perceive they can be good at their jobs is to bring home the bacon, but for every project in whatever state, Members end up funding wasteful projects in other states. That’s what people realized in the earmark battle.”

       

 

Fiscal Uncertainty Already Rattling Investors

CQ TODAY ONLINE NEWS
April 23, 2012 – 10:13 p.m.

By Joseph J. Schatz, CQ Staff

The potential for a new round of budget brinkmanship at year’s end is heightening attention in financial circles, where there is growing concern about the uncertainty and economic fallout from the fiscal negotiations expected to follow the Nov. 6 elections.

Lawmakers have all but conceded that nothing will be done before the presidential and congressional elections to address changes in the tax code or to make any changes to a sequester process that will lead to $98 billion in automatic spending cuts.

The results of the elections will dictate some of the scenarios that could unfold in a lame-duck session. But so will the state of the economy, given that tax receipts and federal spending over the next several months will determine when the Treasury Department reaches its statutory borrowing limit, requiring Congress to raise the debt ceiling. That is expected to happen sometime between the election and the end of the year.

Financial industry analysts say the potential collision of significant fiscal matters in the highly confrontational environment in Washington may unsettle investors ahead of time.

In an analysis earlier this month, Morgan Stanley analyst David Greenlaw noted an expiration of the Bush administration tax cuts “would entail significant confusion — and potentially represent an important headwind for both the overall economy and the financial markets.”

“The economic risks associated with policy uncertainty, as well as the potential for a meaningful tightening on the fiscal side, may be magnified because the Fed’s ability to provide some cushion via monetary stimulus seems to be quite limited with the funds rate at the zero bound,” he said.

Some forecasters expect the economy to feel the impact from delay and uncertainty in advance of the election. Tom Porcelli at RBC Capital Markets, for instance, is forecasting a weak fourth quarter “that will be subject to major confidence headwinds from the uncertain presidential election, a revisiting of the debt ceiling and the final approach into the fiscal cliff,” he said in an April 19 email.

When exactly lawmakers have to address the debt ceiling may influence how quickly they have to confront a post-election deal to extend tax rates or overhaul the tax code and reorder the spending sequester. The last debt ceiling debate triggered a months-long stalemate on Capitol Hill that left all sides politically tarnished. It also led Standard and Poor’s in August to lower the U.S. credit rating, sending shudders through many government circles even though the action had little real effect.

Under the current law, the effect of spending cuts and tax changes could total about $600 billion, and estimates of the impact on economic growth generally range between 3 percent and 5 percent.

Treasury Secretary Timothy F. Geithner said last week that he sees no evidence businesses or investors are behaving differently because of the uncertainty over taxes, spending cuts or the debt ceiling. “It might come in the future, but not today,” he said at the Brookings Institution on April 18.

Still, Geithner said lawmakers should reduce the uncertainty by not withdrawing fiscal stimulus too quickly, by recognizing the president’s tax increases would only involve the top 2 percent of earners and by signaling “Congress will pass the debt limit without all the drama and politics and damage that Republicans and Congress imposed on the country last summer.”

A status quo election, with Democrats keeping the White House and the Senate while Republicans retain control of the House, may increase the odds of a relatively quick deal. That may involve a rewrite of the tax code, although it might still spark a contentious debate over temporarily extending the expiring tax cuts, if only for a few months, to give tax writers time to fashion a deal.

Short-Term Uncertainty

Lawmakers, lobbyists and Wall Street analysts say publicly, and privately, that they see more short-term uncertainty stemming from change in control of the White House. Control of the Senate will play a role, but to a lesser degree, since even a new Republican majority likely would have only small margin of control.

“There are, like, three different permutations that I think we could end up with,” says Sen. John Thune, R-S.D. “There is certainly a Republican wish list that we would like to see addressed. But I think whether or not we’re able to achieve that will depend a lot on the election.”

Meanwhile, there is talk circulating in Washington of short-term stopgaps ranging from a couple of months to a full year.

G. William Hoagland, a former top Senate GOP budget and leadership aide who is now vice president of public policy with Cigna Corp., says an agreement on a six-month measure postponing the expiration of the tax cuts, temporarily raising the debt ceiling and also delaying the sequester — while offsetting it with other spending reductions — could “put a little more certainty in the markets.”

The state of the economy is likely to affect what lawmakers decide, regardless of the election’s outcome.

Lawmakers will have to consider whether changes to the sequester might undermine confidence among investors that the U.S. government will address the longer-term debt challenge. Those automatic spending cuts, which could be significant at first and may coincide with tax increases, could undermine economic growth next year.

A slowing economy this year might change that equation, adding urgency for an agreement. But an improved economy that sends greater tax receipts flowing into the Treasury, reducing the federal deficit, could take some pressure off lawmakers to reduce the deficit further through lawmaking.

Despite all the talk of a so-called grand bargain addressing both spending and revenues, lawmakers have not shown a great desire to dive into the specifics of long-term deficit reduction. Even the general disdain for the sequester, for instance, has not pushed members on both sides of the aisle to undertake a bipartisan deal.

Still, Democrats hope the president’s election year focus on economic fairness means Obama will not let the current tax rates for upper-income earners continue regardless of the election outcome.

“I think that the president will not change direction,” says Rep. Bill Pascrell Jr., D-N.J. “I think he really believes the upper-income tax cuts should not be extended. I don’t see the election changing that.”

 

 

Can Obama Safely Embrace Islamists?

The War on Terror is over

By Michael Hirsh

April 23, 2012 | 11:44 AM

 

In an article in the current National Journal called “The Post Al Qaida Era,” I write that the Obama administration is taking a new view of Islamist radicalism. The president realizes he has no choice but to cultivate the Muslim Brotherhood and other relatively “moderate” Islamist groups emerging as lead political players out of the Arab Spring in Egypt, Tunisia and elsewhere. (The Muslim Brotherhood officially renounced violence decades ago, leading then-dissident radicals such as Ayman al-Zawahiri to join al Qaida.)

It is no longer the case, in other words, that every Islamist is seen as a potential accessory to terrorists. “The war on terror is over,” one senior State Department official who works on Mideast issues told me. “Now that we have killed most of al Qaida, now that people have come to see legitimate means of expression, people who once might have gone into al Qaida see an opportunity for a legitimate Islamism.”

The new approach is made possible by the double impact of the Arab Spring, which supplies a new means of empowerment to young Arabs other than violent jihad, and Obama’s savagely successful military drone campaign against the worst of the violent jihadists, al Qaida.

Some of the smarter hardliners on the Right, like Reuel Marc Gerecht, are coming to realize that the Arab world may find another route to democracy–through Islamism. The question is, how will this play politically at a time when Obama’s GOP rival, Mitt Romney, is painting the president as a weak accommodationist?

According to a senior advisor to Romney, the campaign is still formulating how to approach the new cuddle-up approach to Islamists. But the spectacle of an administration that is desperately trying to catch up to the fast-evolving new world of the Mideast fits into the Romney narrative of a president who “has been outmatched by events,” the adviser said. “Obama came to power with a view of the region that would make progress in the Arab world and get the Iranians back to the table. He would deal with the Israeli-Palestinian issue, and the key to that was dealing with settlements. Instead it’s been chaos.”

 

The president may have no choice but to preside over chaos at this point–a chaos that may not be the disaster that critics say and may in fact be the Arab world’s only path to modernity — but it won’t play well in the seven months between now and election day.

 

Senate approves amendment to cut conference spending

Fed Times

By ANDY MEDICI | Last Updated:April 24, 2012

The Senate approved a measure Tuesday that would cut federal conference spending by 20 percent from 2010 levels in response to the recent General Services Administration scandal involving a $822,000 conference in Las Vegas.

The amendment, sponsored by Sen. Tom Coburn, R-Okla., was attached to a postal reform bill called the 21st Century Postal Service Act of 2012.

A similar measure has been inserted into the DATA Act, a House bill that could come up for a vote in the House on Wednesday, a Coburn spokeswoman said.

The Coburn measure also would:

• Cap agency spending on a single conference at $500,000, unless the agency was the primary sponsor.

• Limit to 50 the number of employees from a single agency traveling to a conference in another country.

• Require agencies to report four times a year on conference spending.

 

The Coburn amendment is one of numerous legislative proposals generated in response to the April 2 release of a GSA inspector general’s report on excessive spending at a GSA conference in 2010.

The DATA Act, which the Huse is expected to vote on Wednesday, is a revised version of a bill introduced last year by Rep. Darrell Issa, R-Calif., chairman of the House Oversight and Government Reform Committee. The bill, which Issa posted online Wednesday, would bring more accountability to federal spending by making spending data more accurate, complete and transparent.

“There is no question that the infrastructure and reporting standards needed to ‘follow-the-money’ has been lacking,” Issa said in a statement. “The GSA travel and conference spending scandal is a perfect case study.”

Among other measures introduced by lawmakers:

• A bill from Rep. Dennis Ross, R-Fla., that would cut agency travel budgets in half from fiscal 2012 levels in 2013 and 2014, and by 75 percent in 2015.

• A bill from Rep. Joe Walsh, R-Ill., that would require agencies to submit itemized reports four times a year detailing all conference expenditures of more than $100,000.

 

• Sen. Claire McCaskill, D-Mo., said Wednesday she will introduce a bill to cut conference spending and require more detailed reporting by agencies. The Accountability in Government Act would cap spending on any one conference at $200,000 unless approved by the head of an agency. The bill also would require annual reports on all conference spending and deny bonuses to any employee under investigation by an inspector general.

Meanwhile, the Defense Department is reviewing its conferences over the last two years and will submit a report to Deputy Secretary Ashton Carter on May 11, said the Pentagon’s Deputy Chief Management Officer Elizabeth McGrath at an April 18 hearing. She said the department is ensuring “proper controls [are] in place so things like that do not happen.”

The GSA inspector general’s report prompted the resignation of the agency’s top official, Martha Johnson, and the firing of two of her top deputies: Public Buildings Commissioner Bob Peck and Johnson’s senior counsel, Stephen Leeds. Another 10 senior managers and employees were place on administrative leave, and Miller has forwarded his findings to the Justice Department for possible criminal charges.

 

Officials implement flexibilities for third round of VERA/VSIP

 

Posted 4/20/2012 Updated 4/20/2012

by Erin Tindell

Air Force Personnel, Services and Manpower Public Affairs

 

4/20/2012 – JOINT BASE SAN ANTONIO – RANDOLPH, Texas — As the Air Force continues a civilian workforce restructure through voluntary retirement and separation initiatives, officials have instituted new flexibilities to help minimize the impact of downsizing and workforce shaping.

 

Unlike the previous two rounds, the third round of Voluntary Early Retirement Authority and Voluntary Separation Incentive Pay will allow civilians to fill VSIP-created vacancies at other Air Force installations, provided the losing base can show it saved an employee from involuntary separation. This will allow an exception to Department of Defense Priority Placement Program clearance procedures.

 

These flexibilities will be used during the third round of VERA and VSIP, which begins May 1, and will help give civilians the opportunity for continued employment. Officials said the flexibilities will be used to the maximum extent allowed.

 

“We’re committed to sustaining excellence, meeting fiscal requirements and minimizing negative impacts on our current permanent civilian workforce and their families,” said Michelle LoweSolis, the Air Force Personnel Center civilian force integration director. “These flexibilities will give us an even greater ability to rebalance the skills of our workforce into enduring positions at various installations.”

The survey window for the next VERA or VSIP opportunity will open during the first week of May. Applications will be due during the week of May 14, or an earlier date established by local authorities. If approved, applicants will retire or separate by Aug. 31.

“The goal is to have all civilian employees realigned to continuing positions by Sept. 30,” said Lisa Cevallos, a human resources specialist at AFPC. “We encourage managers to consider restructuring any vacant positions they have for the placement of affected employees. They should also work with their (civilian personnel sections) on additional flexible processes to help place employees.”

Employees should review all available information on the programs at the Air Force Personnel Services website and word search “VERA” and “VSIP.” For annuity estimates, employees should go to the AFPC Benefits and Entitlements Service Team automated website, EBIS, to access the retirement calculator.

After gathering information through AFPERS and EBIS, employees should contact their local CPS to discuss their individual situation, and what steps to take if they are offered VERA, VSIP or both.

For more information about civilian employment, voluntary separation programs and other personnel issues, visit AFPERS at https://gum-crm.csd.disa.mil.

 

Allocations Set Up Spending Battle

CQ TODAY ONLINE NEWS

Updated April 24, 2012 – 11:41 p.m.

By Paul M. Krawzak and Kerry Young, CQ Staff

 

House and Senate appropriators are setting out in strikingly different directions on spending bills for the coming fiscal year, with the House allocating more to the Pentagon and less to the State Department and labor, health and education programs than the Senate.

House Appropriations Chairman Harold Rogers, R-Ky., released the panel’s proposed allocations for the 12 appropriations bills for the fiscal year that begins Oct. 1, pegging them to the $1.028 trillion spending target set in the House-adopted budget.

The Appropriations Committee is expected to approve the allocations, known as 302(b)s, on a party-line vote Wednesday, sending them to subcommittees for markups on program details and toward conflict with the Senate. Senate appropriators adopted their allocations last week in bipartisan votes that were aligned with the $1.047 trillion level set in the debt limit agreement last year between Congress and the White House.

Beneath the larger numbers are detailed differences over federal spending priorities that are setting out political fault lines during the election year, and may only be resolved this year after the fall elections.

Rogers says the House committee’s allocations are evidence of “how seriously this House takes its charge to rein in extraneous and unnecessary spending, encourage economic competitiveness and job growth, help strengthen the nation’s infrastructure, and ensure a strong national security for the protection of all Americans.”

Rogers also sought to send signals of cooperation amid a budgeting and allocating process that has been marked by sharp partisan divisions in the House. “We are committed to working together across the aisle and across both chambers to ensure continued funding for important government programs, projects and services that the American people expect and deserve,” Rogers said in a written statement.

But Norm Dicks, D-Wash., top Democrat on the House appropriations panel, will argue that the committee should reject the allocations, which he said undermine “continued investments in infrastructure, innovation and the social safety net.” At the same time, he said he is optimistic that the House eventually will go along with the limit agreed to last year and affirmed in the Senate appropriations votes.

 

Veto Possible

President Obama has threatened to veto any spending bills that fall below the limits in the debt limit law (PL 112-25). Senate Republican Leader Mitch McConnell, R-Ky., also has expressed his support for the limits in the debt law.

It has been clear since the House adopted a budget resolution last month that GOP appropriators would mark up spending bills to a total discretionary limit of $1.028 trillion, $19 billion less than the Senate limit of $1.047 trillion. The Senate is using the discretionary cap contained in the August debt limit law (PL 112-25), which specified annual discretionary limits through fiscal 2021 that were agreed to by Democratic and Republican negotiators.

The larger figure that the Senate is using would keep federal discretionary spending almost flat, compared with the $1.043 trillion allotted in the current fiscal year.

It was not known until Tuesday how Rogers planned to divvy up the funds among the 12 appropriations subcommittees.

Under Rogers’ plan, the Pentagon would get $519.2 billion in 2013, $8 billion more than the Senate has allotted and about $1 billion more than Congress is spending in fiscal 2012. The figure does not include $88.5 billion in overseas contingencies, money associated with the war in Afghanistan. The State and Foreign Operations bill would receive $40.1 billion under the House plan, almost $10 billion below the Senate figure.

 

Under the House allocations, the Labor, Health and Human Services and Education bill would get $150 billion, almost $8 billion below the Senate figure.

The differing subcommittee allocations for these three measures will make it harder for the two chambers to agree on fiscal 2013 spending bills.

The House allocations for the other nine bills are also less than the Senate allocations, but the differences in most cases amount to only $1 billion to $2 billion.

Compared with what Congress is spending this year, most of the allocations for 2013 are lower. The Defense bill alone gets a substantial increase. Under the House plan, the Energy and Water, Legislative Branch and Military Construction-Veterans Affairs bills would receive roughly level funding. The other bills would see decreases.

Rogers’ spokeswoman Jennifer Hing said Rogers determined that Defense needed a bump in funding “based on testimony and oversight that they’ve done and how much money that they felt they needed and was appropriate for those programs.”

Although the House Appropriations Committee allocations disclosed on Tuesday do not name the specific programs facing cuts, other House authorizing committees have approved proposed cuts in domestic programs, including reductions in spending on food assistance and health care programs.

House appropriators would set Transportation and HUD programs at $51.6 billion, $1.8 billion below the Senate figure. Agriculture programs would get $19.4 billion, which is $1.4 billion below the Senate allocation.

 

Scientists demonstrate mind-controlled robot

By FRANK JORDANS | Associated Press

 

LAUSANNE, Switzerland (AP) — Swiss scientists have demonstrated how a partially paralyzed person can control a robot by thought alone, a step they hope will one day allow immobile people to interact with their surroundings through so-called avatars.

Similar experiments have taken place in the United States and Germany, but they involved either able-bodied patients or invasive brain implants.

On Tuesday, a team at Switzerland’s Federal Institute of Technology in Lausanne used only a simple head cap to record the brain signals of Mark-Andre Duc, who was at a hospital in the southern Swiss town of Sion 100 kilometers (62 miles) away.

Duc’s thoughts — or rather, the electrical signals emitted by his brain when he imagined lifting his paralyzed fingers — were decoded almost instantly by a laptop at the hospital. The resulting instructions — left or right — were then transmitted to a foot (30 centimeter)-tall robot scooting around the Lausanne lab.

 

Duc lost control of his legs and fingers in a fall and is now considered partially quadriplegic. He said controlling the robot wasn’t hard on a good day.

“But when I’m in pain it becomes more difficult,” he told The Associated Press through a video link screen on a second laptop attached to the robot.

Background noise caused by pain or even a wandering mind has emerged as a major challenge in the research of so-called brain-computer interfaces since they first began to be tested on humans more than a decade ago, said Jose Millan, who led the Swiss team.

While the human brain is perfectly capable of performing several tasks at once, a paralyzed person would have to focus the entire time they are directing the device.

“Sooner or later your attention will drop and this will degrade the signal,” Millan said.

To get around this problem, his team decided to program the computer that decodes the signal so that it works in a similar way to the brain’s subconscious. Once a command such as ‘walk forward’ has been sent, the computer will execute it until it receives a command to stop or the robot encounters an obstacle.

 

The robot itself is an advance on a previous project that let patients control an electric wheelchair. By using a robot complete with a camera and screen, users can extend their virtual presence to places that are arduous to reach with a wheelchair, such as an art gallery or a wedding abroad.

 

Rajesh Rao, an associate professor at the University of Washington, Seattle, who has tested similar systems with able-bodied subjects, said the Lausanne team’s research appeared to mark an advance in the field.

“Especially if the system can be used by the paraplegic person outside the laboratory,” he said in an email.

Millan said that although the device has already been tested at patients’ homes, it isn’t as easy to use as some commercially available gadgets that employ brain signals to control simple toys, such Mattel’s popular MindFlex headset.

“But this will come in a matter of years,” Millan said.

 

House skirmish over defense spending begins

 

Washington Post

By Walter Pincus, Published: April 25

 

The roller-coaster ride is about to begin for defense spending, and it promises to be long and bumpy.

 

On Thursday, subcommittees of the House Armed Services Committee begin to mark up the fiscal 2013 Defense Authorization Bill. This will be the ride up because the Republican-controlled panel has indicated that it will add about $8 billion to the $546 billion set by the 2011 Budget Control Act (BCA). President Obama, Defense Secretary Leon E. Panetta and the Joint Chiefs of Staff supported the BCA, but the president’s budget is $3.7 billion above the BCA figure. That’s because it includes security spending for agencies other than the Pentagon.

For its core fiscal 2013 budget, the Pentagon produced a new strategic plan as well as proposed reductions next year — $6 billion from this year’s spending. It went farther, too: a total of $487 billion over the next 10 years. However, understand that after 2013, those deep cuts are from increases already built in to spending over those years.

Fiscal 2013 is the only year that defense spending under Obama will actually be cut from a previous year. From fiscal 2013 on, the defense budgets will continue to grow, just not as fast as planned.

Under the House GOP plan, fiscal 2013 defense spending would be at the same rate as this year, but its future increases would grow at a faster pace than in the president’s plan.

So what types of things do the House Republicans on these Armed Services subcommittees want to increase?

Perhaps we can say the first shot in the budget battle was fired Wednesday, when the subcommittee on military personnel put out what is called “the chairman’s mark,” the basic plan worked out by Rep. Joe Wilson (R-S.C.). It will be the basis for discussion and amendments Thursday before Wilson’s subcommittee.

One change that Wilson wants to make is to continue the use of 18 Air Force Block 30 RQ-Global Hawk unmanned surveillance aircraft. The president canceled an additional purchase of 24 of the $200 million aircraft and wanted to put the 18 already purchased in storage. The plan was to save some $2.5 billion over five years. The justification was that the older, piloted U-2 airplane does the same job and has better imaging capability.

Since Wilson’s panel controls only personnel, his “marked” bill just adds 560 people to the strength of the Air Force “to reflect the corresponding manpower requirements to maintain” the 18 Global Hawks that might be retired. Another House Armed Services panel would have to add the funds to operate and maintain the Global Hawks. A committee spokesman said he was unable to say how much that would cost. But a budget expert estimated that the House plan would require an additional $800 million in fiscal 2013 and $2.4 billion over five years, assuming that the U-2s were retired.

The increase may make it through because it has some bipartisan support. Rep. Norm Dicks (Wash.), ranking Democrat on the House Appropriations Committee, criticized the Air Force for agreeing to the Obama plan. He said during a hearing, “I’m worried . . . we already bought them and we need to find some way to get some utilization out of them.”

Another possible change from Wilson’s “mark” is language that would “make clear that non-monetary contributions to health-care benefits made by our troops and their families through a career of service to America represents pre-payment of health-care premiums in retirement.”

 

Wilson opposes the plan to raise fees for medical care for 9.65 million Tricare beneficiaries. Most of those fees would apply only to working-age retirees and would in part be based on their current income.

The strategic subcommittee “mark” has added nearly $500 million for the Iron Dome program, a short-range missile defense program conducted jointly with Israel. The money is to be spent between 2013 and 2015 and would bring to $900 million the U.S. contribution. The Iron Dome system has proved successful in intercepting recent short-range missile attacks on Israel and probably would have bipartisan support.

The Republicans on the House Armed Services Committee hope to get their overall bill marked up before summer and expect the Democratic-run Senate Armed Services Committee to complete its version by then, too. That would allow a conference between the two bills to be completed by September and passage before Congress adjourns for the November elections.

By September, there also will have to be some settlement of fiscal 2013 appropriations, with a continuing resolution covering all those departments whose individual bills have not passed.

Then there is the Dec. 31 deadline for dealing with the Bush income tax cuts, both for middle- and upper-income people.

Adding to all that, neither party has produced a solution for the additional deficit-reduction program of $1.2 trillion in increased revenue or cuts over the next 10 years required under the BCA. Otherwise, sequestration, the automatic reduction of some $600 billion in security and an additional $600 billion in non-security spending must be made starting Jan. 3.

It is not a good time to be a Pentagon planner or program manager.

http://www.washingtonpost.com/world/national-security/house-skirmish-over-defense-spending-begins/2012/04/25/gIQA5BunhT_story.html?wprss=rss_national-security

 

 

Security Experts Warn of Cyber Threats From Iran

From: www.cio.com

Kenneth Corbin, CIO

April 26, 2012

A panel of experts warned lawmakers on Thursday about the looming threat of a cyber attack emanating from Iran, an increasingly isolated nation that has been linked to numerous attacks against the United States in recent years including a plot last year to assassinate the Saudi Arabian ambassador to the United States in Washington, D.C.

Appearing before a joint House subcommittee hearing, the witnesses noted that Iran has been rapidly accelerating its cyber capabilities, which the nation has been deploying both directly and through proxy groups, such as Hezbollah.

They suggested that Iran, which has been resisting mounting international pressure to submit to inspections of its nuclear program, is turning toward cyber attacks as a channel to attack corporate and government entities in the United States, noting the relative ease with which those attacks can be launched against much larger adversaries.

“Cyber basically levels the playing field. It provides asymmetry that can give small groups disproportionate impact and consequence,” said Frank Cilluffo, associate vice president and director of the Homeland Security Policy Institute at George Washington University. “And whereas they may not have the capability they can rent or buy that capability. There’s a cyber arms bazaar on the Internet. Intent and cash can take you a long way, and that is what I think we need to be thinking about.”

Cyberecurity vs. Privacy

The hearing comes as the House of Representatives is in the midst of a debate on a controversial cybersecurity bill that would create a framework for sharing information about threats to critical digital infrastructure. Several privacy and civil liberties groups have raised concerns that the bill would provide for a nearly unlimited flow of personal information to secretive military agencies with minimal oversight. The bill’s authors have offered a series of changes to narrow the scope of the information-sharing system the legislation would establish, though some groups maintain their opposition.

Many of the threats that the Cyber Intelligence Sharing and Protection Act, or CISPA, is meant to address concern cyber intrusions that expropriate U.S. firms’ intellectual property. But supporters of the bill also note the mounting volume and severity of cyber attacks sponsored by unfriendly foreign governments.

“The threat of cyber warfare may be relatively new, but it is not small,” said Rep. Patrick Meehan (R-Penn.), the chairman of the Homeland Security Committee’s Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies. “Iran has reportedly invested over $1 billion in developing its cyber capabilities.”

Iranian officials have publicly blamed the West for orchestrating the attack in 2010 that saw the Stuxnet worm infiltrate one of the country’s nuclear reactors. While Iran was on the receiving end of that attack, the witnesses at Thursday’s hearing warned that the country’s cyber experts could reverse engineer Stuxnet or other cyber weapons to deploy against critical infrastructure in the United States.

“I would make the argument that Iranian action against the United States through asymmetrical action is more rather than less likely,” said Ilan Berman, a vice president at the American Foreign Policy Council. “Iran appears to be moving increasingly from defense to offense in terms of how it thinks about cyber space.”

Lawmakers raised the concern that Stuxnet marked a fundamental shift in the threat landscape, that with that weapon, cyber warriors had “crossed the Rubicon” to achieve the capability to disrupt critical infrastructure systems such as the electrical grid or databases of electronic medical records. Stuxnet, the fear goes, provided a real demonstration of what had previously been an abstract concern.

“I don’t think it’s a news flash to underscore that we as a country have a lot of work to do on the cyber front,” Cilluffo said, noting Iran’s support for cyber warriors both within the government and through its proxies. “These developments aside, the good news is that if you were to rack and stack the greatest cyber threats … Iran is not at the top.”

Nevertheless, cyber experts continue to press for more concerted efforts on the part of civilian and military agencies to address the threats, urging a higher level of awareness, funding for research and development, and the advancement of cyber weapons that could be used as a deterrent, much as the demonstrations of nuclear weapons during the Cold War illustrated the principle of mutually assured destruction.

“We can’t firewall our way out of this problem,” Cilluffo said. “We need to start thinking about offensive capabilities.”

Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.

 

U.S. House Lawmakers Add $1.1 Billion for Army, Air Force Programs

Apr. 26, 2012 – 12:03PM |

By KATE BRANNEN and MARCUS WEISGERBER

The House Armed Services subcommittee’s markup of the 2013 defense authorization bill blocks the cancelation of the Northrop Grumman Block 30 Global Hawk program.

U.S. House lawmakers frustrated by Air Force and Army decisions to cancel weapons in the 2013 budget have taken the first steps toward reinstating funding for those programs.

In its markup of the 2013 defense authorization bill, the House Armed Services subcommittee on tactical air and land forces recommends adding $1.1 billion above what the Pentagon requested for certain weapons programs.

The draft legislation would block the cancelation of the Northrop Grumman Block 30 Global Hawk program. It directs the Army to continue to buy combat vehicles.

If the legislation were approved, it would require the Air Force to operate the unmanned aircraft through the end of 2014.

The Pentagon requested $75 million for the Global Hawk Block 30, the subcommittee added $263 million to fund continued operations.

The subcommittee would fully fund procurement of 29 Lockheed Martin F-35 Joint Strike Fighter aircraft. It also funds 36 General Atomics MQ-9 Reaper unmanned aircraft, 12 more than the Air Force requested in its 2013 budget proposal.

 

To buy the additional 12 systems, the subcommittee added $180 million to the Air Force’s $920 million request.

The markup authorizes multiyear procurement of the Bell-Boeing V-22 Osprey and funds production of 21 tilt-rotor aircraft in 2013. It also extends the Boeing F/A-18E/F Super Hornet multiyear for a fifth year and funds 26 F/A-18s and 12 EA-18G Growler electronic attack aircraft. It recommends providing an additional $45 million for Growler advanced procurement, which would continue production in fiscal year 2014.

It also authorizes new multiyear procurements for the Army’s CH-47 Chinook, which is built by Boeing.

The subcommittee would prohibit the Air Force from spending money on development of a new radar that would replace the E-8C JSTARS. It calls for a report on how the Air Force will maintain the command and control capability of the E-8C.

It also calls for blocking funding for the Boeing MQ-18 Hummingbird unmanned helicopter “until the Chairman of the Joint Requirements Oversight Council certifies that the MQ-18 UAS is required to meet a capability in the Department of Defense manned and unmanned medium-altitude intelligence, surveillance, and reconnaissance force structure and that an existing UAS cannot meet the required capability or be modified to meet the required capability.”

The subcommittee’s markup recommends fully funding the Army’s Ground Combat Vehicle, which is currently in the technology development phase.

While the subcommittee is supportive of adding a third maneuver battalion to the Army’s Heavy and Infantry Brigade Combat Teams (BCTs), it is worried the Army plans to cut too many heavy brigades.

With the 2013 budget request, the Pentagon announced the Army would be cutting eight BCTs, as part of its troop reductions. In the active duty force, the Army has 17 Heavy BCTs, 20 Infantry BCTs, and eight Stryker BCTs. The Army has stated that at least two of the eight BCTs being eliminated would be heavy brigades.

This spring, Gen. Ray Odierno, chief of staff of the Army, testified that the Army is conducting a force-mix study that could lead to further heavy brigade cuts. He also said the Army’s tank fleet is in excellent shape and therefore the Army has decided to temporarily shutdown the production lines for the M1 Abrams tank and the Bradley fighting vehicle until upgrades were needed beginning in 2017.

In its markup of the authorization bill, the subcommittee says not enough information is available about the Army’s future needs or the risks associated with temporarily closing the combat vehicle production lines.

In the absence of the force-mix study results and a quantitative analysis of the impacts to the combat vehicle industrial base, the subcommittee recommends providing funding to keep those production lines open.

The subcommittee recommends an additional $181 million for continued M1 Abrams tank upgrades and $140 million for upgrades to the Bradley fighting vehicle. It also adds $62 million to increase 2013 production for the M88A2 Improved Recovery Vehicle.

 

The subcommittee would also like a report on potential future roles for the Army’s UH-72 Lakota helicopter, built by EADS North America. Today, the helicopter supports National Guard operations in the United States, assisting in border security, disaster response and troop transport. The subcommittee would like more information on the costs associated with making the helicopter suitable and survivable in combat operations and non-permissive environments.

The subcommittee encourages the Army to continue to pursue an alternative engine for the Shadow unmanned aircraft system. Today’s engine runs on high-octane gasoline, creating a difficult logistics burden for soldiers, the report notes.

The subcommittee would also like to see the Army develop a soldier-wearable universal controller for all of the robots and unmanned aircraft systems, cutting back on the number of proprietary controllers that exist in the force today.

The mark adds $250 million for National Guard and Reserve equipment.

 

 

Nation’s aging electrical grid needs billions of dollars in investment, report says

Washington Post

By Ashley Halsey III,

 

Plan to spend about $75 billion a year if you want to keep the lights on and your iPhone charged.

Figure on about $9.4 billion a year if you’d like the toilet to keep flushing.

Or, for about $262 billion a year, you can get the whole package, salvaging the electrical grid, repairing water and sewer systems, overhauling decrepit highways and bridges, updating rail systems and expanding overcrowded runways.

A staggering investment is needed in infrastructure that is reaching the end of its life span if the United States is to remain competitive and serve its growing population.

The experts have been saying that for years, and the latest report on an aspect of their concern was released Thursday, when the American Society of Civil Engineers (ASCE) described the nation’s electrical grid as a patchwork system that ultimately will break down unless $673 billion is invested in it by 2020.

If investment isn’t increased by at least $11 billion a year, the report said, the electrical service interruptions between now and 2020 will cost $197 billion.

“Electricity was primarily a luxury when the majority of our grid was built 50, 60 years ago,” said Otto Lynch, vice president of Power Line Systems. “Today it’s an absolute necessity. Business comes to a screeching halt when the electricity goes out. We don’t have our computers, the Internet isn’t there, credit cards don’t work, and what would we do if we couldn’t charge our iPhones?”

The report describes an electrical system that dates to the 1880s, just after Thomas Edison invented the first commercially practical light bulb. It grew much as the country grew, in haphazard fits and starts with pieces that now fit together in an imperfect match of power plants, power lines and transformers of widely varying age, condition and capacity.

“If we keep investing as we are today, we’re headed for some serious financial and economic difficulties,” said Jim Hoecker, former chairman of the Federal Energy Regulatory Commission (FERC). “The investment gap that we’re facing is a little scary. In fact, it’s a little more scary than the report indicates. We’ve got a congested system that keeps electricity costs artificially high, and that translates into higher rates for consumers.”

Aging equipment and bottlenecks in the grid that routes power where it’s most needed have resulted in some brownouts and occasional blackouts. Although investment by power companies has mitigated those failures, the ASCE report said, they will get worse unless billions of dollars are poured into the system.

The system that delivers light at the flick of a switch consists of 5,800 major power plants, 450,000 miles of high-voltage transmission lines that connect them to areas of demand, and overhead and underground lines that deliver them to buildings and to that light switch.

ASCE President Andy Herrmann described the nation’s power generation as “close to adequate” but said the system that delivers power is badly deteriorated. Lynch, whose company provides consulting and software for power line projects, compared the power grid to an overloaded water system where the pressure on the system increases each time a burst pipe shuts down a portion of the network.

“We’re at a state where we can’t take a line out to fix it,” Lynch said. “We’ve got poles rusting, we’ve got towers falling down, that we can’t take out of service.”

As new plants and sources of electricity come on line, and old ones are retired, the patchwork system becomes more problematic, he said.

“Basically, it’s like moving a fuse panel to the other end of your house,” he said, “and you’re going to have to add new wires, and your old wires are going to have to be upgraded to handle the additional current.”

The good news, said Curt Hebert Jr., another former FERC chairman, is that private capital is available for investment in electrical infrastructure.

“The money is sitting on the sidelines,” Hebert said. “Why is the money sitting on the sidelines? For the most part because we haven’t inspired anybody to get out there and build this infrastructure in a way that they might believe there’d be a return” on their investment.

http://www.washingtonpost.com/local/trafficandcommuting/nations-aging-electrical-grid-needs-billions-of-dollars-in-investment-report-says/2012/04/26/gIQAEl12jT_story.html

 

More College Grads Could Mean Billions for U.S.

PewStates.Org

by Ben Wieder, Staff Writer

If states don’t improve their college graduation rates, it could cost the country hundreds of billions of dollars, according to findings released yesterday (April 26) by the Center for Law and Social Policy and the Center for Higher Education Management Systems.

The report looked at college “attainment” rates, or the percentage of 25 to 34 year olds with at least an associate’s degree. Top degree-producing countries, such as Canada, South Korea and Japan, are on pace to achieve 60 percent college attainment rates by 2020. That’s also the goal set by President Obama. While numerous hurdles exist before achieving that goal, the report says that if the U.S. doesn’t meet the 60 percent target by 2025, it could cost the country $600 billion in lost tax revenue and increased spending on Medicaid and prisons.

Reaching the goal will require the federal government to maintain support for programs such as Pell Grants, which give low-income students scholarships, and states to invest more in higher education and better track which sectors of higher education are most successful in producing grads.

Massachusetts, North Dakota and New York are currently best poised to achieve the 60 percent goal by 2025, according to the findings. Each states needs to increase college attainment rates by 1.5 percent or less over the next 13 years. Nevada and Alaska have the farthest to go. Each would need to improve its rate by more than 8 percent each year to meet the target. An interactive dashboard released with the report shows the cost and benefit of maintaining current degree levels or improving them.

While that 60 percent goal might be out of reach for some states, Patrick Kelly, a senior associate at the Center for Higher Education Management systems, said that states could achieve more progress by setting specific attainment targets and tying higher education funding to meeting completion goals.

“If you put the money where you want the results,” Kelly said, “it should, over time, happen.”

http://www.pewstates.org/projects/stateline/headlines/more-college-grads-could-mean-billions-for-us-85899383077

 

Lawmakers already talking of punting big issues to 2013

The Hill

By Erik Wasson and Bernie Becker – 04/27/12 05:50 AM ET

 

Lawmakers are growing increasingly anxious about the overstuffed lame-duck session, when they will likely be confronted with a slew of major decisions on taxes and spending.

Democrats and Republicans are now raising the possibility that, with little expected to get done on Capitol Hill before the November election, some or most of those determinations will have to be punted until 2013.

It is impossible to predict what will happen in the lame duck, though more and more people around Washington believe there will be a lot of talk in November and December, and little action. A six-month bill that raises the debt ceiling and basically adheres to current policy has attracted a fair amount of chatter on K Street and in the halls of Congress.

That sort of delay could further undermine how the financial markets and credit-rating agencies view the U.S. government. But leading dealmakers in Congress who want to lay the groundwork now for lame-duck deals on taxes and budget cuts are pessimistic they can even get that done.

“I’ve been through a lot of lame ducks, and you really can’t do [these issues] just in a lame duck,” said Sen. Orrin Hatch (Utah), the ranking Republican on the Finance Committee. “These are earth-shaking issues and any one of them can take time. The only way you can do that is if both sides got together and said ‘we have had enough of that combativeness and let’s work together,’ but I haven’t seen any of it.”

Senate Finance Committee Chairman Max Baucus (D-Mont.) said that short-term extensions could be looming.

“We’ve got to try the best we can to get as much as we can get done,” Baucus said. “Everything is on the table.”

Punting until 2013 might sound easy, but in practice, it would be very difficult. A temporary measure that raises the debt ceiling and retains current policy on taxes and Medicare reimbursement would have a large price tag. In order to pass Congress, much of the bill’s cost would have to be offset, and there aren’t a lot of low-hanging pay-fors that have attracted bipartisan support.

Of course, November’s results will greatly influence how the lame duck plays out. President Obama’s thinking will be shaped by whether he’s preparing for a second term or packing his bags, and Capitol Hill will certainly take the composition of the next Congress into account.

“If you can tell me the outcome of this — who wins, who loses — it makes it a lot easier,” Senate Majority Whip Dick Durbin (D-Ill.) told reporters on Thursday. “The election leaves so many things in doubt, from the White House through the Capitol.”

As it stands, legislators face a long list of policies that will expire at the end of the year — the so-called “fiscal cliff” that Federal Reserve Chairman Ben Bernanke says could imperil the economic recovery.

The Bush-era tax rates on income and capital gains are scheduled to expire come year’s end, while an automatic $109 billion worth of spending cuts triggered by the failure of the congressional supercommittee are set to go into effect at the start of the year.

In the eight weeks between the election and the new year, lawmakers also face an expiration of the payroll tax cut, an across-the-board decrease in Medicare payments to doctors, differing Senate and House appropriations bills and perhaps a need to raise the debt ceiling.

JPMorgan said Thursday that failing to deal with those issues “would lead to an almost certain recession.” But so far, efforts to avert a lame-duck pileup have only served to reinforce this partisan divide.

 

Sen. Olympia Snowe (R-Maine) on Thursday called on Senate Majority Leader Harry Reid (D-Nev.) to cancel next week’s recess in order to start work on the matters that are being left to the end of the year

“We have sufficient time over the next months to consider the array of options rather than relegating these issues to the lame-duck session with last-minute, poorly thought out measures assembled by just a relative few,” she said.

But Senate Democrats shot back that GOP opposition to any new taxes for the wealthy is the reason work is not getting done.

“Most of the looming, end-of-year business could be resolved fairly quickly if Sen. Snowe could convince her Republican colleagues to stop protecting millionaire tax breaks. We look forward to such a reappearance of her trademark independent streak,” said Brian Fallon, a spokesman for the Senate Democratic Policy Committee.

Given the bickering, former Capitol Hill staffers see little possibility that Congress does anything other than punt.

“There is no way on God’s green earth that the last four weeks of the 112th Congress can address all the issues they have effectively been ignored for the previous 48 weeks,” said William Hoagland, a former senior GOP aide who works for Cigna Corp.

Yet, some aides and lawmakers on Capitol Hill maintain they are laying significant groundwork for the lame duck, and argue that hammering out a six-month punt might not be any easier than crafting a longer deal.

And some members who have already announced they won’t be back for the 113th Congress, such as Senate Minority Whip Jon Kyl (R-Ariz.), say they want to act now.

“It would be a big mistake and bad for the country try to put off everything to the lame-duck session,” Kyl told The Hill.

House Republicans say they are preparing for the lame duck by instructing committees to find replacement cuts for the automatic spending cuts, also known as the sequester. Democrats have ripped those cuts, asserting they would hurt the poor.

GOP leaders in the lower chamber are also using planning sessions with their rank-and-file members to prepare for tax issues that could come up before or after the Nov. 6 election.

On the other side of the Capitol, Durbin and Senate Budget Committee Chairman Kent Conrad (D-N.D.) claim the recommendations of Obama’s fiscal commission could serve to jump-start talks in the lame duck. A budget based on those recommendations, however, was soundly rejected earlier this month by the House, 38-382.

Meanwhile, House and Senate Appropriations committees are preparing bills at different spending levels, with the House pushing to come in below the mark from last August’s debt deal.

While the House is preparing sequester replacements with big cuts to social programs, Obama has said he will veto any plan that does not include some revenues.

Rep. Chris Van Hollen (Md.), the ranking Democrat on the Budget Committee, hinted that the ultimate remedy could be producing a “work plan” tied to the extension of some existing provisions that also sets out deadlines for Congress to develop final solutions.

“I think it is difficult to come to some global agreement in six weeks,” Van Hollen said.

Source:

http://thehill.com/homenews/house/224171-congress-punt-lame-duck-high-anxiety

 

Prelude to a Showdown

CQ WEEKLY – COVER STORY

April 21, 2012 – 12:43 p.m.

By Joe Schatz, CQ Staff

It’s become a standard line among political pundits: If you thought last year’s debt ceiling crisis was bad, just wait for the “fiscal cliff.”

Start with roughly $500 billion worth of tax increases and almost $100 billion more in spending cuts that are scheduled to occur at the end of this year. Add in the probable need to raise the limit on federal borrowing, and then multiply by various possible outcomes from the November election. The result is elevated economic risks and the danger of political chaos that will reverberate well outside the Beltway.

That’s why, with no pre-written playbook for what will happen on Capitol Hill seven months from now, aides, lobbyists and Wall Street analysts are digging into their history books for clues and tactical lessons about how the 112th Congress might end.

There’s 1996, for instance, the year President Bill Clinton won re-election after a series of budget standoffs with congressional Republicans allowing him to strike the 1997 deal to balance the budget. There’s 1980, when Congress delayed almost all its major economic decisions until after the election, and Jimmy Carter worked with a lame-duck Democratic Congress to enact their priorities before the Reagan revolution took hold.

The research team at banking giant Morgan Stanley has fixed its eyes on the more troubling years of 1968 and 1969. That’s when Lyndon B. Johnson and Congress imposed a series of surtaxes to combat inflation and finance the Vietnam War, just as Social Security payroll taxes were also rising. The combination helped tip the economy into recession, Morgan Stanley’s researchers found in an analysis last week.

They pointed to 1969 for a reason: It represented a fiscal “tightening” of about 5 percent — roughly the same level of contraction that may occur after Jan. 1, according to Morgan Stanley’s calculations, if the George W. Bush-era tax cuts extended in 2010 expire and the first round of $1.2 trillion in automatic spending cuts stemming from last August’s debt limit law are set in motion.

Estimates about the depth of the coming fiscal contraction vary, but lawmakers from both parties — even the staunchest deficit hawks — want to avoid anything like the nightmare that some analysts fear. Yet, the inability of lawmakers to agree on how to avoid the “fiscal cliff,” as Federal Reserve Chairman Ben S. Bernanke calls it, is the very reason the cliff exists at all. A combination of temporary tax policy decisions, unsuccessful budget-cutting exercises and bitterly abandoned attempts at a “grand bargain” to reorder the federal budget litter the landscape of fiscal policy debates over the past decade.

Members of both parties acknowledge that the outcome this year depends in large part on whether President Obama or his presumed Republican challenger, former Massachusetts Gov. Mitt Romney, wins the presidential election in November — and to a lesser extent, whether Democrats retain control of the Senate.

 

Whether the election results yield compromise, stalemate or another instance of kicking the can down the road will depend on what the winners and the losers see as the risks — or the potential rewards — of allowing the tax cuts to expire and the spending “sequester” to hit just as a new Congress, and perhaps a new president, prepare to take office.

“There are opportunities for compromise,” says the Senate’s No. 2 Democrat, Richard J. Durbin of Illinois. “The question is whether or not it is going to be such a compelling moment that both sides are going to feel the requirement to sit down and compromise.”

Given Congress’s recent penchant for engineering quick, temporary fixes at the last moment, conventional wisdom assumes the government won’t dive off the cliff. And lawmakers, lobbyists and party elders are already weighing in with potential ways to defuse the situation.

Some tax writers anticipate that leaders will devise some sort of extension, perhaps for as long as a year, to give time for larger-scale overhaul of the tax code. But efforts to buy time in a time-constrained lame-duck session might get complicated and face stiff resistance.

“There is a high risk factor of holding everything off to the lame duck,” says Maryland Democrat Benjamin L. Cardin, a member of the tax-writing Senate Finance Committee. Still, Cardin said, some issues could be dealt with in the context of a year-end deal, and some “can be held off until 2013.”

G. William Hoagland, a former Senate Republican budget and leadership aide, is worried about how people outside Washington, particularly investors who buy Treasury bonds and finance the government, will react to another crisis. Hoagland sees hope in the possibility of a six-month extension of all the tax cuts plus the expiring payment schedule for Medicare physicians, combined with a short-term increase in the debt ceiling and a six-month delay in the sequester — offset by some sort of spending cuts in entitlement programs.

“We have to be realistic and put a little bit more certainty in the markets,” says Hoagland, who is now vice president of public policy for insurance company Cigna Corp. “The last thing we need is to have this fiscal cliff hit us. I don’t think that benefits anybody.”

In spite of fervent protests from budget watchdogs and lawmakers themselves, little certainty is likely in advance of the election, before Congress is “peering over into the abyss,” as Durbin puts it. Instead, the coming months will see lawmakers putting down markers and making opening arguments — plainly evident in last week’s Senate vote to reject the so-called Buffett rule to set a minimum tax on millionaires, and the decision by Senate Budget Chairman Kent Conrad, a North Dakota Democrat, to propose a budget mirroring the far-reaching deficit reduction plan produced two years ago by the president’s Simpson-Bowles debt commission.

Likewise, the budget-cutting process undertaken by House Republicans this month, through which committees must find $261 billion in savings to replace January’s $98 billion in sequestered spending cuts, will not lead to enactment of a deficit reduction plan any time soon. But it might be the foundation for a post-election deal.

The potential end-of-year scenarios are many and varied, particularly since control of the Senate is in play and a Romney victory might portend a broader GOP sweep. But with Republicans expected to retain control of the House under almost any electoral forecast, the biggest single factor will be whether Obama wins re-election.

 

Following two years of stalemate between the parties over long-term deficit reduction, a re-election victory by Obama, combined with continued GOP control of the House, seems paradoxically to be the electoral outcome most likely to result in a major deal involving tax increases and spending cuts.

 

Status Quo Continues

In some respects, that’s what happened after the 1996 election, Hoagland says. After two years of budget wars and government shutdowns, Republican leaders chose to avoid another climactic confrontation with Clinton. The result was the 1997 balanced-budget deal, which included tax increases for some at the top of the income scale but an overall tax cut of $275 billion, coupled with $401 billion in spending cuts. That put the government on a path to a balanced budget achieved in fiscal 1998 — four years earlier than promised, thanks to a surging economy.

If Obama is re-elected, optimists see a chance for a replay, building upon resurrected “grand bargain” talks between the president and House Speaker John A. Boehner of Ohio. Boehner’s ally, Michigan Republican Dave Camp, who is chairman of the Ways and Means Committee, has already begun informal listening sessions with his colleagues to feel out their views on overhauling the tax code and avoiding a major tax increase at the end of the year.

Taxes are by far the biggest issue. Obama has made a priority extension of tax cuts that benefit those with incomes below $250,000 and has pledged not to sign into law legislation that extends the tax cuts for those above that limit. Republicans want all the tax cuts extended.

Then, there are the automatic spending cuts. Republicans want to avoid the cuts as they apply to military programs — as do some top Democrats, including Defense Secretary Leon E. Panetta. Both parties also want a deal to forestall looming reductions in Medicare reimbursement rates for physicians. Lawmakers will surely try to prevent tens of millions of middle-income Americans from being saddled with the alternative minimum tax. Authorization for jobless benefits that go to the long-term unemployed is set to expire, as is the Social Security payroll tax cut that has been in effect since January 2011.

“There is so much both sides want, I’m not sure any one item is more important than another,” says one Republican staff member. “At some point, I stop counting who has the leverage and where, because the momentum will be on solving all these issues.”

For all his insistence that the wealthy should pay higher taxes, Obama is likely to face pressure not to let the clock strike midnight Dec. 31 without a new set of tax laws in place — the ensuing partisan maelstrom would get his second term off to a deucedly tumultuous start. The prospect of a big tax increase pinching the economy’s fragile recovery is already causing worries among investors.

“This is a big hit,” says former Congressional Budget Office Director Douglas Holtz-Eakin, who is now chairman of the conservative American Action Forum. “If you’re a reasonable market participant trying to look at the future trajectory of the economy, you have to be concerned about that.”

 

Camp has been vocal about the desire for a committee-led overhaul of the tax code, which may increase pressure for a short-term extension of the expiring tax provisions — such as Hoagland envisions — to give lawmakers time to negotiate.

But lawmakers don’t expect a long-term tax extension such as was enacted in December 2010, if Obama wins. “I don’t think everything is going to get extended again,” says Maryland’s Chris Van Hollen, the top Democrat on the House Budget Committee. “It’s an action-forcing event.”

A path to resolution might be found in the wreckage of last year’s budget negotiations, including the abortive work of a bipartisan, bicameral deficit reduction committee. The yearlong discussions left reams of detailed budget proposals, already scored by the Congressional Budget Office and ready to go, lying around behind closed doors on Capitol Hill.

“Every road leads to a different ending. The big picture here is something big has to happen next year, and we’re probably going to have to the middle of the year to get it done,” says Republican Rep. Devin Nunes of California, a member of the Ways and Means Committee. “When I say something big, that means tax reform along with fundamental entitlement reform.”

Few, if any, Democrats are ready to embrace a lengthy extension, however. And many have doubts that they can force Republicans to negotiate on such fundamental issues as revenue increases. The threat of deep, automatic spending cuts for defense and non-defense programs alike was supposed to keep both sides of the powerful deficit-reduction committee at the table last fall. But it didn’t work.

 

President-Elect Romney

A change in control at 1600 Pennsylvania Ave. would set in motion an entirely different set of scenarios — and lead to much greater uncertainty. That’s why many analyses on and off Capitol Hill see a higher possibility that the tax cuts will expire — if only temporarily — following a GOP takeover of the White House.

A Republican president-elect would be likely to encourage the House to pass a short-term extension of all the tax cuts, and to delay the automatic spending cuts into the new year, when the GOP hand would be much stronger. Senate Minority Leader Mitch McConnell’s incentive to back this approach would be great if the Kentucky Republican’s party won control of the chamber. And one likely outcome would be a 2013 tax overhaul plan that is favorable to conservatives.

“People say, well, ‘You have to save America in the lame-duck session.’ If the results of the election are identical to the current political composition in the House, Senate and the White House, I can make that argument,” Durbin says. “But if there’s a change, one party’s going to view an advantage in waiting.”

A Republican victory would hand Obama and Senate Democrats a stark choice. The president might pick up his marbles and go home, wielding his veto pen and allowing the tax cuts to expire. That, in turn, might result in little political fallout for his party, because the election would be in the rear-view mirror.

“If Romney wins, you probably will not do anything until he is sworn into office,” says Democratic Rep. Bill Pascrell Jr. of New Jersey. “I’m not so sure President Obama will simply extend the tax cuts.”

 

Obama and his lieutenants have been more aggressive in pledging to end the upper-income tax cuts than they were two years ago. Indeed, the president has centered his re-election campaign on the principle of economic fairness. Many liberals were disappointed in 2010 when Obama bowed to the new political dynamics of Washington after the mid-term election and agreed to extend all of the Bush-era tax cuts for two years.

“The answer is that the American people are very clear: It’s totally absurd to be maintaining tax cuts for millionaires and billionaires when we are running $15 trillion debts,” says independent Sen. Bernard Sanders of Vermont. Asked whether he’s confident that the president will hold firm, Sanders just laughed. “Call him up at 1600 Pennsylvania Ave. and tell him I told him he should talk to you.”

Still, Obama might see such a confrontation as a poor way to end his presidency. And many congressional Democrats may find it in their interest to negotiate with Republicans while they still have control of one chamber and the means to influence the contours of a deal.

That, in effect, is what happened in late 2002 after the mid-term election. Defeated Senate Democrats, faced with minority status and unified Republican control of the White House and Congress the following January, decided to settle their differences on a long-stalled proposal to create the Department of Homeland Security.

The atmosphere “has a profound impact on what happens in the lame duck,” says one Senate Republican aide. “Who’s going to give depends on whose butt got kicked.”

And for all the vocal Democratic opposition to extending tax cuts for the rich, the real views within the party on how to tax the most well-off Americans are divided. Conservative Democrats and some members from high-income blue states are reluctant to raise taxes sharply on the wealthy. That’s one reason why Senate Democrats never took a vote on extending only the middle-class tax cuts in the run-up to the 2010 mid-term election.

If the immediate outcome on taxes following a Romney election appears unsettled, that may not be the case for the automatic spending cuts. Congress is still likely to do something to reorder the sequester before it takes effect.

There might even be ways to avoid immediate tax increases or spending cuts without legislative action. If lawmakers and the White House announce their intention to act, the Obama administration might leave in place existing tax withholding rates and tinker with discretionary spending allotments, said Joseph Minarik, a former White House budget office chief economist who is now at the Bipartisan Policy Center, in a recent blog post.

 

Wild Cards in the Deck

The election isn’t the only force that might drive Congress to act — or not. Lurking in the background is the Supreme Court’s expected ruling on the 2010 health care overhaul. If the law is struck down, that might have big consequences for the course of both mandatory spending and taxes.

And the biggest wild card of all is the state of the economy.

 

Allowing taxes to rise and spending cuts to occur would immediately, and dramatically, shrink the deficit. But vigorous economic growth has a way of dampening Congress’ always-limited appetite for steps aimed at trimming the deficit. A case in point was the 1997 budget deal, which reduced spending enough to allow for a large overall tax cut.

If the big employment gains recorded in January and February return after a lackluster March, and if gasoline prices don’t reach the dangerous threshold of $5 a gallon, and if growth ticks higher, the result won’t just help Obama at the polls. Those events might begin to shrink the deficit in a measurable way, giving lawmakers more of an incentive to extend expiring tax cuts and put off expected spending cuts.

An economic slowdown would possibly make Democrats more reluctant to raise taxes, as was the case in late 2010.

“The election won’t be the only factor determining whether these policies are addressed at year end. First and foremost, changes in the economic outlook could force lawmakers to shift their positions,” the Goldman Sachs economic research team said in its April 4 analysis.

But the economy also has a far more practical impact on the dynamics, and the timing, of the post-election debate. That’s because a strengthening economy and robust tax receipts over the summer would postpone the need to raise the debt ceiling, possibly until 2013. That might allow lawmakers and the president to agree on a short-term fix to the tax and spending questions, to carry them into the new year.

If Treasury borrowing threatens to bump into the debt ceiling before the end of 2012, however, the question becomes much more complicated. The debt limit will inevitably become the vehicle for acting on the tax cuts and the sequester.

“The fact that the government would need to address a potential debt ceiling increase would be non-negotiable. Nobody today can forecast what that would look like,” says Eric Ueland, who served as chief of staff to former Senate Republican Leader Bill Frist of Tennessee, and is now a lobbyist with the Duberstein Group. “It becomes a driver on all the other policies.”

How the debt ceiling plays into the showdown may depend on what lessons lawmakers took from the debilitating 2011 debate, which ended with foreign governments shaking their heads, and Standard & Poor’s dropping the Treasury’s credit rating a notch. The move was largely symbolic — and had no effect on interest rates or Treasury’s ability to borrow — but it weighed on lawmakers’ minds nonetheless.

A re-elected President Obama may have more power to force a quick debt ceiling increase — and hence a quick, broader fiscal deal. Many Democrats have questioned why he didn’t do just that back in late 2010, when Republicans were demanding an extension of the Bush-era tax cuts.

“It will be a big test in Washington, a big test of the country to govern itself in how Washington deals with those challenges,” said Treasury Secretary Timothy F. Geithner at the Brookings Institution last week. Geithner said it would be good for the country to dispense with “all the drama, politics and damage that Republicans and Congress imposed on the country last summer.”

South Dakota GOP Sen. John Thune says Republicans again want to use the debt ceiling as a means to force entitlement spending cuts. But ask Thune — or any other lawmaker — to game out the likelihood of that in the post-election session, and the answer is almost always tentative. That’s because when it comes to the fiscal cliff or “taxmageddon” — choose your hyperbolic name — all bets are off.

“There are, like, three different permutations that I think we could end up with,” says Thune, who is mentioned frequently as a possible Romney running mate. “There is certainly a Republican wish list that we would like to see addressed. But I think whether or not we’re able to achieve that will depend a lot on the election.”

 

http://public.cq.com/docs/weeklyreport/weeklyreport-000004066985.html

 

 

The Internet has become too big to fail, says In-Q-Tel’s Dan Geer

NextGov

By Dawn Lim

April 20, 2012

The growth of electronic health record systems and the push to integrate digital technology into electrical grids is adding security threats and “new failure modes to the world we live in,” Dan Geer, chief information security officer at CIA venture capital arm In-Q-Tel, warned on Wednesday. He spoke as keynote speaker at security conference SOURCE Boston.

The ways that our day-to-day operations have become tied with the Web is creating an Internet ecosystem that is “too big to fail,” Geer argued. Geer was famously dismissed from his position as chief technology officer at the boutique security firm @stake, after authoring a 2003 study on the security implications of Microsoft’s monopoly in the software industry.

“Remember that the Internet was built by academics, researchers, and hackers — meaning that it embodies the liberal cum libertarian cultural interpretation of American values, namely that it is open, non-hierarchical, self-organizing, and leaves essentially no opportunities for governance beyond protocol definition,” Geer said. “Anywhere the Internet appears, it brings those values with it.”

In this landscape, over-complex IT systems pose a problem: they prevent people from seeing how closely connected different parts of a system are, and that a fault in one part could bring the rest of it down, he said.

It is important then, that backup processes are instituted, in the event of system failures. “Preserving fallback is prudent if not essential,” Geer said. “Bounding dependence is a rational part of risk management.” Read Geer’s full speech here.

http://www.nextgov.com/big-data/2012/04/the-internet-has-become-too-big-to-fail-says-in-q-tels-dan-geer/51066/

 

[nominal delivery draft, SOURCE Boston 18 April 2012]

 

Criticality, Rejectionists, Risk Tolerance

Daniel E. Geer, Jr.    

 

Good morning all. Thank you for the invitation to be here today. I remind you that, as always, I speak for myself.

Were this a formal debate, the title would be the assertion “Resolved: The Internet is no place for critical infrastructure.”

I say that, in part, to get your attention and in part to open a line of thought about what is critical and the degree to which that which is critical is defined as a matter of principle and the degree to which that which is critical is defined operationally, that is to say, I am distinguishing what we say and what we do.

Main stream media and bloggers alike love to turn a spotlight on anything they can plausibly call “hypocrisy,” the dictionary meaning of which is the act or practice of pretending to be what one is not or to have principles or beliefs that one does not have, especially the false assumption of an appearance of virtue[1]. The debate topic I am proposing can therefore be restated as a calling “hypocrisy!” on the claim that the Internet is a critical infrastructure either directly or by transitive closure with the applications that run on or over it. If it were, the divergence between our beliefs and our practices would be necessarily narrower.

It is possible that in writing this talk that I am in part echoing how a free-range cattleman felt about the coming of barbed wire, roads, and land title to the American West. The great cattle drives of the West lasted twenty years before other kinds of progress made them impossible. Commercial Internet traffic began twenty years ago last summer.[2]

Douglas Adams, in the posthumous book _The Salmon of Doubt_, described our reactions to technologies:

1. Anything that is in the world when you’re born is normal and ordinary and is just a natural part of the way the world works.

2. Anything that’s invented between when you’re fifteen and thirty-five is new and exciting and revolutionary and you can probably get a career out of it.

3. Anything invented after you’re thirty-five is against the natural order of things.

I admit all that and more, but recalling Winston Churchill’s “[That] the further back I look, the further forward I can see,” it seems to me that either the wide open range that is the freedom of an Internet built on the end-to-end principle must die, or else we must choose to not allow the critical infrastructure of our lives to depend on that Internet.

By now, we have all the evidence we need to show that confidentiality, integrity, and availability for data or systems does not occur by magic, that it must be designed in in the first place and it must be renewed often — designed as bolting it on after the fact has been shown to generally fail, renewed often as designing anything to be entirely future-proof is so far from easy as to be unlikely.

The so-called Hobson’s choice is where one is given a “take it or leave it” proposition, which is said to be not much of a choice at all. Although I suspect this applies to no one in today’s audience, consider the Internet as a Hobson’s Choice. You either get it, warts and all, or you get nothing.

Last Friday, the Pew Foundations published a report[3] that talked about so-called “digital differences” in the U.S. As they point out, One in five American adults does not use the Internet. Among adults who do not use the Internet, almost half [said] that the main reason they don’t go online is because they don’t think the Internet is relevant to them. … Though overall Internet adoption rates have leveled off, adults who are already online are doing more.

For Pew, this is another examination of the so-called “digital divide” but I think that it is something to consider in a different light. For those 10% who, presented with a take it or leave it proposition regarding the Internet, choose “leave it,” the Internet does not register as a desirable and may, for some of them, be undesirable.

I grew up without television and have never myself bought or owned one. I suspect there are a few in this room for whom the Hobson’s Choice with respect to television has also been, or has become, “leave it.” So far as I know, there is no social opprobrium, no implication that you are a loser, if you opt out of television. It is merely a choice. Such a choice entirely frustrates a whole swath of advertisers no doubt, and since the majority of the money given to politicians this election season will doubtless be spent on television buys, one might even say that the refusal to participate in television delivers a mildly antisocial side effect, especially if the television ads are what actually elect the next President. If your choice to leave television out of your life is so that you can be consistent with an organized set of moral beliefs of which avoiding television is only one, then there are many sophisticated observers who will immediately suggest that you have been in some way brainwashed. Nevertheless, other than the fraction of the cost of anything you buy that is attributable to the carried forward advertising budget of its manufacturer, you can be rather independent of television and live a good life.

That 10% of the population that doesn’t see any reason to bother with the Internet is surely similar to whatever fraction of the population doesn’t see any reason to bother with television. As with those opting out of television, whatever the Internet rejectionists buy will include the cost of Internet advertising bought by the manufacturer, but surely that is all. Surely they can refuse the Internet and have that be just as it sounds, something that they choose not to do anything with and therefore inconsequential to their life, the way television is inconsequential to mine?

Not so fast. We are at the point where it may no longer be possible to live your life without having a critical dependence on the Internet, even if you live at the end of a dirt road but still occasionally buy nails or gasoline. Unlike television, where, at most, it is choosing the President or deciding what colors will dominate the spring collection, you cannot entirely unplug from the Internet even if you want to. If you are dependent on those who are dependent on television, then so what? If, however, you are dependent on those who are dependent on the Internet, then so are you. Dependence with respect to television is not transitive. Dependence with respect to the Internet *is.* The source of risk is dependence, and especially dependence on expectations of system state. My definition of security itself has co-evolved with my understanding of risk and risk’s source to where I today define security as the absence of unmitigatable surprise.

It is thus obvious that increasing dependence means ever more difficulty in crafting mitigations, and that increasing complexity embeds dependencies in ways such that while surprises may grow less frequent, they will be all the more unexpected when they do come, and come they will.

Because dependence on the Internet is transitive, those who choose “leave it” with respect to the Internet only get to say that in the first person; they are still dependent on it unless they are living a pre-industrial life. That rejectionists depend on people who are not rejectionist is simply a fact, a fact in the same way that the sun rises in the East is a fact. Everyone has a stake in the game.

At the same time, the rejectionists do have some species of impact on the Internet-happy, something more substantive than not buying geejaws from Internet marketeers. To the extent that we are willing to admit it, the rejectionists are now a kind of failsafe. If we begin to penalize the rejectionists, that is to say force them to give up on their rejectionism, we will give up a kind of societal resiliency.

What do I mean? Let me illustrate this at the personal level. I have a 401(K) retirement account with Fidelity Investments, a Fortune 500 firm within rifle shot of where I stand. In the past few months, I have learned that Fidelity no longer accepts client instructions in writing. They only accept instructions over the Internet or, as a fall back for the rejectionist, over the phone. They simply do not accept the canonical wet ink signature on bond paper. I have sent them paper letters. They have responded in e-mail that says what I just said, though I should note that I never gave them my e-mail address and wouldn’t have if asked. The main response on Fidelity’s side is that their auditors approve of their scheme. The main response on my side is “So what?” which, of course, is my way of saying that Fidelity’s auditors work for them, not me. It will doubtless not surprise you that the e-mail letters do not contain a digital signature and, in any case, what is the equivalent of that for a phone call? Mind you, Fidelity still sends paper statements and to the same mailing address from which I have been writing.

A second personal example; I choose not to do Internet banking. I use a small, local bank — one that is far from being too big to fail. When they announced the availability of online banking, I sent them a letter stating that as I would not be using that service, that I would appreciate it if they would turn off access to my unused account or, at the least, to raise an alarm if anyone ever tried to use the account waiting in my name. To their eternal credit, they agreed without any argument. That is not the norm — try, as I have, to tell that to the part of ADP that runs the get-your-W2-online service called iPay. One might consider that a company unwilling to turn off your potential access because you ask them to do so is a company which does not, in fact, care about your security. If you will not use the account set up in your name, then you are sure to not notice that someone else has begun to do so, at least while your money or your data are still intact. An ounce of prevention is worth a pound of cure; I don’t care if ADP is sure to be outstandingly prompt in sending me a data breach notice and/or buying me three year’s worth of credit watch were someone to use the ADP account prepared for me; I care that it is made inoperable. I care that I not have a dependence on ADP’s Internet security, however good it may be.

If there are any Estonians in the audience, you are by now sure that I am quite mad. For those of you who are not, Estonia is perhaps the most Internet dependent country, a fact that has certainly worked well for them on balance.

Quoting from an article this past Sunday in The Guardian,[4]

42 Estonian services are now managed mainly through the [I]nternet.

Last year, 94% of tax returns were made online, usually within

five minutes. You can vote on your laptop (at the last election,

[the President of Estonia] did it from Macedonia) and sign legal

documents on a smartphone. Cabinet meetings have been paperless

since 2000. Doctors only issue prescriptions electronically,

while in the main cities you can pay by text for bus tickets,

parking, and — in some cases — a pint of beer. Not bad for

country where, two decades ago, half the population had no phone

line. Central to the Estonian project is the ID card, introduced

in 2002. Nine in 10 Estonians have one, and — by slotting it

into their computer — citizens can use their card to vote

online, transfer money and access all the information the state

has on them. “There’s nothing on the ID card itself, because

that could be dangerous if you lost it,” says Katrin Pargmae

who is in charge of public awareness at RIA, the country’s

[I]nternet authority. “It only gives you access to the database

if you type in the right code.” You can also present the card

at the pharmacy to pick up a prescription. On public transport,

it doubles as a ticket. Many people also have special ID chips

on their mobile sim cards that allow them to pay people by text.

 

That is entirely impressive and, as the article suggests, a degree

of Estonian pride is entirely in order. That degree of dependence

happens not to be for me; I want to retain the ability to opt out

of most direct dependence on the Internet, viz., to opt out of that

dependence which is the root of risk. I mean that as stronger than

a preference, but weaker than an ultimatum.

 

In a free society, that which is not forbidden is permitted. In a

non-free society, that which is not permitted is forbidden. The

US Supreme Court is presently reviewing whether the Congress can

forbid the citizen to not have health insurance, that is to say

whether the government’s monopoly on the use of force can be deployed

to collectivize the downside risk of illness. That is not an option

I favor, but just as forcibly collectivizing the downside risk of

illness has its proponents, so, too, does forcibly collectivizing

the downside risk of Internet exposure.

 

Just as Estonia is well ahead of nearly everybody in productive

dependence on the Internet, so too is China well ahead of nearly

everybody in forcibly collectivizing the extent and manner in which

the Internet is available to Chinese users. As sovereigns, the

former is Estonia’s right just as the latter is China’s right. I

want neither even though I must acknowledge that as nations decide

on their particular mix of dependencies, the Internet will be

dramatically balkanized. The Internet will never again be as free

as it is this morning.

 

I spent a decade and a half working in Harvard’s teaching hospitals,

especially the Beth Israel Hospital. On November 13, 2002, a total

computer outage at the Beth Israel began.[5] The initiator was

inadvertent high volume data sharing amongst researchers; the impact

was reverting to paper for four days. The event was severe,

unexpected, and recovery was frustrated by complexity. During those

four days, doctors and laboratory personnel over 50 years old could

effortlessly cope; most of the rest could not. Put differently,

that fall back to manual systems was possible saved the day, and

it was those who could comfortably work without network dependence

who delivered on that possibility, because they had done so at

earlier times.

 

Let me now state the central thesis of this essay, and it is this:

Accommodating rejectionists preserves alternate, less complex, more

durable means and therefore bounds dependence. Bounding dependence

is a rational part of risk management.

 

Everyone here who has worked in systems administration knows that

redundancy enables uptime guarantees. Everyone who has been at the

sysadmin game for any significant time also knows that if you don’t

detect when that redundancy is busy saving your bacon, then you

will soon be in big trouble. If I only need 4 out of 5 systems to

be running, then the failure of any one system will cause no effect.

If, however, I don’t notice that I’ve had that fail-over event,

then any subsequent failure is non-recoverable and a surprise. One

of the principal arguments for hot standbys is that when the fail-over

has to happen, the equipment to which the fail-over is directed is

known to be working.

 

Ten years ago, Bill LeFebvre gave a USENIX talk on the operational

changes driven by the impact of 9/11 on the web presence of the

Cable News Network, better known as CNN. In it, he described how

when demand spikes they shed load, but in the case of CNN, shedding

load meant taking, say, the Cartoon Network’s servers and re-purposing

them on the fly. These days, there are probably lots of VMs and

clouds involved, but the idea is the same, that having hot standbys

beats having spare, unused capacity any day since amortizing the

cost of the hot standbys through, say, running the Cartoon Network

on them is financially sound and, which is more, it guarantees that

you know the hot standbys work when the fail-over is necessary,

such as when there is an order of magnitude spike in demand for

news. Anyone who has ever found that their emergency generator

didn’t start when it needed to also knows what I am talking about.

So has anyone who has ever gone to one’s backup media only to

discover that they are blank.

 

Summing up so far, risk is a consequence of dependence. Because

of shared dependence, aggregate societal dependence on the Internet

is not estimable. If dependencies are not estimable, they will be

underestimated. If they are underestimated, they will not be made

secure over the long run, only over the short. As the risks become

increasingly unlikely to appear, the interval between events will

grow longer. As the latency between events grows, the assumption

that safety has been achieved will also grow, thus fueling increased

dependence in what is now a positive feedback loop.

 

In the language of statistics, common mode failure comes from

under-appreciated mutual dependence. Quoting from NIST’s section

on redundancy in their “High Integrity Software System Assurance”

documentation[6]:

 

[R]edundancy is the provision of functional capabilities that

would be unnecessary in a fault-free environment. Redundancy

is necessary, but not sufficient for fault tolerance. … System

failures occur when faults propagate to the outer boundary of

the system. The goal of fault tolerance is to intercept the

propagation of faults so that failure does not occur, usually

by substituting redundant functions for functions affected by a

particular fault. Occasionally, a fault may affect enough

redundant functions that it is not possible to reliably select

a non-faulty result, and the system will sustain a common-mode

failure. A common-mode failure results from a single fault (or

fault set). Computer systems are vulnerable to common-mode

resource failures if they rely on a single source of power,

cooling, or I/O. A more insidious source of common-mode failures

is a design fault that causes redundant copies of the same

software process to fail under identical conditions.

 

That last part — that “A more insidious source of common-mode

failures is a design fault that causes redundant copies of the same

software process to fail under identical conditions” — is exactly

that which can be masked by complexity precisely because complexity

ensures under-appreciated mutual dependence.

 

Which brings us to critical infrastructure and the interconnection

between critical infrastructure by way of the Internet. For the

purpose of this essay, I will use the definition found in Presidential

Decision Directive 63, issued by then-President Clinton[7]:

 

Critical infrastructures are those physical and cyber-based

systems essential to the minimum operations of the economy and

government.

 

Note the wording “essential to minimum operations” — that does not

read as a requirement that the armor deflect all bullets, only that

no bullet be paralyzing. One of the great Allied victories of World

War II was getting 338,000 soldiers off the beaches of Dunkirk using

800 “little boats,” a paragon of the phrase “essential to minimum

operations” as none of them were warships in any formal way.

 

If defined in its technical sense, the Internet is a network of

networks, not a single entity. That the majority of its main

protocols were designed precisely for fault tolerance and for the

absence of common mode failure has been proven out in practice,

perhaps nowhere as spectacularly as when Bill Cheswick and Steven

Branigan mapped Yugoslavian networks during the NATO bombardment

in the spring of 1999.[8] Those main Internet protocols worked so

well that innovation blossomed simply because the Internet did not

depend on the flawless functioning of every one of its moving parts.

It was not designed, however, for resistance to targeted faults,

which, as Laszlo Barabasi showed, cannot be done at the same time

as you are designing for resistance to random faults.[9]

 

In an Internet crowded with important parts of daily life, the

chance of common mode failure is no idle worry. The Obama

administration is committed to increasing dependence on the Internet

on two fronts, either of which might be said to be themselves

“essential to the minimum operations of the economy and government.”

First, is the press for electronic health records. Second, is the

press for the so-called Smart Grid. As with most garden paths,

there is nothing wrong interior to the arguments for electronic

health records or for smart grids. Both have eminently useful

results for which a desire is rational. Both illustrate my point.

 

With respect to electronic health records: Their utility depends

on the smooth functioning of electric power, networks, computers,

displays, and a range of security features that we can discuss

another day, particularly as it relates to maintaining consistency

across multiple practices. With respect to the Smart Grid: Its

utility depends on almost everything we now know about power including

the absolute necessity of good clocks, a wide range of industrial

controls operated flawlessly at a distance and guaranteed not to

lie about their state, and another range of security features we

can also discuss some other day.

 

Because both of these involve new levels of exposure to common mode

risk, some of which are risks electronic health records share with

smart grids, they will add new failure modes to the world we live

in. On good days, both will deliver far better, more cost-effective

benefits than that which we now have. On bad days, the reverse

will be true and, as the Beth Israel example proved by demonstration,

doing without those benefits will be easier for those who can

remember not having had them.

 

Put differently, each new dependence raises the magnitude of downside

risk, the potential for collateral damage, and the exposure of

inter-relationships never before contemplated. Forget the banks,

it is the Internet that is too big to fail. While there is no

entity that can bail out the Internet, there is no meaningful country

that is not researching ways to disrupt the Internet use of their

potential adversaries. The most a country can hope to do is to

preserve the Internet interior to itself, as Estonia demonstrated

when under attack from Russia. Of course, at some level of transborder

interconnection, the very concept of “interior” loses meaning just

as every one of you here knows if you have ever had to explain

perimeter defense to a new client or counterparty.

 

Now let me hasten to add that where ignoring the risk is negligence,

a sin of omission, purposely inflating the risk is fraud, a sin of

commission. As Dinei Florencio and Cormac Herley showed in their

2011 paper at the Workshop on the Economics of Information Security,

the estimates we have of the impact of cybercrime are all but surely

universally inflated, the sin of commentators who may have been

able to merge omission and commission. This is an important point,

enough so that a shortened form of the WEIS paper appeared as an

invited OpEd last Sunday in the New York Times.[11]

 

I’ve come to the conclusion that part of what makes a good security

person is some sort of intrinsic fascination with failure. I am

certain that designing for tolerable failure modes is precisely

what security engineering is fundamentally about. If I am right,

then the failure mode you did not think of will not be in your

design and, therefore, whether it is tolerable will depend on many

things, perhaps even the phase of the moon. The question, then,

is whether tolerable failure modes can be themselves designed, that

is to say whether a failure mode never before possible can be added

to the system?

 

No country, no government, no people need rules against things which

are impossible. Obviously, the on-rush of things never before

possible creates vacuua where, in the fullness of time, there will

have to be rules. As the current Mayor of Chicago put it in his

characteristically blunt way, the creation of rules is easier in a

time of crisis and, therefore, one must “never let a good crisis

go to waste.” He is right as a matter of observation; he is wrong

as a matter of probity. Just as driving under the influence of

alcohol is wrong, so is making policy under the influence of

adrenaline. The law-making of the last decade is illustrative, but

the point is hardly new; eleven years before he became the fourth

President of the United States, James Madison said that:

 

Perhaps it is a universal truth that the loss of liberty at home

is to be charged to provisions against danger, real or pretended,

from abroad.

 

One wonders how Madison would feel about an interconnected world

where “abroad” has so thoroughly lost its meaning, at least with

respect to Internet-dependent critical infrastructure if not national

frontiers.

 

Six weeks ago, more or less, I gave a speech asking whether having

people in the loop for security is a failsafe or a liability.[12]

I won’t recount the arguments here, but I will give my conclusion:

That a good security design takes people out of the loop except

when it cannot and, when it cannot, it is clear that this is so.

I gave two examples;

 

My previous employer was Verdasys where I was Chief Scientist

for the product design team. For those with a deep background,

my product was a distributed, recording version of the Orange

Book’s “Reference Monitor” implemented as a rootkit. That said,

we could do nearly anything to detect and modify data handling

of any sort at any granularity.

 

We installed at a major hospital. There, the Chief of Medicine

demanded that under no circumstances could our product block

access to patient data since who knows what sort of emergency

might be in progress. At the same time, the General Counsel

demanded that under no circumstances could our product permit a

breach of regulatory controls on data handling. The solution

to this standoff was that whenever someone asked for data that

was nominally forbidden, a popup window would appear which said

“Against policy. Click here to proceed.” With that, no data

was denied but at the same time no person could deny having

intent. This finesse represented the well-placed insertion of

a tiny bit of sentience in an otherwise fully automated protection

regime.

 

The other example;

 

I have good relations with a number of the largest banks. One of them has long since made user-level provisioning a completelyautomated process. This automated provisioning control include de-provisioning — what you might describe as removing Dan’s access within 120 seconds of the time Dan submits his letter of resignation or, for that matter, slugs a Managing Director on

the trading floor. Fast, hands off, one-button deprovisioning makes regulators happy. It makes General Counsels happy. But it’s a nightmare if it goes into a loop. The bank I’m thinking

of has coded for this explicitly; if 50 resignations have come in within an hour, the deprovisioning system halts and will not proceed until a human gives it authority to proceed. Putting a human back into the loop has saved their bacon at least once.

 

These are examples where putting a human in the loop, that is to say falling back from automation, has proven to be a breakthrough finesse. Both were designed that way, neither was an accident, and both required real labor in getting everyone on the same page.

 

Is such an outcome something that can only be done on a case by case basis, something that cannot become part of a security discipline in the large, something that avoids both sins of omission and sins of commission? One hopes that it can be; there simply is not time to make every security-related decision go down the path that the two examples propose.

The public at large is not and can not be expert in the way this audience is expert, nor should they have to be. That the public has, shall we say, volunteered its unused computing power to botmasters is nothing so much as an historical mirror of how press gangs once filled the rosters of the British Navy. But how is that altogether different than a formal mandate that if they have medical records they shall be electronic or if they receive electricity that the metering regime is a surveillance tool? How is it different than finding that compliance auditors have certified to the regulators that there is no need to accept a signed paper letter detailing the wishes of the financial client, wishes that those self-same regulators demand the financial client formally submit if the financial institution is to be protected from tort claims?

I’ve come to the conclusion, as recently have others, that security is a proper subset of reliability. The logic is that security is a necessary but insufficient condition for reliability. As such, connecting the insecure (and thus unreliable) to the important and expecting the melange to be reliable is utter foolishness. As Marcus Ranum says, “A system that can be caused to do undersigned things by outsiders is not ‘reliable’ in any sense of the word.” On that point, I’d refer you all to the work being done by the Sergey Bratus, Meredith Patterson, and others whose startling insight deserves full quotation:[13]

The Language-theoretic approach (LANGSEC) regards the Internet insecurity epidemic as a consequence of ad hoc programming of input handling at all layers of network stacks, and in other kinds of software stacks. LANGSEC posits that the only path to trustworthy software that takes untrusted inputs is treating all valid or expected inputs as a formal language, and the respective input-handling routines as a recognizer for that language. The recognition must be feasible, and the recognizer must match the language in required computation power.

When input handling is done in ad hoc way, the de facto recognizer, i.e., the input recognition and validation code ends up scattered throughout the program, does not match the programmers’ assumptions about safety and validity of data, and thus provides ample opportunities for exploitation. Moreover, for complex input languages the problem of full recognition of valid or expected inputs may be UNDECIDABLE, in which case no amount of input-checking code or testing will suffice to secure the program. Many popular protocols and formats fell into this trap, the empirical fact with which security practitioners are all too familiar.

Viewed from the venerable perspective of Least Privilege, … computational power is privilege, and should be given as sparingly as any other kind of privilege to reduce the attack surface. We call this … the Minimal Computational Power Principle.

We note that recent developments in common protocols run contrary to these principles. In our opinion, this heralds a bumpy road ahead. In particular, HTML5 is Turing-complete, whereas HTML4 was not.

So far as I can guess, nearly nothing we have in our cyber interfaces to critical infrastructure meets LANGSEC’s test. Because of that reason, if no other, attaching the cyber interface of critical infrastructure to the Internet is a guarantee of error. As always, that error may be improbable but probabilistic events do eventually occur. If we are unlucky, those errors will not be prompt.

In a conference panel, I was once asked what malware would I write if it was not a question of labor or difficulty. My answer remains the same; I’d find a way to make the occasional odd modification to your Excel formulae and I would embed this malware in the spreadsheet itself so that any sharing of the spreadsheet would propagate my malware. As Excel formulae are probably the world’s most prevalent programming language, in a period of time I would de-synchronize all copies of what are ostensibly the same document. This wouldn’t end the world, but think about, say, how derivative pricing is done. If I could do this, for which I have neither skill nor desire, then I might even be properly called a terrorist insofar as terrorism is a means of coercion by way of spreading fear.

At this point, I am at serious risk of being exactly the kind of fear mongerer that quickly becomes fraud. That is, of course, not my point. My point is that the working definition of critical infrastructure is broad and, which is more, indistinct.

There has been much talk about whether to grant the President a so-called kill-switch for the Internet. There is a considerable logic to that if you accept what I have been saying, namely that in the presence of interdependence that is inestimable there may be times where it is not possible to disambiguate friend from foe. Were someone on an inbound airplane found to have smallpox, the passengers and crew would be quarantined as a matter of public health until such time as each of them could be separately certified as disease free. Many important enterprises, public and private, quarantine inbound e-mail with nearly as much vigor as them quarantine inbound DHL packages. The logic is sound. The time scale is human.

In a kind of living history, we have residing amongst ourselves cloistered communities such as the Amish. We accomodate them. I expect that if a food crisis of some sort were to materialize, it is the Amish who would be least affected. We have amongst ourselves so-called Neo-Luddites. In some sense, the Luddites had a more principled analysis — they knew where the machines would lead and on the basis of their analysis they acted. The Amish merely wish to be left alone, such as to remove their children from compulsory education at the close of the eighth grade. So far as I know, their case, Wisconsin v. Yoder, is the only such case to ever reach the US Supreme Court, which found in their favor. I ask, is there room in our increasingly wired world for those who choose merely to be left alone, in this case to choose to not participate in the Internet society? Do those who do not participate deserve to not have their transactions of all sorts be exposed to a critical infrastructure dependent on the reliability of Internet applications as a class?

Paraphrasing Melissa Hathaway from her 60-day review of US cyber policy for President Obama, the United States’ ability to project power depends on information technology, and, as such, cyber insecurity is *the* paramount national security risk. Putting aside an Internet kill-switch, might it be wise for the national authorities to forbid, say, Internet Service Providers from propagating telnet or SSH v1 or other protocols known to be insecurable? If not that, should cyber components of the critical infrastructure be forbidden to accept such connections? There is certainly a debate topic in that — if not a natural policy. As with most things, there is an historical echo here such as well; in 1932, the foremost political commentator of the age, Walter Lippmann, told President Roosevelt “The situation is critical, Franklin. You may have no alternative but to assume dictatorial powers.”

Again, when 10% of the population sees nothing in the Internet for them, should we respect and ensure that, as with the Amish, there is a way for them to opt out without choosing to live in a hovel? Should we preserve manual means?

I say “yes” and I say so because the preservation of manual means is a guarantee of a fall back that does not have a common mode failure with the rest of the interconnected, mutually vulnerable Internet world. That this is not an easy choice is the understatement of the day if not year. I cannot claim to have a fully working model here, but neither do our physicist friends yet have a unified field theory.

With my colleague Mukul Pareek, we run the “Index of Cyber Security.”[14] It is a survey-based index of sentiment, modeled on the Consumer Confidence and Purchasing Managers Indices. It has been in operation for a year. The Respondents are all CISOs and like individuals whose view of cyber security is based on direct operational responsibility for their firm’s piece of the networked world. It is a risk index, which is to say that when perceived risk rises, so does the Index. Over the course of the year, the Index has risen inexorably reflecting the view of experts as least as good as those in this audience that, in the aggregate, risk is accumulating and in much the same way that burnable timber accumulates on the eastern slope of the Rockies.

Because the Index is composed not of one question but of twenty, each asking about one or another source of risk such as malware, hacktivism, counterparty interconnections, and so forth, we have found that the steady rise in the Index is not dominated by any one sub-component nor is the ordering of the influence of the sub-components on the overall Index stable and unchanging. One month, it is counterparties. Another month is is the impact of diverting security budgets to compliance. In yet others, it is malware that is indetectible by any of the array of commercial products for malware detection. And so forth. These are your peers speaking and they are saying that the risk is growing. They also make comments many of which are in so many words talking about irresistible commercial pressures.

Against such a formal, metrics-based backdrop, I can confidently say that “we” are not running fast enough to stay in the same place. If those respondents and I are not fooling ourselves, preserving fallback is prudent if not essential. That does not mean, per se, that the preservation of manual means is an easy out. It may well be that, as various Department of Defense thinkers are now saying, our goal can no longer be intrusion prevention but must now turn towards intrusion tolerance. As before, this is easier said than done, but if we are to practice evidence-based medicine on the body Internet, it may well be that expensive therapy is not always the answer. Perhaps one of you can come up with a cyber analog to “quality-adjusted life years” and help us all decide when to treat, when to palliate, and when to just plain avoid.

As you well know, 100% availability can be achieved by either driving the mean time between failures to infinity such that nothing ever breaks or driving the mean time to repair to zero such that failure consequences are de minimus. I am old enough to remember that rebooting a machine for prophylactic purposes was what systems administrators did. These days, most people view a reboot as proof of failure. I don’t agree.

Summing up for the second time, risk is a consequence of dependence. Because of shared dependence, aggregate societal dependence on the Internet is not estimable. If dependencies are not estimable, they will be underestimated. If they are underestimated, they will not be made secure over the long run, only over the short. As the risks become increasingly unlikely to appear, the interval between events will grow longer. As the latency between events grows, the assumption that safety has been achieved will also grow, thus fueling increased dependence in what is now a positive feedback loop. If the critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government, and if aggregate risk, as described by leading cyber security operational management, is growing steadily, then do we put more of our collective power behind forcing security improvements that will be diseconomic or do we preserve fallbacks of various sorts in anticipation of events that, if the Index of Cyber Security can be believed, seem more likely to happen as time passes? Does the old Yankee saying, “Use it up, wear it out, make it do, or do without” have any guidance for us? Is centralizing authority the answer, or is avoiding further dependence until we can fix things the better strategy? Can we imagine starting over in any real sense or is balkanization not

just for nations but for critical sectors as well? Is the creative destruction that is free enterprise now to be encouraged to remake what are normally the steadying flywheels of American society, by which I mean government and our most capital-intensive industries? Does the individual who still prefers to fix things he or she already has to be celebrated or to be herded into National Health Information Networks, Smart Grids, and cars that drive themselves?

In closing, remember that the Internet was built by academics, researchers, and hackers — meaning that it embodies the liberal cum libertarian cultural interpretation of “American values,” namely that it is open, non-hierarchial, self organizing, and leaves essentially no opportunities for governance beyond protocol definition. Anywhere the Internet appears, it brings those values with it (treating censorship as a routing failure, say). Other cultures, other governments, know that these are our strengths and that we are dependent upon them, hence as they adopt the Internet they become dependent on those strengths and thus on our values. A greater challenge to their sovereignty does not exist. The challenge to our sovereignty is its dual — committing our critical infrastructures to the Internet in the entire.

 

There is never enough time. Thank you for yours.

 

[1] Merriam-Webster Unabridged

[2] interconnection of PSInet and UUNet by CIX

[3] “Digital differences,” Pew Research Center, 13 April 2012,

tinyurl.com/d7eqo7v

[4] “How Tiny Estonia Stepped out of USSR’s Shadow to Become an

Internet Titan,” The Guardian, 15 April 2012, tinyurl.com/7srar5z

[5] Kilbridge P, “Computer Crash — Lessons from a System Failure,”

N Engl J Med v348 n10 p881-882,e, 6 March 2003, tinyurl.com/75fjmbb

[6] NIST, High Integrity Software System Assurance, section 4.2,

tinyurl.com/canwggd

[7] Presidential Decision Directive 63, May 22, 1998, tinyurl.com/4974j

[8] Branigan S & Cheswick B, “The effects of war on the Yugoslavian

Network,” 1999, tinyurl.com/cu9nd5u

[9] Barabasi L & Albert R, “Emergence of scaling in random networks,”

Science, v286 pp509-512, 15 October 1999

[10] Florencio D & Herley C, “Sex, Lies and Cyber-crime Surveys,”

WEIS 2011, tinyurl.com/3zsspah

[11] Florencio D & Herley C, ” The Cybercrime Wave That Wasn’t, NY

Times, April 14, 2012, tinyurl.com/8ylrf7b

[12] Geer D, “People in the Loop: Are They a Failsafe or a Liability?,”

Suits & Spooks, February 8, 2012, tinyurl.com/7cavobr

[13] LANGSEC: Language-theoretic Security, langsec.org

[14] cybersecurityindex.org

 

 

 

The future of the $200 tablet

You’ll soon be able to get a lot more value for a lot less money.

JR Raphael

April 26, 2012 (Computerworld)

Spending $150 to $200 on a tablet won’t get you much these days: In most cases, you’re looking at an off-brand Android product with a single-core processor, barely any RAM and a low-resolution, low-quality display. Depending on the device, you might not even have access to Google’s app market or other basic services — and while that approach may work with retailer-backed, limited-use products like Amazon’s Kindle Fire, when it comes to more traditional Android tablets, it doesn’t usually lead to the best user experience.

It’s a stark contrast from what you get at the high end of the tablet spectrum, where $500 and up will buy you quad-core processors, a full gigabyte of RAM and eye-popping screens. Even midrange devices, which tend to have last year’s hardware, are capable of delivering decent results. But once you hit that sub-$200 range, it’s like you’ve entered a different dimension — one filled with glorified e-readers and sluggish, subpar slates.

Get ready, though: That dimensional difference is due for a change. A major shift is brewing, and it could bring about the biggest transformation we’ve seen to the tablet class divisions. Put simply, budget-conscious buyers are about to get a lot more bang for their buck.

 

The tablet class shift

The first signs of the pending tablet class shift showed up in January, at this year’s Consumer Electronics Show in Las Vegas. There, hardware maker Asus showed off a 7-in. tablet powered by Nvidia’s Tegra 3 quad-core processor.

“One size doesn’t fit all,” Nvidia CEO Jen-Hsun Huang declared, citing the need for “different strokes for different folks.”

Asus and Nvidia described a tablet that would run Android 4.0, a.k.a. Ice Cream Sandwich — the latest version of Google’s mobile operating system. An early prototype of the hardware featured a 1280-x-800-resolution IPS display; 1GB of RAM; micro-USB, micro-HDMI and microSD ports; and two cameras, including an 8-megapixel rear-facing lens. Hands-on reviews of the product were glowing: One blog touted the tablet’s “blazing fast” speed, while another talked of its “bright, vibrant screen.”

Perhaps most impressive of all, though, was the tablet’s price tag: $249 — a seemingly impossible cost for a device of that caliber. But this was no mistake.

“As we continue to see the volume of existing tablets increase, prices naturally come down on component cost,” explains Nick Stam, Nvidia’s director of technical marketing. “You’ll see a number of devices coming out this year that will be lower cost than what you’ve been used to.”

Indeed, $249 may be only the beginning. Rumors have been rampant that Google is working with Asus on a product similar to the 7-in. tablet introduced at CES, only with a price closer to the $150 to $200 range. Numerous reports suggest the tablet will run a “pure” version of Google’s Android operating system, with no manufacturer modifications, and will be a joint effort between Google and Asus — similar to Google’s work with other hardware manufacturers when creating its Nexus and “Google experience” devices.

While Google representatives won’t comment on rumors and speculation, the evidence is certainly starting to stack up. A quick search of the Internet turns up no shortage of purported leaks and insider winks. Sources close to the situation with whom I’ve spoken have discussed the project with a similar level of certainty, pointing to this June’s Google I/O developers’ conference as the time when the details — and perhaps the product itself — will be unveiled.

In a recent interview with The New York Times, Nvidia’s Huang strongly hinted that an Android tablet running his company’s Tegra 3 processor would debut this summer for a cost of $199. “We took out $150 in build materials, things like expensive memory,” Huang is quoted as saying. “At $199, you can just about buy a tablet at a 7-Eleven.”

 

The budget tablet strategy

So how are prices on such seemingly high-quality devices suddenly plummeting so low? While Nvidia points to falling component costs, some analysts suspect there’s more at play.

“Companies just aren’t making much of a profit off of these tablets,” says Rhoda Alexander, director of tablet and monitor research for market research firm IHS iSuppli.

Alexander notes the success of Amazon’s $200 Kindle Fire tablet, which — while relatively limited in both performance and capability — has sold exceedingly well. For Amazon, Alexander says, it isn’t about making money off the hardware itself; it’s about making it easy for customers to spend money with the company every day.

“Where they’re making the profit is in the long term of bringing people into the Amazon universe,” Alexander says.

Amazon’s strategy is clearly winning people over: The company accounted for more than half of all global tablet sales in the fourth quarter of 2011, according to IHS iSuppli’s estimates, shipping 3.9 million Kindle Fires and shooting past Samsung to become the world’s second-largest tablet shipper for that quarter.

In the bigger picture, with the help of Amazon’s product — which runs a highly customized, almost unrecognizable version of the Android 2.3 OS — Android’s share of the tablet market is slowly but surely starting to rise. Research by market analysis group IDC (which is owned by International Data Group, the publisher of Computerworld) showed that Android owned 44.6% of worldwide tablet sales in the fourth quarter of 2011 — a 38% jump from its position in the previous term.

Much of that growth came at the cost of Apple. The iPad maker, while still experiencing strong growth, dropped 11% in total market share in 2011 from quarter to quarter, according to IDC, coming in with 54.7% of tablet sales for the final three months of 2011.

 

The Android tablet challenge

The million-dollar question now is whether Amazon’s model of success can extend to the rest of the Android tablet market, which thus far has struggled to take off. While many analysts predict continued growth for Android overall — Gartner, for example, forecasts Android tablet sales increasing eight-fold over the next five years — some industry experts question whether playing the price game will be enough.

“Lowering the price on Android tablets will help, but that in and of itself won’t sell the products,” contends Sarah Rotman Epps, a senior analyst with Forrester Research.

Epps argues that products like tablets are as much about their interface as their hardware: You buy an Amazon tablet because it provides simple access to Amazon’s content, just like you buy an iPad because it makes it easy to get and use stuff from Apple’s iTunes store. The hardware matters, she says, but it isn’t everything.

“Amazon has been successful because it does a great job delivering on the customer relationship — the transaction,” Epps explains. “A cheaper device from Google doesn’t fix its shortcomings in that area.”

Google may not have reached Apple’s or Amazon’s level of marketplace success, but it’s working to get closer. The company has taken steps toward improving its mobile ecosystem over the past months, integrating its marketplaces for purchasing movies, books, music and mobile apps, and then rebranding it all as Google Play. Still, fighting the perception that the Android tablet ecosystem is lackluster may be Google’s greatest challenge in establishing itself as a major tablet player in the months ahead.

“Google has spent more than a decade training consumers to associate its brand with ‘free,’ and now they’re trying to retrain consumers to transact with them,” Epps says. “That’s a hard sell. Part of making Android tablets successful is convincing consumers that Google has a marketplace where they want to do business.”

 

Low-end tablet competition

One way or another, the lower end of the tablet market seems to be an area where Google thinks it can thrive. In the company’s quarterly investors’ conference call this month, CEO Larry Page acknowledged the success of “lower-priced tablets” using “not-the-full-Google-version of Android” and touched on the company’s plan to pursue that segment of the market further.

“We definitely believe that there’s going to be a lot of success at the lower end of the market … with lower-priced products that will be very significant. It’s definitely an area we think is quite important and that we’re quite focused on,” Page said.

Frequent Google partner Samsung already seems to be on the same page. The company just launched a new 7-inch version of its Galaxy Tab tablet that bears an eye-catching $250 price tag with hardware that exceeds the typical budget-tablet model. With that device and the even more attention-grabbing products on the horizon, we could soon see a change in the very notion of what a “low-end tablet” means.

For makers of existing budget tablets, that may mean being forced to drop even lower in price in order to stay relevant. The logic is simple: If you can buy a quad-core tablet with an impressive display and full Google services for $150 to $200, why would you pay the same cash for a second-rate alternative?

“Wherever the ceiling is set for these new tablets, the budget manufacturers will aim for a yet lower-cost version of that,” IHS iSuppli’s Rhoda Alexander predicts. “They’re playing in a different ballpark and will continue to fill a niche within the market.”

And let’s not forget: Android manufacturers may not be the only players looking to cash in on lower-priced tablets. The always-present rumors of a 7- to 8-in. Apple iPad are picking up steam, with many predicting the advent of a $300 “iPad Mini” before the end of the year.

One thing’s for sure: As more companies move into lower-priced territory and duke it out for market share, it’s the customers who will reap the rewards. After all, in a world where the same dollar seems to buy less with each passing year, getting a better tablet for a lower price is something anyone can appreciate.

JR Raphael is a Computerworld contributing editor and the author of the Android Power blog. You can find him on Google+, Twitter, or Facebook.

 

White House threatens veto of CISPA bill

Cyber Intelligence Sharing and Protection Act bill fails to provide adequate privacy protections, Executive Office says

Jaikumar Vijayan

April 25, 2012 (Computerworld)

The White House today threatened a veto of the controversial Cyber Intelligence Sharing and Protection Act (CISPA) if the bill reaches President Obama’s desk in its present form.

In a statement issued Wednesday afternoon, the Executive Office of the President expressed concern over the lack of privacy safeguards in the CISPA bill and said it “strongly opposes” H.R. 3523 as written.

“H.R. 3523 effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres,” the statement read. If the bill was presented to the President, “his senior advisors would recommend that he veto the bill.”

The White House veto threat comes on the eve of a scheduled vote on the bill in the House on Thursday. The threat is not entirely unexpected. Last week, a spokeswoman from the White House National Security Council had already expressed the Executive Office’s concerns over it.

Rep. Mike J. Rogers (R-Mich.) and Rep. C.A. Dutch Ruppersberger (D-Md.) introduced CISPA in the U.S. House of Representatives last November.

Backers say the bill aims to improve Internet security by making it easier for Internet Service Providers (ISPs) and Internet companies such as Google and Facebook to collect and share a wide range of threat-related data with government security agencies.

CISPA would let Internet companies monitor and collect any user information they think poses a threat to their networks or systems. The bill would also let these companies share the collected information with the NSA and other federal agencies. Companies that share such information would enjoy a high degree of legal immunity for their actions.

Privacy advocates, rights groups and several lawmakers have expressed considerable alarm over the information sharing bill, and have said it would enable unprecedented surveillance of online activities under the pretext of cybersecurity.

Groups such as the Electronic Frontier Foundation and the American Civil Liberties Union have noted that the bill would allow companies to collect and share all kinds of personal information with the government, without any judicial oversight. They have claimed the bill will allow government and law enforcement agencies to do an end-run around the privacy protections offered by statutes such as the Federal Wiretap Act and the Electronic Communications Privacy Act.

One aspect of the bill that has raised particular alarm is a provision that would allow information collected for cybersecurity reasons to be also used by the NSA and others agencies for a wide range of unrelated national security purposes.

The mounting outcry against the bill has prompted some proposed revisions by members of the House Intelligence Committee. The proposed amendments include one that would narrow the definition of the information that can be collected and shared with the government. Another prohibits the bill to be used for monitoring copyright and intellectual property violations. A third one would require an annual review of how shared information is used by the NSA and other agencies.

Opponents, however, have contended the proposed changes don’t go far enough, especially because CISPA would still allow private companies to share Internet user data with the NSA.

The White House statement today focused in on those same concerns. “The bill would allow broad sharing of information with governmental entities without establishing requirements for both industry and the Government to minimize and protect personally identifiable information,” the statement said.

The bill fails to limit the sharing of personal information and does not have any restrictions on how collected data can be used. It also inappropriately shields private companies in situations where they might improperly collect and share information on a user’s legal Internet activities, the statement cautioned. “This broad liability protection not only removes a strong incentive to improving cybersecurity, it also potentially undermines our Nation’s economic, national security, and public safety interests.”

“Without clear legal protections and independent oversight, information sharing legislation will undermine the public’s trust in the Government as well as in the Internet by undermining fundamental privacy, confidentiality, civil liberties, and consumer protections,” the White House said.

 

Air Force strategy legend dies at age 96

4/26/2012 – WASHINGTON (AFNS) — A retired Air Force general who was known as the father of “strategy to task,” and was instrumental in the development and implementation of new weapon systems during the last half of the 20th Century passed away April 25, at the age of 96.

 

Retired Lt. Gen. Glenn A. Kent spent more than three decades as an Army Air Corps and Air Force officer, becoming influential in the development, analysis and implementation of new weapons systems for the Department of Defense. He retired from the Air Force in 1974 as the director of the Weapon Systems Evaluation Group, Office of the Director of Defense Research and Engineering, with the Office of the Secretary of Defense.

Kent was considered to be one of the premier analytical thinkers of all time and considered a visionary of defense analyses still in use today. In his memoir “Thinking about America’s Defense,” Kent provided a summary of national security issues he personally engaged over his career.

In addition to creating the concept of a single integrated operation plan, Kent also led DoD’s official assessment of strategic defenses throughout the 1960s and helped bring new weapon systems to life. He also developed and analyzed strategic nuclear arms control agreements that did much to lead to the end of the Cold War.

Kent began his military career in 1941 when he joined the Army Air Corps as a cadet and completed training in meteorology at the California Institute of Technology in 1942. His first assignment took him to Goose Bay, Labrador, Canada, as a weather officer, and later during World War II was assigned to Greenland in a similar capacity.

Over a career spanning more than 33 years, Kent had numerous assignments in the weapons field with positions that ranged from research and development to planning, strategy and policy-making at the Headquarters, U.S. Air Force and Department of Defense levels.

After earning a bachelor’s degree from Western State College of Colorado, Gunnison, in 1936, Kent went on to earn degrees from the Naval Post Graduate School in Annapolis, Md., and the University of California at Berkley.

After his retirement from the Air Force, Kent spent more than 20 years as a defense analyst for the Rand Corp.

Kent’s legacy continues today with the Lt. Gen. Glenn A. Kent Leadership Award, which recognizes leadership for the analytic community.

According to a senior Air Force official, while our nation was facing the Cold War and the Vietnam conflict, General Kent contributed critical thought and sound analysis to help convince leaders that a single command with an integrated operations plan should be responsible to organize and employ our strategic forces. His visionary concepts laid the way to the end of the Cold War two decades later.

“General Kent compels us to think logically as well as to study the lessons experienced by those before us –how they prevailed, adapted and modernized. These insights can help us maintain a competitive edge over our foes now and in the future.”

 

Iranian oil industry hit by cyberattack

By Dawn Lim

April 24, 2012

Iran is investigating a suspected cyberattack on its main oil export terminal and its oil ministry, Reuters has reported.

A computer virus struck the control systems of Kharg Island, which handles the majority of Iran’s crude oil exports, according to the report. It also hit the communications systems of Iran’s oil ministry and its national oil company, the semi-official Mehr news agency announced. Computer systems controlling Iran’s other oil facilities were disconnected from the Internet as a precaution, the agency added.

The virus is likely to draw parallels with the Stuxnet worm, which breached industrial systems in Iranian nuclear facilities between 2009 and 2010. The attack highlights the vulnerability of industrial systems — many of which include legacy technology manufactured before data breaches were a cause for concern — to politically motivated actors and corporate espionage.

http://www.nextgov.com/cybersecurity/2012/04/iranian-oil-industry-hit-cyberattack/55362/

 

Defense to spy on its own data

By Aliya Sternstein

April 26, 2012

The Pentagon is draping its networks with technology that models in 3-D weaknesses lurking inside to show managers where threats are most likely to enter, according to a contractor hired for the project.

The patented Passive Vulnerability Scanner is one of several new surveillance systems that the Defense Information Systems Agency, the Pentagon’s information technology support arm, is delivering to military services and select intelligence agencies under a contract announced this week. The seven-year project valued at $39.8 million transitioned out of test mode in late 2011 and soon will be available with full functionality, according to developer Tenable Network Security.

Eventually, the scanner will be folded into the Defense Department’s ongoing “continuous monitoring” effort, which assesses the security of all IT assets in near real time, Pentagon officials told Nextgov.

Multiple layers of security are critical for a department where outsiders try hacking into networks, sometimes successfully, millions of times every day, Pentagon officials have said.

Continuous monitoring technologies probe computer devices, while passive scanning snoops on data flows. The real-time monitoring technique relies on an array of sensors and software that check for exploits at the endpoints of a system — servers, laptops and other workstations. With the Passive Vulnerability Scanner, the Pentagon can sniff out signs of trouble without connecting to a specific end-user device, said Ron Gula, Tenable’s chief executive officer.

The tool explores the operating environment continuously, in the background, to sense the types of devices connected to a network, the kinds of software in those devices and the category of vulnerabilities inside, if any. A shift in the dynamic of network traffic will raise red flags.

“You need to do event analysis really fast, not just system analysis,” Gula said. The passive mechanism is particularly suited for mobile devices such as commercial tablets and smartphones, which are hard to scan, he added.

Under the contract, HP Enterprise Services will deploy Tenable’s technology, train Defense personnel and manage the project for DISA, according to HP.

“This capability will be incorporated into the DoD’s continuous monitoring strategy,” said Kevin Dulany, risk management oversight division chief for the Defensewide Information Assurance Program, “but the system was not procured specifically for [continuous monitoring].”

A McAfee-engineered threat detector, called the Host-Based Security System, currently performs that job, by keeping constant tabs on peripherals.

At a large civilian agency, which Tenable could not disclose, the Passive Vulnerability Scanner found thousands of unidentified iPads connecting to the department’s network. Likely, one office sanctioned the use of the tablets without informing the security team. “They weren’t visible to the continuous monitoring program,” Gula said. “There was probably somebody out there in IT who knew exactly where the iPads were.”

The tool costs between $250,000 and $1.5 million upfront for the average civilian agency. Gula could not specify the price of the Pentagon’s version.

http://www.nextgov.com/cybersecurity/2012/04/defense-spy-its-own-data/55428/

 

Rep. Jeff Denham: ‘Abolish GSA altogether’

By Camille Tuutti

Apr 26, 2012

A Republican congressman is pressing for the abolishment of the General Services Administration, questioning whether the commercial sector could do a better job doing what GSA does. 

“I think we should abolish GSA altogether,” said Rep. Jeff Denham (R- Calif.) “I know it can sound harsh; it can sound controversial. I think it’s more important for them to come back and justify what does this agency do, what are its core competencies, are there other agencies that can pick up some of those duties? More importantly: Can private industry do it better?”

Denham, who chairs the Subcommittee on Economic Development, Public Buildings and Emergency Management, delivered his keynote address at the April 26 Coalition for Government Procurement 2012 Spring Conference. 

GSA currently is in charge of 14,000 buildings, and Denham questioned whether that real estate could be managed better in how it’s sold and leased. He also suggested an overhaul in the ways GSA sells unwanted vehicles at auctions.

“I think we can do things much more efficiently,” he continued. “But the whole point of it is, we press to abolish the GSA altogether. I think it’s important for them to come back and justify what their existence was. ”

However, Denham spoke mostly about the Public Buildings Service and did not say much about GSA’s role in procuring IT and network services. Asked by an audience member whether Denham’s idea to dismantle GSA involved the Federal Acquisition Service, whose procurement methods the questioner described as “much better than DOD and other civilian agencies,” Denham replied he didn’t disagree “because I don’t have enough information.”

But he added that overall he wants GSA to defend its own need to exist.

“They’ve stonewalled me for a year and a half,” he added. “Until they can justify [their role] and they can prove to me that they can do it better than every other agency — it’s expected they should do it better than every other agency. The question is: Can they do things better than private industry?”

Source: FCW (http://s.tt/1abVy)

 

USAJobs.gov user satisfaction hasn’t recovered from last year’s nosedive

By Alice Lipowicz

Apr 26, 2012

Customer satisfaction with the federal USAJobs.gov job-search website dramatically plunged following its relaunch last October, and has not fully recovered yet, according to a new survey of users of the site.

The Office of Personnel Management overhauled the USAJobs website six months ago, bringing it in-house to save costs after canceling a longstanding contract. Its initial operation was plagued with technical glitches for several weeks, resulting in thousands of user complaints.

While those complaints eventually dwindled and many of the site’s kinks were ironed out, the reduction in customer satisfaction persisted, although it has been slowly climbing back. The most recent score reported by the ForeSee research firm on April 24 shows that satisfaction with USAJobs still falls short of last year’s pre-launch levels.

The ForeSee e-Government Satisfaction Index is released quarterly, based on surveys collected from about 300,000 users of 190 federal websites, with satisfaction index scores ranging from 1 to a high of 100. The average federal website scored 75 in customer satisfaction during the first quarter of 2012.

USAJobs’ score took a sharp drop following the relaunch. From satisfaction scores of 75, 74 and 74, respectively, reported in the first three quarters of 2011, user satisfaction fell to 56 on the index in the final quarter of the year.

USAJobs website’s score still has not fully regained user satisfaction at previous levels. In the first three months of 2012, USAJobs scored 68 out of 100, according to ForeSee’s most recent report.

Matthew Perry, chief information officer for OPM, contended that the USAJobs website has made a strong comeback since its plunge in satisfaction last year. According to figures released by ForeSee, USAJobs satisfaction rose from 56 on the index to 68.

“It has shown dramatic improvement from the last quarter of 2011 to the first quarter of 2012,” Perry said. “This is a success story. Six months ago we revamped a very public, high traffic site and the team has worked hard to deliver solid, steady progress.”

Larry Freed, president of ForeSee, noted that both USAJobs’ drop in the index, and its partial comeback, are somewhat unusual, since satisfaction scores for federal websites tend to stay relatively stable.

“The good news is that it is trending improvement,” Freed said in an interview with Federal Computer Week on April 25.

Websites that are completely overhauled often experience a 2-point to 10-point drop in the index that Freed calls the “relaunch effect.” That occurs because users initially may be put off by the unfamiliar look and feel of the new website, but typically the relaunch effect quickly wears off, he added.

The USAJobs’ drop was much deeper, and more persistent, Freed added.

The 19-point drop in satisfaction last October was “dramatic, and more than you would want to see,” Freed added. “That was not the norm…They jumped on it, and we have seen it continue to move up.”

Source: FCW (http://s.tt/1abWV)

 

House passes CISPA cyberthreat sharing bill, despite privacy concerns

One opponent has expressed worries that the bill would create a 'Wild West of information sharing

By Grant Gross

April 26, 2012 07:19 PM ET

IDG News Service – The U.S. House of Representatives has passed a cyberthreat information-sharing bill that critics say will give U.S. government agencies access to the private communications of millions of Internet users.

The House late Thursday voted 248-168 to pass an amended version of the Cyber Intelligence Sharing and Protection Act, or CISPA, even though the White House Office of Management and Budget has recommended that President Barack Obama veto the bill.

Civil liberties groups, including the Center for Democracy and Technology and the American Civil Liberties Union, have opposed the bill, saying it would open up Internet communications to snooping by government agencies, including the U.S. National Security Agency.

But supporters argued the bill is needed to help private companies and government agencies fight cyberattacks. “There are people today who are literally robbing the future of America” by attacking U.S. companies, said Representative Mike Rogers, a Michigan Republican and lead sponsor of CISPA. “This is the one small thing we get to do to prepare for a bunch of folks who want to bring us down.”

CISPA now moves to the Senate.

CISPA would allow companies such as broadband providers to share customer communications related to cyberthreats with a wide range of government agencies. The bill exempts private companies that share cyberthreat information in “good faith” from customer lawsuits.

But the CDT and other opponents of the bill questioned whether the information sharing from private companies to government agencies would be truly voluntary, when many telecom providers bid on government contracts.

“In an effort to foster information sharing, this bill would erode the privacy protections of every single American using the Internet,” said Representative Bennie Thompson, a Mississippi Democrat. “It would create a Wild West of information sharing, where any certified business can share with any government agency, who can then use the information for any national security purpose, and grant that business immunity from virtually any liability.”

CISPA would allow companies to share private and sensitive information with government agencies without a warrant and without proper oversight, the ACLU said in a statement.

“CISPA goes too far for little reason,” Michelle Richardson, ACLU legislative counsel, said in a statement. “Cybersecurity does not have to mean abdication of Americans’ online privacy. As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back.”

CISPA has support from several tech companies and trade groups, including Facebook, Microsoft, AT&T, TechAmerica and CTIA. For years, tech companies have complained about legal hurdles to sharing cyberthreat information with each other and with the government.

The House vote was a “critical step forward” for the cybersecurity of the U.S., Shawn Osborne, TechAmerica’s president and CEO, said in a statement.

 

U.S. deploys stealth jets to air base in Southwest Asia

Washington Post

By Walter Pincus, Published: April 27

The United States has deployed a number of stealth jets, its most modern, fifth-generation fighter bomber, to an air base in Southwest Asia, according to the Air Force.

The service would not say where the F-22 Raptors would be based, but the U.S. military has recently moved other assets into the Persian Gulf amid concerns about a confrontation with Iran.

An Air Force spokesman, Capt. Phil Ventura, described the deployment as “regularly scheduled” activity being undertaken to strengthen military-to-military relationships, regional security and work on “tactical interoperability.”

He said the number of F-22s involved and the length of their deployment were not being released to protect operational security.

The transfer of warplanes to the gulf comes as the United States and five other world powers are preparing for critical talks with Iran on proposed curbs to its nuclear program. At a meeting two weeks ago, Iran agreed to discuss its nuclear future without preconditions, and senior Iranian officials have since hinted at a willingness to scale back portions of the country’s program in exchange for relief from economic sanctions.

Despite the more conciliatory tone, the Obama administration has sought to keep up the pressure on Tehran, warning that the economic pain will worsen unless Iranian leaders agree to broad changes to ensure that Iran’s nuclear facilities cannot be used to make nuclear weapons. Iran has consistently claimed that its nuclear program is peaceful. The next round of negotiations have been scheduled for May 23 in Baghdad.

Last month, amid Iranian threats to close the Strait of Hormuz, Adm. Jonathan Greenert, chief of naval operations, told reporters that the U.S. military would be doubling to eight the number of its minesweepers in the region. He also said four more CH-53 Sea Stallion helicopters with mine-detection capability would be sent to the region.

Also last month, new F-15 fighter jets with the 104th Fighter Wing of the Massachusetts Air National Guard were sent on their first overseas deployment to an undisclosed Central Command location. At a ceremony marking their departure, Col. Robert Brooks, the unit commander, said that “should Iran test the 104th,” the unit would be ready, according to the Daily Hampshire Gazette.

Aviation Week, which first reported the deployment of the Raptors, quoted industry sources as saying the planes would operate out of Al Dhafra Air Base near Abu Dhabi, the capital of the United Arab Emirates.

The Al Dhafra base is already being used by KC-10 refueling aircraft, along with U.S. surveillance aircraft such as the piloted U-2 and the unmanned Global Hawk.

Staff writer Joby Warrick contributed to this report.

 

U.S. comes to agreement with Japan to move 9,000 Marines off Okinawa

By Greg Jaffe and Emily Heil, Published: April 26 |

Updated: Friday, April 27, 10:27 AM

The Washington Post

 

The U.S. and Japanese governments said Thursday that they will move about 9,000 Marines off Okinawa to other bases in the Western Pacific, in a bid to remove a persistent irritant in the relationship between the two allies.

The Marine Corps Air Station Futenma on Okinawa has been seen by both sides as essential to deterring Chinese military aggression in the region. But the noisy air base’s location in a crowded urban area has long angered Okinawa residents, and some viewed the Marines as rowdy and potentially violent.

“I am very pleased that, after many years, we have reached this important agreement and plan of action,” Defense Secretary Leon E. Panetta said in a statement.

Still unresolved is the issue of establishing a replacement for Futenma. The failure to find a suitable spot for a new air base had held up a previous effort to relocate the Marines to Guam, but the current agreement removes that barrier. U.S. Marines would leave Futenma as soon as suitable facilities on Guam and elsewhere are ready.

The earlier plan in 2006 to relocate the base had been plagued by financial and political difficulties in both the United States and Japan. Frustration over the failure to execute that agreement grew so intense that it contributed to the resignation of Prime Minister Yukio Hatoyama in 2010.

Under the current plan, the total cost of closing Futenma and transferring the 9,000 Marines off Okinawa will be about $8.6 billion. The Japanese government will pay about $3.1 billion to facilitate the moves.

About 5,000 of the Marines will go to Guam, and a smaller number will head to other locations in the Pacific, such as Hawaii or Australia. Even after the moves, about 10,000 Marines will remain on Okinawa, as called for under the earlier agreement.

Japanese officials on Friday offered mixed messages about their commitment to relocate the Futenma base to a less populated strip in Okinawa. Defense Minister Naoki Tanaka said during a press conference that the 2006 plan was still the only valid solution. But Foreign Minister Koichiro Gemba said, according to the Kyodo news agency, that other relocation options for the Futenma base might be considered.

The plan announced Thursday appears to have somewhat placated three senior U.S. senators on the Armed Services Committee, who this week raised concerns about costs and about how the move would affect broader military strategy in the region.

In a statement, Armed Services Chairman Carl Levin (D-Mich.), ranking Republican John McCain (Ariz.) and James Webb (D-Va.) said the revised plan had addressed “some” of the issues they raised.

“We still have many questions about the specific details of this statement and its implications for our force posture in the Asia-Pacific region, and we will continue to work with the Administration and the Government of Japan to achieve the objectives we all share,” the three senators said in a statement.

Earlier this week, they wrote a letter to Panetta raising doubts about the emerging proposal. They questioned “cost estimates, military sustainment and force management, and how it would support a broader strategic concept of operations in this increasingly vital region.”

The senators suggested that no plan should be considered final without the support of Congress, which controls spending on base construction.

U.S. officials said the failure to come to an agreement on the closure of the Futenma air base was hindering the overall American-Japanese alliance.

“Because we’ve been spending so much time talking about the move from Futenma, we’re not making as much progress as we would have liked in other aspects of the alliance,” said a senior State Department official. The agreement should make it easier for the United States and Japan to advance on other issues, such as cybersecurity, intelligence sharing and missile defense, the official said.

The U.S.-Japanese alliance is seen as essential to deterring Chinese efforts to dominate the region and reinforcing U.S. and South Korean troops in the event of a war with North Korea.

A joint Japanese-American statement issued Thursday night said that the “increasingly uncertain security environment” in the Asia-Pacific region required a robust U.S. military presence.

U.S. officials said that moving the Marines off Okinawa to several bases in the Western Pacific would give the Americans a force in the region that is more capable and less vulnerable to attack because it is more geographically distributed.

Correspondent Chico Harlan in Tokyo contributed to this report.

 

Cyber warriors: Cadets shine in NSA competition

by Gino Mattorano

Air Force Academy Public Affairs

 

4/27/2012 – U.S. AIR FORCE ACADEMY, Colo. (AFNS) — Air Force cadet cyber warriors swept the virtual floor with the competition in the 12th annual Cyber Defense Exercise here April 16-20.

The Cyber Defense Exercise is a network security competition during which service academy cadets and Defense Department post-graduate students manage and defend computer networks and maintain services against simulated intrusions by the National Security Agency’s “red cell” aggressor team.

During the competition, NSA network specialists and military network experts formed the red cell team that challenged cadet blue cell teams to defend a closed-computer network that the cadets designed, built and configured at their respective academies. NSA personnel graded each team’s ability to maintain network services while dealing with security intrusions.

The exercise took place at the NSA’s Fort George G. Meade, Md., headquarters and at each of the academies on virtual, private networks, providing a safe path for the exercise while preventing interference with real-world networks.

Air Force Academy cadets put a great deal of work into preparation for the competition.

“It was quite a marathon,” said Air Force Cadet 1st Class Jordan Keefer of Cadet Squadron 37. “For most of us this is a hobby, so it was a lot of work, but it’s what we like to do.”

But the cadet team didn’t have time to celebrate their victory before they hopped on a plane to participate in the National Collegiate Cyber Defense Competition in San Antonio April 20-22. Their tenacity earned them second place in the competition, finishing behind the University of Washington, which won for the second straight year.

“By the time we started the second competition, the challenge wasn’t the computers” Keefer said. “It was maintaining our motivation; but I feel like we did that.”

Dr. Martin Carlisle, the cyber competition team coach, was extremely proud of his team’s efforts in both competitions.

“One thing that we’re particularly proud of is these cadets are a very new team,” Carlisle said. “We’ve only been a team formally for one year now, and they’ve gone from nothing to not only beating all the other service academies, but also the graduate schools. And then, totally fatigued from that, they went directly to the national competition. They competed against teams that could have up to two graduate students and still came in second against 10 regional finalists from more than 100 teams across the country.”

The cyber competition team was established in August 2011. In the past, cadets from senior-level classes and the cyber warfare club competed in cyber competitions, but this is the first year the Academy has had a dedicated cyber team, Carlisle said.

“They’ve made amazing progress over the last year and we’re really proud of what they’re going to do to defend our nation and the Air Force in the future using the skills they’ve learned,” Carlisle said.

The skills they learn are numerous. During the competitions, teams are assessed on their ability to maintain network services while detecting and responding to network intrusions and compromises. They are also graded on their ability to maintain an exchange server, ftp server, Web server and domain controller. They also must submit timely and accurate incident reports as they detect red cell activity.

The cadets will take the skills they develop in the cyber program to their careers in the Air Force.

“When I first got to the Academy, I wanted to fly,” Keefer said. “But then I took the basic cyber course and attended my first competition, and I’ve been hooked ever since. There are so many challenges in the cyber field.”

Carlisle expressed his pride in the cadets’ accomplishments and his belief in the merits of the program.

“One of the exciting things about the cyber team is that their efforts will matter in the defense of the nation,” he said. “These people are learning skills that are going to be essential to the defense of the nation.”

The Academy team competed for the trophy and bragging rights against competitors from the U.S. Naval Academy, U.S. Coast Guard Academy and U.S. Military Academy. Teams from the Royal Military College of Canada and Air Force Institute of Technology also competed, but weren’t eligible for the trophy.

The final scores of the Cyber Defense Exercise were:

U.S. Air Force Academy – 71.78

Air Force Institute of Technology (1)* – 71.65

Air Force Institute of Technology (2)* – 65.80

Royal Military College (Canada)* – 64.08

U.S. Military Academy – 64.04

U.S. Naval Academy – 56.71

U.S. Coast Guard Academy – 48.91

 

* Post-graduate teams were not eligible for the Cyber Defense Exercise championship.

 

Privacy advocates vow to continue CISPA fight

Attention turns to Senate after House passes bill despite threat of Obama veto

Jaikumar Vijayan

April 27, 2012 (Computerworld)

The battle over the Cyber Intelligence Sharing and Protection Act (CISPA) is certain to heat up over the next few weeks, as the U.S. Senate begins debate on its versions of the controversial cybersecurity legislation.

The U.S. House Thursday passed its CISPA bill in the face of a White House veto threat.

Privacy advocates and civil rights groups, which bitterly opposed the bill passed by the House, promised today to intensify their protests as the debate moves on to the Senate.

The opponents of the legislation contend that, despite late changes to the bill, it would undermine fundamental privacy protections granted to Internet users under multiple statutes, including the Federal Wiretap Act and the Electronic Communications Privacy.

Meanwhile, the scores of high technology companies and trade associations that support CISPA argue that the measure is a vital part of an effort to improve cybersecurity at a time when U.S. business, government and critical infrastructure networks face unprecedented hacker attacks.

The House version passed yesterday was introduced last November by Reps. Mike J. Rogers (R-Mich.) and Rep. C.A. Dutch Ruppersberger (D-Md.), by a vote of 248 to 168.

The bill aims to make it easier for Internet Service Provides and Internet companies to collect and share cyber threat information gleaned from their networks with federal agencies like the U.S National Security Agency.

Critics charge that the bill remains vaguely worded and would allow government agencies unprecedented access to business and private Internet communications.

The critics say the legislation would give ISPs and other Internet companies too much leeway to collect and share all kinds of user data with the government. And, they add, government agencies could use the data They say it will let federal agencies use the data for national security and other law enforcement purposes as well as to blunt cyber thieves.

The bill’s backers did add late amendments to the original bill in an effort to address privacy concerns. For instance, the amendments add restrictions limiting the kind of data that can be collected and shared, and on how that data can be used.

In a statement after yesterday’s vote, Rogers said the amended bill provides the federal government with the authority it needs to share cyber threat information with the private sector.

The bill “knocks down barriers to cyber threat information sharing” while ensuring privacy protections for Internet users, Rogers said. “We can’t stand by and do nothing as U.S. companies are hemorrhaging from the cyber looting coming from nation states like China and Russia.”

Rogers is chairman of the powerful House Intelligence Committee.

But groups such as the Electronic Frontier Foundation (EFF), Center for Democracy and Technology (CDT) and the American Civil Liberties Union said that CISPA remains a dangerous threat to online privacy even with the amendments.

The EFF condemned Thursday’s vote in the House and vowed to continue its fight against in the Senate.

“Hundreds of thousands of Internet users spoke out against this bill, and their numbers will only grow as we move this debate to the Senate,” said Lee Tien, EFF’s senior staff attorney, in a statement. Tien added that EFF will continue opposing the bill in an effort to ensure that “Congress does not sacrifice those rights in a rush to pass vaguely-worded cybersecurity bills.”

The CDT, meanwhile, is “extremely disappointed” by CISPA’s passage in the House, said Mark Stanley, the public policy organization’s new media manager. “We think it is a seriously flawed piece of legislation and we think the process by which it was passed is flawed,” he said.

The CDTs biggest concern is that the legislation would allow private companies to share Internet communications data with the NSA without judicial oversight. The fact the data can be used for a broad range of national security purposes is disconcerting Stanley added.

Following the House vote, the focus of backers and opponents quickly shifted to two cybersecurity bills being considered by the Senate.

The Cybersecurity Act of 2012, is sponsored by Sen. Joseph Lieberman (I-CT), and the Secure IT act is sponsored by Sen. John McCain (R-AZ).

Both bills have problems said Jerry Brito, director of the Technology Policy Program at the Mercatus Center at George Mason University.

The McCain bill is closer to CISPA in language and intent than Lieberman’s, which would put the United States Department of Homeland Security in charge of overseeing cybersecurity.

Like CISPA, the Secure IT act would allow private companies to collect and share a broad range of Internet user information with the NSA and several federal agencies, under the premise of cybersecurity, Brito said.

Rather than tweaking existing statutes to make information sharing easier, Secure IT, like CISPA, proposes fundamentally new rules. “It takes a scythe rather than a scalpel to privacy laws,” Brito said.

Lieberman’s proposal would put the United States Department of Homeland Security in charge of regulating critical infrastructure protections, he said. “I’ve not seen the case yet where the government needs to come in and tell private network operators how to secure their networks,” Brito said.

Of the two bills, Lieberman’s proposal looks the one more likely to be debated in the Senate, Brito predicted.

If and when a Senate passes a bill, it will then need to be reconciled with the House version before it lands on the President’s desk. The White House on Wednesday threatened to veto the CISPA legislation in the form passed by the House.

 

 



From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: