Skip to content

June 30 2012

July 2, 2012




Persistent Surveillance shows region’s potential

McNutt’s companies lead the way in aviation, technology.

By Thomas Gnau, Staff Writer

Updated 6:52 PM Saturday, June 23, 2012

BEAVERCREEK TWP., GREENE COUNTY — Ross McNutt is a busy man. McNutt manages three companies, and he is working to give what was the Wright Aero Club — now called the “Mac Air Aero Club LLC” — a new beginning at the Greene County-Lewis A. Jackson Regional Airport, which is managed by one of his companies, Mac Air.

The Aero Club, located at Wright-Patterson Air Force Base, was closed because it was losing money.

Another of McNutt’s companies, Persistent Surveillance Systems, builds air- and ground-based camera systems that have helped police departments in the U.S. and Mexico solve 34 murders, investigations that McNutt says have led to 75 confessions to crimes. “We’ve actually witnessed people kill multiple times,” McNutt said.

The camera systems do more than help police solve crimes, though. They have assisted NASCAR officials with spectator traffic flow. They gave those responding to floods in Iowa crucial information from above. They helped with security in 2008 when then-presidential candidate John McCain introduced Sarah Palin, his vice presidential pick, to crowds at the Ervin J. Nutter Center in Fairborn.

Mounted on airplanes flying at about 10,000 feet, Persistent Surveillance camera systems offer a sensitivity 10 times greater than that of IMAX cameras (8.84 million pixels), said McNutt, a retired Air Force lieutenant colonel. While the cameras can’t discern an individual’s facial features, they can follow suspects and their vehicles — but only when directed by police, he said.

From above, the cameras can monitor from 2.5 square miles up to 25 square miles for less than the cost of operating a police helicopter, McNutt says.

“We only look where reported crimes are,” he said.

When Larrell Walters, head of the University of Dayton’s Institute for the Development and Commercialization of Advanced Sensor Technology (IDCAST), hosted Rebecca Blank, then U.S. acting deputy commerce secretary, in a January visit to Dayton’s Tech Town business park, he had McNutt demonstrate his technology for Blank.

Blank came away saying, “There’s no better place than Tech Town in Dayton.”

Walters said Persistent Surveillance Systems is “exactly the kind of company” IDCAST was meant to nurture, and he credited McNutt, 47, with understanding that high-technology firms need to do more than get the basic science right. They need to have the right product.

“He has a great combination of technology and practicality,” Walters said of McNutt.

Walters remembered when Persistent Surveillance started four years ago with three employees. Today, McNutt has about 35 employees. Walters credits McNutt with “leaving no stone unturned.”

“I see Ross as a great entrepreneur,” Walters said. “He’s the kind of person Ohio needs more of.”

A licensed pilot, McNutt said he ran a pizza restaurant in Alabama simply to learn the ropes of business management. But he also worked at the Pentagon on reducing the time it took to modify and field new weapons systems. Taking a product or weapon from idea stage to a $45 million Air Force program was rewarding, he said.

Today, his company is in talks with “a number” of police departments to provide full-time surveillance service. “It’s a question of customers making decisions and putting us on contract.”

His three companies — Persistent Surveillance, Mac Air and a rapid prototype development company — brought in $3 million in total revenue last year. This year, he hopes to reach $10 million.

Based today in the Russ Engineering Center business park, he’s content in the Dayton area, which he calls “affordable.”

“I’ve put together a good team of folks in the local area who do what they do,” McNutt said.

Contact this reporter at (937) 225-2390 or

Find this article at:–1395469.html


From Rust Belt to Drone Belt


Ellen Ruppel Shell | Jun 20, 2012

Out of the ashes of automotive manufacturing, Dayton, Ohio, is hoping to “re-skill” its workforce with continuing technical education.


Every company, municipality, and government agency in America would be lucky indeed to have an Adam Murka on its payroll. Adam has the memory of a savant, the work ethic of a dairy farmer, and the can-do attitude of a young man who has never experienced disappointment or despair.

Except that he has.

Adam, who is 28, lives and works in the town where he grew up: Dayton, Ohio. Last week he took me on a tour of the place, a city for which he harbors enormous hope. We saw the Oregon District, with its chic shops and coffee shops and excellent taverns. We drove past the sweeping campuses of several universities. And then we drove to Moraine to see the General Motors assembly plant.

The plant was made famous by the HBO documentary “The Last Truck.” The film follows the months and weeks leading to the last day the GM plant operated, but Adam didn’t have to watch that show on cable. He witnessed it first hand. His aunts, uncles and step-father all spent most of their working lives at the plant, as did most of the parents of Adam’s childhood friends. Those adults who didn’t work at GM were likely as not down the street at Delphi, making parts for GM. Both factories are closed and empty now, hulking behemoths the size of ghost towns. Adam told me that the people of Dayton rallied to keep out the vultures — scrap dealers with plans to dismantle the buildings and their contents and sell it all off by the ton. The rally was successful so the carcasses remain, picked over and lifeless, a harsh reminder that high-paying union jobs are largely a thing of the past in Dayton.

Adam sees the upside to all this. Less than a decade ago, General Motors was Ohio’s largest employers, with 26,000 jobs. Today no single manufacturer can begin to make that claim. The economy modernized and diversified, with 32 companies, foundations and universities that have 9,000 workers or more.

Adam thinks diversification is key to turning the city around, and he’s working hard — very hard — to be part of that solution. He doesn’t much truck in lofty rhetoric. He cut his teeth in politics, working on the staff of Republican Congressman Mike Turner in Washington, D.C. But when politics started to lose its allure, he decided to come back home. Today he’s director of communications at Sinclair Community College, a remarkable institution sprawled across fifty grassy acres about a ten-minute drive from Moraine. It’s there, Adam believes, where Dayton’s future lies.

Sinclair has things you’d expect in a community college, like courses in dietetics and emergency response and criminal justice and hotel management and nursing. And it also has things you wouldn’t expect, like Unmanned Aerial Vehicles 101. The college is betting that UAVs — commonly called “drones” — will be in growing demand not just for military applications, but for disaster response (think fires and floods) and agricultural surveying. Adam took me to the Sinclair UAV lab and handed me one of two UAV’s the college had purchased. It was pitch black, the size (though not the shape) of a coffee table, light in the hand and with the look and feel of a toy. Sinclair has invested heavily in every aspect of UAV operations — from operating flight simulators to getting federal clearance to actually fly the things in airspace above an airport in nearby Springfield. “For every drone that goes up you need a dozen analysts on the ground to handle the data,” Adam told me. “That’s a lot of good jobs.” Not as many as GM and Delphi provided, mind you, but at least, he said, a start.

Adam introduced me to Sinclair’s President, Steven Johnson. Johnson, a farmer’s son, has degrees in marketing and a Ph.D in education administration. He’s seen a lot of things in his life, lived a lot of places, and worked a lot of jobs. Like Adam he doesn’t have much faith in private unions, especially unions like the UAW that, he said, put the needs of its membership ahead of the needs of the community. Nor, he made clear, did he have much patience for people who insisted that college be purely “academic.”

“We’re not Sarah Lawrence, not Wellesley,” he said. “We’re trying to help people get enough education to make something of themselves, people who are financially limited, academically limited, logistically limited.”

Johnson explained that the UAV training program is part of his plan not only to prepare students for 21st-century jobs, but to promote a new educational model. “For most of us, college is one of the few things you do only once — you go when you’re 18, stay until you’re 22, and never go back,” he said. “That model doesn’t work for everyone. Sinclair is a place you can come back to for the rest of your life — to refresh, retrain. You’ve heard of ‘just-in-time’ manufacturing? This is ‘just in time’ education.”

Apparently the good people of the larger Dayton region agree: Johnson told me that 550,000 people — fully half of county residents — have taken at least one course at Sinclair. During last year’s graduation ceremonies, a man stood up and claimed he’d spent 32 years getting his associate’s degree, course by course — and he said it with pride.

While visiting Sinclair, I met a number of students. Some had lost their high-paying jobs and were retraining for new ones. Others were just starting out, but seemed to have already adopted Johnson’s philosophy — they were dipping into college to pick up skills for the next job, anticipating that they’d probably return to “re-skill” in the future. They have reason for optimism: a couple of months ago, Moody’s Investor Services upgraded Ohio’s outlook from negative to stable, and a recent report predicts the unemployment rate — already below the national average — will continue to decline. Of course, the 300,000 well-paying manufacturing jobs are not coming back, nor, it seems, are a lot of well-paying jobs of any variety. The state’s largest employer these days is Walmart — with an astonishing 50,000 workers, most of them low-paid.

Still, Adam is hopeful that Dayton will continue to rise from its recent setbacks, and that Sinclair will be part of the solution. But he is less certain that GM will play a major role. Pulling away from the assembly plant’s hulking remains, he recalled many a long afternoon spent on these grounds as a child, waiting with his friends for dads and moms and uncles and aunts to finish up their shifts. “It’s hard to believe a guy my age would be looking at a place like this and talking about the good old days,” he said, looking hard ahead. “What I’m trying to do now is everything I can to make sure what happened here never, never happens again.”


U.S. Military Hunts for Safe Smartphones for Soldiers


June 22, 2012, 2:39 pm


The military has long needed computers that are tough enough on the outside to withstand the rough and tumble of the battlefield. Now, with the proliferation of smartphones and tablets in the hands of soldiers, those devices also have to be strong on the inside. They are loaded with contacts, location information and all kinds of military-grade applications, so it can be deadly for a soldier to lose a mobile device or have its data leak out unwittingly.

The Defense Advanced Research Projects Agency, or Darpa, has now assigned Invincea, a company based in Fairfax, Va., to fortify Android-based phones and tablets so they are safe in soldiers’ hands. The $21 million grant to the company is a window into how pervasive networked technologies have become in the military – and the market that has opened up to secure them.

Part of the problem, said Anup Ghosh, a professor at George Mason University and the founder of Invincea, is that soldiers often want to use their mobile devices to communicate with families back home, and to entertain themselves when they can. And so military applications sit side by side with games, social networking apps and other distractions.

The risks can be unexpected. Soldiers playing games on an Army base in Helmand Province, Afghanistan, can easily and unknowingly transmit the names of their friends. A piece of malware can penetrate the operating system and suck out location information.

At the same time, mobile devices are beginning to change the work and lives of soldiers as they have for everyone else, as the Department of Defense acknowledged in a strategy paper earlier this month.

“Through faster access to information and computing power from any location, field units can maneuver unfamiliar environments with real time mapping and data overlay capabilities; soldiers can identify friendly forces; engineers can take pictures of mechanical parts for immediate identification and replacement ordering; and military health care providers can diagnose injuries and remotely access lab results while away from hospital premises,” the department’s chief information officer, Teresa Takai, wrote.

The strategy paper called for “a wireless security architecture that mitigates the risk of mobile device exploitation while leveraging new and emerging technical capabilities.”

Invincea’s first project for Darpa was to protect soldiers’ smartphones from loss and theft. It developed software that encrypts files in the operating system and fills up the memory of a lost device with random, useless data; on a standard phone, wiping your data can still leave behind enormous amounts of information.

That software is already being used by more than 3,000 soldiers stationed in Afghanistan.

Its next project is to make sure that malware doesn’t get in through an application, and that sensitive data does not get out. It is working on creating a virtual environment in which applications can run. In other words, it is trying to trick an ordinary application — Facebook or Words With Friends — into thinking that it is running in the phone’s operating system, when it is actually sequestered in a separate virtual environment. The application, in that way, can be prohibited from gaining access to certain information: the phone’s location, for instance, or the contacts that it contains.

It can also be kept from gaining root privileges to the phone’s operating system and taking over the device. That is especially important these days, as tools of war are also contained in those same devices, including applications that identify enemy and friendly forces.

“By separating untrusted apps and content we are preventing the compromise of the operating system,” Mr. Ghosh said.


June 22, 2012 – 10:50 p.m.

Sequestration Nervousness Grows

By Frank Oliveri, CQ Staff


Defense hawks on and off Capitol Hill are growing increasingly anxious about the prospect of the budget sequester, particularly with the absence of concrete efforts to delay or avert it.

There has been a broad assumption in Washington for months that lawmakers will end up deferring the question of sequester until sometime next year, when the next Congress is in place.

“I guess we’ll straighten that out in November,” House Armed Services Chairman Howard P. “Buck” McKeon, R-Calif., said last week.

But with no clear path to any agreement, lawmakers, defense contractors and industry at large are growing unnerved by the increasing possibility that a sequester may indeed take place.

The heightened level of alarm played out on the Senate floor last week on the farm bill (S 3240).

Republicans demanded a vote on an amendment by John McCain of Arizona, ranking Republican on the Armed Services Committee, to require the Pentagon to issue a detailed report on how the sequester would affect national security. Democrats countered with an amendment by Patty Murray of Washington demanding a report on both the non-defense and defense effects of sequester.

What looked like a run-of-the-mill partisan dispute ended up in something more unusual these days: a bipartisan compromise. By voice vote, the chamber agreed to require the military, the Office of Management and Budget (OMB) and the president to report on the effects of sequester on defense and domestic programs, with short deadlines so lawmakers would have time to consider the implications.

The result reflected both the deep uncertainties over what the sequester — mandated by the bipartisan deficit reduction law (PL 112-25) — would look like, and a sense that new urgency is needed to get lawmakers to the negotiating table.

“We’ve got to create a greater incentive, especially for the leadership in Congress, to actually come to the table,” Rep. J. Randy Forbes, R-Va., told a defense conference last week.

Much Work, Little Time

With pre-election paralysis already setting in, any deal-making is likely to be delayed until the small window of time after the election in November and before Jan. 2, 2013, when the sequester is scheduled to take effect. But there is a growing pileup of subjects that will demand lawmakers’ attention at the end of the year — tax cut extensions and the debt limit, not to mention the fiscal 2013 spending bills.

And there is a growing recognition that the effects of a sequester will start kicking in well before January. Government agencies, for example, are likely to begin throttling back their spending on Oct. 1, the beginning of the new fiscal year, in anticipation of a possible sequester.

The first signs might be proposed layoffs expected to be announced in late summer or early fall, defense policy lawmakers said. The 1988 Worker Adjustment and Retraining Notification Act (PL 100-379) requires 60 days’ notice before mass layoffs.

The defense industry is warning that sequester could lead to a million layoffs at production plants across the nation.

The National Association of Manufacturers released a report last week supporting that analysis. “This report makes it clear that these cuts will punish the businesses that create the cutting-edge products keeping us safe at home and abroad, creating a negative effect on the supply chain between large and small manufacturers,” warned association CEO Jay Timmons. “Congress needs to make the tough decisions on spending to address our debt crisis, but these decisions cannot be made at the expense of our economic and national security.”

Defense Secretary Leon E. Panetta criticized Congress last week for its partisanship.

“I’m always asked in the Congress, ‘Well, have you looked at sequester and tried to plan for it?’ I’ve said, ‘I can’t plan for something that was designed to be crazy,'” Panetta said at an awards dinner last week. “The sequester was designed to be nuts so that it would force the Congress to act to do the right thing.”

He added that lawmakers have privately told him they expect the sequester to be postponed until after the election. “Delay is failure,” Panetta added.

Still, there are a few glimmers of new flexibility on the part of lawmakers when it comes to some kind of grand deal on averting a sequester.

Carl Levin, D-Mich., chairman of the Senate Armed Services Committee, and his House Democratic counterpart, Adam Smith of Washington, last week both backed the notion of offering $100 billion in further defense cuts over 10 years, rather than the $500 billion to be taken by sequester.

That idea was rejected out of hand by McKeon, who argues that the $490 billion already cut from future defense spending is enough. But other Republicans may be more amenable.

A growing number in the GOP is also signaling new openness to the possibility of raising revenue.

McCain suggested last week there may be ways to raise revenue without violating the GOP’s pledge not to raise taxes. “A lot of these are in the eye of the beholder,” he told a defense conference last week. “So whether they’re tax increases or whether they’re subsidies, a lot of us have been trying to get rid of them for 20 years.”

Little Information

Another part of Congress’ dysfunction, McCain said, is the dearth of information from the administration on the effects of sequester and how it would be implemented.

Defense industry executives are clamoring for details about how it would occur. OMB, however, has not been forthcoming. The office’s recent confirmation that war spending would be subject to a sequester was an aberration from a pattern of not commenting about how it would unfold.

In a sign of the defense industry’s concern, senior executives met June 13 with the acting OMB director, Jeff Zients, to get more information, but sources said no additional guidance was provided. Visiting the administration’s budget director that day were Marion C. Blakey, CEO and president of the Aerospace Industries Association, and three chiefs of major defense corporations: Robert J. Stevens of Lockheed Martin Corp., Wes Bush of Northrop Grumman and David P. Hess of Pratt & Whitney.

McKeon said last week he had invited Zients to appear before his Armed Services panel to address concerns about the sequester’s implementation, but his overtures were rejected.

Top military officials have said little planning is required to implement a sequester. McKeon was unconvinced.

“Do I believe the people in the Pentagon that tell us that they are not planning? Well, that is kind of a dilemma, isn’t it?” McKeon said last week. “It would be nice to assume they always tell us the truth, but it is hard for me to believe the military people I know would just sit on their hands and not plan for this. It is too big a deal.”

He said it was overly simplistic for Deputy Defense Secretary Ashton B. Carter to say the military didn’t have to plan for sequester.

“I hope they were just kind of telling us a little fib, and they really are doing some thinking and some planning,” he said.

John M. Donnelly, Tim Starks and Emily Cadei contributed to this story.


How useful is antivirus software?

By Michael Horowitz

Published on Computerworld Blogs (

Created Jun 23 2012 – 6:56pm

It goes without saying that antivirus software can’t catch everything. But, does it catch 10% or 90% of the malware targeted at Windows users?

In a recent user group presentation, malware expert David Perry [1], of Comodo, said there are between 200,000 and 300,000 new viruses discovered every day (here “virus” is a generic term encompassing dozens of types of malware). They are built from kits and most circulate in the wild for a very short time, perhaps only a day. In other words, by the time they are detected, they’re often out of circulation.

Typical reviews of antivirus software use small samples so their usefulness is questionable. For example, at PC Magazine, Neil J. Rubenking tests with [2] ” … a dozen or more virtual machine test systems, each one pre-loaded with three or four malware samples.” Somewhere in the vicinity of 60 samples doesn’t seem like much to judge with.

Statistics published by Brian Krebs [3], indicate that antivirus software detects about 25% of the most popular malware currently being emailed to people.

The data comes from “computer forensics and security management students at the University of Alabama at Birmingham”. They profiled the most popular email-based malware attacks in the last month and, most interestingly, how well the 42 or so antivirus programs employed by VirusTotal [4] did at detecting the malware. Krebs published the data as a PDF [5] (recommended for the live links) and as an image [6].

The initial detection of the “password stealing and remote control Trojans” was not encouraging. Krebs wrote:

The average detection rate for these samples was 24.47 percent, while the median detection rate was just 19 percent. This means that if you click a malicious link or open an attachment in one of these emails, there is less than a one-in-five chance your antivirus software will detect it as bad.

So, the answer to how effective antivirus software is currently, seems to be around 25%.

In fairness, this is an average across all the products at VirusTotal and some poor performers bring it down. Still, in the last month alone two new malware samples were undetected by all 42 virus scanners and many were detected by only a handful of products.

In reviewing the figures, I noticed that the number of days between the first report of a malware sample to VirusTotal and the last one is often only a few days, enforcing Perry’s observation about the extremely short lifespan of Windows malware.



What to do?

This list of Defensive Computing
[7] steps is long. Brutally, depressingly long.

That said, perhaps the two most important things a Windows user can do are rarely, if ever, cited in stories about malware. I attribute this to the way stories come into being: reporters get their information from companies with a self-interest. Being a nerd rather than a reporter, I instead suggest two things that are each free; things from which only you profit.


1. Run as a restricted Windows user.

The concept is simple, restricted users are walled off from the guts of the operating system. For example, they can’t insert/update/delete anything in the C:\Windows folder. Put another way, the operating system tries to defend itself when a restricted user is logged on. Malware may run once, but it should be prevented from permanently installing itself.

“Restricted” is the concept. In Windows XP the term Microsoft uses is “limited.” In Windows 7, restricted users are referred to as “standard.” Sadly, Administrators are the de-facto standard, and the default, type of user on Windows machines.

My scheme is to create two Windows users, for example MichaelAdmin and MichaelRestricted. I logon as MichaelRestricted normally and only logon as MichaelAdmin when necessary.

In Windows XP it was much more necessary than in Windows 7. In the last year or so, using Windows 7 daily, I don’t think I needed to logon as the administrator once. Both users share the same password.

This is not a perfect defense against malware, nothing is. But you are much safer running as a restricted user. The same goes for OS X and Linux, by the way.


2. Always be skeptical.

If you are using an iPad and the Bank of America app says it needs to updated, you can be pretty sure that’s true. But on a Windows machine, when a window pops up claiming that an update is needed to Flash, it’s just as likely to be a scam as the real thing. Windows users are lied to all the time and they need to always keep that in the back of their mind.

Email users are also lied to all the time, a problem not restricted to Windows. Anyone using email, even on a tablet or smartphone, needs to always be conscious of the fact that it is trivially simple to forge the FROM address of an email message.

That email from UPS about a package that couldn’t be delivered most likely did not come from UPS. I personally have gotten a handful of emails claiming to be from my cellphone provider reporting that this months phone bill is $1,200 rather than the usual $70. They look exactly like the real thing (it’s not hard to do) but are a ruse to send victims to a malicious website.



So many defensive steps are required of Windows users, that the safe assumption is no one does them all. Working from this assumption, I suggest never doing financial transactions on a Windows computer.

Anyone who doesn’t think their computer is infected, should consider another warning from Perry: malware is frequently invisible and silent. Think Stuxnet and Flame.

Some alternatives to Windows are

  • Boot a Windows computer to Linux running off a USB flash drive. Yes, CDs are safer but they are soooooo slow.
  • Use a Chromebook
    [8], which runs a hardened version of Linux that automatically self-updates.
  • Use an iPad/iPhone app from your financial institution. Just be careful which Wi-Fi networks you connect to.

David Perry won’t do online banking on any computing device. And, unlike reporters that offer safety suggestions, he is a world class expert on malware.

Source URL:





U.S. Industry Finds Little Information on Sequestration Plans

Defense News

Jun. 25, 2012 – 10:05AM |



A small group of top U.S. defense executives, while privy to information on the nation’s most secretive programs, were told by White House representatives at a June 13 meeting that they wouldn’t be getting any special details on the plans for the automatic budget cuts known as sequestration, sources familiar with the conversation said.


The unpublicized meeting, requested by Aerospace Industries Association President Marion Blakey, who was joined by Lockheed Martin CEO Bob Stevens, Northrop Grumman CEO Wes Bush and Pratt & Whitney CEO David Hess, was cordial in tone, but left the executives with no greater insight into how the budget cuts would be carried out. The executives met with representatives of the Office of Management and Budget (OMB) to voice concerns about the lack of information on how sequestration would work and to request that further details be made available soon.

“OMB said, ‘We don’t have any real specifics now and we don’t expect to have any real specifics until after the election,'” an industry source said.

Last week, Blakey and Stevens publicly vocalized the need for information on how the cuts would be implemented if they take effect as planned Jan. 2 so industry can adjust its workforce, which could include thousands if not hundreds of thousands of layoffs, Blakey has warned.

The meeting included the presentation of information about lagging hiring numbers that Blakey attributed to contractors uncertain of the future defense picture, sources said. Blakey also presented the OMB representatives with details on the need to notify employees of potential layoffs within 60 to 90 days, depending on the state, in advance of sequestration to comply with the Worker Adjustment and Retraining Notification (WARN) Act, as well as concerns about the need to modify contracts under equitable adjustment clauses.

“It was very cordial,” an industry source said. “It was very amenable. They appreciated the information. And they said they didn’t have any further information on how sequestration would be implemented.”

Boeing Defense’s Dennis Muilenburg was invited but canceled due to an “unavoidable scheduling conflict,” a Boeing spokesman said.

Executives have been emphasizing the legal requirement to inform employees of potential layoffs, part of the WARN Act, as possibly forcing layoff notifications to be delivered on Nov. 1, right before the presidential election. Experts said the companies would likely notify far more employees than they would actually fire to retain flexibility on layoffs.

“Industry is indicating that absent guidance, that they feel they need to warn their entire organizations because they don’t know yet how the cuts will come,” said Brett Lambert, the Department of Defense’s industrial base policy chief.

Lawmakers are also putting pressure on the Obama administration to start planning for sequestration. In its farm bill, the Senate included an amendment that would force the administration to tell Congress this summer how sequestration would be implemented.

It also calls on OMB to release a report within 30 days of the law’s passage, and the president to release a report within 60 days on the impact of sequestration across defense and nondefense spending.


Lawmakers are expected to attach similar amendments to legislation that may move through the congressional system faster than the farm bill, including a federal flood insurance bill, which the Senate is scheduled to begin debating June 25.


Gordon Adams, who oversaw national security budgets at OMB under President Bill Clinton, said this push for information is nothing more than politics.


“Every single thing that happens in this town this year is about the election,” Adams said.

Kate Brannen and Marcus Weisgerber contributed to this report.



Cyber Security Debate Pits Corporate Interests Against National Security


Ken Silverstein, Contributor

6/25/2012 @ 9:45PM

National security is running headfirst into corporate and privacy interests. It is centering on two competing versions of cyber security legislation, which would either give government more power to regulate private, but vital, networks or which would make any new rules voluntary.

The networks in question are integral to the U.S. economy and are owned by private utilities and telecom operators. But if they are destroyed and cause massive upheaval, then the country’s welfare is at stake. Business groups say that it is already in their interest to buck up whereas both the Obama and Bush administrations say that more is necessary and that national security is the foremost concern.

“We are being bled of our intellectual property everyday and would-be enemies probe the weaknesses in our most critical national assets — waiting until the time is right to cripple our economy or attack a city’s electric grid with the touch of a key,” says Senator Joe Lieberman, I-Conn., co-sponsor of one of the bills.

After collectively identifying the precise systems that are at high risk, the U.S. Department of Homeland Security would then work with that “narrow slice” of the private sector that must join in the battle, Lieberman adds.

For example, let’s say that Pepco, the electric company serving the Washington, DC, metro area, had “critical” systems covered by the bill: Only systems directly involved in the generation or distribution of electricity would need to conform to the increased security standards, the senator notes. But Pepco’s other systems, like human resources or customer service, would not be asked to do anything new.

The White House, generally, supports that bill — one that its sponsors argue narrowly defines “critical infrastructure”: That would be any national asset that is brought down or destroyed and that would lead to mass casualties, mass evacuations or financial collapse. Those affected would have to make the needed investments to ensure their assets are “insulated” from attack.

Obama’s team, in fact, simulated for members of Congress the overall impact that a successful cyber attack would have on New York City. It would be lights out, affecting an entire city population in much the same way as the 2003 Blackout that swept the East Coast and parts of Canada.

According to the General Accountability Office, the nation’s wires infrastructure is comprised of $1 trillion in assets that entail 200,000 miles of transmission lines. Altogether, over 800,000 megawatts of power serve more than 300 million people. Because the system is now connected to the outside world, it is open to attack.

Consider the smart grid that allows utilities and customers to communicate with each other: A nemesis can manipulate the data and disrupt the network — just as a number of smaller but potent viruses have already done. The big one, of course, has been Stuxnet that this government used in coordination with that of Israel and that was intended to diminish the Iranian nuclear program.


The U.S. government using those worms and viruses to hurt its adversaries is one thing. But criminals using them to extort money from businesses such as utilities are another. National enemies going after the whole society here is a completely other scenario.

Even though the threats are real and present, only a small percentage of the energy firms are adopting security technologies, says software firm McAfee. Here, utilities are spending time and money addressing weaknesses, and one way is by applying “patches” to fix specific vulnerabilities. But hackers are always seeking new voids and oftentimes, companies are too busy with other security concerns.

In any event, utilities once had disparate assets that could not talk to each other, but today they are highly digitized with devices that are interwoven, allowing infections to spread. One devious method reported recently is finding the so-called digital back door that is meant to give manufacturers a marketing edge but that can also be exploited by corporate or national enemies.

A subsidiary of energy vendor Siemens AG has been criticized for selling that kind of equipment to support industrial control systems. Among those that have made purchases are Boeing and Lockheed Martin in the defense sector and American Electric Power, National Grid and Pepco in the power industry, says a news report by the Christian Science Monitor. The paper is also reporting that the problem can be fixed.

For their part, utilities are already supposed to certify with the Federal Energy Regulatory Commission that they have developed robust systems that can continue to generate and deliver power if attacked. To comply, they are describing their potential risks based on historical accounts.

As with other businesses, utilities are also concerned about overreach. They prefer voluntary efforts, as opposed to those mandated by law, noting that as owners of the assets, they are naturally motivated to secure them.

“The only government actions allowed by our bill are to get information voluntarily from the private sector and to share information back,” says Senator John McCain, who introduced a bill that is now competing with the one pushed by Senator Lieberman. “We have no government monitoring, no government takeover of the Internet, and no government intrusions.”

Cyber attacks are escalating and leaving corporate networks increasingly susceptible. Utilities are getting the message but are emphasizing that they must carefully allocate scarce resources. Those pushing for a more assertive federal role, however, are saying that national security takes precedence. All sides are attempting a reconciliation, although the ultimate invoice coupled with privacy concerns might keep them apart.


A Weapon We Can’t Control



Op-Ed Contributor


June 24, 2012



THE decision by the United States and Israel to develop and then deploy the Stuxnet computer worm against an Iranian nuclear facility late in George W. Bush’s presidency marked a significant and dangerous turning point in the gradual militarization of the Internet. Washington has begun to cross the Rubicon. If it continues, contemporary warfare will change fundamentally as we move into hazardous and uncharted territory.

It is one thing to write viruses and lock them away safely for future use should circumstances dictate it. It is quite another to deploy them in peacetime. Stuxnet has effectively fired the starting gun in a new arms race that is very likely to lead to the spread of similar and still more powerful offensive cyberweaponry across the Internet. Unlike nuclear or chemical weapons, however, countries are developing cyberweapons outside any regulatory framework.

There is no international treaty or agreement restricting the use of cyberweapons, which can do anything from controlling an individual laptop to disrupting an entire country’s critical telecommunications or banking infrastructure. It is in the United States’ interest to push for one before the monster it has unleashed comes home to roost.

Stuxnet was originally deployed with the specific aim of infecting the Natanz uranium enrichment facility in Iran. This required sneaking a memory stick into the plant to introduce the virus to its private and secure “offline” network. But despite Natanz’s isolation, Stuxnet somehow escaped into the cyberwild, eventually affecting hundreds of thousands of systems worldwide.

This is one of the frightening dangers of an uncontrolled arms race in cyberspace; once released, virus developers generally lose control of their inventions, which will inevitably seek out and attack the networks of innocent parties. Moreover, all countries that possess an offensive cyber capability will be tempted to use it now that the first shot has been fired.

Until recent revelations by The New York Times’s David E. Sanger, there was no definitive proof that America was behind Stuxnet. Now computer security experts have found a clear link between its creators and a newly discovered virus called Flame, which transforms infected computers into multipurpose espionage tools and has infected machines across the Middle East.

The United States has long been a commendable leader in combating the spread of malicious computer code, known as malware, that pranksters, criminals, intelligence services and terrorist organizations have been using to further their own ends. But by introducing such pernicious viruses as Stuxnet and Flame, America has severely undermined its moral and political credibility.

Flame circulated on the Web for at least four years and evaded detection by the big antivirus operators like McAfee, Symantec, Kaspersky Labs and F-Secure — companies that are vital to ensuring that law-abiding consumers can go about their business on the Web unmolested by the army of malware writers, who release nasty computer code onto the Internet to steal our money, data, intellectual property or identities. But senior industry figures have now expressed deep worries about the state-sponsored release of the most potent malware ever seen.

During the cold war, countries’ chief assets were missiles with nuclear warheads. Generally their number and location was common knowledge, as was the damage they could inflict and how long it would take them to inflict it.

Advanced cyberwar is different: a country’s assets lie as much in the weaknesses of enemy computer defenses as in the power of the weapons it possesses. So in order to assess one’s own capability, there is a strong temptation to penetrate the enemy’s systems before a conflict erupts. It is no good trying to hit them once hostilities have broken out; they will be prepared and there’s a risk that they already will have infected your systems. Once the logic of cyberwarfare takes hold, it is worryingly pre-emptive and can lead to the uncontrolled spread of malware.


Until now, America has been reluctant to discuss regulation of the Internet with Russia and China. Washington believes any moves toward a treaty might undermine its presumed superiority in the field of cyberweaponry and robotics. And it fears that Moscow and Beijing would exploit a global regulation of military activity on the Web, in order to justify and further strengthen the powerful tools they already use to restrict their citizens’ freedom on the Net. The United States must now consider entering into discussions, anathema though they may be, with the world’s major powers about the rules governing the Internet as a military domain.

Any agreement should regulate only military uses of the Internet and should specifically avoid any clauses that might affect private or commercial use of the Web. Nobody can halt the worldwide rush to create cyberweapons, but a treaty could prevent their deployment in peacetime and allow for a collective response to countries or organizations that violate it.

Technical superiority is not written in stone, and the United States is arguably more dependent on networked computer systems than any other country in the world. Washington must halt the spiral toward an arms race, which, in the long term, it is not guaranteed to win.

Misha Glenny, a visiting professor at the Columbia University School of International and Public Affairs, is the author of “DarkMarket: Cyberthieves, Cybercops and You.”



Microsoft’s Yammer deal may cost too much, come too late


By Byron Acohido, USA TODAY

June 25, 2012


Microsoft’s announcement Monday that it will acquire Yammer, a social network for corporate use, sparked concerns about whether it paid too much, too late.

The $1.2 billion buyout comes as, Oracle, Google and SAP continue expanding business-use social networks integrated into their respective product lines.

Microsoft has been trying futilely for years to popularize social networking within SharePoint, its collaboration server that comes bundled with versions of its Office productivity suite sold to large businesses.

By acquiring Yammer, the software giant is attempting to “fill a gap,” says Wesley Miller, analyst at research firm Directions on Microsoft. Similar to Facebook, Yammer connects users and claims more than 200,000 corporate customers, including Ford, Orbitz Worldwide and 7-Eleven.

“The valuation seems high,” says Miller. “This is Microsoft recognizing a valuable player in the field. The reality is, Yammer has a name, brings a fair amount of users, and offers an experience which SharePoint doesn’t.”

Founded in 2008 by former PayPal executive David Sacks, Yammer made hay by offering a free micro-blogging service that caught on. It can enable the creation of private social networks where employees collaborate on projects.

Yammer will be added as a new Microsoft division and Sacks will stay on as chief executive officer.


“The acquisition of Yammer underscores our commitment to deliver technology that businesses need and people love,” Microsoft CEO Steve Ballmer said in a statement. “Yammer adds a best-in-class enterprise social networking service to Microsoft’s growing portfolio of complementary cloud services.”

Trip Chowdhry, managing director at Global Equities Research, predicts Microsoft Yammer will have a difficult time catching, which has been beefing up its Chatter social network for a couple of years, and Oracle, which is pushing its Social Relationship Management services.

“Microsoft is too late to the social party,” says Chowdhry. “You cannot get into a leadership position by imitating the leaders. This is a non-event for Microsoft and for the industry.”

Even so, Tony Zingale, CEO of business social network supplier Jive, which went public last year, says the buyout validates the notion that social networking is destined to emerge as a must-have business tool.

“Microsoft had to make a rather desperate move to buy a company — that has an extremely narrow offering that’s given away for free — to be able to compete with the likes of someone like Jive,” says Zingale.

Miller notes that back in 2008, Microsoft spent $1.2 billion to acquire FAST Search & Transfer and integrate the search engine into SharePoint. But that upgrade has failed to wow customers, he says.

It remains to be seen whether the Yammer deal will follow suit. “My concern with Yammer is that they may present a more confusing picture in the short term, by broadening Office and SharePoint, ” Miller says.


Building an army of ones and zeros and the troops who know how to wield them


By Aliya Sternstein

June 25, 2012


While the Pentagon is developing cyber arsenals, it is struggling to staff the newly operational Cyber Command and supporting service cyber organizations that will deploy against adversaries overseas.

If current cyber conflicts are any guide, future operations likely will require more than technical know-how — they also could be just as reliant on the physical prowess of covert and clandestine operators capable of inserting computer code into networks at secure facilities. For example, the U.S.-Israeli-engineered Stuxnet computer virus that reportedly seized Iranian nuclear centrifuges was inserted manually through a jump drive, rather than propagated over the Internet from a safe location.

How the Pentagon will find enough brawny brains is a question some observers are raising.

The answer partly lies in the way the Pentagon has chosen to incorporate Cyber Command, which directs cyber-offense operations, into the existing commands worldwide. The military services each has their own cyber units composed of thousands of troops, civilian personnel and contractors. The plan is for cyber specialists serving the Air Force, Army, Marines and Navy to coordinate with Cyber Command headquarters in Maryland on executing operations abroad, according to Gen. Keith Alexander, head of the command.


“Gen. Alexander has said that one of the critical imperatives is to build the capability of our cyber workforce, especially in the service cyber elements, which are essential to the accomplishment of our mission of supporting the combatant commands and national requirements,” Cyber Command spokesman Col. Rivers J. Johnson Jr. told Nextgov.

Even if the Pentagon had enough skilled recruits now, he said, it would not be able to deploy them immediately due to training inconsistencies in the fields of information assurance and ethical hacking.

“A key aspect of this is to train as a joint organization so the standards are the same throughout the command,” Johnson said. “We are pushing on the services to go faster, but there are limits. Since some of the training programs run for 18 months, even if we hired a hundred or a thousand more people today it would still take time to get them operationally ready.”

Ideally, Defense officials say, they would like to see outstanding candidates graduating from diverse institutions, such as the Air Force Institute of Technology at Wright-Patterson Air Force Base in Ohio or the University of Utah, a Pentagon-designated cyber academic center of excellence. “Whether we do our cyber training at one school or at multiple schools, the training will have to be executed to one standard,” Johnson said.

Civilian agencies, the private sector and the Defense Department already are fighting each other to recruit talent from an inadequate pool of cybersecurity professionals, irrespective of their physical qualifications for uniformed military service.

Amassing troops whose fingers are as dexterous as their legs may be difficult, cyberwar analysts say.

Johnson agrees the competition for cyber professionals presents a hurdle, but says the command stands ready to vie for them using, among other incentives, special rewards for newcomers and experienced cyberwarriors alike.

“One of the challenges is finding and holding the people that we need to do this mission. We have to recruit, train and retain a cyber cadre that will give us the ability to operate effectively in cyberspace for the long term,” he said. “Gen. Alexander has indicated that it is going to take time for us to generate the force and he is optimistic that we will get the forces that we need.”

The possible job incentives Alexander has discussed include additional pay, such as the bonuses pilots or nuclear officers receive, as well as opportunities for advanced degrees and education, Johnson said. The Navy can pay as much as $30,000 to sign up new nuclear officers and kick in up to $22,000 extra per year for commissioned nuclear officers. Military aviators can earn a $125 to $840 bonus a month, depending on the number of years they have served.

Some former military members note the Pentagon has successfully resolved similar human resources predicaments before, for example, in launching the Defense Department’s outerspace and Navy cruise missile missions.

“I don’t see any of this as being new,” said Dale Meyerrose, the intelligence community’s former chief information officer. Defense may look to duplicate the structural setup of the Joint Functional Component Command for Space, which, like Cyber Command is part of the U.S. Strategic Command. Headquartered in California, the space command works with a staff of only 240 to protect U.S. satellites, monitor adversaries’ space assets and support geographic combatant commands worldwide. “You know there are only so many space guys to go around,” he said.

What’s novel is the weapon of choice. “The bureaucratic process models are there,” said Meyerrose, who also is a retired Air Force major general and now serves as a private consultant. “You just have to figure out where the variances are from previous patterns that we use.”


Besides, the old stereotype of a skinny computer nerd stuck to a seat is a bit outdated, some former military officials say.

“You’ll find that there are a growing number of military and civilian people who are both physically strong and computer strong – and, in fact, I know some of those people,” said Gen. Harry Raduege, former director of the Defense Information Systems Agency. “And you wouldn’t want to mess with these people on either of these fronts.”

Raduege, currently chairman of the Deloitte Center for Cyber Innovation, added “You can’t even assume that these computer whizzes would be deployed forward.”

Physical strength might not be an issue for computer raids transmitted through networks. In those situations cyber troops could be stationed stateside or at supporting combatant commands and maybe physically disabled as long as they have the requisite mental skills.

“It’s a canard that you’ve got to have somebody who can run two miles in under eight minutes to be a cyberwarrior,” Meyerrose said. “I think that is an old way of thinking.”

The recently discovered Flame spyware likely is being spread to computers throughout the Middle East from afar, according to Kaspersky Lab, which identified the virus.

“You won’t need to have coders. If that’s the case, it’s just a matter of specialized training for a special operations soldier,” said Jeffrey Carr, a cybersecurity consultant and author of Inside Cyber Warfare (O’Reilly Media, 2009). “They don’t need to be a computer engineer.”

Unleashing on-site cyber strikes, however, may take extra preparation. But similar feats have been performed before, Meyerrose said. All planning and targeting for Tomahawk land attack missiles, no matter where in the sea they are deployed and fired, is done from a single location on the East Coast, he said.

Tomahawk loaders, munitions technicians and pilots are forward deployed on Navy vessels, “but the relatively few and highly specialized mission planners and targeteers centrally support all geographic combatant commanders from the continental United States,” Meyerrose said.

And besides, the most physically threatening situations are always left to combat forces, note other former military officers.

“Countering more sophisticated threats is the responsibility of those with more advanced skills such as infantrymen and others,” said retired Maj. Gen. Charles Dunlap, who served as deputy judge advocate general of the Air Force before joining the faculty of Duke University Law School. “The military has something of a division of labor in that the infantryman expects the cyber geek, so to speak, to protect him from cyber threats, while the infantryman himself is responsible for defending his cyber comrades from other more traditional physical threats.”


Google readies $199 Nexus 7 tablet


Long-rumored tablet expected to be unveiled this week at Google I/O conference in San Francisco


By Matt Hamblen

June 25, 2012 10:43 AM ET


Computerworld – Google will launch its own sub-$200 7-in. Nexus tablet at its Google I/O conference in San Francisco this week, according to training documents viewed by Gizmodo Australia.

The report comes in the wake of a slew of rumors, including reports of a Google tablet called Nexus 7 that would run Android Jelly Bean, the next generation of the Android operating system.

Jelly Bean, or Android 4.1, was recently described as a modest upgrade from Android 4.0, also known as Ice Cream Sandwich.

A $199 starting price would put the Nexus 7 in the same category as the Amazon Kindle Fire and Barnes & Noble Nook tablets. Both have the same price tag and feature the same screen size as the expected Google tablet.

The most popular tablet by far, with more than 60% market share, is still Apple’s 9.7-in. iPad, whose latest version starts at $499.

According to Gizmodo Australia, the new device will indeed be called the Nexus 7, and the site reports that the documents it viewed state that the new tablet was built for Google by Asus and that it runs a 1.3GHz quad-core Tegra 3 processor from Nvidia and a GeForce 12-core graphics processor. The device will include 1GB of RAM and either 8GB or 16GB of internal storage.

The Nexus 7 will also have an NFC chip to run Google Wallet and Android Beam, the Android 4.0 tool used to for transfer data between NFC-ready Google phones.

The documents also describe a tablet with a screen resolution of 1280 x 800, a 1.2-megapixel front-facing camera and a nine-hour battery.

Gizmodo Australia puts the 8GB model’s price at $199 in U.S. dollars and the price of the 16GB version at $249. The report says the device will be released in Australia in July, which — based on prior history — could mean that the U.S. release would occur at about the same time or earlier.

Of interest to many Android fans is a comment in the documents stating that Google will handle all updates of Jelly Bean going forward, a policy that might only relate to the Nexus 7, Gizmodo Australia noted.

Updating Android on the many different models of Android-based smartphones has been a recurring problem for both Google and mobile service providers. At the June 2011 Google I/O conference, Google announced the Android Upgrade Alliance of phone manufacturers and carriers. The Alliance was created to help keep upgrades to various Android models on track.



Want to use your own smartphone for work? Think again

Federal Times

Jun. 25, 2012 – 07:31AM |



Agencies are slowly giving feds the green light to use their personal smartphones and tablet computers to get work done.


But that freedom may come at a cost in terms of less control over the device, no reimbursement for phone charges, and restrictions on apps that can be installed.

“The employee has to understand that they are going to lose some of their privacy rights, [and] there will have to be a tradeoff for the convenience of using their personal device,” said Rob Burton, a former federal executive and now partner at the Venable law firm. Burton advises government contractors on their mobile policies.

Before swapping your government-issued BlackBerry for your personal Apple or Android device, read the rules carefully and fully understand what you are agreeing to, Burton urges.

The administration is expected to release governmentwide bring-your-own-device (BYOD) guidelines this summer based on lessons learned from pilot projects at federal agencies. Until then, some agencies are crafting their own.

One of the first to fashion a set of rules is the Equal Employment Opportunity Commission. It requires employees who use their own smart devices for work to agree to have third-party software installed so the agency can manage security settings on the devices and remotely wipe devices clean of government emails and data if they are lost or stolen.

For months, EEOC Chief Information Officer Kimberly Hancher worked with information security staff, lawyers and the employees’ union to draft rules that balance employee privacy and government security.

“The main thing that the union wanted was to make sure that the privacy expectations were put front and center,” Hancher said.

An “expectation of privacy” notice is written in bold on Page 1 of the four-page policy: “EEOC will respect the privacy of your personal device and will only request access to the device by technicians to implement security controls … or to respond to legitimate discovery requests.”

Last week, the agency gave its 468 employees who have agency-issued BlackBerrys a number of choices:

• Voluntarily return your BlackBerry and bring your own Android, Apple or BlackBerry smartphone or tablet to work.


• Return your BlackBerry and get a government-issued cellphone with voice features only.


• Keep your BlackBerry with the understanding that EEOC does not have replacement devices.


“I gave up my BlackBerry,” Hancher said. “I use an Android.”

The pilot is set to run through September or longer, depending on EEOC’s comfort level that all policy issues have been worked out. Hancher expects there will be some tweaks to the policy as the pilot evolves.

Hancher’s information technology staff is meeting with employees to help each decide which device or devices to use and what the effects will be.

She projects between 10 percent and 30 percent of BlackBerry users will opt for the bring-your-own-device program.


Initially, EEOC’s BYOD program will focus on providing employees with access to their work email, calendars, contacts and tasks. With the mobile device management software, workers can read and write emails without Internet connectivity, but they cannot send or receive them until an Internet connection is restored. Senior executives who own Apple iPads will have access to the agency’s internal systems through a virtual private network.

The policy will require employees to foot the bill for all voice and data usage, including that for work purposes. That may prompt some to hold on to their BlackBerrys.

For EEOC’s younger employees, their personal devices are an extension of their personalities, Hancher said. For seasoned workers, their personal device allows them to do administrative work from the comfort of their living rooms.

“While I’m not advocating working 24 by 7, it is just more comfortable to sit and do timecard approvals on a Friday night instead of prime time when people need to put their attention on more complex and business-oriented issues,” Hancher said.

But many wonder whether the move toward mobility will make it even harder for feds to draw a line between their personal lives and work.

“If you’re off duty and you’re at the beach … I think it’s clear there is no expectation that you will respond” to emails, said Nuclear Regulatory Commission CIO Darren Ash. He plans to address the topic in his agency’s upcoming BYOD policy this summer.

Similar to EEOC’s program, NRC’s bring-your-own-device program will be voluntary and employees will not be required to relinquish their BlackBerrys. Initially, only personal devices that meet National Institute of Standards and Technology encryption standards will be eligible for use.

“We have to manage [employee] expectations, [and] you want a policy that stands the test of time,” said Ash, who is working with his chief financial officer, general counsel, union representatives and others to craft the policy.

Veterans Affairs Department CIO Roger Baker said personal devices will be part of the department’s mobile strategy in the future. VA is buying mobile device management software that can manage up to 100,000 government-issued and personal devices on its network. He envisions a day — perhaps five to six years from now — when feds would be expected to buy their own personal devices to get work done.

As VA employees connect to the department’s network with their personal devices, it will “be subject to the mobile-device manager, it will be subject to my control and my ability to wipe the device if I determine that the information is in any way at risk,” Baker said.

The department has not yet established a BYOD policy, but Baker expects it will have some restrictions on what apps can be downloaded on personal devices. Software applications that are known to violate information protection policies and could compromise VA data — such as a virus-infected version of the “Angry Birds” game — will be restricted.

“I don’t think we will be overly prescriptive,” Baker said. “In other words, if you’ve got your iTunes music on it, it’s not going to be an issue.”

Personal devices with software that allows workers to bypass built-in security features could be wiped if an employee attempts to connect to VA’s network.

Baker said the easiest route would be to remotely wipe the device of both government and personal information, but the policies would make clear what employees can and cannot do on their devices.

“People are pretty cavalier about their own information when they are using it directly for their benefit, [but] they take a very, very dim view of me being that cavalier with their information,” he said.


One of the main BYOD security issues government has to sort out is minimum security standards for apps, said Tom Suder, president and founder of Mobilegov, which develops enterprise applications. Suder is also involved in addressing federal mobility issues through the nonprofit American Council for Technology — Industry Advisory Council. He thinks many agencies will allow employees to access government data on their personal devices only while on site and connected to the network.

Feds should frequently back up their personal data in case it is accidentally wiped by the agency or destroyed in the event that classified data is leaked onto the device, Suder said.

Agencies also must consider what type of data can be accessed by mobile devices, where that data will be stored and how it will be securely transported to mobile devices, said Anil Karmel, management and operations chief technology officer at the Energy Department’s National Nuclear Security Administration.

“You really have to find the right balance between security and functionality,” Karmel said.





The High Cost of College: Is Tech Part of the Problem or the Solution?


With students drowning in debt, CT examines the role of technology in the overall cost of a college education–and its potential for reversing a pricing model that is unsustainable.    

By John K. Waters


The news these days is filled with headlines lamenting the high cost of college. Tuition and board at top schools now exceed $50,000 per year. Upon graduation, the average student is $25,250 in the red, according to a report from the Project on Student Debt, while the total of the nation’s college debt now exceeds $1 trillion. So what exactly is the role of technology in all of this? Has technology managed to keep costs from rising even faster, or are schools guilty of using technology–whether they’re issuing students iPads or offering premium movies in residences–as one more weapon in an institutional arms race?

It’s a complex question for which there is no simple answer. In the arena of teaching and learning, however, it does appear that technology has–for the time being, at least–increased the cost of education. That’s the conclusion of economists Robert Archibald and David Feldman in their book, Why Does College Cost So Much? (Oxford University Press, 2010). In their view, the increase in spending is not part of some frivolous splurge, but stems from a fundamental need to provide a relevant education in a tech-oriented world.


“We argue that the changes in higher education have been largely cost increasing, and that they have been driven by the needs of students and employers in the contemporary labor market,” they write. “In plain language, our product is different today in important ways, and being up-to-date has raised cost.”

Put another way, if schools want to provide their students with an education that is relevant to today’s workplace, they have no choice but to spend on technology. And computers are more expensive than chalk.

“Part of any reasonable explanation of what’s happened to the cost of providing higher education has to include the fact that a lot of these technologies we are introducing our students to and allowing our students to utilize add to the expense,” explains Archibald, who is chancellor professor of economics at The College of William and Mary (VA). “But the fact is, if we didn’t provide those technologies, we’d be providing a very low-quality education. The technology is expensive, but it’s a matter of keeping up with what’s going on with the rest of the world.”

When Archibald talks about keeping up with the rest of the world, however, he means from an educational standpoint, rather than vying for the affections of tech-hungry students with knee-jerk tech spending.

“It was a big story a few years ago that schools were supposedly competing to become PC Magazine’s most wired campus, but I honestly don’t see this as some sort of arms race among institutions,” he notes. ” If there were only one college in the world, that college would still have to invest in technology to serve its students. It’s about doing a first-rate job of preparing your students to go into that world.”


What Is Necessary?

But the delineation between tech spending that is necessary as opposed to elective is not always clear-cut. Take, for example, the explosion of iPads on campuses. The excitement about the device shows no signs of abating, and students are obviously enthralled by it. Yet it could be argued that the iPad represents the bleeding edge of educational technology, with the buzz based more on its potential than on its ability to address specific educational issues. Indeed, the profusion of sessions at ed tech conferences on how to use iPads in teaching is, in many ways, a testament to the fact that iPads are not filling an obvious role in the current educational setup.

Whether the iPad proves to be transformational or not is moot, however. The point is that many schools are investing heavily in a technology whose identified use is still in its embryonic stages–and at a time, moreover, when many faculty aren’t even engaged with their schools’ LMS. The question is why?

While Archibald is dismissive of the idea of technology spending being part of an expensive arms race among colleges, other educators are equally adamant that this is exactly what is happening. In fact, they assert that a school’s tech cred–whether it’s a robust wireless network or a shiny new iPad–is a key factor in attracting prospective students.

“Ten years ago, the top three questions the students visiting a campus asked were: ‘Where’s the fun stuff (sports and drinking)? How’s the food in the residence hall? And what’s the computer connection in the residence hall?'” notes Ron Bonig, a research director in Gartner’s higher education group. “Now it’s: ‘Can I bring my mobile device? Can I sign it onto your network? And how ubiquitous is your wireless? And, by the way, are you sure you have a 100 MB connection in the dorms?’ The truth is, if you don’t offer a reasonable tech package, the best students go elsewhere.”

And seen through traditionalist eyes, much of what constitutes a “reasonable tech package” has little–if anything–to do with improving the quality of teaching and learning on campuses today. From a purely educational standpoint, for example, ubiquitous wireless service is convenient, but certainly not essential. And what of the enormous bandwidth devoted to satisfying student passions for streaming video and gaming–as much as half of the entire bandwidth available at private colleges, according to a survey by Campus Televideo, a satellite provider of telecommunications?

But the idea of colleges competing with one another as part of an institutional arms race in technology may be missing the real story. What if schools aren’t trying to outdo the Joneses? What if they are simply trying to keep up with student expectations? Are students themselves driving up the tech-related cost of college?

In short, yes. The demand by students for top-flight services and facilities may have something to do with the student-as-customer model of business that now permeates much of higher education. This model has flipped the traditional educational paradigm on its head: Instead of feeling privileged to have the opportunity to learn from distinguished academics, many students now view their higher education experience in much the same way they do a weekend at the Hyatt. A 2008 study of 1,025 students at the University of South Alabama, conducted by assistant professors Zachary Finney and Treena Gillespie, discovered that 52 percent of respondents considered themselves customers of the university.

This attitude has only been exacerbated by the consumerization of IT and the stunning speed with which technology has infiltrated every facet of life. For a college to lag behind the local Starbucks in wireless connectivity, or to provide less bandwidth than a residential cable provider, may well have long-term implications for its competitiveness and its brand.

The effects of both these trends are being felt in academic and non-academic areas of campus. In college residences, for example, students expect a level of services unheard of two decades ago. “We need to offer an equivalent experience to what you would get living at home,” says Ben Price, director of residential information systems and technology at the University of California, Santa Barbara.

But the classroom is not exempt either. Increasingly, students expect to see the tech systems they take for granted in their daily lives incorporated into the fabric of their learning, too. “Students are becoming more and more reliant on technology, and we can’t continue to have them ‘power down’ when they walk into a classroom,” says Don Chaney, assistant dean for distance education and outreach in the College of Health and Human Performance at the University of Florida. “Our educational system must evolve into more online and mobile environments.”

And what of the cost? Surprisingly, as an overall percentage of their budgets, schools spend relatively little on IT. Gartner estimates that colleges and universities run their IT departments on 3.5 to 5.4 percent of their yearly budgets on average. Larger universities spend less as a percentage than smaller colleges, because of economies of scale.

Even then, these numbers are not reflective of what schools actually spend on student-facing technology. According to Bonig, much of a school’s IT budget is directed strategically toward improved administrative and management capabilities–enrollment systems, CRM software, and content-management solutions–all of which he believes ultimately cut costs.


Where IT Saves Money

As college CIOs are painfully aware, their organizations are seen as cost centers. And with concern growing about the high cost of college, plus lingering budget woes stemming from the Great Recession, the pressure to cut falls disproportionately on areas that are considered money drains. In a recent Gartner survey of approximately 200 CIOs of US colleges and universities, about 60 percent of respondents reported that their IT budgets were flat over the previous year or slightly down. The budgets of the other 40 percent were up only slightly.


These anemic numbers are simply a continuation of a period of flatlining budgets that date back several years, even as enrollment continues to rise and IT faces enormous technical challenges in an era of BYOD. To cope, CIOs are using every weapon at their disposal–virtualization, outsourcing, contract renegotiations, layoffs, and resource reallocation. But is it fair for IT to be branded as an out-and-out cost center? As a service organization, IT also plays a significant role in helping other university departments save large sums of money–savings that help keep the cost of college down. Shouldn’t IT get some credit for this?

Bill Carter, vice chancellor of IT at Houston Community College (TX), thinks so. He is on a mission to turn IT from a cost center into a cost-neutral operation. To achieve that, he goes to great lengths to quantify the savings stemming from every project IT undertakes. Savings totaled $9 million last year, $8 million in 2009-2010, $4 million the year before that, and $2.9 million in 2007-2008. Those savings have come primarily in the area of administrative systems:

•Automation of the time-sheet system: $2.3 million over two years

•Outsourcing of student payments: $500,000 per year

•Outsourcing of student refunds and financial aid disbursement: $1.3 million in year one, $1.4 million in year two

•Automation of enrollment systems: $500,000 per year


In 2012, the IT department at HCC expects to cover 77 percent of its total budget in efficiencies of investment. Although Carter hopes his group will be cost-neutral in two years, Robert Archibald, chancellor professor of economics at The College of William and Mary (VA), is skeptical that college IT departments will ever be anything other than a cost center–or that IT can accurately quantify the savings that it does create.

“I’m inclined to think that the cost savings are overwhelmed by the cost increases,” he says. “We have efficiencies in administration, getting out assignments, communicating with students, et cetera. But that’s very difficult to quantify. That’s actually a quality enhancement. You can’t easily measure quality-corrected costs. If you’re just looking at the books of an institution, the amount of money spent on information technology has gone up. I don’t think there’s any question about that.”

Even if tech spending isn’t a primary driver of costs on campus, it would still be presumptuous to assume that IT is off the hook when it comes to the affordability crisis. For students coughing up $40,000-$50,000 per year, even a couple of percentage points is serious money–money that has to be borrowed in many cases.

But would students give up their “reasonable tech package” in exchange for lower fees? It’s doubtful. A survey a few years ago at Washington State University revealed that students valued good network service above operational bathrooms. One possible solution is to let students choose–and pay for–a tech package that suits their specific needs. As it is, many schools already levy technology fees that give students the option to purchase additional bandwidth. Such an approach would not work in the classroom, however, where all students need equal access.

But it is in the classroom that non-administrative tech spending can probably be best justified. Educators across the country have seen the potential of technology to transform higher education as we know it–to be able to provide students with personalized, engaging instruction on their terms.

To achieve that goal is not the work of a moment. Colleges and universities have a long way to go–missteps will occur and money will be wasted–but a better educational experience is a laudable end point. It is not an argument that can be made about expensive new stadiums, sports complexes, or fancy dining halls. As higher education responds to mounting pressure to reduce fees, the challenge facing CIOs is to prove that IT’s tech spending provides a bigger bang for the buck in the one area that really counts–student learning.


Is Online Learning the Antidote to High Costs?

While tech spending may contribute to the high cost of college today, does it also hold the secret for reducing these same costs tomorrow? For Sebastian Thrun, the answer is probably yes. A former professor at Stanford University (CA), Thrun quit his position to launch Udacity, a company geared to teaching online computer science courses for free. More than 160,000 students from 190 countries enrolled in its first class, “Introduction to Artificial Intelligence,” and it has offered an additional six courses so far.

Udacity is just one of several major initiatives in the online space in recent months. In May, for instance, Harvard University (MA) and the Massachusetts Institute of Technology announced edX, a joint venture that will offer free online courses from both universities. While some educators blanch at the thought of technology being used to deliver education on a massive scale, it’s also clear that the precipitous increase in the cost of a traditional education is not sustainable.

While free instruction has obvious appeal–especially when the professors come from the top of their fields–it’s unclear whether employers will embrace students whose higher education consists solely of participation in these pioneering endeavors. Udacity hopes to make its profits by referring qualified students to potential employers. For their part, Harvard and MIT do not intend to put their names on any certification given to students who complete an edX course of instruction.

At the other end of the spectrum, consider established institutions such as the University of Southern California and Purdue University (IN), which do put their names on degrees earned by online students. Tuition fees for online learners at these schools are essentially the same as for those students who attend in person, even though online students never avail themselves of the physical facilities on campus. In effect, students are paying for the brand–the stamp attesting to the value of the education received. And as long as brick-and-mortar institutions remain the primary generators of revenue, their online degrees are unlikely to be priced much lower. Indeed, it’s quite possible that the cost of a quality college education will only decline when online-only initiatives achieve their own brand recognition.



House panel expected to approve 30 percent cut to federal travel

Federal Times

Jun. 26, 2012 – 12:20PM |



A House committee is expected to approve a bill Wednesday that would cut federal travel spending by 30 percent from 2010 levels.

The House Oversight and Government Reform Committee will vote on a revised version of the Government Spending Accountability Act by Rep. Joe Walsh, R-Ill. The bill would require each agency to file quarterly itemized reports on conferences costing more than $100,000 and limit spending on a single conference to $500,000. The substitute version of the bill that the committee will consider includes a provision to cut travel spending in 2013 at each agency by 30 percent from 2010 levels and to keep those cuts in place through 2017, according to Ali Ahmad, spokesman for the House Oversight and Government Reform Committee.

Each agency would be required to justify the cost and location of each conference, including a cost-benefit analysis for why the agency did not conduct a teleconference.


The bill would also:

• Limit the number of federal employees from one agency allowed to attend an international conference to 50 or fewer.

• Require agencies to post online any text or any visual aid delivered by a federal employee during the conference.

• Require agencies to describe any financial support from any private entity that helped pay for the conference and an explanation for why the conference helped advance the agency’s mission.



Commercial Drones and GPS Spoofers a Bad Mix

IEEE Spectrum

BLOGS // The Risk Factor

POSTED BY: Robert N. Charette / Mon, June 25, 2012

Researchers at the University of Texas at Austin Radionavigation Laboratory have successfully demonstrated that a drone with an unencrypted GPS system can be taken over by a person wielding a GPS spoofing device. You can see a video accompanying a Fox News story on it, as well as a video here of an experiment conducted by the researchers, led by Professor Todd Humphreys.

Humphreys and company were recently invited by the U.S. Department of Homeland Security (DHS) to demonstrate whether their capability to successfully spoof commercial GPS systems in the laboratory could work in the field. Spoofing, as defined in this article by UT researchers, is “the transmission of matched-GPS-signal-structure interference in an attempt to commandeer the tracking loops of a victim receiver and thereby manipulate the receiver’s timing or navigation solution. A spoofer can transmit its counterfeit signals from a stand-off distance of several hundred meters or it can be co-located with its victim.”

The UT researchers took equipment costing about $1000 to the White Sands Missile Range in New Mexico last week and showed observers from both the Federal Aviation Administration (FAA) and DHS how control of a test drone could be taken away from its original overseers. The UT researchers, as the above article notes, have been able to take control of basically every type of unencrypted commercial GPS system in their laboratory.

Given the likelihood that a large number of drones will be plying the skies of the United States within a decade, the ability to easily spoof them is a bit disconcerting. The U.S. government is looking into the threat, but as the Fox News story states:

“DHS is attempting to identify and mitigate GPS interference through its new ‘Patriot Watch’ (pdf) and ‘Patriot Shield’ (pdf) programs, but the effort is poorly funded, still in its infancy, and is mostly geared toward finding people using jammers, not spoofers.”

As I said in a blog a few months ago, the UK has a program called Sentinel that looks for GPS jamming there. I believe the researchers at UT are associated with this program as well.

Humphreys is calling for the hardening of GPS systems used in drones before they get into widespread use. It is good advice, especially because of the abysmally low success rate for trying to design security features into computer systems after the fact.
Of course, drone GPS systems aren’t the only ones facing the threat of spoofing. One could use the technology to spoof aircraft, ship, or vehicle navigation systems that feature unencrypted GPS systems (think of what would happen to a spoofed autonomously driven car). This technique may even be able to bring down a smart grid (pdf) or financial market.

I think it would be interesting to see how the U.S. public feels about the possible spoofing of drones in comparison to (or in addition to) their privacy concerns involving wide-spread drone use.


Update: 26 June 2012

I received a kind note from the Association of Unmanned Vehicle Systems International (AUVSI), which wanted to address the issue of spoofing commercial GPS systems raised in the post. AUVSI bills itself as “the world’s largest non-profit organization devoted exclusively to advancing the unmanned systems and robotics community.” In order to provide a fuller context surrounding the potential for spoofing commercial UAVs, I have included below in its entirety a statement from AUVSI President and CEO Michael Toscano titled, On Ensuring the Safe Use of Unmanned Aircraft:

“The unmanned aircraft systems industry is committed to the safe and responsible integration of unmanned systems into the national airspace. We are already in communication with a variety of stakeholders to ensure unmanned aircraft are integrated safely so we can unlock the tremendous potential of this technology to enhance public safety, advance scientific research and otherwise benefit society, all while potentially creating thousands of jobs.

“‘Spoofing’ or otherwise tampering with GPS has dangerous implications for any technology which depends on it for guidance, whether it is manned or unmanned aircraft, your cell phone or your car. In fact, commercial airliners are relying more and more heavily on GPS signals to locate the runways at airports and, with the advent of the next generation air traffic control system, all aircraft – manned and unmanned – will rely on GPS for navigation.

“The industry is well-aware of so-called ‘spoofing’ and is already advancing technologies, such as SAASM – Selective Availability Anti-Spoofing Module – to prevent it. This technology is already in use by the military to thwart GPS spoofing abroad and we expect it will transition to civilian unmanned aircraft in the coming years to protect aircraft flying in the national airspace. Meanwhile, some unmanned aircraft also have alternate navigation systems, such as radio links and backup inertial systems, which provide redundancy to GPS.

“It is important to remember that while an aircraft itself may be unmanned, a trained professional is behind the controls, ready to respond, and bring a safe resolution to any problem that may arise. Like any other technology, unmanned aircraft technology continues to become smarter and safer every day. The industry is working with the FAA, DHS and other agencies to ensure safety is a top priority as unmanned aircraft are integrated into the national airspace.”





China May Be Suspicious of US Air Force’s X-37B Space Plane

By Mike Wall | – Tue, Jun 26, 2012…


Any celebrations China’s space officials kicked off after launching the nation’s first female astronaut this month may have been dampened a few hours later by the news that another spacecraft — an American military space plane — had returned to Earth a world away.

Just hours after China’s Shenzhou 9 capsule roared into space on June 16 with three astronauts aboard, including the nation’s first female spaceflyer Liu Yang — the U.S. Air Force’s robotic X-37B space plane touched down in California after 15 months orbiting Earth on a hush-hush mission.

The Air Force insists the X-37B is just testing out technologies for future satellites, but China has a deep suspicion of the vehicle and its activities, experts say.

“The X-37B is actually very controversial over there,” said Brian Weeden, a technical adviser with the Secure World Foundation and a former orbital analyst with the Air Force. “They view it as a space weapon.” [Video: X-37B Lands at Vandenberg]


Mysterious mission

The X-37B looks like NASA’s now-retired space shuttle, only much smaller. The vehicle measures just 29 feet (8.8 meters) long and 15 feet (4.5 m) wide, with a payload bay about the size of a pickup truck bed. For comparison, two entire X-37Bs could fit inside the payload bay of a space shuttle.

The X-37B, also known as Orbital Test Vehicle-2 (OTV-2), launched on March 5, 2011, from Florida’s Cape Canaveral Air Force Station. Its flight was the second-ever space mission for the X-37B program; the first was flown by OTV-2’s sister ship, OTV-1.

OTV-1 stayed aloft for 225 days in 2010, well under the supposed 270-day orbital limit for the space plane. But OTV-2 smashed that limit, zipping around our planet for 469 days.

The X-37B’s payloads and mission details are classified, so it’s unclear exactly what OTV-2 was doing up there for so long. But Weeden thinks the Air Force’s claim about technology-testing is broadly accurate.

Based on OTV-2’s orbit — which is also classified but was figured out by keen-eyed amateur astronomers — Weeden reckons the space plane may have been staring down at Afghanistan and the Middle East with some brand-new spy gear, perhaps sensors that can see in wavelengths beyond the visible spectrum.

But China seems dubious of the Air Force’s explanation, suspecting that X-37B missions might have a more aggressive intent.

“Industry analysts said the spacecraft could be a precursor to an orbiting weapon, capable of dropping bombs or disabling enemy satellites as it circles the globe,” China’s state-run Xinhua news agency wrote on June 17, a day after OTV-2 touched down at Vandenberg Air Force Base.

China views the X-37B “as a perfect example of the U.S. developing a space weapon program while stating in public that they’re doing no such thing,” Weeden told


Room for cooperation?

China is an emerging space power, a country that’s ramping up its spaceflight activities and capabilities.

The Shenzhou 9 capsule, for example, linked up with the unmanned Tiangong 1 module on June 18 and again on June 24, making China just the third country — after the United States and Russia — to pull off a manned space docking.

Shenzhou 9’s mission, which is expected to wrap up by June 29, is viewed as a key step in China’s plan to build a permanently staffed space station in Earth orbit by 2020. The country hopes to land a taikonaut on the moon sometime after that, and it’s also developing its own satellite-navigation system so as not to be dependent on the U.S.-military-run GPS network.

China’s suspicions about the X-37B may not make American officials too happy, for they’ve stated a desire to engage the Chinese more fully on space issues going forward.

“The U.S. says they’re very interested in military-military dialogue with China on space activities, and further cooperation with China in a few different areas,” Weeden said.



Spending cuts: Congress risks another crisis

By Jeanne Sahadi @CNNMoney June 28, 2012: 7:24 AM ET

Lawmakers, in an effort to force themselves to be fiscally responsible, put in place a destructive series of spending cuts that they always expected to replace. Except they haven’t.


NEW YORK (CNNMoney) — It’s mindless, confusing and costly. It will likely result in private-sector and government job loss. It will hurt the economy. And Congress can’t agree on how to replace it.

That’s where things stand with the “sequester” — a series of automatic federal spending cuts equally divided between defense and non-defense programs.

The cuts, set to take effect in January, start with a $109 billion reduction in 2013 and total $1.2 trillion over a decade, including interest savings.

Analysts, economists and industry executives have repeatedly highlighted the many problems associated with reducing deficits in such a ham-fisted way. Now the cries for help are getting louder.

“Disruptive, chaotic … lunatic,” said Steve Bell, senior director of economic policy at the Bipartisan Policy Center and former staff director at the Senate Budget Committee.

The idea of imposing automatic spending cuts grew out of the 11th-hour deal Congress and President Obama struck last summer to resolve the debt ceiling crisis. In other words, policymakers got out of one self-made mess by crafting a plan that is triggering another.

“[The sequester’s] mechanistic, straitjacket approach will leave almost no room for program managers to protect their most critical activities by sacrificing those that are less essential,” Bell and several co-authors wrote in “Indefensible,” a Bipartisan Policy Center report about the cuts.

Federal worker furloughs: Much has already been written about the potential for layoffs at private-sector defense contractors, notices of which could go out as soon as September.

There’s been less discussion about the potential effect on workers at many federal agencies.

The sequester would put the kibosh on any raises and necessitate hiring freezes as early as this fall, Bell said. And federal agencies may have to furlough workers at some point during fiscal year 2013, which starts on Oct. 1 of this year.

Why are furloughs a possibility? In part federal agencies and departments that will have to make spending cuts aren’t allowed to cut pay, and firing staff is time-consuming and costly.

The cost of savings: Saving money under the sequester may not come cheap.

“[A]lthough it is an attempt at deficit reduction, the arbitrary nature of the sequester cuts inevitably will result in additional undue costs … partially counteracting the savings,” the Bipartisan Policy Center report said.

Such undue costs might include penalties for breach of contract. While most federal contracts are written for one year, some really big ones are multi-year contracts, especially those for things like weapons systems. Should any of them be cut short, the government could face penalties.

“Inevitably because of termination costs and other fees associated with contracts, you may wind up terminating more than $1 a program to get $1 of savings,” Tom Davis, vice president of strategic planning at defense contractor General Dynamics, said at a Brookings Institution seminar this week.

Mass confusion: “The only thing that’s really known about sequestration right now is that something happens on January 2,” Davis said. “What does that mean for specific contracts, specific programs, specific locations, specific facilities?”

Government contractors are in the dark because the federal agencies with which they do business are also in the dark.

The president and Congress have some discretion to exempt certain areas of the budget from cuts — such as military personnel and overseas contingency operations, such as those in Afghanistan. Many people expect that to happen.

But that only means the cuts will come down even more heavily in the non-exempt areas.

Appropriators in the House and Senate — the ones who decide how much money everyone gets — will lay down the law about where those cuts will come from. And the White House Office of Management and Budget must make sure federal agencies abide by that law and offer them guidance on how to do so.

But there’s little expectation that clear details will be forthcoming anytime soon.

In the meantime, a few lawmakers — including key members of the Senate and House Armed Services committees — argue that Congress can’t wait to deal with the issue until after the election, directly contradicting what legislative leaders have been saying will happen.

First Published: June 28, 2012: 5:13 AM ET









National cyber center unveils plan for working with industry


June 28th, 2012 | Agency Management Cybersecurity Information Technology Procurement | Posted by Oriana Pawlyk


Federal officials unveiled details of a new public-private partnership aimed at speeding industry’s development of secure information technology products.

The new National Cybersecurity Center of Excellence (NCCoE) launched in February is a project of the National Institute of Standards and Technology (NIST). It aims to bring companies together to create and discuss security management solutions that can be used by agencies and private companies.

Acting Executive Director Donna Dodson on Tuesday said NCCoE’s vision is to provide a world-class collaborative environment for integrating cybersecurity solutions that stimulate economies and national economic groups.

Initially, the center will focus on adopting secure health IT products and gradually focus on other areas such as cloud and mobile computing, based on industry’s needs and challenges.

“We do not envision building our own solution from scratch. What we want to do is work collaboratively … to do that in conjunction with industry,” she said.

Here’s how the center will operate:

Step 1: Engage the business community.

Step 2: Propose “use cases”.

Step 3: Select applicable IT components.

Step 4: Generate feedback and implement new cyber prototype solutions.


To engage businesses, the center plans to conduct what it calls “deep dive” workshops, in which it gathers inputs from a broad variety of groups to address a specific challenge.

The center will engage all participants — small businesses, large businesses, the academic sector and federal agencies alike — to develop an integrated solution that has clear benefits for particular industry sectors. The goal is to find integrated, affordable and useful security tools for all technology consumers.

“Federal agencies are one of those business communities that rely on a commercial product to build infrastructures that support their business needs,” said Matt Scholl, deputy chief of NIST’s Computer Security Division.

The need is especially great in the health care arena. A collaborative, “use case” example was the work NCCoE has done with Health IT solutions with the Health and Human Services Department.

NIST Director Dr. Patrick Gallagher said that between 2005 and 2008, 230 million electronic records were breached, which included 40 million electronic medical records, according to the American National Standards Institute. In November 2001, a study showed 96 percent of healthcare providers responding to a survey reported at least one data breach in the last two years.

The $10 million center operates at a state-of-the-art computing facility near NIST’s Gaithersburg, Md., campus.


EPA Aims For 80% Cloud Use By 2015


Agency awards a three-year contract to CGI Federal for infrastructure-as-a-service as part of a broader strategy to implement an agency-wide hybrid cloud.

By Patience Wait, InformationWeek

June 28, 2012


The Environmental Protection Agency has awarded a three-year, $15 million contract to IT services firm CGI Federal as part of a broad plan to shift up to 80% of its computing environment to the cloud by 2015.

The award was made under a General Services Administration blanket purchase agreement for infrastructure-as-a-service (IaaS). CGI is one of a dozen vendors that have been approved under the BPA to provide certified, secure cloud services–including storage, virtual machines, and Web hosting–to federal agencies.

The EPA is building a hybrid cloud environment in its National Computing Center in Research Triangle Park, N.C. As an external services provider, CGI will provide server hosting, virtualization, and other services, the company said in a press release. It also will help move the EPA’s applications to the cloud.

The EPA is planning to move up to 20% of its IT environment to the cloud in the first year, and 30% in each of the next two years, according to CGI. The contract is in line with the Office of Management and Budget’s Cloud First Initiative, which requires agencies to evaluate cloud computing services in lieu of do-it-yourself technology deployments.

The EPA deal is the latest of several cloud contracts that CGI has been awarded by federal agencies. In January, the company announced that it had been awarded a five-year, $21 million “cloud modernization” contract by the GSA’s Office of Citizen Services and Innovative Technologies. The deal calls for CGI to host the and websites, provided managed cloud infrastructure, and other services to GSA.

In February, the Nuclear Regulatory Commission awarded CGI a six-year, $21 million deal to host its accounting and financial management system in CGI’s Momentum Community Cloud, which is an ERP-as-a-service offering for federal agencies.

In an arrangement disclosed last year, the Department of Homeland Security is also using CGI’s IaaS service for Web content management.



White House ‘Strongly Opposes’ House Appropriations Bill

Defense News

Jun. 28, 2012 – 05:04PM |

By KATE BRANNEN | Comments


The White House says it strongly opposes the defense spending bill passed by the House Appropriations Committee in May because it exceeds the funding caps mandated by the Budget Control Act, and would veto the bill in its present form.


“By adding unrequested funding for defense, the House of Representatives departs from the bipartisan understanding reached a year ago,” the Office of Management and Budget (OMB) said in a June 28 statement.

The House spending bill provides $519 billion for the Pentagon’s base budget, which is $3 billion above what the Pentagon requested, according to the House Appropriations Committee. The legislation does not cover military construction, which is included in a separate appropriations bill.

The defense spending bill is part of a larger budget plan, crafted by House Budget Committee Chairman Rep. Paul Ryan, R-Wis. In his budget, passed by the House, the increases in defense spending are offset by deeper cuts to non-defense discretionary programs.

To pass a defense bill at this level of funding “would mean that when the Congress constructs other appropriations bills, it would necessitate significant and harmful cuts to critical national priorities such as education, research and development, job training, and health care,” OMB says.

Beyond the top line number, the Obama administration has a number of other objections to the legislation.

The White House “strongly objects” to measures that would restrict the Air Force and the Army from retiring aircraft deemed no longer necessary, including C-27Js, C-23s and RQ-4 Global Hawk Block 30 UAVs.

It urges appropriators to provide full funding for the Space-Based Infrared System satellites and the full $911 million requested to deactivate the USS Enterprise aircraft carrier.

The White House objects to the reduction of nearly $2.5 billion from the Army’s depot maintenance program, saying it would “create long-term delays in modernization and readiness for helicopters, radars, and the Stryker combat vehicle.”

It opposes the House Appropriations Committee’s decision to omit funding for the Medium Extended Air Defense System (MEADS), which the United States is developing with Italy and Germany.

“This could harm our relationship with our Allies on a much broader basis, including future multinational cooperative projects,” OMB says.

The Pentagon has determined that it will not buy the MEADS system after years of development, but maintains that it has to honor its commitment to its allies and finish out the current memorandum of understanding.

While it does not “strongly object,” the administration is “disappointed” that neither House authorizers nor appropriators agreed to increase certain TRICARE fees, which the Pentagon says are necessary to address unsustainable personnel costs.

The administration also opposes funding reductions for the Navy’s MQ-8 Fire Scout UAV, from which appropriators cut $66 million, and the Afloat Forward Staging Base, whose $38 million in funding was eliminated.

The White House also objects to a number of policy provisions included in the funding bill, including measures that would restrict funding to Pakistan and limit the president’s options for handling the detention of suspected terrorists.

The Senate Appropriations defense subcommittee has not yet marked up its version of the bill.




Traces of alcohol in Coke, Pepsi and other sodas

By Eric Pfeiffer, Yahoo! News

(AP) Scientists who tested 19 different kinds of cola found trace amounts of alcohol in 10 of the samples. However, the amounts were so small that you’d have to consume nearly 13,000 cans to qualify for a DUI.

The Sun reports that the amounts were as low as 10mg per liter, or, 0.001 percent. In other words, you’ll still need to visit your local watering hole if you want more jack in your Coke.

France’s National Institute of Consumption conducted the tests, which were published in the magazine “60 Millions de Consommateurs.”

“It is possible alcohol traces come from the process of making our drink according to its secret recipe,” said Coca-Cola France’s scientific director Michel Pepin.

Under the “rumors” section of Coca-Cola’s website, the company acknowledges:

“Trace levels of alcohol can occur naturally in many foods and beverages. Governments and religious organizations have recognized that such minute levels are considered acceptable in nonalcoholic foods and beverages.”

The news has sparked speculation from news outlets that the presence of alcohol could violate the moral codes of certain religions and organizations that prohibit the consumption of alcohol.

However, Pepin specifically notes that the Paris mosque gave Coca-Cola a certificate stating that the Muslim community can consume their products.

PepsiCo also acknowledge the possibility of trace amounts of alcohol in their products, saying, “Some soft drinks can contain minute traces of alcohol because of the ingredients used.” However, the company also stressed, “The Pepsi Cola recipe does not contain alcohol.”

According to the Sun, both companies said natural fruit fermenting likely produces the traces of alcohol. Interestingly, the study found that the only soda brands which didn’t contain the trace amounts of alcohol were generic brands produced by local, French grocery outlets.



Wildfire stops moves to Air Force Academy


Posted 6/28/2012

by Debbie Gildea

Air Force Personnel Center


6/28/2012 – JOINT BASE SAN ANTONIO-RANDOLPH, Texas (AFNS) — Air Force officials have temporarily halted permanent change of station moves and most temporary duty assignments to the U.S. Air Force Academy in Colorado Springs, Colo., as Air Force members join the fight to extinguish the 29-square mile Waldo Canyon wildfire burning northwest of the installation, Air Force Personnel Center officials said.


The stop movement order, initiated by the 10th Air Base Wing commander, is in effect through July 1 and affects more than 200 military members, said Cristi Bowes, the AFPC assignments advisor.

“The order does not affect cadets, who are required to proceed to the Academy,” Bowes said. “However, active-duty members with a permanent change of station report date in June, July or August are affected, and they need to know what the restrictions are.”

Stateside-based Airmen projected to move to the Academy and those who have out-processed but have not departed from their current duty station must not depart or proceed. Airmen stationed overseas who have a projected assignment to the Academy and a June or July 2012 return from overseas date who have not yet departed the overseas area have options, said Bowes.

“Airmen planning to take leave outside the stop movement area may proceed, but if the stop movement order is still in place when their leave ends, they will not be able to sign in at the Academy, and any additional time will be charged to their leave account,” she explained.

Members who do not intend to take leave en route and who have not yet signed out of their unit will not be allowed to proceed until further guidance is provided. Voluntary return from overseas extension requests will be considered, and some affected Airmen may be authorized additional temporary lodging allowance.

Airmen, including technical school graduates, who have already departed their last permanent duty station will not be allowed to proceed to the Academy. To ensure they are aware of the situation and have instructions, military personnelists from their former assignment will contact them, Bowes said.

Air Force civilian employees are also affected by the stop movement order, said Robbie Brown, the AFPC workforce effectiveness and compensation chief. Civilians who need information and guidance can contact their previous installation civilian personnel section or email the AFPC program management and evaluation branch at

Temporary duty assignment moves are also affected, and members who are scheduled for a TDY to the Academy must consult their Academy point-of-contact for guidance, said Bowes.

“The gaining unit must approve the travel before the member may proceed,” Bowes said. “Those whose travel is not approved should remain in-place until further notice. Members assigned to the Academy who have been deployed, on temporary duty or leave, may return.”

All Airmen assigned to the Academy and the area affected by the wildfires must also log in to the Air Force Personnel Accountability and Assessment System to ensure they and their family members are accounted for, AFPC officials said.


Bill requiring OMB to share sequestration plans sails through committee

By Charles S. Clark


June 27, 2012

Legislation is advancing to require the White House to disclose details of how agencies — in particular the Defense Department — are planning for the possibility of mandatory across-the-board budget cuts. The movement comes during a week when fears of the 2011 Budget Control Act’s sequestration threat have prompted discussions throughout Washington.

On Wednesday, the House Budget Committee voted unanimously to approve the Sequestration Transparency Act, which passed the full Senate on June 21 as part of the massive farm bill.

The bill, sponsored by Reps. Jeb Hensarling, R-Texas, and Budget Chairman Paul Ryan, R-Wis., would require the president to submit a report to Congress within 30 days that includes the basic details of the looming sequester and the actions to be undertaken. The Senate companion bill was sponsored by Sens. John Thune, R-S.D., and Jeff Sessions, R-Ala.

The Office of Management and Budget has declined requests to provide such information, and House Republicans claimed at the Wednesday markup that Budget Director Jack Lew told Defense Secretary Leon Panetta not to assume that a budget deal will be struck before the sequester kicks in on Jan. 2, 2013.

“There is strong, bipartisan agreement that the sequester is bad policy and should be reprioritized,” Ryan said. “That’s why House Republicans passed legislation last month that would replace these crippling cuts with common-sense reforms and spending reductions. Unfortunately, we have not seen action from the Senate and the White House has not put forward a specific proposal.”

OMB Communications Director Kenneth Baer said in a Wednesday email to Government Executive: “When bipartisan majorities voted for the Budget Control Act and the president signed it into law, we all agreed that the sequester would be, by design, destructive both to defense and nondefense programs. Congress should do its job and pass a balanced plan for deficit reduction as it was charged to pass under the Budget Control Act so that we can avoid the sequester.”

He added, “should it get to a point where it appears that Congress will not do its job and the sequester may take effect, we will be prepared. While OMB has not yet engaged agencies in planning, our staff is conducting the analysis necessary to move forward if necessary.”

Before approving the transparency bill in a bipartisan vote, the panel rejected by a vote of 10-18 a substitute plan offered by ranking member Rep. Chris Van Hollen, D-Md. It would have moved beyond extracting information from OMB and proceeded directly to heading off sequestration for a year through a “balance” of spending cuts and revenue raisers. Those would have included cutting farm support payments and eliminating tax breaks for major oil companies and the so-called [Warren] Buffett rule requiring millionaires to pay at least 30 percent of their income in taxes.

“It is not possible to reduce the deficit and meet our obligations without some revenue,” Van Hollen said. “There is bipartisan agreement that the arbitrary buzzsaw approach of sequestration would be bad for the country. But it’s not just defense” that would suffer, he said, mentioning the FBI, a federal police hiring program, border security, food safety, education and cancer research.

Van Hollen cited recent statements by House Armed Services Chairman Howard “Buck” McKeon, R-Calif., and Sen. John McCain, R-Ariz., that a deal should be struck soon, and given a choice between sequestration and some form of revenue raiser, they’d choose the latter.

There followed more than an hour of philosophical debate on growing the economy, the role of government, fighting for the middle class and legislative rules.

The Democratic plan violated House rules, Ryan said, because revenue measures must originate in the Ways and Means Committee and a farm policy issue should be taken up in the agriculture panel. “The bill is bad policy that will slow economic growth and take pressure off Congress to cut spending,” he said. “Tax rates matter, and we can’t tax our way out of these problems.”

Ryan and other Republicans argued that growth and prosperity come not from gaining more power in Washington but from letting Americans keep more of their money. “We’re going to have one last chance in this country to avoid a European-style debt crisis,” he said. Others chided President Obama for not offering a sequestration plan.

Van Hollen and Democrats countered that while details from OMB on planning would be “useful,” the real issue is arriving at a “balanced” deal on taxes and spending for deficit reduction, which is consistent with Obama’s 2013 budget. Van Hollen introduced his amendment at Wednesday’s budget panel markup, he said, because House leaders prevented a vote on the plan during consideration of their budget resolution, waiving chamber rules when they needed to.

Rep. Bill Pascrell, D-N.J., taunted Republicans for passing a budget that gives tax breaks to sports teams and hedge fund managers while cutting block grants for such programs as Meals on Wheels. “Where in God’s name are your priorities?” he asked.

A panel of experts at the Brookings Institution examined approaches to heading off sequestration Tuesday, when the consensus was the Pentagon needs more time for a reflective reduction in spending and the automatic cuts of 10 percent or 15 percent actually would be more expensive than thought because they would mean canceling pending contracts.

Steve Bell, senior director of economic policy at Bipartisan Policy Center and a former Senate Budget Committee top Republican aide, called sequestration “stupid fiscal policy, stupid defense policy and stupid economic policy. I can’t imagine a more fragile time to be doing silly things with serious subjects,” he said. The impact of the scheduled sequester, Bell said, already started when the Congressional Budget Office and the Federal Reserve recently lowered their economic forecasts.

Whatever OMB decides to do, he added, recalling planning for automatic cuts in the mid-1980s, it will “go down to the lowest level of appropriations bill,” such granular items as fuel for Air Force aircraft, while agencies will be forced into furloughs or even layoffs.

Peter Singer, director of Brookings’ 21st Century Defense Initiative, criticized what he called “operation hysterical ostrich,” or the approach of fomenting “maximum level of panic at the Defense Department while deliberately not planning or preparing.” In actuality, he said, sequestration has the same potential likelihood as the United States invading Canada, a scenario for which contingency plans existed for decades.

McKenzie Eaglen, resident fellow in security studies at American Enterprise Institute, predicted Congress would find a way around this and that the “Pentagon will get flexibility and it will never come down to program level.” Her talks with Republicans in Congress, she said, show that “it’s not all doom and gloom, that most do want a grand bargain,” even on revenue raising, but they are not talking publicly. She predicted lawmakers would “dust off” some of the rejected ideas from the various fiscal commissions such as Simpson-Bowles, Rivlin-Domenici, the super committee and the Gang of Six.

Thomas Davis, vice president for strategic planning at General Dynamics Corp., warned that the Office of the Defense Secretary and its controller have no experience or standard operating procedures for automatic cuts. “This catastrophic legislative accident could happen unless there’s a great degree of leadership and attention,” he said. Davis and others said they hoped Congress would give the Pentagon a chance to “do the legwork” by delaying sequestration “long enough to make [the process] informed.”



‘New AFNIC’ offers cyber advantage

Posted 6/26/2012

by Katherine Kebisek

Air Force Network Integration Center


6/26/2012 – SCOTT AIR FORCE BASE, Ill. (AFNS) — “Cyber Innovation. Mission Success.” This is how the “New” Air Force Network Integration Center officials sum up what their organization provides to the Air Force and other mission partners.

It’s a phrase representing a new direction for a not-so-new organization. AFNIC, established from what was formerly the Air Force Communications Agency, stood up in 2009 as a direct reporting unit to Air Force Space Command. The center’s roots trace back even farther with the establishment of the Army Airways Communications Service in 1938.

The term “New AFNIC” emerged in the past several months as the center’s personnel implemented a massive restructure of the organization based on recommendations from a 2011 Headquarters AFSPC study. AFNIC officials requested the study after being realigned to AFSPC.

“We had a very broad mission that included everything from standards and architecture, to writing Air Force policy, even doing some operations work,” said Brad Ashley, AFNIC’s technical director. The restructure aligned some command (i.e., organize, train and equip) functions to AFSPC, network operations and maintenance functions to 24th Air Force and network integration to AFNIC.

With the restructure complete, AFNIC officials are focused on providing cyber solutions for Air Force Network integration, cyber simulation and network standards, architecture and engineering. Through these core services, the center establishes what the Air Force network looks like and determines how to get cyber capabilities integrated into the network, helping Airmen achieve their mission with the “power of cyberspace.”

“Almost everything we do in the Air Force today relies on the network,” Ashley said. “If the combatant commander and the warfighter can’t leverage the network for their unique mission set, then we’re not getting the full power of cyberspace.”

Knowing what the network looks like, and what it will look like in the future, is important. There have been instances where major information technology systems were built according to how the network was structured at the beginning of the project, but when it came time to connect to the Air Force network, sometimes years later, the systems didn’t work as designed because the network architecture had evolved. AFNIC aims to prevent those situations.

“When we’re engaged early in a project we can help identify potential issues and provide guidance to ensure systems and applications are developed compatibly with the AFNet,” Ashley said. “The end result is a capability that works as intended, a secure network, and an empowered Airman … that’s the advantage we provide.”

Fueling new AFNIC is a renewed emphasis on innovation, an ethos AFNIC’s commander is passionate about.

“Innovation is the true fuel for our national economy and our nation’s military prowess,” said Col. Riz Ali, the AFNIC commander. “Innovation is more than just new technology; it’s finding new ways to communicate, collaborate and do business. This mindset is very important to have and foster … it’s what drives progress.”

As part of this effort, the center has made it a priority to be more transparent and improve communications. Personnel now regularly use tools like blogs, discussion forums and online working groups to connect and exchange ideas with mission partners around the world.

AFNIC also recently launched an internal program through which its personnel can submit and pursue ideas to improve center operations, the Air Force enterprise, or both.

“The ultimate goal is to introduce operationally viable, innovative cyber solutions to our Airmen,” Ali said. “We are faced with serious challenges in cyberspace. The domain and the threats to it are constantly changing. We can’t stay a step ahead unless we’re thinking outside the box.”

Innovation, combined with the decades of experience, technical expertise and commitment to customer service AFNIC personnel possess are what Ali said provide mission partners an advantage.

“Our cyber professionals have the knowledge, skills and innovative outlook to tackle even the most complex, demanding technical issues,” Ali said. “We do what it takes to provide high-quality, decisive and secure cyber solutions … an advantage that positions our partners for mission success.”


From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: