Skip to content

August 18 2012

August 20, 2012




All threats “dwarfed” by Iran nuclear work: Israel PM

August 12, 2012

By Dan Williams | Reuters

JERUSALEM (Reuters) – Prime Minister Benjamin Netanyahu said on Sunday that most threats to Israel‘s security were “dwarfed” by the prospect of Iran obtaining nuclear weaponry, which local media reports charged Tehran had stepped up its efforts to achieve.

The comments at a weekly cabinet meeting and the front-page reports in the liberal Haaretz, a frequent Netanyahu critic, and in the conservative, pro-government Israel Hayom came as Israeli debate intensified about whether to go to war against Iran – and soon – over its disputed atomic projects.

The debate seemed to defy appeals by U.S. President Barack Obama, seeking re-election in November, to allow more time for international diplomacy. Tehran says its nuclear ambitions are peaceful and has threatened wide-ranging reprisals if attacked.

In comments also broadcast live by Israeli media, Netanyahu said that “all the threats currently being directed against the Israeli home front are dwarfed by another threat, different in scope, different in substance.”

“Therefore I say again, that Iran must not be permitted to obtain nuclear weapons,” Netanyahu said.

Netanyahu also said Israel was “investing billions in home-front defense,” and holding emergency drills, alluding to a military exercise being held this week in cities across Israel to test a text message warning system against missile strikes.

Israel’s central bank has also drilled “big crisis” scenarios such as war with Iran, the bank’s governor, Stanley Fischer, told an Israeli television station at the weekend.

The cabinet adopted rules on Sunday intended to streamline decision-making, such as by setting deadlines for permitting ministers to change their minds about votes, though Cabinet Secretary Zvi Hauser insisted these changes were not expressly meant for “any particular type of decision.”


Citing an unnamed senior Israeli official, the Haaretz daily said a new National Intelligence Estimate (NIE) compiled by the Obama administration included a “last-minute update” about significant Iranian progress in the development of a nuclear warhead “far beyond the scope known” to U.N. inspectors.

The Israel Hayom daily reported NIE findings that Iran had “boosted efforts” to advance its nuclear program, including work to develop ballistic missile warheads, and said U.S. and Israeli assessments largely tallied on this intelligence.

Neither newspaper provided direct quotes or detailed evidence. For Haaretz, it was the second report since Thursday purporting to draw on a new NIE.

Washington has not commented on whether such an NIE exists. But its officials say the U.S. intelligence assessment remains that the Islamic Republic is undecided on whether to build a bomb and is years away from any such nuclear capability.

Widely reputed to have the region’s sole atomic arsenal, the Jewish state sees a nuclear-armed Iran as a mortal threat and has long threatened to attack its arch-foe preemptively.

The war talk is meant, partly, to stiffen sanctions on Tehran by conflict-wary world powers. Some commentators have speculated Netanyahu is bluffing.

Others see a bid to win over those in the Israeli cabinet, military and public who oppose resorting to force now given the big tactical and strategic risks involved.

Some Israeli leaders criticized the debate as too high-profile, fearing the public exposure could damage Israeli security interests. Finance Minister Yuval Steinitz called it “reckless” to discuss the issue so openly in the media.

Visiting Israel this month, U.S. Defense Secretary Leon Panetta met unusually vocal dissent from Netanyahu over international Iran strategy. The allies have generally sought to play down their differences on the matter.

(Writing by Allyn Fisher-Ilan and Dan Williams; Editing by Jon Hemming)


Department of Internet Defense

Washington Post

By David Ignatius, Published: August 12, 2011

ASPEN, Colo.


“Cybersecurity” is one of those hot topics that has launched a thousand seminars and strategy papers without producing much in the way of policy. But that’s beginning to change, in one of 2011’s most important but least noted government moves.

This summer, with little public fanfare, the Obama administration rolled out a strategy for cybersecurity that couples the spooky technical wizardry of the National Security Agency with the friendly, cops-and-firefighters ethos of the Department of Homeland Security. This partnership may be the smartest aspect of the policy, which has so far avoided the controversies that usually attach themselves like viruses to anything involving government and the Internet.

The new initiative was explained at a conference here last week sponsored by the Aspen Strategy Group, a forum that has been meeting each summer for 30 years to discuss defense issues. Among the participants were the two people who helped frame the plan, William Lynn and Jane Holl Lute, the deputy secretaries of defense and homeland security, respectively.

What’s driving the policy is a growing recognition that the Internet is under attack — right now, every day — by foreign intelligence agencies and malicious hackers alike. Experts cite some frightening examples: An attack in May on Citigroup, in which hackers stole credit card information on 360,000 clients; a still-mysterious assault last October on the Nasdaq stock exchange; a 2009 breach of the U.S. electrical grid by Russian and Chinese intruders; and a 2009 heist of plans for the F-35 joint strike fighter.

And that’s just what’s public. McAfee, the computer security firm, registers 60,000 new bits of malicious software every day. But classified estimates are said to be much scarier — with a hundred attacks for every one that’s publicly disclosed. It’s good to be skeptical about such unspecified threats — when officials warn direly, “If only you knew what we know” — but in this case, the danger is obviously real. The question is what to do about it.

The heart of the new cyberdefense strategy is to spread the use of secret tools developed by the NSA. For example, the spy agency devised a system known as Tutelage to defend against malicious intrusions of military networks; a DHS version called Einstein 3 is now being used to protect civilian agencies. These systems are known as “active defense” because they use sensors and other techniques to block malicious code before it can affect operations.

This summer’s big innovation was using the government’s expertise to begin shielding the nation’s critical private infrastructure. In late May, the Pentagon and Homeland Security launched what they called the DIB Cyber Pilot (that’s short for “defense industrial base”). To protect about 20 defense companies that volunteered for the experiment, Homeland Security worked with four major Internet service providers, or ISPs, to help them clean malicious software from the Internet feed going to the contractors.
What made this recipe powerful was that the NSA provided what officials like to call its “special sauce,” in the form of electronic signatures of malicious software, which the NSA gathers 24-7 through its intelligence network.

The experiment has been running for 90 days now, and officials say that it’s working. The ISPs have blocked hundreds of attempted intrusions before they could get to the defense companies. The lesson for Lynn: “It’s possible for the government to share threat information with private industry” under existing laws.

The National Security Council soon will be debating whether to extend this pilot program to other sectors of critical infrastructure. Obvious candidates are the big financial institutions supervised by the Treasury Department and the national laboratories and nuclear-energy facilities overseen by the Energy Department. Two questions down the road are whether to set regulatory standards that require all ISPs to provide a clean Internet pipe to key users and how to extend protection to the huge and nakedly vulnerable world of the dot-coms.

Here’s what I took from five days of discussion: The Internet was deliberately built with an open architecture, which was once its greatest strength but is now a vulnerability. Regulatory norms may be useful (just like fire codes and clean-water standards). But real security will come when it’s a moneymaker for private companies that want to satisfy public demand for an Internet that isn’t crawling with bugs.

The NSA can help by sharing its secret tools. But it needs a civilian interface, in Homeland Security, to reassure the public that this is about security, not spying.



Sequestration could bring ‘gridlock to the skies,’ industry warns


By Charles S. Clark

August 13, 2012


Across-the-board budget cuts slated for Jan. 2, 2013, under current budget law would devastate civil aviation, a new industry study asserts. Sequestration could cost as many as 132,000 jobs annually, the report said, in addition to $10 billion to $20 billion in slowed economic activity, and $1 billion in revenues foregone by federal state and local governments.

Cuts to the Federal Aviation Administration budget estimated at 8.5 percent, or $1 billion annually for nine years, would disrupt travel, cargo shipping and overall economic growth unless Congress finds a solution to its current stalemate over spending and revenue issues, said the report, released Monday at a Washington luncheon of aviation community representatives.

The Aerospace Industries Association, as part of its ongoing Second to None campaign to head off sequestration under the 2011 Budget Control Act, commissioned a study on the probable impact of FAA cuts. Stephen Mullin, vice president and principal of Econsult Corp. and a former director of commerce for the City of Philadelphia, gauged the impact of the looming cuts on short-term civil aviation operations and, separately, on its long-term evolution, particularly the NextGen project to modernize the nation’s air traffic control system. That project might be delayed until 2035.

“The study reveals the draconian effect of sequestration on the FAA,” Mullin said. If allowed to take effect as scheduled, it would “force the FAA to slash operations, bringing gridlock to the skies today, or defund modernization and infrastructure work. Anything that makes sequestration sooner and deeper makes the economic impact worse,” he added.

Norman Mineta, Transportation secretary in the George W. Bush administration and onetime Democratic chairman of the House Transportation and Infrastructure Committee, also sounded an alarm, telling the group “there is no more important issue facing you today” than this “meat-cleaver approach called sequestration.”

He bemoaned the fact that Congress, having gone four and a half years without a long-term FAA reauthorization bill, finally, after 23 short-term extensions, completed a deal this February. But “after all that hard work, Congress may now allow us to lose all the research needed to make our vision a reality,” he said.

Mineta said he doubted current FAA management planning around the uncertainty could find “carve outs,” or favored areas to protect from the across-the-board requirement, “because sequestration is just too big.”

Todd Hauptli, senior executive vice president of the American Association of Airport Executives, said one area that by law would be carved out and protected is FAA’s contract authority for improving airports. But he warned of larger impacts, such as longer passenger waits as security screeners and customs inspectors from the Homeland Security Department also are cut back. “Sequestration is a fancy word for abdication,” he said.

Marion C. Blakey, president and chief executive officer of AIA, called the prospect of sequestration “unconscionable,” noting the figures in the study don’t factor in adverse impacts on innovations in transportation safety and U.S. aircraft exports. The association in July released a more general study predicting a nationwide loss of 2.1 million jobs in all industries, though that study’s methodology has been challenged.

Asked why the Second to None campaign has focused on the harms of a potential sequestration but has not backed specific budget plans to avoid it, Blakey said solving the budget dispute “is something we elected leaders to address, and the AIA opted to push for them to work toward a long-term solution that involves entitlement reforms and tax reform. We don’t pretend to be experts in those areas.”

Mineta said he was disturbed at how current lawmakers act as if “all spending is bad and don’t distinguish between spending on consumption and spending that is an investment. We can’t cut enough to get us into prosperity,” he added. “We tell our young people to dream big, but it takes financial resources to do it.”


Congress Needs to Go Back To School on Cyber Legislation

Jody Westby, Contributor

8/13/2012 @ 9:34PM


It is somewhat amazing that Congress has wrestled with cybersecurity issues for years, yet remains largely clueless about what to do about it. Although the Senate tried to push through the Lieberman/Collins cybersecurity legislation (S. 3414) prior to the August recess, cooler heads prevailed. Now, Congress has the chance to step back and re-evaluate what it really should be doing about cybersecurity.


New Approach Needed

First, Congress should stop wondering how to tweak what failed. It should set aside prior bills – including S. 3414 – and open a new dialogue with the business community and cybersecurity researchers and legal experts who deal with the realities of cybercrime. A broader perspective is needed. For too long, Congress has been listening to parties with vested interests, such as IT and security companies that want to sell businesses more products and services and advisory services firms that hope for the cyber version of Sarbanes-Oxley so they can rack up another round of historic revenues. Congress has been told, and now believes, that companies will not adequately secure their systems, so Congress must require them to do so and specify what actions to take. This is wrong.


Instead of wondering how it can fix a flawed approach, Congress needs to:

•Understand the views of business and what it can do to incentivize companies to invest more in security;

•Learn how it can help create a culture of cybersecurity in our society; and

•Determine what measures are needed to help deter cybercrime.


Deception by Legislators Must Stop

Second, Congress must tell the truth about what they are really trying to do. The Lieberman/Collins bill was a masterful piece of deception that was intended to bamboozle businesses into believing that the legislation was not a massive extension of regulatory authority. The sponsors of the bill sent a letter to their Senate colleagues and issued a summary of S. 3414 that tried to paint the bill as voluntary and narrowly written. After the bill failed to garner enough votes for passage, the sponsors are reportedly disappointed and blaming industry instead of looking in the mirror.


Here is the truth (bold text is my emphasis). First, the reach of the bill. It authorizes government intrusions into a huge swath of business operations – all those deemed to be critical infrastructure – via cyber risk assessments.


S. 3414 uses the USA PATRIOT Act’s definition of “critical infrastructure,” which means “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”


The DHS website lists the following 18 critical infrastructure sectors:

1. Food and Agriculture

2. Banking and Finance

3. Chemical

4. Commercial Facilities

5. Communications

6. Critical Manufacturing

7. Dams

8. Defense Industrial Base

9. Emergency Services

10. Energy

11. Government Facilities

12. Healthcare and Public Health

13. Information Technology

14. National Monuments and Icons

15. Nuclear Reactors, Materials, and Waste

16. Postal and Shipping

17. Transportation Systems

18. Water


The bill defines “cyber risk” as “any risk to information infrastructure, including physical or personnel risks and security vulnerabilities, that, if exploited or not mitigated, could pose a significant risk of disruption to the operation of information infrastructure essential to the reliable operation of critical infrastructure.”

Section 102(a)(2)(A) provides that a designated government agency shall “conduct a top-level assessment of the cybersecurity threats, vulnerabilities, and consequences and the probability of a catastrophic incident and associated risk across all critical infrastructure sectors to determine which sectors pose the greatest immediate risk, in order to guide the allocation of resources for the implementation of this Act; and (B) …conduct on an ongoing, sector-by-sector basis, cyber risk assessments of the threats to, vulnerabilities of, and consequences of a cyber attack on critical infrastructure.”

So. The bill requires the identification of the risks and consequences of an attack across all of the 18 sectors. Contrary to assertions from Senate staffers, that is not one sliver of critical infrastructure. The bill further requires the National Cybersecurity Council (the new bureaucracy established by the legislation) to use the risk assessments to adopt “cybersecurity practices necessary to ensure the adequate remediation or mitigation of cyber risks identified through an assessment.”

Despite the Senate sponsors’ repeated insistence that S. 3414 is all about a voluntary cyber program and voluntary cyber practices, section 103(g)(1)(A) provides that, “A Federal agency with responsibilities for regulating the security of critical infrastructure may adopt the cybersecurity practices as mandatory requirements.” The “may” in this provision might as well be “shall” because if, within one year of enactment, the agency has not adopted the cybersecurity practices as mandatory, they must report to Congress on why they did not do so.


In a letter to colleagues, the bill’s sponsors stated, “The bill creates no new regulators, and provides no new authority for an agency to establish standards that is not otherwise already authorized by law.” This is masterful. Note that the sentence refers to regulators, not regulations. Note also that the sentence applies to “standards,” not “cybersecurity practices” and that the standards part is linked to “not already authorized by law.” Since section 103(g)(1)(A) provides federal agencies with the authority to adopt “cybersecurity practices” as mandated requirements, it provides all the authority that is needed to turn voluntary cybersecurity practices into costly compliance requirements for critical infrastructure companies.

When one considers the regulatory authority already vested in federal agencies, coupled with that in the Homeland Security Act of 2002 and in Homeland Security Presidential Directive-7 (HSPD-7), this bill fills the gaps to allow government authority over business operations. But just in case it is not enough, the annual report due to Congress on the effectiveness of the Act requires an analysis of whether any additional legislative authority is needed.

Where the bill narrows, is in the designation of categories of “critical cyber infrastructure.”

Section 2(5) of the bill states: “The term “critical cyber infrastructure” means critical infrastructure identified by the National Cybersecurity Council. Section 102(b)(3)(A) provides that the Council “shall identify categories of critical cyber infrastructure within each sector of critical infrastructure.”

The Council can “identify a category of critical infrastructure as critical cyber infrastructure if damage to or unauthorized access to such critical infrastructure could reasonably result in (i) the interruption of life-sustaining services, including energy, water, transportation, emergency services, or food, sufficient to cause a mass casualty event or mass evacuations, (ii) catastrophic economic damage to the U.S., or (iii) severe degradation of national security or national security capabilities, including intelligence and defense functions. Pursuant to this section of the bill, these critical cyber infrastructure companies will be required to report “significant cyber incidents affecting critical cyber infrastructure.”

Unlike the narrower group of companies that will be required to report incidents, the risk assessments and mandatory cybersecurity practices will apply to companies in all 18 sectors of critical infrastructure.


Cyber Scare Tactics Have Got To Stop

The cyber scare tactics have got to stop. It is not a legitimate strategy for passing legislation. All systems are vulnerable, and many types of attacks are possible. A recitation of security incidents at various companies (or government agencies) does not equate to a cyber meltdown.

In a June 6 letter to Senator leaders Reid and McConnell, former government officials Chertoff, McConnell, Wolfowitz, Hayden, Cartwright, and Lynn stated, “Where market forces and existing regulations have failed to drive appropriate security, we believe that our government must do what it can to ensure the protection of our critical infrastructure.” I greatly respect these men but strongly disagree with them.

Market forces have not failed; they are working. When breach notification laws were enacted, companies started to pay more attention to security, not because there was a compliance requirement, but because there was the threat of a headline. When customers shift to a competitor following a breach of their personal data, the marketplace notices. When public companies have suffered serious security incidents, their stock price has fallen. When insurance companies beefed up their requirements for cyber insurance coverage, companies stepped up the security of their programs. When courts have found damages or negligence in security cases, other companies and courts have taken notice.


Publicity about incidents involving weak security, lawsuits from investors and victims, insurance requirements for enterprise security programs, pressure for improved cyber governance, and awards for exemplary programs are all market forces that will drive appropriate security far better and much faster than regulations ever will.

Corporate attention to cybersecurity has increased significantly, and it will continue to do so simply because this topic has caught the attention of the press and the public and CEOs hate negative headlines and events that risk market share, impact stock prices, damage brands, and create legal liabilities. The market will create change much faster — and cheaper — than piles of assessments and government regulations. (Doesn’t it bother anyone that no economic analysis has been done on the cost of implementing legislation such as S. 3414?)


We must move from scare tactics to facts. Here are the facts.

•The U.S. invented the Internet, but it no longer controls it.

•The Internet is now an interconnected, global network of things: computers, devices, sensors, applications, etc., that present new risks

•Company networks are vulnerable. So are government networks. So are individual’s computers.

•Companies are very aware of compliance requirements, risks to their data, and how much security incidents and the loss of proprietary data costs them.

•Everyone needs to do more to counter the sophisticated nature of botnet attacks and exfiltration of data. Traditional security measures are no longer enough protection.

•Critical networks can be disrupted to cause catastrophic incidents. This has always been so and will continue to be so even if S. 3414 is enacted. The operating platforms and applications they use are vulnerable.

•Cyber threats have been escalating at exponential rates for over a decade.

•The bad guys are winning, their methods of attack are ingenious and change quickly when detected, and it is hard to catch them.

•Cybercrime laws are not harmonized around the globe, in fact, many countries do not have a cybercrime law.

•Cyber investigations usually require international cooperation, however, it is difficult to obtain. Any cooperation that is obtained is usually informal and based upon the luck of relationships.

•The two avenues for official assistance — Mutual Legal Assistance Treaties (MLATs) and the Letters Rogatory process – usually take months when seconds matter.

•Of the 250-plus countries and territories connected to the Internet, few of them have trained law enforcement who can adequately assist with cyber investigations and conduct digital search and seizure, especially on a 24/7 basis.

•Many U.S. police departments do not have trained cyber forces, including the Washington, D.C.’s Metropolitan Police Department (I can’t even get anyone on the phone).

•Companies and individuals that seek assistance often are advised that the law enforcement agencies do not have the resources to help them.

•There are no publicly available procedures on how a U.S. company that wants assistance from the U.S. government in countering an attack (such as from NSA) could request it, and there is scant legal statutory authority for the government to provide such assistance. (National Security Directive 42 provides a narrow ability for NSA assistance to government contractors).

•If the U.S. Government approached a company and said it needed to take over its network or access it for national security reasons, the CEO would be caught between his/her fiduciary duty to the shareholders of the company and a sense of obligation to some law enforcement or military personnel claiming authority.


You get the picture. It is a mess. This problem will not be solved by Congress passing laws mandating cyber requirements that DHS or some other government agency comes up with. First of all, there is an array of cyber standards and best practices that are developed by international standards-setting bodies. For example, there are 189 ISO standards for information security, our National Institute of Standards and Technology (NIST) has produced a full set of world-class materials on information security, and the Information Systems Audit and Control Association (ISACA) has developed its best practices, the Control Objectives for Information Technology (CobiT). The good news is that these security best practices are all harmonized and can be mapped to one another.

In 2010, a Government Accountability Office (GAO) report listed 19 organizations with ongoing initiatives that influence cybersecurity and governance, including the International Telecommunication Union, the European Union, the Council of Europe, the Asia-Pacific Economic Cooperation forum, the International Organization for Standardization, and the Internet Engineering Task Force. The GAO noted:

A multitude of organizations are actively involved in developing international agreements and standards related to the security and governance of cyberspace, and U.S. government and private sector involvement in these organizations and efforts is essential to promoting our national and economic security to the rest of the world.


Bottom line: U.S. Government-developed cybersecurity mandates are wrong-headed and cannot can hope to keep pace with these organizations or stay abreast of the threat.


Any legislative mandate on U.S. companies will surely render them less secure because they will be focused on meeting a compliance requirement instead of countering a threat with the best technologies and security practices. The Leiberman/Collins bill provides that, “Where regulations or compulsory standards regulate the security of critical infrastructure, a cybersecurity practice shall, to the greatest extent possible, complement or otherwise improve the regulation or compulsory standards.” So, we will have regulations, compulsory standards, and mandatory cybersecurity practices?


We all know the glacial speed at which laws and regulations get revised. This will be an incomprehensible mess in no time. The standards-setting and best practices bodies will be continuing to develop and modify their work to keep pace with current threats, and U.S. companies will be continually chafing under out-dated or ineffective regulations, compulsory standards, and mandatory cybersecurity practices.


Addressing National Security Issues


Third, Congress needs to understand that the real national security issues with respect to cyber remain unaddressed.

In a recent blog piece, Richard Clarke, former Advisor to the President on Cyber Security, noted that the U.S. Chamber of Commerce’s opposition to S. 3414 “killed a bill that could have addressed the most significant current threat to America’s ability to compete with China economically and to defend ourselves against potentially devastating cyber war in the future.” Oh, please. Never mind that he then proceeds to say the bill was not needed anyway. He explains that, “By the powers invested in him by the Constitution, the Homeland Security Act, and other laws, the president can by executive order achieve most of what was contemplated in the cyber security bill that has run aground in the monied morass of Capital Hill.” This leaves one to wonder why Mr. Clarke did not get these measures pushed through under any of the three presidents that he worked for [George H.W. Bush, Bill Clinton, and George Bush]. As the Father of Cyber Scare Tactics, he has warned of the digital pearl harbor since 2000, when he uttered it on the 59th anniversary of the famous attack.


In 2007, I presented a paper on the gaps between homeland security and homeland defense, in which I listed numerous legal issues that needed to be addressed in the national security context. Five years later, they still have not been resolved.

Numerous legal and policy questions arise in the context of cyber warfare. Consider how the U.S. might launch an offensive attack on China through communications infrastructure. DoD systems are not connected to China, so any attack would necessarily involve private sector networks. Who on the public and private sector sides would have authority to approve military use of private sector networks? What international cooperation would be required? Would the attack have to traverse more than one provider’s network? Would allowing the use of the private network for military purposes interfere with the fiduciary duty owed to the company’s shareholders by the board of directors and officers to protect company assets and its market value? Who is responsible for damage that could occur to the private sector network as a consequence of the attack or as the result of a counterattack? Can the U.S. Government order a private sector company to let it take over its network for national security interests? What third party liability may arise as a result of such an attack?

Believing that mandated cybersecurity requirements will solve cyber national security issues is like believing that a very high wall will keep out enemies, forgetting that they have airplanes. We will not become safer by telling companies what they have to do about cybersecurity. We will, however, start to be better prepared when we begin to address the above questions and when Congress takes proactive measures that will help counter cybercrime. When criminals can be caught, when their caches can be seized, when cybercrime is no longer the perfect crime, we will begin to be safer. When companies are willingly to spend money on cybersecurity because they will get some of it back as a tax credit, cyber issues will then be on the radar of CFOs and risk officers as a priority and security will improve. When investors know through SEC filings that companies have implemented key activities of enterprise security programs, these companies will be rewarded in the marketplace and cyber governance will improve. All of these things will advance our national and economic security, and targeted action by Congress could help make them happen faster and at a reasonable price.

Another critical point that Congress should take into consideration before imposing private sector cybersecurity requirements in the name of economic and national security: Even if there was a major cyber disaster, it is likely that any response to it would be hindered by the U.S. Government’s failure to resolve first responder cross-band communication problems and inadequate priority access to communication systems. The 10th anniversary of 9/11 brought criticism of DHS’s failure to implement important recommendations of the 9/11 Commission, particularly with respect to a common wireless network for public responders. The lack of interoperability between the various communication systems used by responders was one of the key response faults of 9/11, which was experienced again during Katrina in 2005. Although DHS has doled out around $2 billion in interoperability grants, they did not require interoperability as a grant requirement! So, many of the funds went to improve existing systems that are not interoperable with other responders. Duh….

Brent Greene, former head of the National Communications System at DOD and DHS, recently noted that, “The ability to respond to a major cyber incident will require a broader population of responders than police, fire, and medical rescue. A broader population would include critical infrastructure owners and operators, state and municipal leadership, National Guard, and key federal decision makers, and each would require priority access to communications. Today, this capability is lacking. DHS seems to not grasp a vision of what kinds of strategic programs require assured communications for the breadth of response scenarios, including cyber. Their approach is underfunded, divergent, and does not drive adequate interoperability among the programs they currently pursue.” From 2001-2004, Mr. Greene was responsible for operations, policy, technical, and program oversight of national security and emergency preparedness (NS/EP) communications, and a broad range of critical infrastructure protection and cyber security initiatives.

In sum, Congress needs to go back to school on cybersecurity to gain a broader vision of the cybersecurity problem if it hopes to enact legislation that will make our companies and nation safer. Previous approaches only would have created a false sense of security and cost U.S. taxpayers a fortune.

This article is available online at:


Maryland sees a future in drones

Manufacturing, research, testing make state a center for industry

By Matthew Hay Brown, The Baltimore Sun

6:41 PM EDT, August 13, 2012,0,5408386.story


In a cavernous production facility at AAI Unmanned Aircraft Systems in Hunt Valley, workers assemble remote-control planes that help U.S. forces identify enemy targets.

At the Johns Hopkins University Applied Physics Laboratory in Laurel, researchers work to make drones behave like insects, communicating among themselves as they perform a task together.

And at Naval Air Station Patuxent River in Southern Maryland, the Navy is testing a new unmanned jet flier designed to take off from and land on aircraft carriers.

Manufacturers such as AAI, Lockheed Martin and others, research at Johns Hopkins, the University of Maryland and elsewhere, and testing at the Patuxent station and Aberdeen Proving Ground have combined to make the state a center of a burgeoning global industry.

“The market is going to grow exponentially,” said Mike Hayes, the retired Marine Corps general who heads the state’s office of military and federal affairs. “And then, as the [Federal Aviation Administration] comes to grips with airspace issues and safety associated with unmanned systems, the potential for growth is even more dramatic.

“Within Maryland, because of a combination of our universities, our federal installations and then some of the private-sector folks that are already involved, we think we’re very well-positioned to participate.”

The industry faces challenges. With the United States out of Iraq and drawing forces down in Afghanistan, President Barack Obama has ordered the Pentagon to slow the growth of future spending. Congress is stalemated over a budget deal needed to forestall additional cuts.

The growing reliance on unmanned aircraft, meanwhile, has sparked controversy. Critics have said that using weaponized drones to kill individuals overseas is akin to assassination, and have protested the attendant civilian casualties.

Civil libertarians have expressed concern about the introduction of surveillance aircraft to domestic airspace, even as companies promote their value for such uses as watching borders and monitoring traffic.

And there remain concerns about the safe integration of manned and unmanned air traffic in the skies over the United States — concerns stoked in part by incidents such as the June crash of an RQ-4A Global Hawk on Maryland’s Eastern Shore.

Still, as an expanding roster of countries use unmanned aircraft to fly a widening array of missions, industry officials and analysts expect spending on drones to grow.

The Teal Group, a Virginia firm that tracks the aerospace and defense industries, estimates the global market for unmanned aerial vehicles will nearly double over the next decade to $11.4 billion.

“What we see is some immediate pressure in the U.S. on [unmanned aerial vehicle] spending,” said Philip Finnegan, director of corporate analysis for the Teal Group. “But over the next few years, there will be pressure upwards because of the focus on the next generation of systems.”

International spending, meanwhile, will more than triple over the next 10 years, Finnegan says.


State officials see gains for Maryland.

Hayes’ office counts at least two dozen businesses in the state that work on unmanned aircraft. They range from small, specialty firms that produce components to aircraft manufacturers such as AAI and Lockheed Martin, maker of the K-MAX cargo helicopter and the Desert Hawk III surveillance plane, among others.

“We think we are very well-positioned to be at the forefront of wherever this path leads us,” Hayes said.

Maryland institutions are helping to blaze the trail. In June, the Hopkins Applied Physics Laboratory demonstrated with Boeing that an operator on the ground with limited training, and using only a laptop and a military radio, can command a swarm of unmanned vehicles.

The swarm technology developed by the laboratory enables drones to communicate and act in concert to complete tasks more quickly and efficiently.

Last month, the Patuxent River station, home of the Navy’s principal air test range on the East Coast, hosted the successful first flight of Northrop Grumman’s X-47B unmanned combat system.

The Navy is testing the tail-less, V-shaped aircraft, which flew for 35 minutes over the Chesapeake Bay on July 29, as it looks to develop its first carrier-based drone.

Matt Funk, the Navy’s lead engineer on the project, says drones offer several advantages over manned aircraft.

“One is the deep-threat or the high-threat areas — you don’t risk losing pilots, loss of life if the aircraft gets shot down,” he said. “There’s also persistence and endurance. So where a manned pilot can only go for a certain number of hours before human fatigue sets in, this aircraft can keep going and keep going and keep going until it runs out of fuel.

“Once we demonstrate aerial fueling, we’re talking about mission endurances that go well beyond 20, 40 hours before it has to come back for maintenance.”

The X-47B is also autonomous — capable of flying on its own, and making adjustments, as necessary, to complete its preprogrammed flight plan.

Funk said the introduction of such aircraft on carriers is seen as “a game-changer in that it changes all the rules of … airpsace dominance.”

Finnegan, the industry analyst, expects drones to become “more capable.”

“They will be designed to be effective in penetrating defended airspace,” he said.

“What we had in Iraq and Afghanistan, we weren’t dealing with sophisticated air defenses. But in potential conflicts in the future, that is an issue. And so these systems will have more stealth, they’ll have greater power, they’ll have greater autonomy so if their communication is cut off, they can continue to do their mission.”

At AAI Unmanned Aircraft Systems, General Manager Steven Reid is “cautiously optimistic” about the future.

The operation, a unit of Textron Systems, makes the Shadow drone flown by both the Army and the Marines in Afghanistan and beyond.

The firm won contracts recently to fly its Aerosonde unmanned aircraft for the Navy and U.S. Special Operations Command. It’s looking to foreign militaries eager to acquire drones, and talking with the FAA about regulations for opening U.S. airspace to civilian and commercial uses.

“We’re planning for a constrained marketplace,” Reid said. “But at the end, the technology almost drives itself into the marketplace.”

AAI traces its involvement in the industry to the 1983 bombing of the Marine barracks in Beirut. After the attack, Israeli officials showed U.S. officials footage they had recorded with unmanned aircraft, and the Marines wanted the same technology.

The Pioneer RQ-2A, developed in a joint venture by AAI and Israel Aircraft Industries, was used by the Army, Navy and Marines in the 1991 Persian Gulf War for reconaissance, surveillance, targeting and battle damage assessment.

A Pioneer launched from the battleship USS Wisconsin during that war was assessing damage to targets on Faylaka Island near Kuwait City when several Iraqi soldiers attempted to surrender to the aircraft. U.S. troops nearby took the Iraqis prisoner. It is believed to have been the first time in history that human beings had tried to surrender to a machine.

AAI developed the Shadow RQ-7B by itself, and won an Army contract 1999. Now every brigade in the Army has one Shadow system, consisting of four aircraft, a launcher and a ground control station. The Marines and Special Operations Command also have flown Shadows in Afghanistan and Iraq.

“Shadow is what really lit the fuse here,” said Reid, the general manager. AAI Unmanned Aircraft Systems has grown from 50 employees in the 1990s to nearly 1,100 today.

Australia and Sweden have purchased Shadow systems, and the National Guard has flown them overseas and along the U.S.-Mexico border.

Industry officials see unmanned aircraft watching borders, monitoring traffic, measuring weather and tracking wildfires. The FAA estimates that 10,000 civilian drones will be in use within five years.

AAI has flown its Aerosonde aircraft into hurricanes for the National Weather Service and is preparing for an ice-mapping mission in the Antarctic.

Reid says the firm has a group tracking developments in the emerging civilian market.

“Our business is military. Our focus is military,” he said. “But we’re intrigued with the potential for commercial applications.”


Some universities require students to use e-textbooks

By Yasmeen Abutaleb, USA TODAY

August 13, 2012


While several colleges across the country are pushing electronic textbooks, touting them as more efficient and less cumbersome than regular textbooks, students are reluctant.

E-textbooks still account for only 9% of textbook purchases, says Student Monitor, which researches college student behavior.

“How excited can you expect to get about an e-textbook?” Student Monitor President Eric Weil says. “It’s not a fashion statement, it’s not a status symbol; it has to overcome the advantages that students see (in) a printed textbook.”

Typically, students don’t save much when opting to buy an e-textbook. For example, an organic chemistry e-textbook costs about $100, while the print version of the same book costs just $15 more.

For University of Wisconsin senior Leslie Epstein, having to buy an e-textbook only added to her expenses. She still found herself printing a copy of her textbooks in the two classes that required an electronic version, and said despite the lower price tag of an e-textbook, she’d buy the print version of the text “every time.”

“I see what (universities) are doing to make textbooks cheaper and less paper-reliant, but I don’t think it’ll work in the long run,” she says.

But universities are looking to combat that mindset with programs that urge — or force — students to adapt to the trend.

Indiana University was the first college to pilot a program three years ago by making students buy the e-textbook in selected courses. Five more universities have adopted similar programs: University of California-Berkeley, University of Minnesota, University of Wisconsin, University of Virginia and Cornell University.

In Indiana’s program, students are charged for the books through their bursar accounts, so they don’t have the option of not buying the book. This lets the university negotiate low prices with publishing companies.

An e-textbook through Indiana’s program costs about half as much as it would anywhere else, says Nik Osbourne, information technology chief of staff.

IU professor Timothy Baldwin, who used an e-textbook last semester for a management course, says he appreciates some aspects of the book but still longs to hold a book in his hands. He says many of his students felt the same, but he plans to continue using the e-book, anyway.


Federal travel reimbursement rate to stay same in fiscal 2013

Washington Post

By Lisa Rein, Published: August 14

The reimbursement rate for government travel will not change in the next fiscal year, the General Services Administration announced Tuesday, quelling hotel industry concerns that the rates would be cut to reduce federal travel spending.

The decision follows an aggressive lobbying campaign by the hospitality industry, which met with GSA leaders, lawmakers on Capitol Hill and White House officials to plead against a lower rate.

“We used the resources at our disposal to help GSA make a responsible decision on how to preserve federal travel but safeguard tax dollars,” said Erik Hansen, director of domestic policy at the U.S. Travel Association.

The GSA, which sets rates for lodging, meals and other travel expenses for federal agencies, considered reducing the average lodging rate of $77 a night by as much as 30 percent as part of an effort to comply the Office of Management and Budget’s order to slash travel spending in fiscal 2013 by the same amount.

The belt-tightening was ordered after a conference scandal involving the GSA’s Public Buildings Service, which spent $823,000 in 2010 on a four-day Las Vegas junket that featured a mind-reader and after-hours parties in pricey loft suites.

GSA officials said they concluded that cutting per diem rates would actually cost the government more: Employees attending conferences or out-of-town meetings would stay at cheaper hotels outside city centers and need to rent cars to get around, jacking up their travel bills, said Mafara Hobson, an agency spokeswoman.

“By keeping per diem rates at current levels, we are supporting federal agencies in controlling costs and ensuring that taxpayer dollars are used wisely,” acting GSA Administrator Dan Tangherlini said in a statement. The statement said freezing the rate would save $20 million in travel costs the government would have incurred had per diems increased.

The GSA considered several options as it evaluated reimbursement rates for the fiscal year that starts in October, officials said. One would have changed the methodology the agency uses to calculate average daily lodging rates in major metropolitan markets, removing more costly hotels from the annual sample.

Hotel officials warned GSA leaders that lower rates would ultimately result in higher travel costs.

Shawn McBurney, senior vice president of governmental affairs at the American Hotel Lodging Association, said the GSA was told “that if they [lowered the rate], most hotels in a city wouldn’t have been considered.” Hotels are not required to accept the government rate.

The government’s standard lodging rate of $77 covers hotels in 2,600 counties; the standard per diem meal rate is $46. But rates for lodging and meals vary widely in big cities frequently visited by federal workers, based on the average room price for mid-priced hotels and restaurants.



The Obama and Ryan budgets, by the numbers


By Katy O’Donnell

August 14, 2012

A comparison of President Obama’s approach to the federal budget and plans put forward by Mitt Romney’s running mate, House Budget Committee Chairman Paul Ryan, R-Wis.


President Obama


Obama would allow the lower Bush tax rate of 35 percent to expire, bringing the tax rate back up to 39.6 percent for families earning more than $250,000 annually. His proposal would limit the reach of the Alternative Minimum Tax, a problematic tax Congress regularly has to “patch” at the end of the year because, while originally intended to ensure that the wealthy pay a minimum amount, the tax increasingly ensnares middle-class payers. But Obama would still employ an AMT-like tax by limiting the rate at which individuals can reduce their tax burden through deductions to a 28 percent income-tax liability. That measure would bring in an estimated $500 billion over 10 years.

The proposal would also raise the estate tax and the gift tax to 2009 levels of 45 percent over a given threshold — the first $3.5 million of an individual’s estate, and the first $1 million of a gift, would be exempt — to raise nearly $250 billion over 10 years. He would raise the capital-gains tax to 20 percent, ending the preferential Bush-era rate of 15 percent.

Altogether, the budget’s tax proposals would raise some $2 trillion more than if current tax policies were simply extended for 10 years. Obama is more specific than the budget plan being pushed by Rep. Paul Ryan, R-Wis., about the tax expenditures he would end (like the preferential capital-gains rate), but he hasn’t made any move to go after the breaks where the real money is, like the mortgage-interest deduction.

Obama would lower the corporate tax rate to 28 percent, according to a separate corporate tax reform proposal he released in February, and he would implement a minimum tax on overseas earnings. He would also get rid of various business tax deductions and give a 20 percent income-tax credit for businesses that move jobs back to the United States.



Like Ryan, Obama wasn’t happy to leave the Budget Control Act — passed with the debt-ceiling increase last year — alone in his budget. The law, if allowed to take effect, would trim the deficit by $2.3 trillion over 10 years through a combination of annual spending caps and automatic across-the-board cuts, split evenly between defense and nondefense programs.

Obama’s proposal would remove the firewall between the caps on defense and nondefense annual spending, and its proposal for the next fiscal year actually transferred some money from nondefense to defense programs. Still, Republicans have attacked Obama for failing to address the nearly $500 billion in defense spending cuts over 10 years set to take effect in January.



The president’s proposal would implement defense cuts totaling nearly $500 billion over a decade.



Like the Ryan proposal, Obama’s budget made no changes to Social Security.



The president’s plan relies on his health care law for most savings, counted in the form of lower drug costs, limited procedural and equipment payments, and the suggestions of the Independent Payment Advisory Board. The most recent estimate of the law’s costs and savings, released after the Supreme Court’s decision, found that it would be $84 billion cheaper over 10 years, now that states are allowed to opt out of the Medicaid expansion.



Obama’s budget counts about $150 billion in fees from drug manufacturers participating in Medicare Part D over 10 years; the plan would also reduce the growth in provider payments and increase premiums for high earners.



The budget counts about $50 billion in Medicaid savings, largely from streamlining state matching rates.



Obama took heat from members of his own party for his proposal to dramatically reduce funding for a program that gives heat and energy assistance to the poor; but for the most part the plan stays away from low-income assistance programs.



The president’s plan would increase funding for financial regulators, requesting more than $2 billion for the next fiscal year to implement the Dodd-Frank financial-reform law.


Rep. Paul Ryan


Ryan’s plan would consolidate the current six individual income tax brackets into two, set at 10 percent and 25 percent, though the plan isn’t clear on how those rates would be applied, income-wise. He insists the plan will be revenue neutral — that the government will not lose any money coming into its coffers — because he would scrub the complicated tax code of unspecified breaks and subsidies. The biggest 20 breaks — including the exclusion of employer health insurance and the massively popular mortgage-interest deduction — make up 90 percent of the $1.1 trillion in revenue lost each year to the roughly 200 “tax expenditures” currently on the books.

This is where the criticism that Ryan would raise taxes on the lower and middle classes in order to cut them for the rich comes into play: Many of the top breaks benefit the middle class along with the wealthy, and the one that almost exclusively benefits the wealthy, the lower 15 percent capital gains rate for returns on investments, is one Ryan has made clear he wouldn’t touch — and might even lower more dramatically. Republicans point out that since 50 percent of people do not pay income taxes, they will not be affected by the removal of expenditures, even though 11 percent of the breaks go to lower-income individuals

Ryan also would repeal the alternative minimum tax — a tax originally intended to ensure that the wealthy pay a minimum amount that both sides now concede ensnares middle-class payers — rather than continue short-term fixes, as Congress traditionally does at the end of the year. On the corporate side, Ryan would lower the rate from 35 percent to 25 percent and exclude foreign income.



Ryan has never supported the defense part of the automatic spending cuts spurred by the failure of the “super committee” of 12 members of Congress who were supposed to find $1.2 trillion in deficit reduction over a decade. The across-the-board spending cuts — or “sequesters” in Washington-speak — set to go into effect at the start of 2013 would be evenly split between defense and nondefense spending and total $1.2 trillion.

Ryan’s budget farmed out instructions to other committees to replace the 10 years of defense cuts by cutting additional domestic spending. The cuts to “mandatory spending” — spending on things such as health care that do not get passed each year by Congress — would reach the vicinity of $250 billion over 10 years.

Domestic cuts next year alone in “discretionary” spending — the spending passed each year by Congress for programs to keep the government running –would hit $27 billion, in order to offset the increase in defense spending and still cut the overall budget for the year.

Democrats’ position is that while both parties are in favor of replacing across-the-board cuts with more considered policy, Republicans’ shift of money from domestic programs to defense amounts to targeting the most vulnerable members of society, since savings would be wrung from programs such as food stamps.



He would not only void the scheduled cuts, but increase defense spending for the next year by $8 billion, to $554 billion, excluding war spending.



Like President Obama, Ryan stayed away from Social Security reforms. His 2008 plan included suggestions, but he dropped them after hearing concerns from fellow GOP House members.



The House-adopted package of long-term budget reforms counts more than $150 billion in spending cuts for health care programs over the next decade, mainly through the implementation of malpractice reform and defunding of many large parts of Obama’s health care law.



There would be no change for anyone enrolled before 2023 — one of the reasons many of the budget’s hypothetical savings wouldn’t kick in until after the 10-year period by which budgets are usually measured. After that, the eligibility age would increase gradually until it reached 67 in 2034. The budget Ryan produced this spring would introduce a competitive-bidding system and would allow seniors to choose between traditional Medicare and a subsidy from the government to purchase a private plan. Last year, there was no option to maintain traditional Medicare’s fees for services. It’s a concession Ryan made when he crafted a new Medicare plan with Sen. Ron Wyden, D-Ore., last December. The cost-growth formula is also more generous this year than it was last year, but the over-all reform plan is still the most dramatic approach currently in circulation.



It would undo rules from the health care law requiring states to keep everyone who received Medicaid benefits in 2010 on support through 2014 and void scheduled expansion of coverage for most non-elderly people with incomes less than about 140 percent of the poverty level. It would also limit the taxes states can charge Medicaid hospitals and doctors and the extra Medicaid payments for hospitals that treat large numbers of uninsured patients.



The package would cut an additional $50.4 billion over 10 years from non-Medicaid programs that help the poor. It would eliminate a block grant designed to send federal funding to state social services programs; end yearly increases in funding for food stamp education programs and end the increase in food stamp money included in Obama’s stimulus. If the package were implemented, it would also be harder to qualify for food stamp assistance. Some of that money has now already been spent, so the $50.4 billion figure is now slightly high, but these cuts are a huge issue for Democrats, so expect to hear a lot about them.



By raising the amount that federal employees contribute to their pensions and eliminating supplemental benefits given to early retirees until they reach the Social Security retirement age, the package would generate more than $80 billion.



The package counts $35 billion in savings from easing up financial regulation included in the Dodd-Frank reform law.


Senator pushes for cybersecurity via executive order


August 14th, 2012
Nicole Johnson

A top Democratic senator is calling on the president to use executive branch authorities to better secure critical systems against cyber attacks.

In a letter to President Obama on Monday, Sen. John Rockefellar, (D-W.Va.), urged the president to “explore and employ every lever of executive power that you possess to protect this country from the cyber threat.”

Rockefeller co-sponsored the Cybersecurity Act, S. 3414, which failed passage in the Senate this month. The bill would have set voluntary standards for companies operating critical infrastructure, such as the electric grid, water treatment facilities and transportation systems.

Rockefeller said that many portions of the bill could be implemented via executive order, regulatory processes or under the authorities of the Homeland Security Act.

Obama’s assistant for homeland security and counterterrorism, John Brennan, told the Council on Foreign Relations last week that the administration is considering the use of executive branch authorities. White House officials are determining what cybersecurity guidelines or policies can be enforced through executive order to enhance cybersecurity of critical infrastructure, most of which are controlled by the private sector.


Microsoft tablet partners announced amid rumors of $199 Surface

Washington Post

By Hayley Tsukayama, Wednesday, August 15, 9:57 AM


As we get closer to the launch of Microsoft’s new version of Windows, a clearer picture is emerging about what the tablet landscape will look like at launch.

We already know about the flagship Windows tablet, of course: Microsoft’s own Surface, which Engadget recently reported may have a price tag of $199. That would put the company in a very good position to sell against Google’s Nexus 7, Amazon’s Kindle Fire and, most importantly, Apple’s iPad.

But pricing the Surface so low could have some other consequences. When the company debuted the in-house tablet this June, it set off buzz not only about the tablet itself but also the effect the tablet would have on the rest of the Windows ecosystem.

In other words, many wondered, if Microsoft’s running point on Windows RT and Windows 8 tablets, how many other companies will join them?

The picture is filling out. Microsoft announced that Dell, Lenovo, Asus and Samsung will be releasing tablets in the near future. And Toshiba announced Tuesday that it will not be making a Windows RT tablet at launch, CNET reported, while it’s still unclear whether Hewlett-Packard will step in with a Windows follow up to its TouchPad.


Any of those manufacturers would be hard-pressed to produce a tablet for $199. Acer executive JT Wang, who already told the Financial Times that the Surface would be a problem for his company, also told Digitimes that such a huge price difference would be very damaging.

Microsoft has yet to offer any solid details about the Surface’s price, saying only that consumers should expect prices “to be competitive with a comparable ARM tablet or Intel Ultrabook-class PC.” That had most people expecting the lighter Windows RT tablet to come in around the same price point as the iPad or iPad 2. If Microsoft can offer a larger tablet at a price currently reserved for the 7-inch squad, it will be quite the draw even if accessories such as the keyboard cover are sold separately.


Cloud brings foreign IT spending to U.S.

By Patrick Thibodeau

August 13, 2012 06:00 AM ET


Computerworld – U.S.-based corporations and government agencies have been shipping application development work to offshore IT services providers for years.

Now, thanks to cloud computing, foreign companies are starting to bring their business to providers of data center services located in this country.

Consider Grupo Posadas, a large hotel company in Mexico that today relies on five data centers to support more than 17,000 guest rooms in over 100 hotels. Grupo Posadas IT personnel run three of those data centers; the other two are run by outsourcing partners.

Later this year, most of the company’s IT capability will be moved to a data center in Texas run by Savvis, a hosted services provider based in Town and Country, Mo., said Grupo Posadas CIO Leopoldo Toro Bala.

The U.S. data center will provide cloud-based infrastructure and managed database services, according to Toro Bala.

By moving some operations to Texas, the Posadas IT group will have more time to focus on developing systems like mobile and social networking tools that could help the business grow, he added.

“Our IT strategy is aligned to our growth, and our growth means that we need to be flexible and agile,” he said.

The shift to the cloud will not affect IT costs. Instead, it will provide capabilities that will help streamline deployments of new IT systems, said Toro Bala. Previously, implementing a new system often required new equipment that could take months to deploy.

Cloud computing makes it possible to deploy new services in a matter of weeks. “That is the type of capability that we were lacking — that agility,” said Toro Bala

Meanwhile, as U.S. providers of cloud-based services start to attract foreign customers, some countries are enacting laws to protect their domestic providers, and some foreign companies are overseeing so-called FUD (fear, uncertainty and doubt) campaigns designed to raise questions about the security of U.S. data centers, said Daniel Castro, an analyst at the Information Technology and Innovation Foundation.

For instance, ads by Deutsche Telekom and other companies claim that their cloud products are more secure than those of U.S. vendors because U.S. companies have to comply with laws such as the Patriot Act, executives from industry groups and tech vendors told a U.S. House of Representatives subcommittee during a hearing late last month.

“We commonly see almost absurd positioning of what the Patriot Act permits,” said Justin Freeman, the corporate counsel of Rackspace, a provider of hosted services.

Such marketing efforts, said Castro, represent a significant threat to U.S. providers of cloud-based services.

“The potential market for cloud computing is very large, and the U.S. right now is the country that stands to gain the most from it,” said Castro, who also testified at the hearing.

Castro said most countries have laws that are similar to the Patriot Act, and some, including Canada and Australia, allow businesses to turn over data voluntarily to government agencies. A U.S. company would violate its terms of service if it did that, he said.


Concerns about a lack of security or privacy in U.S. data centers didn’t affect the outcome of the outsourcing decision at Grupo Posadas, which has a long history of working with U.S. IT companies, said Toro Bala.


Walmart, Target others team to offer mobile payments network

Retailers will compete with mobile operators and Google for US mobile wallet dominance

By Mikael RicknA$?s

August 15, 2012 11:09 AM ET


IDG News Service – More that a dozen retailers including Best Buy, Walmart, Target and 7-Eleven have joined forces to form the Merchant Customer Exchange (MCX), a mobile-payments network that will compete with Google and Isis.

The retailers claim that they are better suited than mobile operators and OS developers to develop a successful mobile-payment system.

No launch date was given for the exchange, which was announced Wednesday, but development of MCX’s mobile application is underway. It will be available through virtually any smartphone, according to a statement from the merchants. MCX is not yet saying which payment technologies it will use, but that information will be provided in the near future, according to a spokesman.

Like their competitors, the retailers plan to combine their mobile wallet with targeted offers and promotions that will be available through smartphones.

MCX will enter an increasingly crowded U.S. market for mobile payments using Near-Field Communications (NFC) and other methods. The two main competitors for MCX are Google Wallet and Isis, which is backed by AT&T Mobility, T-Mobile USA and Verizon Wireless.

Even more contenders are expected to enter the space, including Apple, according to Windsor Holden, research director with Juniper Research.

“There is no question that Apple will come out with some form of contactless payment technology,” Holden said.

It remains to be seen whether the company will opt for NFC or something else, he said.

That the retailers are getting involved with their own offering doesn’t come as a surprise, according to Holden. There is an undeniable momentum behind utilizing the mobile payments and no one wants to be left out of a new revenue stream, he said.

Google Wallet was launched last year and can be used at over 140,000 merchants where MasterCard PayPass is accepted. To get the wallet, users need a compatible phone such as the Galaxy Nexus on Sprint, AT&T or T-Mobile or the Samsung Galaxy S III also on Sprint.

Recently, Google launched a cloud version of its mobile-wallet application and also added new security features to the system.

Google’s rollout has had a few hiccups. Earlier this year, it suspended the prepaid capabilities on credit cards linked to its mobile wallet after a security flaw was exposed.

Isis, meanwhile, hasn’t launched its mobile wallet yet. It has said that this summer, consumers in Austin, Texas, and Salt Lake City, Utah, will be able to start using the service.

HTC, LG, Motorola Mobility, Reserach In Motion, Samsung Electronics and Sony have all stated that they will offer smartphones compatible with Isis.

At this point, the availability of different mobile wallets isn’t necessarily a bad thing, because it will raise more attention and the mobile money market needs that right now. Consumer awareness is extremely low, according to Windsor.

However, in the long run there likely won’t be room for so many different products that aren’t interoperable.

“As soon as you have mass interoperability, that’s when you have the opportunity for something to really take off,” Windsor said.

The system with the easiest-to-use product and whose backers are the most successful at educating users will be the winner, Windsor said.

The companies pushing mobile payments are competing for a big market. The scale of global mobile-payment transactions is expected to rise nearly fourfold over the next five years to more than US$1.3 trillion, according to Juniper Research.


Hypersonic aircraft fails flight test

AF Times

By Marcus Weisgerber – Staff writer

Posted : Wednesday Aug 15, 2012 17:55:33 EDT


The Air Force’s X-51 hypersonic test aircraft failed during its latest launch over the Pacific Ocean.

A B-52 bomber flying over the Point Mugu Naval Air Warfare Center Sea successfully launched the X-51 — called the Waverider — in the late morning on Aug. 14, the Air Force said in an Aug. 15 statement. But 16 seconds later, “a fault was identified with one of the cruiser control fins.”

After being released by the B-52, a rocket boosts the X-51 before its scramjet, hypersonic engine kicks in. But once the rocket separated from the X-51 this week, testers were unable to control the Waverider due to the broken fin and the aircraft was lost.

“It is unfortunate that a problem with this subsystem caused a termination before we could light the Scramjet engine,” Charlie Brink, X-51A program manager for Air Force Research Laboratory, said in the statement. “All our data showed we had created the right conditions for engine ignition and we were very hopeful to meet our test objectives.”

Program officials are working to determine the cause of the failure.

The Air Force has not had problems with X-51 fins during the prior two test flights of the X-51. In May 2010, an X-51 flew for more than three minutes at Mach 4.88.

The X-51 is built by Boeing. Pratt & Whitney Rocketdyne makes the hypersonic engine.


Drought hits U.S. power supply

Energy Daily

by Staff Writers

Morgantown, W.Va. (UPI) Aug 15, 2012


Water shortages due to ongoing drought affect the U.S. power supply as power plants become overheated and shut down or run at lower capacity, analysts say.

Because they are completely dependent on water for cooling and make up about half the water usage in the United States, power plants can become casualties of droughts, says Barbara Carney of the National Energy Technology Laboratory in Morgantown, W. Va.

Nuclear power suffers particularly, since the average nuclear plant that generates 12.2 million megawatt hours of electricity requires far more water to cool its turbines than other power plants.

If water levels in the rivers that cool the plants drop too low, the power plant won’t be able to draw in enough water.

In addition, if the cooling water discharged from a plant raises river temperatures above certain levels, U.S. environmental regulations require the plant to shut down.

At least four nuclear plants had to shut down in July for these reasons, and nationwide, nuclear generation is at its lowest in a decade with the plants operating at only 93 per cent of capacity, reported.


iCloud: security risk?

By Stefan Hammond

August 15, 2012 07:00 PM ET


Computerworld Hong Kong – Apple’s iCloud service, which was recently forced upon former-users of (including myself), has not proven to be a shiny seamless service. Many tech journos complain that iCloud doesn’t represent the user-experience associated with Cupertino’s decades-long tradition as a quality-brand.

Since being migrated, my calendars have sprouted duplicates, along with other mysterious phenomena. Apple gives all iCloud users 5GB free storage, which is nice as I’ve been a user of their cloud-based service since 2001.

But I don’t store my media-content in the cloud–sure, it’d be great to have all my photos in Photostream, but an ever-growing blob of data in the sky will likely burst the surly bonds of any arbitrary data-limit and “upgrade” me to a higher tier. I prefer manual control over my own data. Is that too much to ask?

But security is no luxury add-on for any cloud service. Mat Honan, writer for Wired Magazine, found out the hard way–his horrific tale of social engineering/hacking is detailed in his Wired article.

It started with some unknown teenager(s) liking Honan’s three-letter Twitter account. That was all: they wanted that Twitter-handle. It was cool. To get it, they ended up doing a lot, a LOT of seriously evil activity (again, please read his full account–if it saves one single CWHK reader from suffering the same fate, I’d be grateful). Anonymous strangers savaged his digital existence.


How bad was it? Honan sums it up: “In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.”

Imagine that happening to you, your Twitter account, and your devices.

True, Honan made some errors in his personal security and backup-planning which he regrets and details in his informative and often heart-rending article. But like us, he’s human. What tripped him up (along with his own less-than-best practices) were security-measures built into Apple and Amazon’s online services which, combined with clever social engineering on the part of the bad guys, including compromising his Gmail account.

Honan details the process precisely–using phrases I hope I’ll never have to write. I cover security and advise people on how to handle their personal security perimeters. After reading Honan’s article, I’ve gone in and changed a few things. It’s that critical.

Honan contends that in a cloud-centric environment, passwords no longer provide adequate security. “Cloud-based systems need fundamentally different security measures,” he wrote.

The man has a point. And while he mostly blames himself for failing to back up critical data, he reserves bitter ire for Apple’s evolution into iCloud. “I bought into the Apple account system originally to buy songs at 99 cents a pop, and over the years that same ID has evolved into a single point of entry that controls my phones, tablets, computers and data-driven life,” wrote Honan. “With this AppleID, someone can make thousands of dollars of purchases in an instant, or do damage at a cost that you can’t put a price on.”

As we have sown, so have we reaped. The iTunes store that gleefully sold us catchy pop-tunes has morphed into a multi-armed octopus with a permanent target painted on it. A single point-of-entry is also a single point-of-failure. The two-factor authentication mandated for banks by the HKMA is available on Gmail, but Honan didn’t use it (do you?).

We can only hope that the folks at Apple–now the world’s largest technology company–are putting security-systems in place to help prevent what happened to Honan to the rest of its users. In the wake of this incident, both Apple and Amazon have hardened their security procedures and no longer allow password-changes over the phone (this was part of the social-engineering hack that allowed strangers to remote-wipe Honan’s phone, tablet, and laptop). Apple details its iCloud security here.

Security Asia has another account of the Honan incident and more tips to help you improve your own security-profile.


New rules expose bigger funding gaps for state public pensions

Washington Post

By Michael A. Fletcher, Published: August 16


Already-strapped state and local governments are coming under increasing pressure to reduce pension benefits or increase taxpayer contributions that help pay for them because of new rules that would require them to report those obligations more honestly, advocates say.

The latest rules come on line from the bond-rating firm Moody’s at the end of this month. They are projected to triple the gap between what states and municipalities report they have in their funds and what they have promised to pay out to retirees. That hole would stand at $2.2 trillion.

For the worst-off cities, the new pension debt calculations could mean bond rating downgrades and increased borrowing costs when localities try to raise money for new projects, Moody’s has warned.

The accounting changes themselves will not force policymakers to alter how they fund pensions. But finance experts say that by simply highlighting greater funding gaps, the rules will intensify pressure on state and local governments to allocate more of taxpayers’ dollars to their pension funds. More likely, public workers may have to contribute more to their retirements or see promised benefits curtailed, measures that have already been implemented in more than 40 states.

Virginia and Maryland have cut benefits for new hires while preserving retirement packages for current employees.

“It is hard to believe that higher numbers would not put increased pressure on governments to deal with this,” said Scott D. Pattison, executive director of the National Association of State Budget Officers. “If you only have so many dollars, if you are going to put more into pensions, that means less for other things.”

The new rules come at a difficult time for state and local governments struggling with weakened tax revenue and stronger demand for services in the wake of the recession. In addition, states and localities face the prospect of substantial reductions in aid from the federal government beginning in January unless Congress and the White House come up with an alternative to automatic budget cuts.

The changes add to the growing tensions over the often generous retirement benefits that public employees receive. Union leaders argue the packages compensate for lower pay, but critics, including GOP governors, say the pensions are unfair and have become unaffordable for taxpayers.

“It is what we call pension envy,” said David Urbanek, spokesman for the Teachers’ Retirement System of Illinois. “You have an economy that is not performing the way people are used to. For a lot of people, their standard of living is being held steady or declining. Then they see a group of people getting pensions that they’ve earned and it makes them uncomfortable. They ask, ‘Why not me?’ Or, more to the point, ‘Why them?’ ”

Retired Illinois teachers earn annual pensions of a little more than $46,000 a year on average; they do not participate in Social Security under a state opt-out. Under the old accounting rules, their pension fund has $37 billion in assets and $81 billion in future liabilities — making it among the most poorly funded large public plans in the country.

Under the new accounting rules, the assets would be counted even lower, leaving an unfunded liability that one estimate put at 83 percent.

“The new standards are essentially a public relations problem,” Urbanek said. “It doesn’t change the fact that we owe a total liability of $81 billion over 30 years.”

But the situation could get worse, he added. Illinois faces $9.2 billion in unpaid bills, and lawmakers could be tempted to reduce pension funding.

Pension systems are financed through a combination of annual budget allocations and employee contributions. They also greatly rely on investment earnings. But the stock market’s erratic performance over the past decade or more has contributed to a worrisome gap between the amount of money pension funds are projected to have on hand and what they have pledged to pay retirees.

The problem grows even greater when governments factor in the soaring cost of retiree health benefits, for which many of them have not set money aside.

Under current rules set by the Governmental Accounting Standards Board, public pensions are estimated to be about 75 percent funded. This June, like Moody’s, GASB approved new guidelines that would shrink that estimate to 57 percent. GASB’s rules take full effect by 2015.

“Government entities are trying to move toward full funding; that is the goal,” said Cathie G. Eitelberg, senior vice president for the Segal Company, an employee-benefits consultancy. “Having different sets of numbers out there is going to be a communications challenge. It could also require public officials to look at these plans and make decisions about how to best finance them over time.”

Among other things, the new accounting rules from Moody’s and GASB limit the rate of return on future investments that pension funds can assume for accounting purposes. Most government pension funds assume a 7 percent to 8 percent return, which critics say overstates future investment income.

Unions and many pension fund managers dispute that critique, pointing out that investment returns have surpassed that over the past several decades, even if recent history has been more difficult. Still, others say the changes are long overdue and will better reflect the funding situations of public employee pension funds.

“The action by GASB and Moody’s will convince people they can’t continue to wait to rein in these costs,” said Chuck Reed, mayor of San Jose, where voters in June overwhelmingly ratified a sweeping pension reform plan. “These costs are enormous and nobody can afford them. To the extent that the real costs are obvious, it provokes people into action.”

In San Jose, retirement costs have more than tripled in the past decade and now consume one-fifth of the city’s general fund budget. Reed said the ballooning cost of pensions and retiree health benefits has forced the city to cut 2,000 jobs.

Under the recently approved plan, new city workers would be forced into a less expensive pension plan. Incumbent workers have the choice of joining the less expensive plan or paying much more for the old one. That plan allows workers to retire when they are as young as 55 or have put in 30 years on the job, and they can receive up to 90 percent of their salaries. In addition, they receive a 3 percent cost-of-living increase every year.

Under the reform plan, the city can suspend those increases if it declares a fiscal emergency.

“The retiree costs were going to affect service delivery or cause insolvency,” Reed said. “So we had to do something to reduce them.”


Apple, Facebook put Prineville on the map

Central Oregon small town the latest data center hot spot

Patrick Thibodeau

August 17, 2012 (Computerworld)


Apple and Facebook this week each filed plans to expand data center operations in Prineville, Ore., a little community that’s on its way to becoming one of the largest data center locations in U.S.

Once their data centers are completed, Apple and Facebook combined will have created some 1.2 million square feet of data center space. Both companies own enough land in Prineville to expand well beyond that.

How did Prineville, with a population of less than 10,000, attract Apple and Facebook? And does Prineville really benefit from data centers, which aren’t big employers?

Apple this week submitted a master plan to “slowly build over time” up to 500,000 square feet of space, said Joshua Smith, Prineville’s senior planner. Apple is nearing completion of a 10,000 square-foot data center facility on a 160 acre parcel it owns.

Facebook was in Prineville first, building what became a 334,000 square foot data center in 2010, and it has been finishing work on a companion facility, which is estimated at about 360,000 square feet by local officials. Facebook owns about 120 acres of land.

This week Facebook filed plans to build another 60,000 square foot facility, although it isn’t clear whether it will be used as a data center.

Considering the amount of land that the two companies own, and the ever growing demand for data center space, “it would not be surprising if there was more than or close to two million square feet in data center space between the two companies,” said Jason Carr, who heads the Prineville office of Economic Development for Central Oregon (EDCO), a non-profit group that spearheads development efforts for local governments.

Local economic development officials say they have a number of things working in their favor. There’s plenty of reliable electricity because of major trunk lines in the region. The power costs are relatively low, at roughly 5.5 cents a kWh. There’s available land, and the climate — dry, arid and cool at night — is ideal for data center systems.

The tax breaks are generous as well. Apple and Facebook are getting 15-year tax exemptions that apply to buildings and equipment but not to land. The state has no sales taxes on equipment. The tax system “was designed to favor large capital investment,” said Roger Lee, the executive director of EDCO.

Offsetting the tax exemption is a power franchise fee, which is based on the power bill that Facebook pays. About 5% of that monthly power bill goes to the city of Prineville, Carr said. “The city right now is seeing about $60,000 per month of additional revenue coming into the city coffers through that franchise fee,” he said.

The city also charges a “community fee,” levied in lieu of taxes. The fee was attached to the 15-year exemption to help cover the cost of public services. Facebook will pay about $110,000 and Apple, $140,000 annually, Carr said. The companies are also paying for some public utility improvements.

Data centers aren’t large employers, and that will be true in Prineville as well. Facebook employs about 60 at its data center but that may rise to nearly 100, once it completes all its building. Apple may eventually employ roughly an equal amount, estimate local officials.

Facebook has involved itself in the community, making money available for numerous local projects and in the schools as well.

Oregon’s infrastructure has drawn other large data center operators, notably Google. Other areas of the country, such as parts of North Carolina have also turned into data center locations for companies such as Apple and Facebook.


VA’s Backlog of Paper Claims Could Cause a Building Collapse


By Bob Brewin

August 10, 2012


Roger Baker, the Veterans Affairs Department chief information officer, promises that the department will have a paperless claims processing system installed in all its regional offices next year, none too soon for the Veterans Benefits Administration employees in North Carolina whose safety is threatened by mountains of paper files.

The VA Inspector General reported Thursday that the VBA office in Winston-Salem has so many backlogged claims that employees have stacked 37,000 paper files on top of file cabinets in mounds two feet high. Files also were stored on the floor and stacked in boxes along the walls, the IG said.

These foothills of files have “the potential to compromise the structural integrity of the sixth floor of the facility. We noticed floors bowing under the excess weight to the extent that the tops of file cabinets were noticeably unlevel throughout the storage area,” the IG said.

What’s more, onsite safety managers reported “concerns with boxes of files blocking exits, files stacked too close to overhead sprinklers, and files falling from the tops of file cabinets onto employees. In 2011, one employee experienced a minor shoulder injury when claims folders fell on him from the top of a filing cabinet.”

That’s a serious records management problem.


UTC to supply drones for Sinclair Community College

Dayton Business Journal

Date: Friday, August 17, 2012, 8:21am EDT


Sinclair Community College has selected UTC Aerospace Systems to provide it with Small Unmanned Aerial Systems, or SUAS, to use in its first responders training program, according to

UTC Aerospace Systems is a unit of United Technologies Corp. and will deliver the systems before the end of the year. The company will work with several Dayton-area suppliers, including GeoSpatial, which will provide composite airframes.

According to, the highly autonomous SUAS system uses affordable high performance gyro-stabilized electro-optical cameras. This allows the SUAS to provide reliable low cost real-time video capabilities for a multitude of situations.


The 10 Unhappiest Jobs in America

By Vivian Giang | Business Insider – Mon, Aug 13, 2012 12:00 PM EDT.. .


If you happily get out of bed every morning for work, you’re one of the lucky ones — not everyone is satisfied with their current job.

These people feel stuck for a variety of reasons, including low pay, irregular hours or the inability to move upward, says a report published by CareerBliss.

The company identified the unhappiest jobs based on more than 100,000 employee-generated reviews between February 2011 and January 2012.

The ratings are based on key factors such as work-life balance, one’s relationship with their boss and co-workers, their work environment, job resources, compensation, growth opportunities, company culture, company reputation, daily tasks, and control over the work that they do daily.

Here are the top 10 jobs that make workers’ lives miserable.


1. Security Officer

Average salary: $29,641

Bliss Score: 3.510/5

Why: “People might think that the work environment security guards often face, such as working late hours alone at night, would be what contributes to unhappiness,” Matt Miller, the chief technology officer at CareerBliss told Smith. “However, our data shows that growth opportunities and lack of rewards in this field is what affected the overall sentiment around this type of job. Work environment scored relatively high.”

Description: Guard, patrol, or monitor premises to prevent theft, violence, or infractions of rules. The BLS projected the growth of these jobs to be 18 percent through 2020.


2. Registered Nurse

Average salary: $60,857

Bliss Score: 3.549/5

Why: “Nurses . . . have more issues with the culture of their workplaces, the people they work with and the person they work for,” Golledge says.

Description: Provide and coordinate patient care, educate patients and the public about various health conditions. The BLS projected the growth of these jobs to be 26 percent through 2020.


3. Teacher

Average salary: $43,663

Bliss Score: 3.595/5

Why: CareerBliss’ chief executive Heidi Golledge told Smith: “CareerBliss has found through our research that teachers appear to be quite happy with their work and their co-workers. However, the rewards for their work, lack of support and lack of opportunities to be promoted counteract many of the good parts of the job.”

Description: Prepare students for future schooling and working by teaching them a variety of subjects. The BLS projected the growth of grade school teaching jobs to be 17 percent through 2020.


4. Sales Engineer

Average salary: $71,283

Bliss Score: 3.636/5

Why: Smith reports that these engineers don’t appreciate the “lack of growth opportunities, company’s culture, compensation and support.”

Description: Sell complex scientific and technological products or services to businesses. They must have extensive knowledge of the products’ parts and functions and must understand the scientific processes that make these products work. The BLS projected the growth of these jobs to be 14 percent through 2020.


5. Product Manager

Average salary: $81,865

Bliss Score: 3.648/5

Why: Smith says that these workers “voiced unhappiness with the range of growth opportunities, compensation, company culture and support.”

Description: A blog describes product managers as those who “conceive the idea; run with it for many months; … gather, [develop], test, [go] through the painful exercise of bringing that product to market, and then support it until it is made obsolete.”

6. Program Manager

Average salary: $94,371

Bliss Score: 3.655/5

Why: Jacquelyn Smith at Forbes reports that “the unhappiest aspects of [this] job are a lack of growth opportunities, the culture of the company they work for and the surrounding workplace support system.”

Description: Plan, coordinate, budget, and supervise construction projects from early development to completion. The program managers’ responsibilities are finished when the product is delivered, and they turn it over to the product managers.


7. Marketing Manager

Average salary: $64,437

Bliss Score: 3.677/5

Why: Thomas O. Davenport at says: “With many organizations expecting managers to act as player-coaches, both performing and overseeing work, their roles often become complex and unwieldy.”

Description: Plan programs to generate interest in a product or service. They work with art directors, sales agents, and financial staff members.


8. Director of Sales

Average salary: $91,821

Bliss Score: 3.677/5

Description: Set sales goals, analyze data, and develop training programs for the organization’s sales representatives. The BLS projected the growth of these jobs to be 12 percent through 2020.


9. Marketing Director

Average salary: $68,873

Bliss Score: 3.688/5

Description: Plan, direct, or coordinate marketing policies and programs, such as determining the demand for products and services offered by a firm and its competitors, and identify potential customers.


10. Maintenance Supervisor

Average salary: $52,799

Bliss Score: 3.691/5

Why: Long hours and a lot of on-call schedules.

Description: Reviewing contracts to ascertain service, machine, and workforce requirements; answering inquiries from potential customers regarding methods, material, and price ranges; and preparing estimates according to labor, material, and machine costs.

Source: CareerBliss and Bureau of Labor Statistics


Lt. Gen. C.D. Moore II outlines the way ahead for AFLCMC

by Amy Rollins

88th Air Base Wing Public Affairs


8/10/2012 – WRIGHT-PATTERSON AIR FORCE BASE, Ohio  — In the first of several town hall meetings, Lt. Gen. C.D. Moore II, the inaugural commander of the new Air Force Life Cycle Management Center shared thoughts, themes, goals and challenges Aug. 1, 2012, at the Air Force Institute of Technology’s Kenney Hall.


The center, which has 26,000 employees, was created as Air Force Materiel Command consolidated the number of centers from 12 to five.

AFLCMC stood up as an organization on July 9 and began incorporating directorates from former AFMC centers to achieve its current configuration on July 20. Although operations began immediately, Initial Operating Capability, or IOC, is scheduled to occur on Oct. 1 to align with the start of the new fiscal year.

AFLCMC provides “cradle-to-grave” management of Air Force aircraft, communications, armaments, cyber and other systems. Its major operating locations include Wright-Patterson; Hanscom AFB, Mass.; Eglin AFB, Fla.; Maxwell AFB’s Gunter Annex, Ala.; and program offices at each of the air logistics complexes at Tinker AFB, Okla.; Robins AFB, Ga.; and Hill AFB, Utah.

It’s not often that you get to be part of something new, Moore said, acknowledging the heritage of AFLCMC’s predecessor organizations.

“There are tremendous opportunities for us as a new organization.”


Who is the new guy?

To introduce himself, Moore revealed some personal details: He is from a small town in Washington State; is married and father to two children, with a son in the Air Force; has been commissioned for more than 32 years; has had seven previously assigned field acquisition duties, working at Aeronautical Systems Center, AFMC twice and the Pentagon three times. Moore has more than 3,000 flight hours in 30 types of aircraft. Prior to assuming his current position, he was AFMC vice commander.


AFMC mission, vision and priorities

AFLCMC is obviously part of a new organizational structure within AFMC, but the command’s mission remains the same, Moore said: to deliver war-winning expeditionary capabilities to the warfighter.

He previewed the AFLCMC emblem which is a few weeks away from final release. In its current form, its design includes a golden globe on a field of blue, with an upright lance through its middle, representing AFLCMC’s heritage of developing munitions, and a pair of electronic lightning bolts almost encircling it, symbolizing electronic systems, today very much so of the cyber realm. The stylized triangular aircraft-cradled at the top of the lightning bolts and lance represents the aircraft systems AFLCMC manages. All are tied together in an integrated way to underscore “24/7, on time, on cost, with war-winning capabilities to the warfighter.”


Strategic plan is in development stage

A strategic plan for AFLCMC is being built around the center’s draft objectives:

· Acquire innovative and supportable warfighter solutions;

· Meet urgent operational needs through rapid materiel solutions;

· Deliver cost-effective, on-time solutions to U.S. and international partners;

· Implement product support, planning and governance to balance resources, priorities and mandates;

· Strengthen workforce skill base across the AFLCMC enterprise;

· Continue focus on improvement of processes and internal controls.


“The onus is on us now to determine those specific objectives and measures that are going to show us we are making progress, to do our job more effectively and efficiently,” Moore said.


Thoughts on rules of engagement

He confided that the organization was not perfect on Day 1; there is still work to do.

“I promise you, the planning process going forward — that we used over the last year — will continue.”

Establishing the right set of enterprise-level metrics to ensure the organization is meeting major command goals and priorities and user expectations will be important. Most important will be building teams that think and act beyond geographical boundaries to act with enterprise-level responsibility, the general said.

Well-defined metrics and leading indicators help to “ensure we are doing the right thing” for the warfighter and taxpaying customers, Moore said.

Growing a skilled, trained workforce will be extremely important, and staffing adjustments will be necessary. Most communication will be conducted through directorate and functional leaders and other direct reports, with the chain of command used for normal, day-to-day operations.

Unity will be fundamental to the new center’s success.

“As we are getting ready to roll out the new five-center construct, one integrated team is absolutely essential. When we are successful, it’s because we did that right,” Moore said.


AFLCMC themes

He touched on the “why” of performing the AFLCMC mission.

“What we do is important. I tell folks the reason I’ve been wearing the uniform for 36 years [since entering the Academy] is I believe that. When I don’t believe it anymore, I’ll hang up the uniform. What you do is so, so important for our nation, and for the warfighter. I thank you for what you do every day.”

Several slides were used to show AFLCMC’s organization; a snapshot of program executive officers, other directorates and key support organizations; and a map indicating the center’s various 75 locations, satellite offices and other locations with AFLCMC representation.


The key challenges

Key challenges Moore highlighted are: meeting mission requirements in a resource-constrained environment, with budget reductions likely, with or without sequestration (resulting in DOD budget cuts); being postured to adjust to reductions; a rapidly changing world, with growing asymmetric threats, and the need to be innovative and responsive in delivery of integrated, cross-portfolio solutions.

“I am absolutely confident that working with all those who are involved in managing and supporting weapons systems that we can do the right thing, that we can set up the right processes to ensure mission success,” Moore said.

Regrowing the culture of life cycle management is essential.

“That’s where I think we have some new challenges,” he said.


Expectations and vision

Open communication, keeping leadership informed to avoid surprises, process discipline and forging teams to build trust and understanding to break down barriers were among the expectations Moore articulated. Accompanying this was a call to take care of people and a foundation of integrity to always do the right thing.

After outlining his expectations and vision for the organization, Moore concluded that AFLCMC is now one integrated team focused on a core mission of program management and product support. The new structure offers amazing advantages and potential to improve support for the warfighter, he said.

A brief question and answer session ended the town hall. Questions ranged from sequestration/budget reductions and process standardization to referring to other AFLCMC locations as “Team Hanscom,” or “Team Eglin.”

“We’re not holding onto ‘legacy’ names because we have to forge a new integrated team and create a culture around AFLCMC,” he said. “It’s time for folks to embrace the fact that some of these legacy organizations are now part of the greater whole.”


Moore thanked the audience for its support.

“I am so thrilled to be back. This is just such a unique opportunity for all of us to help build an organization from the bottom up.

“How good can you make it? It’s a clean sheet,” he said. “It takes courageous and bold leadership to say, ‘Let’s try something new and different. Let’s break down some of those process barriers and let’s embrace what somebody else does as the best practice.’ This is exciting.”


Cyber Command struggles to define its place on a shifting battlefield


By Aliya Sternstein

August 16, 2012

The U.S. Cyber Command, which directs network offensive operations for the Pentagon and protects its networks, is becoming more open about the military’s capabilities in cyberspace. Recently, the Defense Department was forced to show part of its hand when leaks surfaced about U.S.-manufactured cyber weapons and cyber espionage missions. Still, since 2011, the department has told the world it stands prepared to protect U.S. national security interests through cyberspace maneuvers. 

With intrusions becoming ever more frequent and public—Defense and the Office of the Director of National Intelligence have called Chinese hackers a continuing and concerning threat—the military is focusing its constrained budgets on cyber. The Pentagon in January announced a spending strategy that switches priorities from ground wars in the Middle East to the Asia-Pacific maritime region and cyber operations. 

But a cyber fighter shortage and the U.S. force’s dedication to civil liberties may be dragging down the agenda. 

Cyberspace demands a new breed of warrior whose skills are scarce even by private sector standards. Troop size aside, cyber weapons could backfire on U.S. civilians, because of the amorphous nature of the cyber domain. And the very idea of an Internet corps scares the people Cyber Command aims to protect: Americans who value free speech and free markets. 

The Pentagon is cognizant of the staffing, privacy and security challenges of mobilizing in cyberspace, current and former military officials say. Defense knows the competition for able cyber professionals presents a hurdle, but the command stands ready to vie for them using special incentives. The extras that Gen. Keith Alexander, head of Cyber Command, has mentioned include bonuses like the ones pilots and nuclear officers receive, as well as opportunities for education and advanced degrees.

Operations online likely will require a combination of physical and mental acuity if the recent Stuxnet campaign is any indication. The U.S.-Israeli-engineered computer virus that reportedly seized Iranian nuclear centrifuges was inserted manually through a jump drive, rather than propagated over the Internet from a safe distance. The Pentagon plans for cyber specialists from the Air Force, Army, Marines and Navy to coordinate with Cyber Command headquarters in Maryland on executing operations abroad, according to Alexander. 

“One of the challenges is finding and holding the people we need to do this mission. We have to recruit, train and retain a cyber cadre that will give us the ability to operate effectively in cyberspace for the long term,” Cyber Command spokesman Col. Rivers J. Johnson Jr. says. “Gen. Alexander has indicated that it is going to take time for us to generate the force,” Johnson says, adding the Cyber Command chief is optimistic he eventually will get the specialized force desired.

Once troops are in place, activating them may require patience, due to the risk of accidentally unleashing viruses into the wild. The Flame worm, a suspected U.S. government invention, has long been harvesting information from computers in Middle Eastern countries using a compromised Microsoft product. Microsoft had to block three of its own digital certificates to stop less well-intentioned programmers from exploiting the weakness. Stuxnet, which undermined a computer system that operated nuclear plant equipment, could theoretically ram other Iranian infrastructure, such as civilian water utilities, for instance.

Another complication with an armament such as Flame is the potential for eavesdropping on communications between innocents. Kaspersky Labs, the security firm that discovered the cyber spy tool, describes the bug as “the largest cyber weapon to date,” referring to its 20 megabytes. The worm can scoop up massive amounts of valuable information such as screen shots of online chats, audio recordings from internal microphones and storage files. Many American privacy activists and foreigners are nervous about proposed legislation that would let U.S. intelligence and military communities scan citizens’ correspondence for signs of illicit activities and viruses embedded by nation state actors. 

Both big business and human rights activists—not always best friends—are largely on the same side about any government regulations that demand sensitive information in return for greater computer protections. As much as civil libertarians would like the United States to facilitate the free flow of information in oppressive regimes, they aren’t so eager if it means monitoring all digital messages to find the bad guys.  

Yet, on the whole, some former government hackers say they’ve been surprised to see the Obama administration taking considerable care to minimize such civil liberties and cybersecurity risks. Recently uncovered attacks have involved “techniques that could have been used against us just as effectively,” says Dave Aitel, chief executive officer of cybersecurity firm Immunity Inc. and a former National Security Agency computer scientist. He was referring to the chance of a cyber backlash if adversaries figured out how to apply the same tactics against U.S. citizens. 

The order to implant the Stuxnet virus reportedly was made after thorough deliberation by the highest power in U.S. government—and not a Pentagon official. Defense’s strategy for operating in cyberspace states the commander in chief has the ultimate say-so to engage in confrontations. “Obama has to say yes or no,” Aitel says. “It’s not completely like ‘Go crazy, Cyber Command.’ ”

Pentagon officials have said they strongly respect Americans’ rights during operations. Defense spokeswoman Lt. Col. April Cunningham says, “DoD is committed to protecting the individual privacy of communications on the Internet and the civil liberties of the American people.”

Retired Gen. John P. Casciano, a former Air Force director of intelligence, surveillance and reconnaissance, says the U.S. government will never have 100 percent assurance that a cyber offensive will work as planned. Americans, however, have more to fear from adversaries and cyber crooks than from feds. “I’m not terribly concerned about the U.S. government spying on us,” says Casciano, now a private consultant. 

Some former Defense officials say cyber weapons are subject to the 1978 Foreign Intelligence Surveillance Act, which regulates the monitoring of U.S. international communications during counter-espionage activities. “All new cyber weapons must adhere to all the U.S. federal laws,” says retired Air Force Lt. Gen. Harry Raduege Jr. Or, more specifically, “it’s U.S. people who employ cyber weapons who are subject to FISA. It’s really the people.” Raduege is now chairman of the Deloitte Center for Cyber Innovation. 

Casciano says he trusts the current legal framework will protect Americans in cyberspace.

Many civil liberties activists have argued otherwise, based on their long-standing criticism of FISA for sweeping up Americans’ calls, emails and text messages. Flame so far has spread in a controlled manner among certain nation-state groups and academic institutions and has not self-replicated, according to Kaspersky researchers.

Jeffrey Carr, a cybersecurity consultant and author of Inside Cyber Warfare (O’Reilly Media, 2009), makes a distinction between cyber weapons intended to destroy systems such as Stuxnet, and cyber espionage tools such as Flame that compromise systems. With cyber weapons, collateral damage could harm civilians who use a targeted network, he says. “How do we know which networks should be targeted and which ones should be off limits?” he says. “I would think that [U.S. officials] would be concerned about their rules of engagement.” 

Cunningham notes the Pentagon does not discuss operational matters as a manner of long-standing policy and will not comment specifically on the development of cyber offensive tools. But she says, “DoD will organize, man, train and equip for operating effectively in cyberspace. DoD is in the process of developing the organizations, processes and procedures to ensure that the [combatant commands] have the appropriate cyber force structure and capabilities to operate effectively in their theaters.”



From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: