Skip to content

July 6 2013

July 8, 2013

6July2013

Newswire

 

Joint Chiefs Chair: Fewer Admins Needed

Military Network Consolidation Should Help Mitigate Insider Threat

By Eric Chabrow, June 29, 2013.

GovInfoSecurity

http://www.govinfosecurity.com/joint-chiefs-chair-fewer-admins-needed-a-5869/op-1

 

A side benefit of the Department of Defense’s continuing consolidation of some 15,000 U.S. military networks will be the need for fewer systems administrators; that should make IT less vulnerable to insider threats, the chairman of the Joint Chiefs of Staff says.

Army Gen. Martin Dempsey’s remarks come as federal authorities hunt for Edward Snowden, the former systems administrator at the Defense Department’s National Security Agency who leaked classified information about NSA intelligence collection programs .

“I think systems administrators is the right place to begin to clean this up, though, because they have such ubiquitous access, and that’s how he ended up doing what he did,” Dempsey said in a June 27 speech at the Brookings Institution, a Washington think tank. “We’re got to take a much harder look at this as we become more reliant on cyber-activity.”

Air Force Lt. Col. Damien Pickart, a Pentagon spokesman, says the military has thousands of systems administrators, but he couldn’t provide a precise number.

Dempsey, in his presentation, compared the Snowden leak to the insider attacks on American troops by allied Afghani soldiers. “You can’t prevent; you can mitigate the risk,” he said.

“You can’t stop someone from breaking the law 100 percent of the time. You can certainly increase the scrutiny in terms of their background investigation. You can reduce the number of them. You can put different degrees of oversight in place.”

 

Building Its Own Secure, 4G Network

Dempsey said the DoD’s previously announced network consolidation effort, known as the Joint Information Environment, would increase security and help ensure the integrity of battle systems in the face of disruption. The new environment, based on secure cloud, will include a 4G wireless network that will provide network access for certified smart phones and tablets. “In fact, I have a secure mobile phone with me here today,” the general said, holding up a smart phone. “The phone would make both Batman and James Bond jealous.”

 

Mobile devices connected to military networks must meet stringent DoD guidelines [see DoD’s Influence on Smart Phone Security].

Dempsey touched on a wide range of cybersecurity concerns during his hour-long presentation.

Rules of Cyber-Engagement: The chairman said the military has developed a draft of a playbook that describes how the United States should respond to a cyber-attack on the nation’s critical infrastructure by taking specific steps. Those include:

1. Gather information on the malicious code and the systems under attack. “Our first instinct will be to pull up the drawbridge and prevent the attack, that is to say, block or defend.”

2. Launch an active defense if the attack cannot be repulsed. Dempsey characterized that response as being a proportional effort to disable the attacking botnet.

3. If that fails, consult with other “higher-level” authorities in the government to determine what to do next. Any massive retaliation would require decisions by civilian leaders, he said.

Cyber-Attack Response: Dempsey said a cyber-attack on the United States could, conceivably, be met with a conventional military response. “There is an assumption out there … that a cyber-attack that had destructive effects would be met by a cyber-response that had destructive effects. That’s not necessarily the case. I think that what [President Obama] would insist upon, actually, is that he had the options and the freedom of movement to decide what kind of response we would employ.”

Negotiating with the Chinese: Dempsey dismissed the idea that Snowden’s disclosures of the cyber-intelligence collection programs weaken America’s moral standing in cybersecurity negotiations with the Chinese. He said all nations, including the United States and China, conduct espionage in a variety of domains, including cyber, but China has developed a particular niche of stealing intellectual property.

“Their view is there are no rules in cyber, there are no laws that they are breaking, there are no standards in behavior. So, we have asked them to meet with us … in order to establish some rules of the road so that we don’t have these friction points in our relationship.”

Future of Cyber Command: The chairman envisions a day when the U.S. Cyber Command, a sub-unified command under the U.S. Strategic Command, becomes its own command. He said the current structure works, for now, but added that passage of cyberthreat information sharing legislation before Congress could change that. “If we get the kind of information sharing we need, that could be a catalyst for changing the organization, because the span and scope of responsibility will change.”

Hack-Back Opposition: The general said he opposes private companies launching their own counter-attacks against cyber-assailants – so-called hack-back attacks [see Questioning the Legality of Hack-Back]. “We don’t want private cyber-organizations conducting operations that could be perceived as hostile acts. And, if they’re perceived as hostile acts, it could lead us into conflict.”

 

 

U.S. Looks to Blunt Corporate Espionage by Chinese Firms

WSJ.com

By WAYNE MA

BEIJING—The U.S. could be signaling stepped-up prosecution of Chinese companies accused of stealing trade secrets as it filed criminal charges against one of China’s largest wind-turbine manufacturers and two of its executives, experts said.

“Maybe five years ago, it was sexier to chase drug cases than trade-secret cases,” said Benjamin Bai, a partner at Allen & Overy in Shanghai. However, “the political climate is brewing the perfect storm in the U.S. for prosecutions to increase.”

A recent law strengthening the U.S. Economic Espionage Act will likely encourage more prosecutions, said Mr. Bai, who has represented U.S. clients on intellectual-property issues.

In December U.S. President Barack Obama signed into law an amendment that allows prosecutors to seek charges against those who steal the trade secrets of not only products but also of services. The amendment was passed after a former Goldman Sachs Group Inc. computer programmer had his conviction overturned when a U.S. court ruled that the software he stole was used only internally.

The latest case, filed Thursday, involved products. U.S. prosecutors accused Sinovel Wind Group Ltd. of stealing source code for software used to control wind turbines from American Superconductor Corp., a Massachusetts-based engineering company, and then shipping four turbines equipped with the code to customers in the U.S.

“This case is indicative that American companies and the U.S. government are fed up, and can and should pursue all available legal remedies, including criminal sanctions, to put an end to trade-secret theft,” said James Zimmerman, managing partner of law firm Sheppard Mullin Richter & Hampton LLP in Beijing and a former chairman of the American Chamber of Commerce in China. “Chinese companies need to heed the warning that U.S. industry is determined to protect its core technology.”

A spokeswoman for Sinovel said Friday that the company was still studying the charges and didn’t have a formal response to allegations. U.S. prosecutors also indicted an employee of AMSC, as the Massachusetts firm is known, and two Sinovel executives. They couldn’t be reached for comment.

A spokeswoman for China’s Ministry of Foreign Affairs said she wasn’t familiar with details of the Sinovel case. “China has been enhancing the laws for intellectual-property protection and will continue to improve laws and regulations for intellectual property and copyright,” she said.

The issue has risen in prominence in recent months as companies reported that they had been hacked by groups that appeared to have connections with the Chinese government. The Obama administration has been pressing the issue of commercial hacking with Chinese officials.

 

China has repeatedly said it is a victim of cyberattacks, and points to the allegations of former U.S. National Security Agency contractor Edward Snowden as proof that the U.S. hacks into Chinese computers.

In an annual survey, members of the American Chamber of Commerce in China said they were becoming increasingly concerned about intellectual-property theft in China. Thirty-four percent of respondents said intellectual-property infringements caused “material damage” to their China operations last year, up from 22% a year earlier and 9% in 2010, the survey said. One in four said they experienced a breach or theft of data or trade secrets from their China operations, the chamber said.

A U.S. commission on intellectual-property theft, headed by former Director of National Intelligence Dennis Blair and former U.S. Ambassador Jon Huntsman, issued a report in May accusing China of being responsible for as much as 80% of the intellectual-property theft against U.S. companies. The commission made several recommendations, including increasing resources for the Justice Department and the Federal Bureau of Investigation to investigate and prosecute cases of trade-secret theft.

Louis Schwartz, president of China Strategies, a consulting firm focusing on Chinese trade and investment in renewable energy, said U.S. prosecutions against China for intellectual-property theft are still rare and that he was surprised at how aggressive AMSC was in pursuing its claims against Sinovel.

“My advice for clients is to see if you can get enough compensation upfront so if you lose intellectual-property rights in China, at least you have some compensation,” he said. “The lure of the China market is so great that people tend to look the other way.”

Xiang Wang, Asia managing partner for the law firm Orrick, Herrington & Sutcliffe LLP, said the number of criminal cases his firm has handled involving corporate espionage charges leveled at Chinese companies by foreign rivals has increased by 50% over the past two years. “The number of criminal cases will certainly increase,” he said.

Although companies pay fines in civil disputes over the theft of trade secrets, the penalties often aren’t effective deterrents, said Mr. Wang, who is based in Beijing. However, someone who steals trade secrets may think twice about going to prison, he said.

A version of this article appeared July 1, 2013, on page B9 in the U.S. edition of The Wall Street Journal, with the headline: U.S. Acts Tough on Trade Secrets.

 

How Edward Snowden Could Derail the Global Economy

By DAVID FRANCIS, The Fiscal Times July 2, 2013

NSA leaker Edward Snowden is at it again. This time, he’s leaking to the Germans.

Over the weekend Der Spiegel magazine published a report indicating that the United States has been spying on its European allies, including Germany, France and Italy. Documents provided by Snowden indicate that NSA is collecting data on European communications and planted bugs in EU offices in New York and Washington to detect rifts in the troubled monetary alliance.

Reactions from European leaders were swift and harsh. This is especially true in Germany, where the protection of private correspondence is written into its Constitution.

President Obama shrugged off the report, saying all nations collect intelligence. But this argument isn’t likely to fly with German Chancellor Angela Merkel, a former East German who grew up living under the intrusive eye of the Stasi and Soviet surveillance. She immediately condemned the United States, while a parliament member said Snowden should be rewarded for this information with asylum in Germany.

“The monitoring of friends — this is unacceptable. It can’t be tolerated. We’re no longer in the Cold War,” Merkel said through spokesman Steffen Seibert.

But the more troubling response, both for the United States and the European Union, came from French President François Hollande. He said that talks on a bilateral U.S.-EU trade deal should be put on hold until questions about the spying were answered.

“We can only have negotiations, transactions, in all areas once we have obtained these guarantees for France, but that goes for the whole European Union, and I would say for all partners of the United States,” he said of the talk set to begin next week. For good measure, French minister of foreign trade Nicole Bricq added, “We must absolutely re-establish confidence… it will be difficult to conduct these extremely important negotiations.”

Things could get worse. In a letter asking Ecuador for asylum, Snowden – who is still stuck at the Moscow airport – said he would release more documents that he deemed to be in the public interest. Russian President Vladimir Putin has also opened the possibility of Snowden remaining there.

There’s a lot at stake. The United States wants it’s economy recovery to accelerate, while Europe is desperate for economic growth (the deal is expected to add $157 billion to the EU economy and $133 billion to the U.S. economy).

Now, low-level European diplomats could leverage NSA’s spying to win concessions as negotiations over the deal get underway. Expect France, which has called for provisions to fund French movies and art in the deal, to be especially aggressive with anti-NSA rhetoric.

One can argue about whether Snowden’s revelations have made America less safe. But it’s undisputable that he has caused an erosion of trust between partners and their citizens. This trust is essential in building international trade agreements, as popular support for trade pacts is essential.

Without these pacts, international trade dries up and hundreds of billions are removed from the global economy. Put simply, these agreements eliminate barriers to doing business. For instance, a 2010 Congressional Research report found that exports to countries that are part of the Trans-Pacific Partnership Agreement totaled $747 billion in 2008.

The mistrust also has political implications. Take Germany. Much was known about PRISM when Obama visited Berlin two weeks ago, but according to the German media, Merkel asked few questions about it. Now that the German public is outraged by Snowden’s latest disclosure and has turned on Obama, Merkel will try to harness that outrage to win election in the fall, causing a further strain on German-American relations.

“This could slow down [the EU-U.S. deal] considerably,” Joerg Wolf, editor of the Berlin-based open think tank atlantic-community.org, told The Fiscal Times. “European citizens will mistrust the U.S. even more, which then would make it more difficult for EU governments to cooperate with the US in the future.”

OTHER DEALS THREATENED BY LEAKS

The U.S.-EU trade pact is not the only one at risk. The pending trade deal between the United States and Ecuador has fallen apart because of Snowden. Last week, Ecuador – a country thought to be considering offering Snowden asylum- withdrew from talks, saying they feared “blackmail” if they refused to offer up the fugitive.

Senator Chuck Schumer (D-NY) refused to back down, warning Ecuador, “Your economy will pay a very big price. We should end all foreign aid, repeal trade agreements worth billions of dollars.” http://newyork.cbslocal.com/2013/06/30/schumer-threatens-economic-impact-against-ecuador-if-nsa-leaker-is-granted-asylum/

Ecuador risks losing billions in exports to the United States if the deal falls apart. And while the dissolution of the deal hurts the Ecuadorian side more, the end of a two-decade old trade deal represents a diplomatic setback for both sides.

Wolf said there is potential for the same thing to happen with the U.S.-EU deal.

“Whatever U.S. public diplomacy achieved in Germany in the last four years [since George W. Bush’s presidency ended], it’s gone,” atlantic-community.org’s Wolf said. “Any positive impact President Obama’s trip to Berlin two weeks ago might have had, it’s gone.”

 

Snowden’s Real Job: Government Hacker

Mathew J. Schwartz    | July 01, 2013 11:42 AM


http://www.informationweek.com/security/government/snowdens-real-job-government-hacker/240157625

 

How did the apparently low-level IT-administrator-turned-whistleblower Edward Snowden, 30, manage to gain access to details of numerous top secret National Security Agency (NSA) surveillance programs?

Simple: He wasn’t actually an IT or system administrator. Intelligence officials had repeatedly suggested this while also noting that the agency employs numerous contractors to help maintain its systems. Or as Gen. Keith Alexander, the director of the NSA, told ABC News last month about post-Snowden changes at the agency: “We’re now putting in place actions that would give us the ability to track our system administrators, what they’re doing and what they’re taking, a two-man rule, we’ve changed the passwords.”

In fact, Snowden himself stated in a video that his most recent job title wasn’t that of system administrator. “My name is Ed Snowden, I’m 29 years old. I worked for Booz Allen Hamilton as an infrastructure analyst for NSA in Hawaii,” he told Guardian journalist Glenn Greenwald in a video recorded in Hong Kong and broadcast after he’d asked to be identified as the source of the leaks involving Prism and other surveillance programs. Prior to that job, Snowden said, “I’ve been a systems engineer, systems administrator, senior adviser for the Central Intelligence Agency, solutions consultant, and a telecommunications information system officer.”

Many commentators read “infrastructure analyst” as NSA-speak for a system administrator role, and many news reports of Snowden’s leaks actually labeled him as being a sysadmin. But according to intelligence officials, the infrastructure analyst role refers to a position tasked with finding new ways to hack into foreign networks, to keep the NSA abreast of the signals intelligence it’s charged with gathering.

Why hasn’t Snowden’s real role been highlighted to date? Principally because government officials haven’t wanted to highlight the online espionage equivalent of breaking and entering into other countries’ networks and telecommunications equipment, according to a Sunday report in The New York Times that cited no sources.

That revelation finally explains how 30-year-old Snowden came to possess official documents relating to some of the country’s most sensitive surveillance programs, including intercepts of online audio, emails and video (Prism), traffic analysis of cell phone calls (Mainway), Internet metadata collection (Marina), and telephone content interception (Nucleon), not to mention secret court orders authorizing the surveillance programs.

Snowden said he took a job in March as a contractor at Booz Allen Hamilton — reportedly taking a pay cut — to gain access to the documents that he’s since leaked.

“My position with Booz Allen Hamilton granted me access to lists of machines all over the world the NSA hacked,” Snowden told The South China Morning Post prior to leaving Hong Kong for Moscow last week. “That is why I accepted that position about three months ago.”

Snowden now remains in limbo — his U.S. passport has been revoked — in the transit area of Moscow’s Sheremetyevo airport.

Regardless, expect the leaks to keep on coming. Greenwald has said that Snowden leaked thousands of documents, of which at least dozens are newsworthy.

Most recently, the Guardian Sunday released documents that it said detailed NSA operations against 38 embassies and missions, which were labeled as targets. That target list included not just Middle Eastern countries, but also U.S. allies such as France, Greece, Italy, Mexico, Japan and South Korea. Detailed interception methods included bugs planted in fax machines used to transmit official cables between the European Union embassy in Washington and EU headquarters in Brussels, as well as antenna intercepts and taps in networking cables.

 

Why the US doesn’t use cyber-weapons to attack its enemies more often

By Kevin J. Delaney    @kevinjdelaney    June 30, 2013    

http://qz.com/99162/why-the-us-doesnt-use-cyber-weapons-to-attack-its-enemies-more-often-mike-mcconnell/

 

The US government doesn’t like to talk about it, but it has developed an arsenal of cyber-weapons that can be used to attack adversaries. Why doesn’t it deploy computer worms and other technologies for disrupting enemies’ networks and computer-controlled physical infrastructure more often in conflicts around the world?

Mike McConnell, vice chairman at government contractor Booz Allen Hamilton and former head of the National Security Agency and US director of National Intelligence, says the US has the best capabilities in the world for cyber-attacking and “can do some pretty significant damage if we choose to.”

But the government hesitates because it’s wary of making itself an even bigger target for cyber-attacks against the US, according to McConnell. Speaking at the Aspen Ideas Festival (co-organized by Quartz’s sister publication The Atlantic), he elaborated:

“Let’s say you take an action. We depend on this stuff more than anyone else. We’re more vulnerable than anybody else in the world. If we could put a map up here of the world with the US on center and we put bandwidth on top of it, it’s a bell curve. Most of the communications in the world flow through the United States and we are the biggest user and beneficiary. So there’s a great hesitancy to use anything in a cyber context because it’s relatively easy to punch back in a pretty aggressive way.

So every discussion I’ve ever participated in is ‘You’ve got some options. Well, let’s just hold those aside and consider other options.’ But we could do major damage.”

McConnell, who’s credited with building US capabilities for fighting cyber threats, notes that the purpose of the US Cyber Command unit of the Defense Department is both offense and defense. “And the offense will get a lot of attention,” he adds.

The US reportedly has used cyber-weapons against Iran’s nuclear enrichment efforts as part of a program code-named “Olympic Games.” The Stuxnet computer worm developed by the US and Israel reportedly succeeded in disrupting the centrifuges Iran was using to purify uranium in its pursuit of nuclear weapons. (Retired US general James Cartwright is now reportedly the target of a Justice Department investigation into the leaking of information about Stuxnet to the press.)

 

Cyber-Attackers Constantly Hitting Gas Utilities in 2013

eWeek

By Robert Lemos | Posted 2013-07-01

http://www.eweek.com/security/cyber-attackers-constantly-hitting-gas-utilities-in-2013/

 

Unknown attackers have targeted the Internet-connected systems of natural-gas companies, using brute-force attacks to attempt to access the companies’ business and process-control networks, according to a report published last week by the Internet Control System Cyber Emergency Response Team (ICS-CERT).

The incidents, which occurred in January and February, were first reported to the ICS-CERT, a component of the U.S. Department of Homeland Security, in late February, the group stated in its quarterly public report on cyber threats. Following the initial report and a subsequent warning from the ICS-CERT, more critical infrastructure companies came forward with news of other incidents.

“The companies reporting this activity operate gas compressor stations across the Midwest and Plains states within the US, although some of the attempts reported were solely against business networks,” the report stated. “While none of the brute force attempts were successful, these incidents highlight the need for constant vigilance on the part of industry asset owners and operators.”

The last attack occurred on February 23, according to the report. Yet, while the ICS-CERT claimed that no new attacks have been detected, it’s unlikely that the attacks have stopped altogether, Tommy Stiansen, chief technology officer and co-founder of threat-intelligence firm Norse, said in an e-mail interview.

“Today all public facing IP addresses are attacked on a regular basis, but the questions are really by whom and how targeted and sophisticated are the attacks,” he said. “While there may be an element of failure to report, it may be that some of these installations are compromised but admins remain unaware due the stealthy nature of the compromise.”

Recent research published by security firm Trend Micro found that Internet-connected industrial-control systems are frequently targeted by online attackers. The company’s researchers set up fake industrial control systems, made them appear valuable and logged 39 attacks over 28 days against the spoofed systems, the company stated in its report.

While the U.S. called out China for its attacks against sensitive industries, the attacks detected by Trend Micro have come from Internet addresses in 14 different nations. IP addresses in China accounted for about a third of the attacks, while Laos and the United States came in second and third, respectively.

The experiment, which occurred in 2012, underscores that attackers are continuously probing these important systems. While the ICS-CERT reportedly informed industry members of the specific IP addresses that were involved in the attacks, creating block lists based on such quickly changing attributes does not work very well, Norse’s Stiansen said.

“The use of IP block lists described in the report often give admins a false sense of security,” Stiansen said. “Today cyber criminals can setup and launch attacks using botnets and other compromised hosts, quickly changing the IP address and obfuscating the location of the actual attackers.”

 

Obama: U.S. will give allies info on spying claims

Seattle Times

http://seattletimes.com/html/nationworld/2021305557_apafobamansasurveillance.html?syndication=rss

By JULIE PACE

AP White House Correspondent

Originally published July 1, 2013 at 11:04 AM | Page modified July 1, 2013 at 3:44 PM

Facing a European uproar over more U.S. eavesdropping claims, President Barack Obama argued Monday that it’s no surprise that governments spy on each other but said the United States will provide allies with information about new reports that the National Security Agency bugged European Union offices in Washington, New York and Brussels.

The latest revelations were attributed in part to information supplied by former NSA contractor Edward Snowden. Obama on Monday also said the U.S. has held “high-level” discussions with Russians to get Snowden out of a Moscow airport and back to the United States to face criminal charges.

Obama, in a news conference with Tanzanian President Jakaya Kikwete, pushed back against objections from key allies over a report in the German news weekly Der Spiegel that the United States installed covert listening devices in EU offices. He suggested such activity by governments is not unusual.

“We should stipulate that every intelligence service – not just ours, but every European intelligence service, every Asian intelligence service, wherever there’s an intelligence service – here’s one thing that they’re going to be doing: they’re going to be trying to understand the world better and what’s going on in world capitals around the world,” he said. “If that weren’t the case, then there’d be no use for an intelligence service.

“And I guarantee you that in European capitals, there are people who are interested in, if not what I had for breakfast, at least what my talking points might be should I end up meeting with their leaders. That’s how intelligence services operate,” Obama added.

European officials from Germany, Italy, France, Luxembourg and the EU government itself say the revelations could damage negotiations on a trans-Atlantic trade treaty between the EU and the United States. Agreeing to start those talks was one of the achievements reached at meetings last month in Northern Ireland between Obama and the European members of the Group of Eight industrialized economies.

 

Obama said the NSA will evaluate the claims in the German publication and will then inform allies about the allegations.

At the same time, he tried to reassure allies such as German Chancellor Angela Merkel, French President Francois Hollande and British Prime Minister David Cameron that he relies on personal relationships, not spying, to determine what other leaders have on their minds.

“I’m the end user of this kind of intelligence,” he said. “And if I want to know what Chancellor Merkel is thinking, I will call Chancellor Merkel. If I want to know President Hollande is thinking on a particular issue, I’ll call President Hollande. And if I want to know what, you know, David Cameron’s thinking, I call David Cameron. Ultimately, you know, we work so closely together that there’s almost no information that’s not shared between our various countries.”

Obama’s remarks came shortly after Hollande demanded on Monday that the United States immediately stop any eavesdropping on European Union diplomats.

Obama also said law enforcement officials in the U.S. and Russia were working to find a way to get Snowden back to the United States, where he is charged with violating U.S. espionage laws. The U.S. does not have an extradition treaty with Russia. Moreover, Russia has claimed Snowden is not technically on their soil because, while he is in the transit terminal of the Moscow airport, he has not passed through immigration. The U.S. has revoked his passport.

“We are hopeful that the Russian government makes decisions based on the normal procedures regarding international travel and the normal interactions that law enforcement has,” Obama said.

 

Identifying the Top Threat Actors

Ex-FBI Investigator on New Targets

by Jeffrey Roman, July 1, 2013. Follow Jeffrey @ISMG_News

http://www.govinfosecurity.com/identifying-top-threat-actors-a-5872/op-1

 

Cyber-attacks continue to hamper organizations, says former FBI investigator Shawn Henry. And the actors waging the attacks are targeting organizations for more than just fraud, he says.

The three main groups launching cyber-attacks, Henry says: organized crime, foreign intelligence services and terrorists. And while these groups haven’t changed much over the past 12 months, their techniques have.

“They’ve become more capable,” Henry says during an interview with Information Security Media Group [transcript below]. “They’ve become more sophisticated.”

As organizations work to improve their defenses, threat actors have reacted by becoming more flexible and adaptable, he adds.

“The reality is: The offense outpaces the defense, so they’ve been able to adapt and to overcome, even against what we would consider to be some of the most resilient defenses,” Henry says.

 

Threat Actors’ Targets

The financial services sector continues to be the most-targeted by organized crime, which aims to pilfer sensitive information that can quickly be monetized, Henry says.

“We’ve also seen some denial-of-service attacks against networks where there might be groups or individuals that are looking to make some type of a social or political statement,” he says (see Are DDoS Attacks Against Banks Over?).

Foreign intelligence services, on the other hand, target multiple sectors, from government to manufacturing and energy to communications, in order to extract data that can be shared with industries in their specific countries, Henry says.

The other main threat: terrorist organizations, which seek to disrupt critical infrastructure and cause harm to, in particular, the United States, he says.

Henry, who left the Federal Bureau of Investigation in March 2012, is now the president of cybersecurity firm CrowdStrike. While at the FBI, he oversaw international computer crime investigations involving DDoS attacks, bank and corporate breaches and state-sponsored intrusions. Over the course of his 24-year career, Henry worked in three FBI field offices, as well as in the bureau’s headquarters. He oversaw the posting of FBI cyber-experts in police agencies around the world, including the Netherlands, Romania, Ukraine and Estonia.

 

FBI Background

TRACY KITTEN: Tell us about the work that you did with the FBI.

SHAWN HENRY: I worked with the FBI for 24 years and had a number of different positions. In my last position, I was responsible for all cyber-investigations worldwide, as well as criminal investigations and critical incident response. On the cyber-side, I focused primarily on breaches into networks by criminal groups, organized crime groups, terrorist organizations and foreign intelligence services. That included exfiltration of data where the adversary was reaching into a network to pull out data that they see of value, whether it be intellectual property, research and development, corporate strategies, financial data, as well as denial-of-service attacks against networks and other types of breaches where an adversary is looking to wreak some havoc on an organization or on the victim network.

KITTEN: When did you join CrowdStrike?

HENRY: I left the FBI in March of 2012 and joined CrowdStrike the following week, so April 2012. I’ve been there about 13 months now.

 

Evolving Cybersecurity Landscape

KITTEN: How would you say the cybersecurity landscape has evolved or changed in the last 12 months?

HENRY: It’s an interesting question. I don’t think the landscape has actually changed much. I think the exact same threats that were here when I left the Bureau are still here. What has changed is the awareness of the private sector. There’s a lot more that’s occurred here in the media that has gone out publicly. People have become aware of the threats. Organizations have begun to recognize the impact that they face and the real damage that can be inflicted, and that’s not been out publicly for many years in my service in the government. That really is the most significant change, the awareness. But the activities have not significantly changed.

 

Top 3 Threats Facing Banks

KITTEN: What would you say are the top-three threats banking institutions face?

HENRY: The financial services sector is probably, in my opinion, among the best protected sectors regarding networks. What we see primarily facing the financial services sector is theft of PII, personally identifiable information; primarily organized crime groups who are targeting networks, trying to steal data which they can very quickly monetize. They do that regularly. They target not only the corporate networks, the financial networks, but individuals as well, trying to capture credentials, usernames and passwords so that they can access accounts. We’ve also seen some denial-of-service attacks against networks where there might be groups or individuals that are looking to make some type of a social or political statement. They recognize that western society and the United States as a whole relies substantially on the financial services sector, so it really is seen as a target of the west, as a symbol of the west and the prosperous United States of America. It’s oftentimes a target of those types of groups.

 

Threats to Other Sectors

KITTEN: What about other sectors, including government?

HENRY: They’re similar; they’re not the same as what the financial services sector faces. As it relates to government and other sectors, there are oftentimes foreign intelligence services that are looking to pilfer data which they can then share with their industries in their countries, so that they have some type of a competitive advantage. Certainly, the financial services sector is not immune to that. They do get breached by foreign intelligence services that are looking for financial strategies, are interested in mergers and acquisitions, and are interested in partnership deals the financial services sector might be facilitating or enabling. But they’re not the primary threat. It’s those organized crime groups. The foreign intelligence services are hitting every sector in the country: government, military, defense contractors, manufacturing, energy and communications. It really cuts across all sectors. The other group that’s a significant threat is terrorist organizations that seek to potentially disrupt critical infrastructure and to cause harm to the United States.

 

Threat Actors

KITTEN: How have the actors who are waging some of these attacks changed in recent years?

HENRY: I don’t know that they’ve changed drastically. The same types of groups that I put into three different buckets – organized crime, foreign intelligence services and terrorists – remain primarily the same. We’ve seen these hacktivist groups which I would really kind of put in the terrorist bucket, but the groups themselves haven’t changed. Their capabilities have changed. They’ve become more capable; they’ve become more sophisticated. They’ve had to become flexible and they’ve had to adapt their capabilities as defenses have gotten better and as organizations have become more aware or more resilient in their defense. But the reality is the offense outpaces the defense, so they’ve been able to adapt and to overcome even what we would consider to be some of the most resilient defenses.

 

Nation-State Attacks

KITTEN: Would it be fair to say that attacks backed by nation-state are posing greater worries today?

HENRY: Again, I think it really depends. It depends on who you are. If you’re a defense contractor that’s developing certain military capabilities for the next-generation war fighter, nation-state is a significant worry to you. If you’re a financial organization, you’re probably more concerned about the organized crime group because that’s the thing that might impact your bottom line. If there’s a $10 million loss, it’s going to be on the balance sheet. People are going to see it, maybe the media. It’s going to pose a risk to the organization’s reputation. That’s going to pose a risk to their operations and customer confidence sometimes. It really depends who you are what the greatest worry should be to you.

Some have said that nation-states, because they’re so closely tied to the U.S. economy, that they would not necessarily take destructive actions, where a crime ring might attack a company and pose some type of a threat to data, to destroying data, in exchange for some type of a monetary reward. We’ve actually seen extortions where companies have had their networks breached, and they’ve then contacted the company and said, “We’ll be happy to turn your data over for a $150,000 consulting fee. And if you don’t, then we’re going to destroy your data.” It really depends on who the organization is [regarding] what their greatest threat to them is.

KITTEN: Would you say that the lines that divide these groups are blurring?

HENRY: We have seen some overlap. It’s not always clear. It used to be clearer in the past, but I think that the capabilities of some of these organized crime groups are such that they actually approach the maturation level of foreign intelligence services. They’re very, very capable; they’re not just kids [moving] around on the network. These are organized, methodical and well-practiced, so I do think that there’s a bit of a blur. It’s also not always clear that the groups and some of the individuals in the groups aren’t crossing lines perhaps, working for the government on one hand and then perhaps on the weekends moonlighting and doing some work for themselves.

International Investigations

KITTEN: Do you see international investigations improving?

HENRY: Every cyber-investigation for the most part has some international nexus. There’s something that either originates or ends internationally or transcends an international point. From an information-sharing perspective, it requires good coordination and good lines of communication, both in the private sector and in the government sector. In terms of identifying who the adversaries are, there needs to be what I call actionable intelligence sharing, where government-to-government they’ve got to share indicators that will help to identify who the adversary is and if they can arrest them or take some type of action to thwart the attack.

From the private sector perspective, there needs to be sharing even within the same companies that have international capabilities across many countries. They need to share information, actionable intelligence, so that they can better defend themselves and provide a better defense. I do think it’s improving. Again, the awareness piece is really important, the fact that more organizations have visibility into these types of attacks and they have a sense of understanding about what the impact is. That encourages better sharing of actionable intelligence.

 

Information Sharing Challenges

KITTEN: What are some of the challenges facing information sharing?

HENRY: There are a couple things. One, I think the sharing between the government and the private sector is still not as robust as it needs to be. There are a lot of reasons for that. One is the lines are not clearly drawn of exactly what companies need and what governments need. There’s a national security perspective sometimes, so it’s difficult to share classified information. That’s a bit of a challenge. Companies still have some concerns that by sharing information they’ll be revealing unnecessarily to the public that there’s a problem on their network, causing some type of a lost confidence potentially with their client base. All in all, I think it is getter better. There’s still a long way to go, but it’s certainly one of the bigger challenges.

The last piece I’ll add is the concern people have about privacy. What are we sharing? I would argue that there’s no need to share content. You don’t need to share Word files; you don’t need to share content of e-mails; you don’t need to share spreadsheet information. What you need to share is a lot of the technical data, what we call indicators if there’s been a compromise, the signatures of malware and the types of information that would help to identify how an attack occurred and who might have launched an attack, but does not compromise the actual content of data. But that privacy piece is rightfully so a concern by many people, both public and private, and it does cause some consternation when you talk about information sharing because people just need to be educated about what that information really is.

 

DDoS Attacks

KITTEN: What can you tell us about what’s likely going on behind the scenes?

HENRY: Let me first say that I do not have any inside information about what’s occurring. Any of my comments relate specifically to my observations from the outside looking in. But I think that there’s certainly a cause for concern any time there’s some disruption of service; or when people have difficulty accessing their networks, there’s a cause for concern. I would think that the FBI would be looking quite closely to try to determine where the attacks are coming from. I think that they would likely be working with international partners, both in the intelligence community as well as in the law enforcement community, to try and identify what the sources of attacks are. Once you can determine where those attacks are coming from, you can take law enforcement action to disrupt the networks that are launching those attacks and actually disrupt the people that are causing those attacks. Through the execution of search warrants or arrest warrants and the like, that’s going to be an action that’s going to help mitigate the threat, by actually taking the bad actors off of the playing field.

 

New defense cyber policies are in the works

FCW

By Amber Corrin

Jul 02, 2013

 

DOD’s cyber strategy from 2011 is due for an update.

 

The Defense Department is working on a new plan for operating in cyberspace, policy that would update the official strategy first released two years ago this month.

Army Maj. Gen. John Davis said that while significant progress has been made in the military’s cyber domain so far, there remains work to be done and that two years in real time could equal 20 years in cyberspace’s boundless landscape.

“Senior leaders in the department and beyond the department understand that cyber is a problem [and] cyber is important,” Davis said at an industry event in Baltimore on June 28. “They’ve made cyber a priority, and there is a sense of urgency.”

In July 2011, then-Deputy Defense Secretary William Lynn rolled out the defense strategy for operating in cyberspace, which encompasses five strategic pillars. They included the establishment of cyberspace as an operational domain and plans to ready forces to go with it; the introduction and employment of new operational concepts on DOD networks; cross-agency partnerships, including with the Homeland Security Department; the build-up of cyber defenses, coordinated with allies and international partners; and the capitalization of U.S. resources, including technology, workforce and rapid innovation.

Davis highlighted progress over the past two years, including the launch of service cyber components operating under U.S. Cyber Command, joint cyber centers at the combatant commands, military orders for cyber operations, an interim command and control framework, cyber force structure and training exercises.

As a result, Davis said, the U.S. military has been able to refine its role in cyberspace, as well as the partnerships that support it. That role is shared with agencies like DHS and Justice Department, he added, as well as the private sector and global collaborators.

“We have three main cyber missions, and three kinds of cyber forces will operate around the clock to conduct those missions,” Davis said.

He noted that national forces will act to counter cyber attacks on the U.S., while a second, larger group of combat mission forces will help execute military operations and integrate digital capabilities into the DOD arsenal. The largest set of cyber operators will operate and defend critical Pentagon networks.

“We will deter, disrupt and deny adversary cyberspace operations that threaten vital U.S. interests when approved by the president and directed by the secretary of defense,” he said. “If a crippling cyber attack is launched against our nation, the Department of Defense must be ready for an order from the commander in chief to act.”

 

Can DIA become the Defense Innovation Agency?

FCW.com

By Amber Corrin

Jul 01, 2013

http://fcw.com/articles/2013/07/01/dia-innovation.aspx

 

 

DIA Director Lt. Gen. Michael Flynn, shown here speaking at a meeting in 2012, says DIA has to ‘break down legacy walls’ to emerge as an innovation leader. (Army photo)

“Innovation” is pretty big as far as government buzzwords go. Often found hand-in-hand with “doing more with less,” the idea of innovation is one that seems to excite leaders and frequently surfaces in briefings and talking points.

But what is actually getting done? Who is really out there taking innovation for a spin?

The intelligence community might not immediately seem like the leader, but if the Defense Intelligence Agency has anything to say about it, it is in the driver’s seat.

“The agency was established to understand the plans of the adversary. In the process of that, we became an organization that focuses on planning,” said Dan Doney, DIA’s chief innovation officer. “Planning and sticking to the plan are the opposite of innovation. Innovation is deviating from the plan, rapidly moving it and changing. When it comes to innovation, we haven’t had a great reputation. Put that in the past.”

Today, DIA is moving forward with what officials call an entirely new approach — one that eradicates traditional silos, aggressively seeks outside input and quickly implements new ideas. The objective is to avoid strategic surprise and push forward with a new way of conducting the government’s intelligence business after more than a decade of war.

“We have to break down legacy walls,” DIA Director Lt. Gen. Michael Flynn said at the agency’s June 27 Innovation Day at its Washington headquarters. “Innovation is not just about technology — it’s about a lot of things. Pay close attention to how this organization has adjusted and what we’re working toward.

Training, education and professional development are a big deal. We can’t lose the gains from the last decade.”

The biggest area of focus in DIA’s new approach is information sharing. The year-old Intelligence Community IT Enterprise (ICITE) is designed to link the 17 intelligence agencies and significantly reduce IT costs.

Among DIA’s contributions to ICITE is the Innovation Gateway, an online information-sharing environment that forges easier connections between the intelligence community and industry. The goal is to help the agencies identify and adopt better solutions, particularly those that might not have surfaced without such a system. “No more middle man,” Doney said. “No more cloudiness, no more special relationships where you need to know the right person to know what we’re looking for.”

 

Reaching out to industry

Users access the gateway via DIA-granted public-key infrastructure credentials. Much of the environment uses a wiki-style format, which is fitting for a system designed to free people from the constraints of standardization.

 

“There are some tricks associated [with] making a coherent environment that isn’t coherently planned, but the first place you show up to…is a wiki, where you’re made aware of the capabilities of the space,” Doney said. “Underneath that is a description for how a technology provider participates in the space…and they’re able to offer their technologies within the space, they’re able to link to a set of core services” for others to access.

To protect against potential theft of intellectual property, the system has safeguards in place in the form of what Doney called stakeholder management authorization.

“One of the advantages is that providers host their own [areas], so they maintain complete control over their own capabilities, technologies and configurations,” Doney said. “They’re not constrained by other people’s ways of doing things.”

The gateway is still in its early stages, but officials expect initial operating capability in December. Reaching critical mass in terms of users will be the key to the project’s success and progress, Doney said. He likened getting there to the early days of Wikipedia, when the popular online resource relied on passionate early adopters to generate content.

“The first phase is the hardest,” he said. “It takes action and energy to get over the initial barriers.”

 

Measuring results

Another tricky aspect of the Innovation Gateway is measuring success, particularly by traditional government models, officials said.

“There’s not going to be one way to look at it and either you passed or failed. It’s going to be all-encompassing,” said Janice Glover Jones, DIA’s CIO. She added that productivity is one key marker, but success writ large will be a little tougher to define. “And even if you fail, you get lessons learned.” Doney, too, indicated that the focus should be on the less tangible goals.

“Innovation is a means, not an end,” he said. “We’re driven by mission, so the bottom line is how much better are we able to execute on our mission, not whether or not we’re the best innovators in the world. It’s a mistake many folks make to measure the means instead of the ends.”

Still, he pointed to his “stretch goals” as crucial milestones, such as the 30-day transition requirement that reforms discovery, evaluation, integration and acquisition. Other goals are characterized by the existence of cross-functional teams of analysts, collectors and technologists who work together seamlessly; rapid access to tools and capabilities; and the availability of mission-relevant data.

The goals illustrate the agency’s wider drive to get back on track after the wars in Iraq and Afghanistan, which drastically changed the business of government.

“We’ve exercised the wrong muscles. We have to go back to a place where we exercise the right muscles and think about how we conduct business,” Flynn said. “We have to allow for failure…. It’s a risk, but that’s OK. The return on investment on risk is so good.”

 

NIST Unveils Draft of Cybersecurity Framework

Executives Given Key Role in Voluntary Framework

By Eric Chabrow, July 3, 2013

http://www.govinfosecurity.com/nist-unveils-draft-cybersecurity-framework-a-5883/op-1

 

The cybersecurity framework, ordered by President Obama, will emphasize the importance of senior executives in managing programs to secure their enterprises’ information systems and assets, according to a draft of the cybersecurity framework released by the National Institute of Standards and Technology.

“By using this framework, these senior executives can manage cybersecurity risks within their enterprise’s broader risks and business plans and operations,” says the draft dated July 1, but made public a day later.

In February, Obama issued an executive order directing NIST, working with the private sector, to develop a framework to reduce cybersecurity risks that the mostly private operators of the nation’s critical infrastructure could adopt voluntarily [see Obama Issues Cybersecurity Executive Order].

NIST concedes much more work must be done by the time the final version of the framework is issued next February. Among the areas NIST identifies that need to be addressed in the framework are privacy and civil liberties standards, guidelines and practices as well as helpful metrics for organizations to determine their cybersecurity effectiveness.

“We want to provide something that has flexibility, that can be implemented by different sectors,” Donna Dodson, chief of NIST’s computer security division, said in an interview with Information Security Media Group prior to the draft’s release [see Fulfilling the President’s Cybersecurity Executive Order]. “We want it to be specific in other ways so that we are sure we are working to reducing cybersecurity risks in the critical infrastructure.”

 

5 Core Cybersecurity Functions

The framework, according to the draft, will revolve around a core structure that includes five major cybersecurity functions, each with its own categories, subcategories and information references. The five functions include Know, Prevent, Detect, Respond and Recover.

The Know function, for instance, would include a category entitled “know the enterprise risk architecture” with subcategories of “understand corporate risk tolerance” and “identify risk assessment methodologies,” as well as others. An information reference, in this instance, would link to guidance such as NIST Special Publication 800-53: Security and Privacy Controls for Federal Information Systems and Organizations and ISO 31000: Risk Management.

The framework also will include three implementation levels that reflect organizational maturity in addressing cybersecurity. Incorporated into the framework will be a user’s guide to help organizations understand how to apply it as well as a compendium of informative references, existing standards, guidelines and practices to assist with specific implementation.

 

Framework as a Guide, Not Detailed Manual

NIST says the framework should not be seen as a detailed manual, but as a guide to help executives, managers and staff to understand and assess the cybersecurity capabilities, readiness and risks their organizations face, as well as identify areas of strength and weakness and aspects of cybersecurity on which they should productively focus.

Some 240 entities including major technology and security vendors, trade groups, local and state governments, not-for-profit organizations and individuals this past spring submitted to NIST their ideas on IT security best practices to incorporate into the framework. NIST held a workshop in late May in Pittsburgh, where it reviewed the submissions and started to create the framework. Another workshop is scheduled for July 10-12 in San Diego, where the framework will be refined.

“Many comments advised that the cybersecurity framework would not be effective unless the very senior levels of management of an organization were fully engaged and aware of the vulnerabilities and risks posed by cybersecurity threats and committed to integrating cybersecurity risks into the enterprise’s larger risk management approach,” according to the draft.

“Time and again, comments reflected that these senior executives, including boards of directors, need to integrate and relate cybersecurity concerns and risks to critical infrastructure to the organization’s basic business and its ability to deliver products and services,” the draft says. “It is clear that these officials are best positioned to define and express accountability and responsibility, and to combine threat and vulnerability information with the potential impact to business needs and operational capabilities.”

 

 

Funding is up in the air for FAA control tower upgrade

The NextGen GPS air control plan, which would cut airline delays and fuel consumption, costs $40 billion that sequestration puts at risk.

LA Times

By Hugo Martín

7:53 PM PDT, June 30, 2013

 

Air travel in the future will be faster, cleaner and less expensive if the Federal Aviation Administration’s $40-billion overhaul of the nation’s air control system is completed.

That’s a big if.

With the federal sequestration fight in Washington, FAA officials say funding for the seven-year project could be in jeopardy.

The plan, known as NextGen, replaces outdated radar-based technology with global positioning systems and digital communications to modernize the country’s air control system.

By allowing pilots to fly more direct routes and giving air traffic controllers more accurate and up-to-date information, the system is expected to cut airline delays 41% by 2020, compared with the delays without NextGen, according to a new report by the FAA.

The efficiencies in the system are also forecasted to save 1.6 billion gallons of fuel and cut 16 million metric tons of carbon dioxide emissions, with $38 billion in cumulative benefits to airlines, the public and the FAA, the report said.

A key component of the system is that air traffic controllers using GPS will get more precise information on planes’ locations and speeds, allowing controllers to better manage the 7,000 or so planes in the air at any given time, according to the FAA. Because the current radar system is slower and less precise, controllers must add a bigger safety cushion of separation between planes.

In a recent speech, FAA Administrator Michael Huerta slammed lawmakers for failing to reach an agreement on future spending plans.

“Because of the financial uncertainty, we can hope for the best, but we have to plan for the worst,” he said. “This is not a sustainable course of action, and it’s no way to run a government.”

 

Good news for Internet junkies who fly out of Los Angeles International Airport: You’ve got plenty of flights equipped with wireless Internet to choose from.

Fliers departing from LAX to San Francisco International Airport or John F. Kennedy International Airport have the greatest number of daily domestic flight offering Wi-Fi, according to a new study by the travel site Routehappy.com.

Between LAX and San Francisco, fliers can choose from 31 daily flights that offer Wi-Fi, the study found. Between LAX and JFK, air travelers can pick 27 daily flights with Wi-Fi service, according to the study.

“Wi-Fi is not going away,” said John Walton, director of data for Routehappy.com. “Passengers want it and will pay for it.”

Overall, 38% of the domestic flights in the U.S. offer Wi-Fi, a number that has been growing 5% to 7% a year, he said. But the rate will likely surge as more airlines install satellite-based Wi-Fi on more of their fleet, Walton said.

“In the next quarter, I imagine we will see a situation where satellite Wi-Fi should be rolling out in big numbers,” he said.

• Airlines in the U.S. lose or damage about 140,000 bags a month, or about three for every 100,000 passengers.

It’s a relatively small loss rate. Still, several companies hope to capitalize on the frustration travelers feel waiting by the baggage carousel only to realize their luggage didn’t make it onto their flight.

Next week, Los Angeles company GlobaTrac plans to begin shipping a palm-sized device that travelers can toss into their bags to track luggage via the Internet or a smartphone app. The device, called Trakdot, sells for $50, plus fees from Trakdot.com.

Meanwhile, European aerospace company Airbus announced last month that it is producing luggage with built-in technology that allows passengers to track their bags. The luggage even includes a built-in scale to tell whether it is exceeding the maximum weight limits.

No word on the cost of the high-tech suitcase, but Airbus is reportedly considering letting airlines rent the bags to passengers.

 

Another potential roadblock for UAS integration in the USA

SuasNews

by Gary Mortimer • 1 July 2013

http://www.suasnews.com/2013/07/23591/another-potential-roadblock-for-uas-integration-in-the-usa/?utm_source=sUAS+News+Daily&utm_medium=email&utm_campaign=49b3c14084-RSS_EMAIL_CAMPAIGN&utm_term=0_b3c0776dde-49b3c14084-303662705

 

As I watch the UA story in America unfold from afar the more it seems to be like a game show. Phil from The Amazing Race has just thrown up another potential roadblock for the teams.

Last Thursday the Senate Appropriations Committee approved the 2014 transportation funding bill which asks that the FAA is to stop the rule making process until privacy concerns have been addressed.

This process is expected to take at least one year. It first has to pass through the Senate and House.

I have said it before if you want to start in the UA industry and you are from the USA probably best to move overseas. Your ideas will not be subject to ITAR and a viable commercial market exists.

Lets hope test site selection continues in parallel with this process along with all the other bits and pieces other countries seem to have managed more than 5 years ago.

Look out 2047 here we come. After the break scenes from next weeks episode.

From Senate Appropriations Committee:

The development of unmanned aerial systems [UAS] offers benefits in a wide variety of applications, including law enforcement and border patrol, precision agriculture, wildfire mapping, weather monitoring, oil and gas exploration, disaster management, and aerial imaging. The UAS industry also presents an opportunity for substantial domestic job growth.

The FAA is taking important steps toward integrating UAS into the national airspace, including implementing a UAS test site program to help the agency gather critical safety data. The expanded use of UAS also presents the FAA with significant challenges. The Committee is concerned that, without adequate safeguards, expanded use of UAS by both governmental and nongovernmental entities will pose risks to individuals’ privacy.

The FAA has recognized the importance of addressing privacy concerns by requiring that UAS test sites have privacy policies in place before test flights begin. However, as the FAA looks to integrate UAS into the national airspace, a more comprehensive approach to privacy may be warranted. The United States Constitution, Federal, and various State privacy laws apply to the operation of UAS, but in consideration of the rapid advancement of technology in this area, the Committee questions whether current laws offer sufficient protections to adequately protect individuals.

FAA’s oversight and regulatory authority over the national airspace places the agency in a position to work with other agencies on addressing privacy concerns. To that end, the Committee directs the FAA to collaborate with other Federal agencies in evaluating the impact that broader use of UAS in the national airspace could have on individual privacy.

Furthermore, the Committee includes bill language that prohibits the FAA from issuing final regulations on the integration of UAS into the national airspace until the Secretary submits a report detailing the results of such collaboration. The Committee expects this report to address the application of existing privacy law to governmental and non-governmental entities; identify gaps in existing law, especially with regard to the use and retention of personally identifiable information by both governmental and non-governmental entities; and recommend next steps in how the FAA or other Federal agencies can address the impact of widespread use of UAS on individual privacy. The Committee directs the FAA to submit this report to the House and Senate Committees on Appropriations not later than 1 year after enactment of this act.

 

Some states may lose Air National Guard flying units

By Brian Everstine

Staff writer

Jun. 26, 2013 – 06:00AM |

Air Force Times.com

 

F-16 Fighting Falcons from the Colorado Air National Guard arrive at a training base in northern Jordan as part of an exercise June 6. Budget realities may force the Air National Guard to shut down some aircraft squadrons.F-16 Fighting Falcons from the Colorado Air National Guard arrive at a training base in northern Jordan as part of an exercise June 6. Budget realities may force the Air National Guard to shut down some aircraft squadrons.

Budget realities could force the Air National Guard below its guiding principle of one flying unit per state, and state leaders could be OK with that.

During last year’s budget deliberations, the Guard and state leaders drew a line on cuts, focusing on its “capstone principle” of one unit capable of flying missions per state, while the Air Force was targeting the component for cuts.

But the realities of sequestration and an uncertain budget future may mean the closure of some aircraft units, although state leaders say they would agree to the cuts as long as there are enough assets available regionally to respond to natural disasters.
“If they don’t have (the assets), they are interested in making sure that at least regionally, they can access it very quickly,” said Heather Hogsett, the director of the homeland security committee at the National Governors Association.

Currently, all states have an aircraft unit, although there has been a push at increasing the number of Air National Guard units with cyber missions such as intelligence, surveillance and reconnaissance, which could replace flying units.

The idea came up during the third public meeting of the National Commission on the Structure of the Air Force on June 26. The congressionally mandated commission, created in last year’s defense spending bill, is made up of members nominated by the president and Congress. It will produce a report next year on the future force structure needs of the service.

Members of the commission spoke critically of the need for each state to have a flying unit. Les Brownlee, a former acting undersecretary of the Army, asked state leaders directly: “Why does a governor need an F-16?”

Maj. Gen. Tim Orr, the adjutant general of Iowa, said the 132nd Fighter Wing in his state was one of two units that lost their F-16s under last year’s spending bill. He said other parts of the wing — including medical units, maintenance, security forces, other support units — were crucial to his state, along with having pilots and their F-16s able to deploy for the Air Force.

“It’s the other capabilities in the wing that are crucial,” he said. “In (2008) floods, we used all personnel to accomplish the mission on the ground.”

Brownlee responded by saying the state has Army National Guard units that would be more effective on the ground in disasters than fighter pilots.

“We had so much flooding that it took the whole Air National Guard and Army National Guard,” Orr said. “That’s not uncommon.”

He said the need for fighters in the Guard is because “we’re the reserve of the Air Force. We have to have that same capability and capacity.”

State leaders are currently meeting with officials from the Federal Emergency Management Agency to look at the top five possible catastrophes that could occur, and then see what assets would need to be available to respond, Orr said. The report is expected this fall and could help drive debates on the allocation of Air National Guard resources.

Brownlee also highlighted the recent decision to have Air Force Reserve crews work under the Air National Guard in response to homeland disasters and under the direction of a Guard dual status commander. This overlap in abilities begs the question, “Is it time to think of a hybrid of the Reserve and Guard?” he said.

Leaders on Capitol Hill and in the Pentagon should start having that discussion and begin a national debate on if that is possible and the right thing to do, Orr said.

 

Wi-Fi That Sees Through Walls

Thomas Claburn

Editor-at-Large

http://www.informationweek.com/mobility/smart-phones/wi-fi-that-sees-through-walls/240157566

June 29, 2013

 

Researchers at MIT’s Computer Science and Artificial Intelligence Laboratory have come up with a way to create a low-power, portable device that can see through walls using Wi-Fi signals.

Technology of this sort, similar in concept to radar or sonar, has existed for years and relies on radio waves and other parts of the electromagnetic spectrum. It is used mainly in law enforcement and military applications, ideally when the law allows.

Wall penetration systems have become common enough that the U.S. Department of Justice last year funded a market survey of what’s known as “through-the-wall sensors,” or TTWS.

Security products maker Camero-Tech, for example, offers its Xaver line of through-wall imaging devices for defense and law enforcement applications. But with prices at about $9,000 for the handheld Xaver 100 and $47,500 for the 7 lb. Xaver 400, these aren’t consumer products.

The legality of TTWS technology is sufficiently unclear that ManTech Advanced Systems International, the company that prepared the market survey, recommends those planning to use TTWS equipment seek legal advice in advance.

In 2001, the U.S. Supreme Court ruled that the use of thermal imaging to monitor what’s going on inside a private home violates Fourth Amendment protection against unreasonable searches. But as the ability to see through walls reaches the civilian market, this legal boundary is likely to be tested again.

There is at least one consumer TTWS device on the market already, STI’s Rex Plus, an $80+ device that can be placed against a wall/door in order to sound an alarm when someone approaches the opposite side of the wall/door.

Dina Katabi, a professor in MIT’s Department of Electrical Engineering and Computer Science, and graduate student Fadel Adib propose wider civilian use of the technology through a simple, affordable device like a mobile phone, equipped with two antennas and a receiver.

In an email, Katabi suggested the technology, which she calls WiVi, can be used for virtual reality and gaming, without requiring the user to remain in a specific area in front of a sensor. She also says the technology could be used for personal safety.

“For example, if I am walking at night in an isolated area and suspect that someone is following me, hiding behind a fence or around a corner, I can then use WiVi to detect that person and alert myself to the person’s movement,” she said.

Katabi says WiVi can be used for “privacy-preserving monitoring,” such as tracking the movements of elderly people or children without actually having them on camera.

In time, however, improvements in Wi-Fi-based sensing may require a reexamination of the privacy implications of making walls effectively transparent.

“Today the technology does not show body parts or the face of the person,” said Katabi. “Hence it is naturally anonymized. However, as we improve the technology it will start giving higher resolution images for things that one cannot see because they are behind a wall. This will raise privacy related questions. As a society, we still have time to look at these issues and ensure our society has the right policies by the time such high-resolution version of the technology becomes available.”

That future already has been contemplated: University of Tokyo researchers have developed paint that blocks Wi-Fi signals.

Wi-Fi-based sensing appears to be a particularly active area of research at the moment. At the University of Washington, researchers have developed a related technology, WiSee, a Wi-Fi-based gesture sensing system that duplicates the functioning of sensor-based motion detection systems like Leap Motion and Microsoft Kinect without the sensing area limitations.

 

 

Statement by Secretary Hagel on the 40th Anniversary of the All-Volunteer Force

DoD Public Affairs

July 1, 2013

 

Forty years ago today, the Department of Defense implemented one of the most consequential and far-reaching changes in the history of America’s armed forces with the establishment of the all-volunteer force.

In commemorating the birth of our modern military, we recognize and thank the millions of men and women and their families who have served our country — on active duty, in the reserves, and in the National Guard. Skeptics and detractors claimed an all-volunteer force could not be sustained, but these remarkable Americans proved otherwise. They helped win the Cold War, stood against aggression in the Persian Gulf, kept peace in the Balkans, and put their lives on the line in Iraq and Afghanistan in the years since 9/11. They choose to serve our country because they believe in a cause that is bigger than themselves. They’ve always put the interestsof the nation first, as have their families. It’s because of their sense of duty that the American military remains the most trusted institution in our society today.

Our all-volunteer force faces challenges. It will need to rebalance, adapt, and evolve, as it has over the last 40 years. America’s all-volunteer force will continue to make our military the strongest, most capable, and most respected fighting force in the history of the world.

 

 

What Are We Going to Do About GPS Jamming?

NextGov

By Bob Brewin July 1, 2013

 

Not much, based on this updated report from the Department of Homeland Security.

DHS prepared a classified report on Global Positioning System vulnerabilities in November 2012 and the unclassified version, released last week, leaves much to worry about, including the fact that “Detecting, locating and disabling sources of GPS disruption remain a challenge.”

The department suggests manual backups for GPS, which I imagine includes old-fashioned compasses and maps, but observed that “human skills for using manual techniques could erode due to lack of training and practice as GPS becomes more ubiquitous.”

GPS signals sit at the core of the Federal Aviation Administration’s Next Generation Air Transportation System, provide timing signals for wired and wireless networks, guide precision munitions, help mariners navigate tough harbor approaches and are key to precision farming operations.

But nowhere in the report does DHS suggest an automatic back-up system for the simple reason that one does not exist, even though the Department of Transportation’s John A. Volpe National Transportation Systems Center warned about the dangers of GPS jamming and called for development of an automatic back-up system in a report published 13 years ago.

The Volpe report suggested a terrestrial backup GPS system based on an improved version of the WW II Long Range Navigation System, known as Loran, but the United States abandoned Loran due to the manning costs incurred by the Coast Guard, which literally blew up the tower of the Port Clarence, Alaska, station in 2010.

 

South Korea, which has a lot of experience with GPS jamming by North Korea, plans to start installing a Loran system in 2016 with full operation planned by 2018 — a better approach than a compass or map.

 

Government Executive Defense Contractors and Military Personnel Can’t Fill In for Furloughed Civilians

GovExec

By Charles S. Clark

July 1, 2013

 

During furlough days set to begin July 8, Defense Department managers may not “borrow military manpower” nor step up assignments to contractors to make up for idled civilian employees, a Pentagon official directed on Friday.

Planning around civilian furloughs and “total force management” requires that “component heads, installation commanders and line managers shall take steps to manage workload, but must ensure that borrowed military manpower is not used to compensate for work resulting from a civilian furlough,” F.E. Vollrath, assistant Defense secretary for readiness and force management, wrote in a memo to the joint chiefs, all undersecretaries and major departmental directors.

Borrowing labor “would be inconsistent with the secretary’s intent and the department’s commitment to protect the viability of the All-Volunteer Force,” he continued. “Additionally, in accordance with the department’s statutory requirements, contractors are prohibited from being assigned or permitted to perform additional work or duties to compensate for the workload/productivity loss resulting from the civilian furlough,” Vollrath wrote.

The policy on contractors was welcomed by the American Federation of Government Employees, whose national president J. David Cox Sr. on Monday issued a statement crediting Vollrath’s position, even though “Congress should have repealed sequestration months ago because it was a failed tactic never intended to be enacted, and Secretary [Chuck] Hagel never should have imposed furloughs on the Department of Defense’s reliable and experienced civilian workforce when there is ample room for reductions in service contract spending that is supposed to be temporary in nature.”

Cox recapped a Monday meeting with Vollrath, during which the union “pressed him to ensure that AFGE’s direct conversion concerns — i.e., when work performed by civilian employees is given to contractors illegally or to military personnel inappropriately — are resolved expeditiously. I asked him to investigate in particular a direct conversion at Anniston [Ala.] Army Depot where core depot maintenance workload is being illegally privatized,” Cox said.

Also on Monday, the Pentagon comptroller released updated fiscal 2013 budget numbers detailing planned cuts under sequestration, as requested in May by Senate Armed Services Committee Chairman Carl Levin, D-Mich., and Ranking Member James Inhofe, R-Okla. The new report lays out line items totaling some $41 billion in reduced spending for fiscal 2013, noting that the cost of preparing the new estimates was $38,000.

Levin was traveling and unavailable for comment.

http://www.govexec.com/pay-benefits/2013/07/defense-contractors-and-military-personnel-cant-fill-furloughed-civilians/65897/

 

 

 

ROBO SPACE

Members of Top Nine Software Teams Move Forward from DARPA’s Virtual Robotics Challenge


by Staff Writers

Washington DC (SPX) Jul 01, 2013

http://www.spacedaily.com/reports/Members_of_Top_Nine_Software_Teams_Move_Forward_from_DARPAs_Virtual_Robotics_Challenge_999.html

 

The DARPA Robotics Challenge (DRC) was created with a clear vision: spur development of advanced robots that can assist humans in mitigating and recovering from future natural and man-made disasters. Disasters evoke powerful, physical images of destruction, yet the first event of the DRC was a software competition carried out in a virtual environment that looked like an obstacle course set in a suburban area.

That setting was the first proving ground for testing software that might control successful disaster response robots, and it was the world’s first view into the DARPA Robotics Challenge Simulator, an open-source platform that could revolutionize robotics development.

Disaster response robots require multiple layers of software to explore and interact with their environments, use tools, maintain balance and communicate with human operators. In the Virtual Robotics Challenge (VRC), competing teams applied software of their own design to a simulated robot in an attempt to complete a series of tasks that are prerequisites for more complex activities.

Twenty-six teams from eight countries qualified to compete in the VRC, which ran from June 17-21, 2013. DARPA had allocated resources for the six teams that did best, but in an interesting twist, good sportsmanship and generosity will allow members of the top nine teams, listed below, to move forward:

 

1. Team IHMC, Institute for Human and Machine Cognition, Pensacola, Fla. (52 points)

2. WPI Robotics Engineering C Squad (WRECS), Worcester Polytechnic Institute, Worcester, Mass. (39 points)

3. MIT, Massachusetts Institute of Technology, Cambridge, Mass. (34 points)

4. Team TRACLabs, TRACLabs, Inc., Webster, Texas (30 points)

5. JPL / UCSB / Caltech, Jet Propulsion Laboratory, Pasadena, Calif. (29 points)

6. TORC, TORC / TU Darmstadt / Virginia Tech, Blacksburg, Va. (27 points)

7. Team K, Japan (25 points)

8. TROOPER, Lockheed Martin, Cherry Hill, N.J. (24 points)

9. Case Western University, Cleveland, Ohio (23 points)

 

The top six teams earned funding and an ATLAS robot from DARPA to compete in the DRC Trials in December 2013 (DARPA is also funding several other “Track A” teams to construct their own robot and compete in the Trials). The Trials are the second of three DRC events, and the first physical competition.

 

In a demonstration of good sportsmanship, Jet Propulsion Laboratory, which also has a DARPA-funded Track A effort with its own robot, decided to merge its two efforts and offer the bulk of the resources it earned in the VRC to other teams. DARPA split the freed resources between the next two teams:

+ The robot associated with the JPL win and some funding now goes to TROOPER (Lockheed Martin).

+ Additional funds are being allocated to a newly formed team of Team K and Case Western. That team, now known as HKU, will use an ATLAS robot generously donated to it by Hong Kong University to participate in the DRC Trials in December.

 

Thus, in total, seven teams with ATLAS robots and DARPA support will be going to the DRC Trials, where they will compete with other teams with their own robots.

VRC teams were evaluated based on task completion and effective operator control of the robots in five simulated runs for each of three tasks (15 total timed runs) that addressed robot perception, manipulation and locomotion.

The tasks included: entering, driving and exiting a utility vehicle; walking across muddy, uneven and rubble-strewn terrain; and attaching a hose connector to a spigot, then turning a nearby valve. To simulate communications limitations in a disaster zone, the VRC imposed a round trip latency of 500 milliseconds on data transmission, and varied the total number of communications bits available in each run, from a high of 900 megabits down to 60 megabits.

To conduct the VRC, DARPA funded the Open Source Robotics Foundation to develop a cloud-based simulator that calculates and displays the physical and sensory behaviors of robots in a three-dimensional virtual space, in real time. The simulator allowed teams to send commands and receive data over the Internet to and from a simulated ATLAS robot-information very similar to what would be sent between a physical robot and its operator in the real world.

“The VRC and the DARPA Simulator allowed us to open the field for the DARPA Robotics Challenge beyond hardware to include experts in robotic software. Integrating both skill sets is vital to the long-term feasibility of robots for disaster response,” said Gill Pratt, DRC program manager.

“The Virtual Robotics Challenge itself was also a great technical accomplishment, as we have now tested and provided an open-source simulation platform that has the potential to catalyze the robotics and electro-mechanical systems industries by lowering costs to create low volume, highly complex systems.”

 

Immigration deal would boost defense manufacturers

Washington Post

By Matea Gold, Published: July 1

http://www.washingtonpost.com/politics/immigration-deal-would-boost-defense-manufacturers/2013/07/01/d1c115e4-df63-11e2-b2d4-ea6d8f477a01_print.html

 

The border security plan the Senate approved last week includes unusual language mandating the purchase of specific models of helicopters and radar equipment for deployment along the U.S.-Mexican border, providing a potential windfall worth tens of millions of dollars to top defense contractors.

The legislation would require the U.S. Border Patrol to acquire, among other items, six Northrop Grumman airborne radar systems that cost $9.3 million each, 15 Sikorsky Black Hawk helicopters that average more than $17 million apiece, and eight light enforcement helicopters made by American Eurocopter that sell for about $3 million each.

The legislation also calls for 17 UH-1N helicopters made by Bell Helicopter, an older model that the company no longer manufactures.

Watchdog groups and critics said that these and other detailed requirements would create a troubling end-run around the competitive bidding process and that they are reminiscent of old-fashioned earmarks — spending items that lawmakers insert into legislation to benefit specific projects or recipients. In the past several years, Congress has had a moratorium on earmarks.

 

The language was included in a $46 billion border security package the Senate approved last week as part of a comprehensive immigration bill. The so-called border surge — an additional $38 billion in spending — was added in the final week of negotiations to attract more GOP support for the measure, which passed with 68 votes, including 14 from Republicans.

The legislation would spend $30 billion over the next decade to hire more than 19,000 new Border Patrol agents, an undertaking that would double the size of the force and that many immigration experts consider wasteful and unnecessary.

The measure also would devote $7.5 billion to build 350 miles of fencing along the U.S.-Mexican border and $4.5 billion to buy new border technology. The legislation would have to be fully implemented, along with electronic visa and employment verification systems, before immigrants could receive green cards.

Sens. Bob Corker (R-Tenn.) and John Hoeven (R-N.D.), who co-sponsored the plan, said the provisions were aimed at assuaging the concerns of Republicans who are wary about creating a path to citizenship without tougher border measures.

“I was just trying to work with our caucus to get as many of our guys to participate,” Hoeven said.

That approach did not win over holdouts such as Sen. Tom Coburn (R-Okla.), who said: “Taxpayer funds should enhance border security, not provide border stimulus for contractors. Unfortunately, the Senate bill does exactly that.”

The list of equipment included in the legislation was drawn from a technological needs assessment developed by the U.S. Customs and Border Protection agency in 2010, according to a senior Department of Homeland Security official, who spoke on the condition of anonymity to describe the internal process. Agency staff members compiled the list at the request of Homeland Security Secretary Janet Napolitano after she stopped a virtual-fence project that was plagued by cost overruns and delays.

Border Patrol officials provided the list to congressional staffers who had asked what the agency needed to effectively control the border.

In separate interviews last week, Corker and Hoeven said they decided to add the list to the legislation to help win over GOP senators who did not trust Napolitano to carry out a border plan.

The two senators noted that the proposal would allow Napolitano to substitute equivalent brands of technology as long as she notified Congress within 60 days. “If they want to buy something better, they can,” Corker said.

But critics said that because the measure prescribes specific products, the agency probably would not seek alternatives. “Lawmakers have put their thumb on the scale for particular products and technologies and that is hard for an agency to ignore,” said Steve Ellis, vice president of the nonpartisan Taxpayers for Common Sense, which scrutinizes federal spending.

The $4.5 billion set aside for technology would be a boon for defense contractors, who are looking for opportunities as the United States continues to reduce its presence in Afghanistan.

The parent corporations of the companies that manufacture the products listed in the bill and their employees have given nearly $11.5 million to federal candidates and campaigns since 2009, according to the nonpartisan Center for Responsive Politics. About half of that came from Northrop Grumman.

Neither Corker nor Hoeven has received substantial donations from the companies or the defense sector overall.

“We’re proud of our long partnership with the Department of Homeland Security and are honored they have repeatedly chosen to acquire our helicopters for their important missions,” said Ed Van Winkle, law enforcement sales manager for American Eurocopter. “We stand ready to produce and deliver additional aircraft customized to Customs and Border Protection requirements should Congress authorize and fund their procurement.”

Representatives of Northrop Grumman, Sikorsky and Bell declined to comment.

Most of the equipment required by the legislation is identified by category, not by brand. Among other items, the bill calls for 4,595 unattended ground sensors, 104 radiation isotope identification devices and 53 fiber-optic tank inspection scopes — and specifies how many should be deployed in each Border Patrol sector. It also requires the purchase of four new drones, on top of 10 unmanned aircraft that the Border Patrol already owns.

The items listed by name were identified that way on the border agency’s wish list, according to Senate staff members involved in drafting the plan, who discussed the process on the condition of anonymity. They said the proposal would not override contracting rules that require competitive bidding.

But government watchdogs said it would be difficult to have an open bidding process for equipment identified by brand and model.

“The agency is statutorily required to buy the specific items from the listed vendors,” said Scott Amey, general counsel for the Project on Government Oversight, an independent group that works to expose overspending and corruption. “I’m unsure how an agency could hold a competition.”

One big-ticket item on the list is the VADER radar system, an airborne technology operated from drones that Northrop Grumman developed for the Pentagon’s research arm. The Border Patrol has been testing one of the systems on loan from the Defense Department to detect migrants attempting to cross the border illegally, officials said. This year, the agency received $18.6 million to buy two of the radar systems , and the immigration bill would add six more.

The Black Hawk helicopters required under the plan include five of the latest high-tech models with digital cockpits. As for the American Eurocopter aircraft, the patrol would be required to add eight AS-350 models to the 85 it already has in its fleet.

The legislation spells out how new border patrol agents would be deployed, requiring the agency to assign 38,405 officers to the U.S.-Mexican border by Sept. 30, 2021.

The Border Patrol employs a record 21,000 agents, up from about 10,000 in 2004. In its most recent budget request, the department did not seek new agents.

Many experts on border security say that doubling the force is impractical and a poor use of resources and that the money could be better spent on workplace inspections or the E-Verify system that employers can use to check the citizenship of applicants.

“There is a lot in this border security plan that is fighting the last war,” said Doris Meissner, who was a top Clinton administration immigration official.

Homeland Security officials are confident that they can recruit and train the surge of agents required under the bill. Spokesman Peter Boogaard said the measure would “build on this administration’s historic border security gains.”

Hoeven and Corker said they settled on hiring 20,000 agents in large part because the number fell midway between proposals from other GOP senators.

“I wish I could tell you it was scientific,” Corker said, adding, “We felt like this was something that would get the job done.”

Alice Crites contributed to this report.

 

What They Told Us: Reviewing Last Week’s Key Polls

Ramussen Reports

Saturday, July 06, 2013

 

Americans still share the values enshrined in the Declaration of Independence 237 years ago and remain wary of too much government. It’s clear, too, that many aren’t happy with the government they’ve got.

Eighty-one percent (81%) believe “all men are created equal.” Ninety-two percent (92%) agree that all men are “endowed by their Creator with certain inalienable rights, among them life, liberty and the pursuit of happiness.” Seventy-two percent (72%) believe “governments derive their only just powers from the consent of the governed.”

But just 25% of voters think the federal government today has that consent.

More Americans than ever (63%) think a government that is too powerful is a bigger danger in the world today than one that is not powerful enough.

Thirty-eight percent (38%) believe the U.S. Constitution doesn’t put enough restrictions on what government can do. Still, 56% think the foundational document shouldn’t be tampered with, and another 33% believe it needs only minor changing.

Just 47% now believe the United States is a nation with liberty and justice for all, the lowest level measured in six years. Still, 77% say if they could live anywhere in the world, it would be the United States.

Scott Rasmussen’s weekly newspaper column notes that “only one-in-four voters today thinks our government has the consent of the governed.” He adds, “That’s a clear call for our government to change its ways and re-earn the trust of those it is supposed to serve. Those are the kind of attitudes that make the Political Class nervous. The fact that we expect more comes from the fact that we as a nation still embrace the Spirit of ’76.”

So how are representative democracy and our constitutionally guaranteed system of checks and balances working these days?

The U.S. Supreme Court finished its term with big decisions on voting rights, affirmative action and same-sex marriage. Following those rulings, public approval of the Supreme Court has fallen to the lowest level ever recorded in more than nine years of polling.

Just seven percent (7%) of voters think Congress is doing a good or excellent job. This marks the sixth consecutive survey that shows Congress’ positive ratings in single digits. Sixty-five percent (65%) believe that no matter how bad things are, Congress can always find a way to make them worse.

Republicans gained the edge over Democrats on the Generic Congressional Ballot for the week ending June 30, but this is the second time in the past three weeks that support for both sides was below 40%, something that hasn’t happened since June 2009. This is the 11th straight week that the parties have been separated by two points or less.

At the same time, voters like the balance of Congress having final review over the Executive branch’s decisions when it comes to the environment. The Environmental Protection Agency sent revised greenhouse gas regulations to the White House this past week, but 51% of voters think all EPA regulations should require congressional approval before they can be implemented. That’s up eight points from 43% in late December.

Speaking of the Executive branch, 52% of voters think it is good for the nation that the American people know more about the National Security Agency’s domestic surveillance programs, and 70% believe the phone and e-mail surveillance programs may have inappropriately violated the privacy of innocent Americans. But as for Edward Snowden, the whistleblower who disclosed the programs, just eight percent (8%) regard him as a hero. Thirty-two percent 32% now consider him a traitor. Most think he’s either somewhere between hero and traitor (34%) or that it’s too early to tell (23%). Those numbers reflect a slightly more negative view of Snowden compared to two weeks ago.

Forty-three percent (43%) rate the NSA’s secret surveillance of Americans’ phone and e-mail communications as a serious scandal. Thirty percent (30%) view it as an embarrassing situation but not a scandal, while 20% say it’s not big deal.

The White House announced late Tuesday that it will delay implementation of the employer mandate, a key portion of President Obama’s national health care law. As the date for implementation draws near, support for state implementation of the health care law is declining. Just 41% of voters now would like their governor to support implementation of the law, while 48% want their governor to oppose it. This marks a complete reversal from January when 47% wanted their governor to support implementation of the law and 39% were opposed.

As projected by the Rasmussen Employment Index, the number of new jobs in June – announced by the government yesterday – slipped slightly from the month before but remains near the highest levels of recent years. Sixty-six percent (66%) of Americans know someone who is out of work and looking for a job. But that’s the lowest it’s been since the Great Recession. Americans are evenly divided as to whether the labor market is better than it was a year ago and also divided as to whether the unemployment rate will be better or worse a year from now.

An increasing number (35%) of Americans think now is a good time to sell a home in their area, but belief that owning a home is a family’s best investment is down to 47%, the lowest level measured in the past year.

Consumer and investor confidence remain near recent highs.

Despite these signs of economic improvement, confidence in the president’s handling of the economy continues to fall. Thirty-five percent (35%) of voters now say Obama is doing a good or excellent job in this area, down from a recent high of 48% in December.

The president had a challenging month of June, and his total Job Approval rating fell two points to 47%. That ties his lowest approval rating since December 2011. The current rating is more in line with his job approval during most of his first term in office.

In other surveys this week:

— For the second week in a row, 30% of voters say the country is heading in the right direction.

Americans consider blacks more likely to be racist than whites and Hispanics.

— Americans continue to strongly believe private sector workers work harder for less money and have less job security than government workers do.

— Only 26% of voters rate the performance of public schools in America today as good or excellent. Sixty-one percent (61%) think most textbooks are chiefly concerned with presenting information in a politically correct manner, little changed from surveys for the past three years. 

— Just 25% think most high school graduates have the skills needed for college. Only 22% think high school graduates have the necessary skills to enter the workforce.

— Americans continue to see the Fourth of July as one of the nation’s most important holidays. It ranks second only to Christmas.

— Most Americans are aware that the Fourth of July celebrates the signing of the Declaration of Independence.

Remember, if it’s in the news, it’s in our polls.

From → Uncategorized

Comments are closed.

%d bloggers like this: