Skip to content

December 13 2014

December 15, 2014

13 December 2014


Also on a blog at


Airbus in Near Miss with a Drone at London Heathrow Airport

December 8, 2014


A passenger plane had a near miss with a drone as it landed at Heathrow, in the first such incident recorded at Britain’s biggest airport. The incident involved an Airbus A320, which can carry up to 180 passengers, and was rated by investigators as among the most serious near-collisions.

The UK Airprox Board (UKAB), which will publish its findings on Friday, is expected to record an incident risk rating of A – the highest of five categories – defined as a “serious risk of collision”.

The report  said the pilot of an Airbus A320 spotted the drone, which failed to show up on air traffic control systems, at 2.16pm on 22 July while flying at an altitude of 700ft.

The pilot reported the incident to the UKAB, which launched an inquiry, but the owner of the drone has never been identified.

The Airbus A320 is a short-haul jet that can carry 180 passengers and is commonly used by European airlines

Earlier this year the British Airline Pilots’ Association (Balpa) demanded better protection for the public from the risks of drones.

It wants drones, officially known as remotely piloted aircraft systems (RPAS), which share airspace with passenger and freight airliners, to meet the same safety standards as piloted aircraft. It includes being flown only by operators with pilot-equivalent training.

Balpa’s general secretary, Jim McAuslan, said: “The UK should become a ‘safe drone zone’ so we can make the most of the major business and leisure opportunities offered by remotely piloted aircraft, while protecting passengers, pilots and residents.

“The technology is developing quickly and we could see remote aircraft the same size as a Boeing 737 being operated commercially in our skies within 10 years.”

Research carried out by intelligence experts for a University of Birmingham policy commission report published in October warned of the misuse of drones.

The commission called for urgent measures to safeguard British airspace to cope with civil and commercial use, which is expected to be more widespread by 2035.

The report said the “hazards presented by inadvertent or accidental misuse of RPAS, or the consequences of their malfunctioning are becoming better understood”. It added that small commercial aircraft, including for taking photographs, are already being flown and often in breach of the rules.


Multirotor came within 20 feet of airliner AIRPROX REPORT No 2014117

by Gary Mortimer • 12 December 2014


THE A320 PILOT reports being on short final to land on RW09L at Heathrow. The blue and white aircraft had external lights selected on, as was the SSR transponder with Modes A, C and S. The aircraft was fitted with TCAS II. The pilot was operating under IFR, in VMC; the Air Traffic Service was not reported.

He stated that a small black object was seen to the left of the aircraft as they passed 700ft in the descent, which passed about 20ft over the wing. It appeared to be a small radio controlled helicopter. The object did not strike his aircraft and he made a normal landing but it was a distraction during a critical phase of flight. ATC was informed of the object’s presence and following aircraft were notified.

THE MODEL OPERATOR: Despite extensive tracing action and the proactive assistance of local model-flying-club members, it was not possible to trace the operator of the model aircraft in question.

Factual Background

The weather at Heathrow was recorded as follows:

METAR EGLL 221420Z 04007KT 340V070 9999 FEW048 27/14 Q1022 NOSIG


Analysis and Investigation

UKAB Secretariat

The Air Navigation Order 2009 (as amended), Article 138


‘A person must not recklessly or negligently cause or permit an aircraft to endanger any person or


Article 166, paragraphs 2, 3 and 4 state:

(2) The person in charge of a small unmanned aircraft may only fly the aircraft if reasonably satisfied that the flight can safely be made.

(3) The person in charge of a small unmanned aircraft must maintain direct, unaided visual contact with the aircraft sufficient to monitor its flight path in relation to other aircraft, persons, vehicles, vessels and structures for the purpose of avoiding collisions.’

(4) The person in charge of a small unmanned aircraft which has a mass of more than 7kg excluding its fuel but including any articles or equipment installed in or attached to the aircraft at the commencement of its flight, must not fly the aircraft


(a) in Class A, C, D or E airspace unless the permission of the appropriate air traffic control unit

has been obtained;

(b) within an aerodrome traffic zone …; or

(c) at a height of more than 400 feet above the surface unless it is flying in airspace described in

sub-paragraph (a) or (b) and in accordance with the requirements for that airspace.’



An Airprox was reported when an Airbus A320 and a suspected radio controlled model helicopter came into proximity at 1416 on Tuesday 22nd July 2014. The A320 pilot was operating under IFR in VMC, in receipt of an Aerodrome Control Service from Heathrow Tower.



Information available consisted of a report from the A320 pilot and radar photographs/video recordings. The model helicopter did not appear on radar and, from the A320 pilot’s description, was probably of a size that could not be considered likely to do so.

The Board members were satisfied that the A320 crew had seen a model helicopter and were of the unanimous opinion that the operator of the model had chosen to fly it in an entirely inappropriate location. That the dangers associated with flying such a model in close proximity to a Commercial Air Transport aircraft in the final stages of landing were not self-evident was a cause for considerable concern. Members reiterated that anyone operating an air vehicle, of whatever kind, had to do so with due consideration for regulation and for other airspace users, and preferably under the auspices of an established association or club. The Board were heartened to hear of work being undertaken by the CAA to bring the issue of remotely piloted aircraft operations to wider public attention, an example being the recent issue of CAP1202, giving advice for the conduct of such operations. The UKAB Secretariat also pointed out that a link to ‘CAA UAS/UAV Information and Guidance’ could be found on the Airprox Board website

The Board concluded that the cause of the Airprox was that the suspected model helicopter had been flown into conflict with the A320, and that the risk amounted to a situation that had stopped just short of an actual collision where separation had been reduced to the minimum.



Cause: A suspected model aircraft was flown into conflict with the A320.

Degree of Risk: A.

ERC Score: 1



If GoPro gets into consumer drones, the industry could finally have the innovation champion it needs

by Press • 7 December 2014

By Dominic Basulto

In order for any consumer technology to go mainstream, it needs one tech giant to emerge as its innovation champion. In search, it’s Google. In social networking, it’s Facebook. In digital music, it’s Apple. In e-commerce, it’s Amazon. And now the consumer drone market might one day have GoPro, the wildly popular action camera maker that just went public in June.

According to a credible report from the Wall Street Journal, GoPro is considering the launch of its own line of multirotor consumer drones priced between $500 and $1,000 by late 2015. While GoPro hasn’t officially confirmed or denied the report, they have joined a Washington-based drone-lobbying group, the Small UAV Coalition. And moving into consumer drones would be a likely next step for them, given the popularity of aerial photography for GoPro users.

Almost overnight, GoPro would become the odds-on favorite to become the leader and champion of the fast-growing consumer drone market. According to Teal Group, an aerospace research firm, the worldwide UAV (unmanned aerial vehicles) market – including both military and civilian drones – is expected to nearly double in size over the next ten years, from $6.4 billion to $11.5 billion.

Right now, military drones account for 89 percent of that total, so the total worldwide civil UAV market is relatively tiny, approximately $700 million. The consumer drone market (i.e. the market for personal, hobbyist drones and not the market for mapping or search-and-rescue drones) is even tinier, estimated by the Consumer Electronics Association to be $130 million in 2015. To put that number into context, GoPro’s sales through the first nine months of 2014 — $763 million — is almost six times the size of the personal drone category and bigger than the size of the entire worldwide civil UAV market.

So whom would GoPro have to knock off in order to become the undisputed champion of the consumer drone market?

There are three consumer drone manufacturers that are considered the industry leaders – China’s DJI Innovations, France’s Parrot and California’s 3D Robotics (founded by former Wired editor-in-chief Chris Anderson). According to industry estimates, DJI posted $131 million in annual sales in 2013. The next closest competitor is France’s Parrot, with$53.35 million in sales in fiscal 2013.

There’s not a single U.S. tech giant in the consumer drone market. in other words, there’s no Apple waiting in the wings with an Apple Drone to take on GoPro. While both Facebook and Google acquired drone companies in 2014, and Amazon seems to be embracing drones for commercial deliveries via Amazon Prime Air, none of them has created a drone that consumers can walk in and buy at a retail store. And even market leader DJI could be ripe for the picking, given that the company only launched its Phantom quadcopters in 2013 – hardly enough time to gain true brand equity in the marketplace.

At the end of the day, if American consumers had the chance to choose between “designed in the USA” (GoPro) and “designed in China” (DJI), which one do you think they’re going to pick?

Right now, we don’t know exactly what GoPro is going to create with its consumer drones. Company spokesmen are keeping things close to the vest, only noting that the company’s users are creating “jaw-dropping GoPro footage recorded from quadcopters.” So there’s reason to expect more from GoPro in this direction — it’s a natural brand extension, given that the company already provides cameras for drones.

There are two basic options for GoPro – either the company creates a new standalone consumer drone with an internal GoPro camera, or it essentially adapts a drone model already in the marketplace, equips it with a sophisticated mount, and lets users hook on an existing GoPro camera. You can see immediately see which of these two options is more valuable for GoPro – they’ve got to build the drone with the internal camera because there are already a handful of companies that already offer the “drone plus mount” option for aerial photography. Why would you bother buying a new GoPro drone if you can just buy another drone and mount a GoPro on it?

Another big question is how the FAA is going to rule on drones. That matters a lot, since the civil UAV market is expected to explode in popularity if the FAA gives the green light for commercial drones. Right now, civil drones are essentially limited to hobbyists, they cannot be flown above 400 feet in the air and they cannot be flown close to airports.

Yet, even with those restrictions in place, there are signs of drone mania taking off. It’s not just aerial photography, which is far and away the biggest drone hobbyist use so far. Filmmaking could be next, now that Hollywood has received the green light to use them for filmmaking. We may even see more creative uses unveiled at January’s CES tech trade show in Las Vegas, which for the first time ever, is going to have an Unmanned Systems Marketplace.

For now, though, all eyes are Washington and not on Vegas. It seems like we’ve been expecting an FAA ruling forever. And now even the White House has been pushing for more guidance. There’s a lot of regulatory risk here, especially given all the concern about airplane-drone accidents. In fact, perhaps based on all those concerns, the latest reports are that the FAA will go ultra-strict on its commercial drone ruling, perhaps even limiting consumer drone use to daylight hours and requiring all commercial drone operators to get a pilot’s license.



China Reaches Out To US For Space Data: Air Force Space Commander

By Colin Clark

on December 08, 2014 at 11:41 AM

WASHINGTON: China has taken the unprecedented step of asking Air Force Space Command to share information about possible satellite and satellite debris collisions. The United States had been sharing so-called conjunction warnings with China through the State Department, but no one knew if China actually paid any attention because the data was never acknowledged.

Then, quite recently, the head of Air Force Space Command, Gen. John Hyten, got a formal request from the Chinese to share the information directly. “The Chinese have asked to get data straight from our operations center to their operations center without going through State,” Hyten said during a Capitol Hill breakfast. How significant is this, I asked after we ate. “To me, it’s a big deal.”

I understand that China had committed to this in July as part of the U.S.-China Strategic and Economic Dialogue. The summary document about the agreement between the two countries says the Chinese Ministry of Foreign Affairs “committed to provide e-mail contact information for appropriate Chinese entities responsible for spacecraft operations and conjunction assessment, allowing these entities to receive Close Approach Notifications directly from the United States Department of Defense.”

Of course, getting the PRC’s Ministry of Foreign Affairs to get the People’s Liberation Army to do something doesn’t always happen quickly — if at all. Observers of the fallout after the Chinese anti-satellite test will remember that Foreign Affairs appeared absolutely clueless about the test, both publicly and privately. And that anti-satellite test, ironically, was responsible for an enormous increase in the amount of space debris that may cause a collision. That the United States will play the responsible global citizen and provide conjunction data to the Chinese after the test only deepens the irony.

Of course, for the Chinese it’s a win as the US catalogue and tracking of orbital data is considered the best there is and they are getting direct access to it should any of their satellites be threatened. But this also provides proof to the Chinese that playing by international rules and norms can provide tangible benefits, which surely played a key role in the sharing being approved. Several attendees at the space breakfast said the Chinese request marked an important step forward in US-Chinese military-to-military relations and welcomed it.

One of the foremost US authorities on the Chinese military’s space efforts says in an email that the Chinese move demonstrates “first and foremost, that in the Chinese system the Ministry of Foreign Affairs is NOT a powerful entity. This is reflected in the basic reality that the Foreign Minister has not been a member of the Politburo since the days of Qian Qichen, in the late 1990s.”

He believes that the PLA “is most likely acting, in the first place, to remove an unnecessary link in the chain of information, especially important since conjunction data is perishable.

“Given China’s steadily improving space situational awareness system, my own guess is that they are accessing this data, first, to minimize the chances of a conjunction. There have been some interesting stories in the Chinese press about moving satellites to avoid collisions. It is unclear what data has been used to make that determination, whether it is primarily home-grown, from the US, from third parties, or a combination. Second, it may be to double-check their own data: What are the Americans seeing that we are not? This may be partly a matter of resolution, and partly a possible source of intelligence. There was a brouhaha a few years back where we were reporting in our space catalogs European satellites that the Europeans denied existed.”

So what does America get out of this? “For the United States,” Cheng writes, “ideally this would be an opportunity for us to gain insight into what organizations play a role in China’s space situational awareness organization. Who gets this data (almost certainly the General Armaments Department)? Who else outside the military gets this data? How does it get incorporated into China’s SSA system? In particular, does the China National Space Administration (CNSA) get this data, and at what point? (I doubt the information is going from us to CNSA).”

In the end, Cheng assesses this is not the beginning of a fundamental change to US-Chinese military to military relations. “What WON’T change is that Chinese space (and military, but I repeat myself) officials will NOT engage in direct, US-PRC communications. Certainly not in a crisis, and probably only minimally in peacetime, even with this new connection.”


Banks Urge Clients to Take Cash Elsewhere

New Rules Mean Some Deposits Aren’t Worth It, J.P. Morgan, Citigroup and Others Tell Large U.S. Clients


The Wall Street Journal

By Kirsten Grind, James Sterngold and Juliet Chung

Dec. 7, 2014 8:57 p.m. ET

Banks are urging some of their largest customers in the U.S. to take their cash elsewhere or be slapped with fees, citing new regulations that make it onerous for them to hold certain deposits.

The banks, including J.P. Morgan Chase & Co., Citigroup Inc., HSBC Holdings PLC, Deutsche Bank AG and Bank of America Corp. , have spoken privately with clients in recent months to tell them that the new regulations are making some deposits less profitable, according to people familiar with the conversations.


In some cases, the banks have told clients, which range from large companies to hedge funds, insurers and smaller banks, that they will begin charging fees on accounts that have been free for big customers, the people said. Bank officials are also working with these firms to find alternatives for some of their deposits, they said.

The change upends one of the cornerstones of banking, in which deposits have been seen as one of the industry’s most attractive forms of funding, said more than a dozen corporate officials, consultants and bank executives interviewed by The Wall Street Journal.

Deposits have traditionally been a crucial growth engine for banks. Banks generally pay depositors one interest rate and then make loans with higher rates, often collecting fees in the process. But deposits also can be withdrawn at any time, potentially leaving a bank short of cash if too much money is removed at once.

The new rule driving the action is part of a broader effort by U.S. regulators and policy makers to make the financial system safer. But the move may inconvenience corporations that now have to pay new fees or look for alternatives to their bank.

Sal Sammartino, vice president of banking at Stewart Title, a unit of Stewart Information Services Corp. , a global title insurance company based in Houston, said he has had sleepless nights in recent weeks as he has negotiated with large banks to try to keep the firm’s deposits there. He declined to name the banks.

“Ultimately my balances aren’t as profitable for the banks, and that’s going to impact my business,” he said.

In an environment of slow economic growth with fewer opportunities to make loans and ultralow interest rates, some banks feel they have too much money on deposit.

Some banks, including J.P. Morgan and Bank of New York Mellon Corp. , have also started charging institutional clients fees to hold euro deposits, mainly driven by the European Central Bank’s move to make firms pay to park their cash with the ECB. BNY Mellon recently started charging 0.2% on euro deposits. State Street Corp. said in its third-quarter earnings call in October that it planned to begin charging fees later this year on euro deposits.

U.S. banking rules set to go into effect Jan. 1 compound the issue, especially for deposits that are viewed as less likely to stay at the bank through difficult times.

The new U.S. rules, designed to make bank balance sheets more resistant to the types of shocks that contributed to the 2008 financial crisis, will likely have little effect on retail deposits, insured up to $250,000 by federal deposit insurance. But the rules do affect larger deposits that often come from big corporations, smaller banks and big financial firms such as hedge funds.

Hundreds of companies and other bank customers with deposits that exceed the insurance limits could be affected by the banks’ actions.

Overall, about $4 trillion in deposits at banks in the U.S. were uninsured, covering more than 3.5 million accounts, according to Federal Deposit Insurance Corp. data.

The rule primarily responsible involves the liquidity coverage ratio, overseen by the Federal Reserve and other banking regulators. The new measure, finalized in September, as well as some other recent global regulations, are designed to make banks safer by helping them manage sudden outflows of deposits in a crisis.

The banks are required to maintain enough high-quality assets that could be converted into cash during a crisis to cover a projected flight of deposits over 30 days.

Because large, uninsured deposits would be expected to leave most quickly, the rule will now require that banks maintain reserves that they cannot use for profitable activities like making loans. That makes it much less efficient or profitable for banks to hold these deposits.

The new rules treat various types of deposits differently, based on how fast they are likely to be withdrawn. Insured deposits from retail customers are regarded as more safe and require that banks hold reserves equal to as little as 3% of the sums.

But the banks must hold reserves of as much as 40% against certain corporate deposits and as much as 100% of some big deposits from financial institutions such as hedge funds.

Some corporate officials said the new rules could make it more expensive for them to keep money in the bank or push them into riskier savings instruments such as short-term bond funds or uninsured money-market funds.

“You’re going to see a lot of corporations that have had much simpler portfolios that are going to move toward more sophisticated portfolios,” said Tory Hazard, president and chief operating officer of Institutional Cash Distributors, a broker to large clients looking for places to hold their cash.

Some bankers said they are advising corporate clients to break up large deposits across several banks, including smaller ones not affected by all of the new rules. Others might be attracted to other products offered by banks or products being created by asset managers.

Some customers are negotiating for a reduction in the fees, said people familiar with the discussions.

J.P. Morgan told some clients of its commercial bank recently that it would begin charging monthly fees on deposit accounts from which clients can withdraw money at any time. The new charges will start Jan. 1 for U.S. accounts, according to an Oct. 21 memo reviewed by the Journal, and later for international accounts.

“New liquidity and capital requirements have changed the operating environment and increased the cost of doing business with financial institutions,” the memo read.

The change affects some hedge-fund customers, rather than corporate accounts. The charges include items such as a $500 monthly account maintenance fee for demand deposits and a $25 charge per paper statement.

Larger clients with broad, long-term relationships with their banks may get a break on the new fees, according to people familiar with the situation. Banks also are likely to differentiate between clients’ operational deposits, used for things like payroll, and excess cash that can be pulled more easily, the people said.

At a National Association of Corporate Treasurers conference in October, consultant Treasury Strategies noted that the new rules “will redefine the economics and dynamics of corporate banking relationships.”

Some argue that while it is a good policy on its face, the rule potentially magnifies problems in a recession by encouraging banks to hoard high-quality assets, potentially paralyzing markets for these assets such as Treasury securities and some corporate bonds.

“This proposal, which is supposed to promote financial stability, actually does the opposite,” said Thomas Quaadman, a vice president at the U.S. Chamber of Commerce.

Thomas Deas, treasurer at chemicals company FMC Corp. said dialogue is increasing between banks and corporate clients as company executives get their arms around the potential new fees.


Robert Marley, assistant treasurer at EnerSys Inc., a maker of industrial batteries in Reading, Pa., said he was recently told by banks that his company would need to move cash that had been sitting in short-term deposit accounts in Europe or face new fees. “I’m not happy about it,” he said.


Industry Pivots From New Simulators to Services

Dec. 7, 2014 – 03:45AM | By AARON MEHTA | Comments


ORLANDO, FLA. — Amid a global downturn in defense spending, the training and simulation world is booming. But in a series of interviews at this year’s I/ITSEC conference here, executives for some of the world’s largest defense firms acknowledged that the sector’s market strategy is changing.

The biggest market trend, they said, is a growing emphasis on providing services to customers. In the past decade, companies could feast on providing the technology of simulators and classroom education. Now, governments are buying less new equipment, which means industry needs to focus on upkeep and training opportunities in existing systems.

Mike Blades, an analyst with Frost & Sullivan who attended I/ITSEC, said the emphasis on providing services is a major industry trend.

“That’s the theme of the show,” he said. “There are very few programs that require new simulators, just upgrades.”

Simon Williams, a retired Royal Navy rear admiral who chairs the defense arm of Clarion Events, noted that service companies that have no role in producing education and training tools are jumping into the market for the first time.

“In the future, where the market will be is training as a service,” Williams said. “So you will have suppliers who will supply you with the technologies, but there will be an interface between the customer and the technology, which is the service company.”

“Increasingly what we’re going to see is companies — the Sercos, the Babcocks — these large global service operators will start to step into this market,” he added.

And while new companies are throwing their hats into the ring, the traditional defense industry powers are moving to adapt.

Bob Gower, Boeing Defense’s vice president for training systems and government services, said he is “aggressively” pursuing training services, which led to a recent reorganization of his team.

“We did this for a couple of reasons,” Gower told reporters. “One is where the market is, but we also see trends where some customers are buying services and upgrading systems under those services. So to me, to have a healthy business over the long term, we have to be in the services business if we want to do systems as well.

“The services portion of the business is about 10 percent of my portfolio,” Gower added. “Going forward I’d like to get to where the services is much closer to half than 10 percent, but that’s going to take me some time.”

Asked how much time, Gower said he had no set timetable, but “sooner would be better.”

Gower added that schoolhouse-type solutions, where a company owns and operates a training center on behalf of another nation, is one area of growth. The schoolhouse model essentially outsources the entire pilot training for an air force. Traditionally, militaries buy aircraft and simulators, develop courseware, train instructors and then train pilots. In this model, a company does all that and is judged on a variety of metrics, including pilots graduated.

Competitor Lockheed Martin is also pursuing that model, through what it calls “turnkey training solutions.” Jon Rambeau, vice president and general manager of Lockheed’s Training and Logistics business, said his company is focusing on “not just innovating around technology, but also applying innovative business models to help our customers manage their budgetary constraints.”

That model is “definitely something that is picking up a little bit of momentum,” Rambeau said. “When you think about the huge upfront capital investment a country needs to make to recapitalize its fleet of training aircraft, it’s a much more cost-effective model that spreads costs out over typically 20-25 years.”

That model is largely being marketed internationally. Lockheed is already doing schoolhouse work for the UK and Singapore, and expects to be on contract with Qatar in the near future. Gower added that the Middle East is particularly interested in this model of learning.

Gene Colabatistto, group president for defense with CAE, agreed that services are becoming more important. In his two-and-a-half years in his position, he said, services has grown from 33 to 48 percent of his business.

In addition to the schoolhouse model, Colabatistto said countries are learning it is easier to let companies handle upgrades and service the equipment rather than relying on military maintenance crews.

“I think the most sophisticated users realize what we’re really good at is obsolescence management,” he said. “They realize we’re really good at this because we operate 60 commercial centers. We know how to do this. So a lot of what is driving this [move to services] is the way budgets are being allocated and executed.”



Blades points to companies such as Engility, spun off from L-3 as a company solely focused on government services, as an example of where the market is going and evidence of enough services requirements to merit a spin-off.

At the same time, Anthony Smeraglinolo, Engility president and CEO, warned in a keynote address at the show that there is an oversaturation in the services market and a correction may be coming.

“It is still a great market, but there are too many of us addressing it,” he said. “When there is more capacity than demand, something needs to give, and I think we have begun to see that in terms of industry consolidation.”

Smeraglinolo has put that into effect, acquiring two government services firms in Dynamics Research Corp. and TASC over the past 12 months to grow Engility’s marketshare.

“I firmly believe consolidation is a fundamentally good thing for both industry and our government partners,” he said. “Mergers and acquisitions result in increased scale, which enables fixed infrastructure costs to be spread across the larger base.”

Smeraglinolo’s speech set off different reactions among industry attendees at the show.

Some, such as Blades, agreed there will be more merger and acquisition (M&A) activity in the sector in the near future, noting that “some companies just might not make it.”

CAE’s Colabatistto, however, warned acquisitions may be limited, the result of a small pool of companies that would make sense for a larger firms to acquire.

Many of the firms doing interesting things in the simulation and training world that larger companies could acquire are categorized as small businesses under US government regulations, he said, reliant on the ability to compete for small business set-aside contracts. If those companies are claimed by larger firms, those small-business contracts go away.

“So we look at those companies and it’s very hard to find which ones you would actually acquire,” Colabatistto said.

“I think there will continue to be acquisitions,” he said. “But to make a large play in the market is difficult with budget uncertainty and then in the smaller companies, the way they are classified makes it very risky.”

Even if chunks of the sector are gobbled up in acquisitions, Williams said, the training and simulation market is at a point where new ideas are constantly leading to new companies popping up.

“Yes, there will be consolidation, but equally, in a highly innovative market, you will always have the disruptive technology and the small entrepreneurial companies that will be starting up to fulfill a need that the major corporation doesn’t foresee because they [the small companies] have the agility to do so,” he said.

“So I think we will always have a number of smaller players, and they will be subject to M&A activity as time goes on,” he added. “It will almost be self-refreshing.” ■


If You Want to Pay More for Internet Access, Obama’s Got Your Back

Ed Feulner / @EdFeulner / November 22, 2014 / 7 comments

Edwin J. Feulner’s 36 years of leadership as president of The Heritage Foundation transformed the think tank from a small policy shop into America’s powerhouse of conservative ideas. Read his research.


Ready to pay more for Internet access? Me neither.

Unfortunately, that’s exactly what we can expect under the “net neutrality” rules being pushed by President Obama.

“Net neutrality” may sound harmless, but there would be nothing neutral about this change. Currently, broadband providers such as Verizon, AT&T and Comcast are treated differently than traditional telephone companies and electric utilities. They aren’t subject to “common-carrier” rules that prohibit them from varying rates and services.

In short, they can offer — and charge — what they want. That’s good for consumers, because it means that in order to compete, they’re always trying to win and keep customers by offering better, faster service at lower rates.

That would change with the advent of “net neutrality.” Under the plan that Obama is urging the Federal Communications Commission to adopt, Internet providers would be declared common carriers providing “telecommunications services.” That would leave the FCC free to regulate them.

One result: The providers would have to pay a part of their Internet revenue to the FCC’s “Universal Service Fund,” which provides subsidies for Internet service. This fee is set at 16.1 percent of revenue, or about $7 per subscriber per month. Former FCC Commissioner Harold Furchtgott-Roth calls it “perhaps the largest, one-time tax increase on the Internet.”

It may surprise you to learn that two of the current FCC commissioners oppose the president’s plan. According to one of them, Mike O’Reilly, the FCC is planning a “spending spree” with these new USF subsidies. It’s bad enough our Internet access would become more expensive, but we’d have to fund more waste at a government agency, too?

As regulation expert James Gattuso notes, this push for net neutrality comes at an ironic time: Congress is considering a renewal of its moratorium on state Internet taxes. But, he says, the FCC has no plans to ask Congress to vote on this matter. Why? It claims it has the power to move forward without legislative approval.

But net neutrality would mean more than a rate hike (which will naturally hit lower-income Americans the hardest). Coming under the FCC’s regulatory thumb would harm innovation and make broadband companies wary of investing in new ways to provide better, faster and cheaper service.

This isn’t just conjecture. An example of it came quite recently, in fact, when AT&T CEO Randall Stephenson spoke of how the company’s plans to invest in fiber-optic networks in up to 100 cities would change under Obama’s proposal.

The fiber-optic rollouts “are long-term investments,” Stephenson said on Fox Business Network. “And we have to ask under what rules will those be regulated in two or three years. Until we have some clarity, we’ll have to slow ourselves down, and we’ll have to pause and have some idea of what these rules look like in two or three years.”

I can’t think of a better phrase to describe the effect of regulation on innovation: “We’ll have to slow ourselves down.” The fact is, we shouldn’t have to do anything of the sort. These companies should feel they can invest freely in the kinds of services that make life better for their customers. But under net neutrality, that won’t be possible.

It simply makes no sense to yoke the Internet of 2014 to any portion of the Communications Act of 1934. As Erik Telford of the Franklin Center for Government and Public Integrity recently wrote in The Hill, “Given how much the Internet has revolutionized our lives in just the past [10] years, it’s absurd to think that an 80-year-old law will ensure the best service to consumers going forward.”

So let’s see: We’d pay more — for less. Sounds like a government plan, all right.

Here’s a better idea: Leave “net neutrality” junked on the shoulder of the information superhighway instead.


Will Government Regulation Kill the Internet of Things?

By Jack Moore

December 8, 2014 1 Comment


The government needs to update laws and regulations to accommodate the explosive growth of Internet-connected smart devices or risk falling behind the global technology curve.

That’s the view of a few tech-minded lawmakers who have turned their focus to the expanding web of objects and sensors that make up the so-called Internet of Things.

“We’re destined to lose to the Chinese or others if the Internet of Things is governed in the United States by rules that predate our VCRs,” said Sen. Deb Fischer, R-Neb., a member of the Commerce, Science and Transportation Committee, speaking at a Washington, D.C., event last week hosted by the Center for Data Innovation.

Some 27 million fitness trackers and other forms of “wearable” technology will be sold globally by the end of the year, according to recent research.

And that’s just one fragment of the so-called Internet of Things, or IoT.

This tangled network of Internet-connected sensors and other devices has also become firmly embedded in industrial-control systems that help run power plants and water systems. Smart devices are also making inroads in telecommunications and the health care system.

Will Too Much Regulation ‘Snuff Out’ Innovation?

But Fischer and her Senate colleagues appear anxious about the government writing too many of those rules in stone.

“I think we need to have a firm enough hand to have some rules of the road, to ensure security and privacy but not to snuff any of this great innovation out,” said Brian Schatz, D-Hawaii, a fellow member of the Senate commerce panel who also spoke at the event.

Sen. Kelly Ayotte, R-N.H., who also spoke at the event, said, “I think there’s an exciting opportunity as we look at the new Congress to take up some of these issues where we’re living in the Dark Ages in the way that some of the regulations have been framed.”

But she called for “humility” in the way the government oversees the adoption and spread of IoT, echoing comments made by Federal Trade Commissioner Maureen Ohlhausen last year when FTC first studied IoT.


NIST Offers IoT Playgrounds to Test Devices

Traditionally, the government has operated in only carrot-or-stick mode when it comes to the regulation of new technologies, said Sokwoo Rhee, associate director of IoT and cyber-physical systems at the National Institute of Standards and Technology.

In the first, the government offers research and development funding to help companies securely adopt new technologies. The latter amounts to strict regulation.

But there’s also a third way, Rhee said: providing a “playground,” or testing space for companies to test what works.

That could be perfect for IoT, in which there are almost as many security standards as there are devices.

“The problem is, there are too many standards out there … Everybody claims they have their own standard,” Rhee said. “Every company’s creating their own thing.”

A NIST-backed program, the Global Cities Challenge, leverages that, allowing IoT manufacturers to work directly with local governments to test out various devices in the real world.

“The market’s going to figure it out,” Rhee said. “The question is, how fast the market can get there and what is the role of government to accelerate that process.”


Security of Devices and Data a Focus

One of the areas in which there’s agreement the government needs new rules is in securing the growing number of devices connected to the Internet — and the data stored on those devices.

University of Michigan researchers this summer, for example, showed that networked traffic lights are vulnerable to cyberattacks. Meanwhile, hackers breached Internet-enabled baby monitors and harassed parents and young children.

A recent study showed 70 percent of widely used IoT devices had security vulnerabilities, Schatz said.


For the government and private companies that operate critical infrastructure, such as power grids and water systems, the challenges may be even more acute.

The President’s National Security Telecommunications Advisory Committee last month issued a report last month warning of the pressing need for the government to take steps to ensure IoT devices in critical infrastructure are adopted securely.

“So policymakers actually have no choice in this space,” Schatz said. “We must take on this topic, both because of its scope and its potential benefits and dangers.”


DHS Cyber Program Repels Threats in Real Time

By Aliya Sternstein

December 9 2014


CenturyLink has begun automatically blocking malicious operations on federal networks, under a controversial Department of Homeland Security program that monitors Internet traffic governmentwide.

The progress comes after delays due to contract negotiations. DHS in 2013 tapped five telecommunications companies to computerize threat deflection, including major players AT&T and Verizon.

CenturyLink becomes the first company to go live with intrusion prevention — the third phase of the “Einstein” scanning program. The company, as of Monday, is delivering services to nine civilian agencies, representing about a quarter of federal users, DHS and CenturyLink tell Nextgov.

The company has “the first fully operational” system that is “actively providing cybersecurity services to federal civilian agencies’ end-users,” CenturyLink officials said in a statement.

The project is ahead of schedule, DHS officials said. Einstein 3 Accelerated, or E3A, was slated for completion in 2018 but now is projected to reach full operating capability as early as 2015. DHS has inked memorandums of agreement with 42 other agencies.

DHS would not name the agencies or comment on negotiations with other Internet service providers. AT&T and Verizon declined to address the program, saying they do not comment on customer matters.

The whole Einstein project, as of Aug. 31, was expected to cost nearly $3 billion, according to federal spending databases.

The contract issues complicating rollout included the “general readiness of the ISPs to meet the functional, security, and operational requirements of E3A,” a March DHS inspector general report determined.

Einstein 3 is designed to quarantine emails and block malicious Web domains that “spoof” legitimate sites, according to CenturyLink. The service defends the perimeter of federal civilian networks. It senses aberrant activity using threat “signatures,” or tell-tale signs of a hacker derived from U.S. intelligence and private research. These indicators can include certain email headers or IP addresses, according to a DHS privacy assessment of Einstein.

Under a one-year task order, CenturyLink is adding the blocking features to agencies’ existing Einstein services. Einstein 1 analyzes traffic flows; Einstein 2 alerts security professionals to suspected threats using intrusion detection technology.

DHS ultimately expects to deploy phase 3 across all federal agencies.

The new system consists of commercial technologies and government-developed software. A “sinkholing” application prevents malware on dot-gov networks from copying data to rogue Internet domains by redirecting users to safe servers, according to DHS.

The email filtering tool scans messages destined for dot-gov networks for dubious attachments and links, before delivering them. Infected messages are either quarantined or redirected to DHS cyber analysts for further scrutiny.

Homeland Security has plans to discard all Einstein records at least three years old, as earlier reported. DHS officials have decided they have no research significance. But some security analysts say DHS would be disposing of a wealth of historical threat data. And privacy experts say destroying the records could eliminate evidence the governmentwide surveillance system does not yield results.


Woolpert gets unique permission to fly drones over Ohio, Mississippi

Dec 10, 2014, 9:54am EST

Tristan NaveraStaff Reporter-

Dayton Business Journal


A local company is among the first in the nation to get permission to fly drones.

Woolpert Inc. has been granted permission by the Federal Aviation Administration to fly unmanned systems at two locations, it announced Monday as part of a round of exemptions granted which included three other companies. This makes the Beavercreek-based firm one of the first commercial enterprises in the United States to be allowed to fly unmanned systems for commercial uses.

“Unmanned aircraft offer a tremendous opportunity to spur innovation and economic activity by enabling many businesses to develop better products and services for their customers and the American public,” said Transportation Secretary Anthony Foxx. “We want to foster commercial uses of this exciting technology while taking a responsible approach to the safety of America’s airspace.”

In a petition, the group sought permission to operate the Altavian Nova Block III over parts of rural Ohio, areas a map which covers about 35 percent of the state, or about 16,000 square miles, limited to rural areas and away from airports.

The group had also been seeking permission to operate the Altavian Nova Block III to survey Ship Island near Biloxi, Miss., per a request from the U.S. Army Corps of Engineers.

The other companies receiving permission were Trimble Navigation Limited, VDOS Global LLC and Clayco Inc.

The UAS in the proposed operations do not need an FAA-issued certificate of airworthiness because they do not pose a threat to national airspace users or national security. The firms said they will operate UAS weighing less than 55 pounds and keep the UAS within line of sight at all times.

Woolpert, a geospatial analysis firm, has been seeking to use unmanned craft for surveying purposes. It submitted its requests to the FAA over the summer, a move which was supported by prominent drone trade group, the Association for Unmanned Vehicle Systems International.

The FAA granted its first few commercial exemptions to oil companies operating pipelines in Alaska earlier this year. It then granted exemptions to six major film studios to use the craft. The FAA requires special rule making exemptions on a case-by-case basis for drone operations for commercial companies. It also allows public entities to operate the craft using Certificates of Authorization.

Several hundred COAs have been authorized around the country including to Sinclair Community College, Ohio State University and Wright State University.

Woolpert has more than 600 total employees, including 235 in the Dayton region. It posted revenue of $110 million last year, according to DBJ research.


Amazon commercial cloud tapped for GEOINT

Dec. 9, 2014 |



The National Geospatial-Intelligence Agency (NGA) has become the first intelligence agency to host an operational capability on Amazon Web Services’ Commercial Cloud Services.

Lockheed Martin put an interactive map for NGA’s Map of the World on Amazon’s C2S, according to a company announcement. Map of the World is an interactive map that allows users to identify terrain and manmade features as well as any intelligence data associated with them. Lockheed Martin’s Geospatial-Intelligence Visualization Services (GVS) program migrated the map and ensured that it complied with the intelligence community’s ICD-503 security guidelines for IT. The project is part of the Total Application Services for Enterprise Requirements (TASER) GVS contract vehicle, which was originally awarded in 2012.

“Deploying geospatial mission applications and software to a commercial cloud environment allows the Map of the World to operate with more agility and efficiency,” said Jason O’Connor, vice president of analysis and mission solutions at Lockheed Martin Information Systems & Global Solutions. “This accomplishment demonstrates the power of what can be done by leveraging cloud technologies with mission driven software. It shows how we can further enhance geospatial capabilities in the intelligence and DOD community.”



DoD’s first network hub successful in early tests

Dec. 8, 2014 |

Written by JOE GOULD


Tests of the first hub in the Pentagon’s network consolidation effort, at Joint Base San Antonio-Lackland, Texas, have thus far been successful, Acting DoD Chief Information Officer Terry Halvorsen said Friday.

This amounts to a step forward as the Pentagon collapses its sprawling, disparate networks into a more streamlined, standardized, defendable and cost-effective structure. Each network hub, called a joint regional security stack (JRSS), is essentially a collection of servers, switches and software tools to provide better network traffic visibility and analysis.

“It has some sensors, which will give us a better tip-off to what’s going on on the network, so we can take more responsive action [against anomalous activity],” Halvorsen said in a call with reporters. Citing security concerns, he declined to discuss the specifics of the test or the protective software — and declined to discuss costs ahead of Congress approving the Defense Department’s budget.

The consolidated structure would also be visible to the National Security Agency, for intelligence sharing and collaborating on network defense, officials say.

Starting next year and culminating in 2016 and 2017, the rolling effort will see 11 JRSS nodes in the continental U.S., and 23 locations around the world. The first JRSS is at Joint Base San Antonio-Lackland has been set up to handle both Army and Air Force network traffic.

“There’s an enormous push behind the thing, this is happening now, it’s not some future pipe dream type stuff,” Hari Bezwada, the chief information officer for the Army’s Program Executive Office Enterprise Information Systems. Bezwada was speaking at an industry conference here on Thursday.

An Army battalion, which has been installing bulk buys of networking gear, has completed work at nine bases, Bezwada said. The Army and Air Force are converting to JRSS nodes, ahead of the Navy and Marine Corps.

The consolidation is meant to reduce the attack surface for hackers, and DoD’s finite number of defenders, Rezwada said. DoD plans to wrap the whole thing in “best-of-breed” security software.

“You don’t want people to come in through the back door and attack, now we can defend these locations a lot better, with sophisticated, trained people,” Bezwada said.

The Army and the NSA’s Information Assurance Directorate are also collaborating on a laboratory that allows experimentation with new cybersecurity technology.

Among other cloud-based applications, the consolidated networks will host “big data” analytics apps that would sniff out intrusions in real time, Bezwada said. What’s more, network overseers will be able to “see” 4 million users simultaneously, Rezwada said.

The transition will also enable the Army to seek cloud-based “unified capabilities,” a package of IP-based services including chat, video and voice communications. The Pentagon plans to issue a request for proposals in early 2015.




JRSS paves the road to JIE

Oct. 16, 2014 |



As the Defense Department edges closer to making its Joint Information Environment a reality, the pieces are coming together, perhaps most tangibly in the form of the joint regional security stack (JRSS).

Pegged as one of JIE’s cornerstones that will better secure military networks and standardize defense IT, JRSS is evolving into a foundational piece of broader departmentwide efforts to transform how the military handles IT, networks and global communications.

“One of the early successes of the JIE is the deployment of joint regional security stacks, which are a component of the single security architecture and will ultimately help to improve command and control and situational awareness across the enterprise,” said Col Daniel Liggins, the vice director of the JIE implementation office at the Defense Information Systems Agency, which is helping lead DoD’s sweeping IT restructuring taking place under JIE. “The stacks are being installed at various sites around the world.”

JRSS continues to take shape as the first site, located at Joint Base San Antonio, Texas, reached initial operating capacity on Sept. 14.


“Joint Base San Antonio has been our proof of concept,” said MG Alan Lynn, DISA vice director. He noted that with the other services on track to integrate with the Army’s efforts down the line, San Antonio serves as the 1.0 version of JRSS, with the coordination of the Air Force and DISA down the road being the “1.5” version and a 2.0 also coming but at the moment remains “undefined.”

“We’re working on 2.0, which will represent capturing the differences between how the Army, Air Force, Navy and Marine Corps do things differently,” Lynn said at a recent AFCEA DC event in Washington.

Joint Base San Antonio is just the first of 11 continental U.S.-based, or CONUS, JRSS locations, and one of what will eventually be 23 locations around the world. In Wiesbaden, Germany, and in southwest Asia (SWA), noncontinental U.S. JRSS facilities are providing network services to troops overseas, and support to those users will continue to grow in the coming years as DoD agencies continue to build up JRSS in Europe and the Asia-Pacific region.

The JRSS strategy has steadily gained momentum over the past year or so as JIE evolves and as the services work to modernize their IT infrastructure, according to defense officials.

“What we were focused on last year was SWA, CONUS and one reach back from SWA to Wiesbaden,” said Mike Krieger, deputy Army CIO/G-6. “We wanted SWA to have two ways out — [communications] right now either go to Germany or to space [via satellite]. So we wanted to do the states and Germany. Last year it was ‘let’s fix SWA,’ and to fix SWA we had to do CONUS and Europe so they’re not isolated. Now we’ve got to go back as DoD, not just as the Army, and say now that we’ve got these installed we’ve got to finish Europe and finish the Pacific.”

With San Antonio reaching initial operating capability Sept. 14, the Wiesbaden location is not far behind, with IOC expected on Nov. 14, LTG Robert Ferrell, Army CIO/G-6, told conference attendees at a recent AFCEA TechNet event. IOC for two stacks in southwest Asia is planned for Dec. 14, Ferrell said.

In the U.S., Montgomery, Alabama, is set to be one of the next locations to be up and running in the coming months, eventually joined by locations at Fort Bragg, North Carolina; Fort Meade, Maryland; Fort Belvoir, Virginia; and in San Diego and St. Louis, among others, Krieger said. Plans are still being made for the locations of all 23 facilities, some of which also are DISA defense enterprise computing centers, or DECCs.

Back at Joint Base San Antonio, work there has progressed quickly, officials say, setting the tone for the base infrastructure modernization efforts that are at the core of the transition to JRSS facility. Work began last year on upgrading network switches and implementing the multi-label protocol switching (MPLS) that underpins DoD’s CONUS network infrastructure overhaul, as well as the transition to JIE and to cloud capabilities.

The effort has relied on partnership between the services and with the defense agencies — collaboration focused on efficiency and effectiveness, according to COL Robert Mikesh, product manager, for the installation information infrastructure modernization program at Army Program Executive Office Enterprise Information Systems.

“That’s what gets us into what we’re doing now in network modernization in terms of the switches, the MPLS network that DISA’s working — the new DISN, so to speak,” Mikesh said. “That’s a [wide-area network] upgrade and that’s very important to us, because the tenets coming out of CIO/G6 right now are [to] reduce the cyber attack surface of our network, increase the capacity of our network and then simplify your network in terms of how our soldiers and the operating commands can actually manage the day to day. How can we centralize that management and simplify the day to day?”


That idea is a critical piece of JRSS and the broader DoD IT infrastructure overhaul. It’s also key in the partnership not only between services and agencies, but also with industry helping to implement the upgrades on the ground and transition DoD to an enterprise-level approach IT management.

“With Joint Base San Antonio, this is the first version of JRSS deployed, so it involves the collection of different capabilities, tools and technologies in multiple servers and multiple software sets,” Chris Kearns, director of DISA programs for enterprise IT solutions at Lockheed Martin. Lockheed’s Information Systems and Global Solutions is the prime contractor for the Global Information Grid Systems Management-Operations contract, which JRSS work is being performed under. “That will allow the virtualization of a lot of capabilities at the base and service levels, and at the DISA and agency level it allows them to have visibility into the network. The team becomes very involved in the operational networks that have to be moved to route traffic through; it has to be planned so no missions are interrupted. Then it’s managed at that single, enterprise level.”

Kearns noted that the broad scope of JRSS and the wider DoD network infrastructure reform efforts means an essentially unprecedented level of IT-focused cooperation in order to get to the enterprise-level approach that is at the heart of JRSS and JIE. It is a journey that has not been without its bumps in the road.

“In general a lot of the policy and procedure improvements, the concepts of operations — the joint aspect is a new approach where rather than have multiple sets of equipment for different stakeholders and different views, now you have everyone coming together,” Kearns said. “Workshops have been valuable to get stakeholders together and dialogue, making sure all the requirements are getting met by the same platform. It’s a little like Joint Strike Fighter, where we had multiple sets of different entities and services come together on a single platform. From a cybersecurity perspective, there are a lot of the same initial challenges in making sure everyone is at the table and getting their requirements met.”

MG John Morrison, commander of Army Network Enterprise Technology Command, said that JRSS, JIE and the installation-level upgrade efforts like those at San Antonio are the three legs of the stool behind an entire new methodology in modernizing the Army network.

“All of these approaches are really an integrated team … the joint management construct applied to [command and control] is really a new way of doing things,” Morrison said at an AFCEA event in Washington. “At San Antonio, we’ve already completed what [in the past] would have taken years. This is really where we’re cutting our teeth on the [concept of operations] of this new joint construct. We’ve got to get this right.”


Can Iran Turn Off Your Lights?

Patrick Tucker

December 9, 2014


Online security company Cylance released a report last week showing that an Iranian cyber-espionage operation “Operation Cleaver” had successfully breached U.S. and foreign military, infrastructure and transportation targets. The report claimed to confirm widely-suspected Iranian hacks of the unclassified Navy Marine Core Intranet system, NMCI, in 2013. It describes (with explicitly naming) more than 50 targets around the world, including players in energy and transportation.

But is the Iranian cyber threat overblown?

The tactics detailed in the report show an escalation of Iranian hacking activity, which the report’s writers, in several instances, refer to as rapid.

“We observed the technical capabilities of the Operation Cleaver team rapidly evolve faster than any previously observed Iranian effort. As Iran’s cyber warfare capabilities continue to morph the probability of an attack that could impact the physical world at a national or global level is rapidly increasing. Their capabilities have advanced beyond simple website defacements, Distributed Denial of Service (DDoS) attacks, and Hacking Exposed style techniques,” the report states.

The Operation Cleaver team found vulnerabilities in the Search Query Language or SQL coding in various target systems and then used those SQL vulnerabilities to inject secret commands into back servers (a tactic called SQL injection). They were then able to upload new tools into the systems allowing for more data theft and access. The tools enabled the hackers to capture a wide number of administrator passwords (a technique known as

Among the targets were some 50 companies in 16 countries, representing 15 industries including “military, oil and gas, energy and utilities, transportation, hospitals, telecommunications, technology, education, aerospace, defense contractors, chemical, companies and governments.”

The report’s most dramatic assertion appears on page 5, “Iran is the New China” it declares.

But is it true?

The Not-So-New China of Cyber-Attacks

Speaking before the House Intelligence Committee last month, Vice Admiral Michael Rogers, the commander of U.S. Cyber Command, said that China and perhaps “one or two others” could effectively blackout portions of the United States. “It is a matter of when, not if, that we are going to see something dramatic.”

What does “something dramatic” look like? In a word: dark. “If I want to tell power turbines to go offline and stop generating power, you can do that,” Rogers said. “It enables you to shut down very tailored parts of our infrastructure.”

Rogers declined to mention which “one or two others” had the ability to turn off your lights, but Iran’s burgeoning cyber-capabilities occupy a growing portion of Roger’s job.

In 2013, when hackers within Iran attacked NMCI, it was Roger’s job to fix the gaps, an issue that members of the Senate Armed Services committee asked him about during his 2014 confirmation hearing. At the time, he said that NMCI was “properly architected and constructed against external cyber attacks.”

Other cyber hawks have been more eager to play up the Iranian threat. House Intelligence Committee Chairman Rep. Mike Rogers, R-Mich., speaking to The
Free Beacon
last month, noted, “We have seen some very, very devastating efforts on behalf of Iran.”

To understand what those efforts may be, it makes sense to consider the history of Iran’s cyber capabilities.

In the 2009, as the Green Movement was fomenting popular resistance the Iranian government, the formation of the “Iranian Cyber Army” marked “a concentrated effort to promote the Iranian government’s political narrative online,” according to OpenNet Initiative’s 2013 analysis of Internet Controls in Iran from 2009-2012. The Army attacked news organizations and opposition Websites within Iran with great success.

Around the same time, the pro-government Basij paramilitary organization launched the Basij Cyber Council, which recruited hackers to develop cyber attacks and spy on Iranian dissidents through malware and “phishing campaigns” where victims were lured to fake websites and tricked into surrendering information. Not long afterward, Iran’s pro-government hacker community turned its attention outward. 

The most severe attack that can be linked to Iran was the 2012 “Shamoon” attack against Saudi Arabian oil company Aramco. It emerged from a shadowy group called the “Cutting Sword of Justice” and effectively took out 33,000 Aramco computers, erasing the data on the hard drives. Then-Defense Secretary Leon Panetta called it “a significant escalation of the cyber threat and they have renewed concerns about still more destructive scenarios that could unfold.” Escalation sounds troubling until you consider the baseline state from which said escalation ascends.

Here’s what Shamoon did not do: affect any of the computers that actually controlled vital mechanical processes at Aramco. It did not cause any industrial accidents and did not shut down oil production. The attack was costly, caused inconvenience on a large scale, but was not a black-out attack.

“There was nothing about Shamoon that was sophisticated. In fact, Shamoon was only 50 percent functional according to one of the labs that I spoke with,” Jeffrey Carr, CEO of the cyber-security firm Taia Global and the author of Inside Cyber Warfare: Mapping the Cyber Underworld, told Defense One.

The level of technical expertise displayed by Shamoon, and hinted at in the Cylance report, suggest that the sophistication of Iran’s cyber capabilities has not reached that of China or Russia or the United States. SQL injection hacks can be severe but are not exotic. The attacks detailed in the Cylance report also make use of a widely known security bug, the MS08-O67 flaw in Microsoft Windows.

Today Is Not Zero-Day

Cylance claims that they uncovered “only a fraction” of the systems that Operation Cleaver likely targeted. But as Dan Goodin, writing for Ars Technica, reports “there’s no evidence any zero-day vulnerabilities were exploited.” That suggests that the gaps Operation Cleaver took advantage of are fixable at relatively low cost.

So-called zero-day attacks exploit new classes of vulnerabilities in systems, vulnerabilities for which there is no effective patch. When a zero-day attack occurs, the security team has “zero” days to come up with a solution a very novel problem. Stuxnet, the worm that effectively shut down the Iranian nuclear refinement centrifuges in 2010, was a zero-day weapon and actually did succeed in shutting down vital mechanical processes outside of cyberspace.

Hackers within China are practiced at zero-day attacks, including a reported global attack against shipping interests occurring in July. That attack, while sophisticated, amounted to little more than industrial espionage, which fits with China’s modus operandi.

China vs. Iran: Differing Capabilities and Motivations

Therein lies the big difference between China and Iran as a cyber adversary. China is more capable and more focused on narrow objectives, which Cole defines as “stealing intellectual property and national secrets primarily to give itself a competitive edge in competing in the global market.”

Government officials have echoed that view. Speaking before the Senate Intelligence Committee in January, James Clapper, the Director of National Intelligence, said “China’s cyber operations reflect its leadership’s priorities of economic growth, domestic political stability, and military preparedness.” Read that to mean a likely continuance of data theft, not terrorist acts that could damage both economies.

Iran, as a cyber adversary, is both less capable and more bellicose than China. The Iranian economy, unlike China’s, is largely divorced from that of the United States. And Iran was the only nation to actually suffer a catastrophic cyber attack, for which it blames Israel and the U.S. As a result of these and other factors, Iran may have more of a will for cyber-mayhem even if it lacks the most dangerous tools.

In this way, Iran is the perfect cyber adversary for Washington’s hawks to rattle sabers against, and the rattling is becoming more frequent.

Speaking to The Hill’s Cory Bennett on Nov. 22, Rep. Rogers speculated that a breakdown in negotiations between Iran and the United States on an upcoming nuclear deal could compel Iran to attack water and oil and water systems in the United States.

“As soon they believe it’s to their advantage to begin again in more aggressive cyber activity toward the United States, they’re going to do it,” Rogers said. “It would be logical to conclude that if the talks fail completely, they’ll re-engage at the same level.”

The deadline for a deal passed—peacefully—two days later, with the parties agreeing to a seven-month extension.

“Are they the new China? At this point they haven’t shown us enough capability to overshadow the continuous attacks of various levels of sophistication from China,” Tony Cole, the global government chief technical officer for the cybersecurity group FireEye told Defense One. “They might be simply showing the world that they have a capability at this point in the cyber arena or it could be for more nefarious purposes where they plan on creating a cyber attack to have a kinetic and damaging effect in the real world. We hope it’s not the latter.”

(For a history of Iranian cyber capabilities, check out FireEye’s 2013 paper.)

Despite its growing capabilities, Iran probably lacks the means to turn off your lights. 


FAA Faces Fresh Flack for Drone Policy

U.S. Regulators Approves Anther Four Companies to Use Drones for Industrial Operations

By Jack Nicas

Updated Dec. 10, 2014 1:26 p.m. ET


The lack of a comprehensive policy for drone use in the U.S. is endangering the safety of air transportation while also setting U.S. businesses behind their peers abroad, lawmakers, government watchdogs and industry officials said at a congressional hearing.

The comments on Wednesday came as the Federal Aviation Administration made its latest incremental move to open the skies to commercial use of drones, approving four companies to use the devices to create maps and collect data on construction sites. The decision brings the number of approved commercial-drone operators in the U.S. to just 13—compared with thousands in Europe.

“I can’t help but wonder: If the Germans, French and Canadians can do some of these things today, why can’t we also be doing this?” said U.S. Rep. Frank LoBiondo (R., N.J.) at a hearing Wednesday on U.S. drone regulations. “Are they smarter than us? I don’t think so.”

The hearing underscored frustration over the pace of the FAA’s efforts to develop new drone rules, as well as the many technological, regulatory and safety challenges that remain to integrate the devices into U.S. skies. Currently the agency bans the use of drones by companies other than the 13 it has granted exceptions, though many businesses and entrepreneurs are using them without authorization.

Peggy Gilligan, the FAA’s associate administrator for aviation safety, defended the agency’s progress, saying regulators are taking a gradual, cautious approach because authorizing widespread drone flights in the U.S.—which has the world’s most crowded airspace—carries extreme safety risks.

Other experts at the hearing reinforced the need for caution. Dr. Nicholas Roy, a robotics professor at Massachusetts Institute of Technology who helped develop Google Inc. ‘s delivery-drone prototypes, said small consumer drones aren’t yet reliable and engineers are struggling to develop many important technologies, such as features that enable the devices to detect and avoid obstacles. But, he added, FAA restrictions on test flights are complicating the development of such technologies.

Lee Moak, head of the Air Line Pilots Association, brought a hand-held four-rotor drone to the congressional hearing and showed pictures of planes that were struck by birds or drones. He urged regulators and lawmakers not to allow industry pressures to rush drone regulations. “Standards and technologies must be in place to ensure the same high level of safety before an [unmanned aircraft] can be permitted to occupy the same airspace as planes,” he said.

Gerald Dillingham, director of aviation issues at the Government Accountability Office, said the FAA is behind schedule on eight of 17 drone-related mandates Congress gave the agency in 2012. Notably, he said, integrating drones into U.S. airspace—mandated to occur by September 2015—likely won’t occur until 2017 or later.

That delay “could contribute to [drones] continuing to operate unsafely and illegally and lead to additional enforcement activities for FAA’s scarce resources,” he said. Plus, without rules for commercial drones, “U.S. businesses may continue to take their testing and research-and-development activities outside of the U.S.”

Rep. Blake Farenthold, (R., Texas), who said he had “a quadcopter on my Christmas list,” asked Mr. Dillingham how the FAA could expedite its drone regulations. In response, Mr. Dillingham said, “This is a situation that, although we’ve studied it, we don’t have an answer for.”


Rep. Farenthold then asked Mr. Dillingham how the FAA could better enforce its effective ban on commercial-drone use in the U.S., a policy that U.S. entrepreneurs are widely violating. “It’s going to be a difficult, if not impossible task because the FAA already has so many calls on their resources,” Mr. Dillingham said.

The FAA has written draft rules on commercial drones, but they are under review and aren’t expected to be implemented soon. Meanwhile, the agency is issuing case-by-case approvals for companies to use drones for their businesses. Earlier this year, the agency approved seven companies to use drones for filmmaking. The agency earlier approved two commercial-drone operations in northern Alaska.

On Wednesday, the FAA approved four more companies because their proposed drone operations “do not pose a threat to national airspace users or national security.”

FAA issued those exemptions to Trimble Navigation Ltd. and VDOS Global LLC, which make or operate unmanned aircraft, and Clayco Inc. and Woolpert Inc., two architectural and engineering firms. The companies plan to use drones to make maps, monitor construction sites and inspect oil flare stacks, the agency said.



Unmanned aircraft rules needed now, AOPA tells Congress

by Press • 11 December 2014


By Elizabeth A Tennyson


The FAA should expedite its rule governing the operation of small commercial unmanned aerial systems, AOPA told the House Aviation Subcommittee in comments submitted for the record as part of a Dec. 10 hearing on UAS technology. In its statement, AOPA also recommended that the FAA take steps to address dangerous operations by recreational UAS users, including stipulating penalties.

In order to operate safely in the National Airspace System, AOPA said, commercial unmanned aircraft should be certified using a standard airworthiness certificate or other form of FAA approval, be controlled by an FAA-approved pilot or operator, and be utilized in compliance with current operating rules and airspace requirements, including see-and-avoid capabilities.

Commercial UAS are currently allowed to operate only with an FAA waiver. On the day of the hearing, the agency granted five new regulatory exemptions to four companies, bringing the total number of exemptions to 11. The newest waivers will allow the use of UAS for aerial surveying, construction site monitoring, and oil rig flare stack inspections. To obtain the exemptions, the companies had to demonstrate they could maintain an equivalent level of safety to other aircraft.

In addition to concerns over commercial operations, an increasing number of incidents involving recreational UAS pose a potential threat to aviation operations, AOPA told the subcommittee. The FAA limits recreational UAS operations to altitudes below 400 feet, requires that they be flown within sight of the operator, and puts restrictions on operations in the vicinity of airports and aircraft. Despite these rules, the FAA has received reports from pilots and air traffic controllers describing 193 UAS encounters so far this year.

“It is clear that many of the people flying UAS have little or no knowledge of the rules under which other airspace users operate,” AOPA wrote in its statement. “It is also clear from online videos that operators are flying near airports, in the clouds, and in congested airspace.”

AOPA is encouraging the FAA to issue clear guidance for recreational UAS operations and ask manufacturers to include that information in product packaging. AOPA also wants the FAA to work with associations to improve educational outreach to recreational UAS operators, establish penalties for reckless UAS operations, and publish guidance for pilots on how to file timely reports on UAS encounters.

Dangerous commercial and recreational UAS operations have also raised concerns for the AOPA Air Safety Institute, an arm of the nonprofit AOPA Foundation that provides free safety education for pilots and flight instructors, analyzes safety data, and conducts safety research.

“Radio controlled model aircraft have been around for decades. The difference—and the challenge—now is the proliferation of low cost, multi-rotor ‘drone’ aircraft that take little or no training to operate and are often flown beyond line of sight using ‘point of view’ systems,” said George Perry, Air Safety Institute senior vice president. “Technology moves fast, and government bureaucracies like the FAA do not. It’s clear to anyone who has been following ‘the rise of the drone’ that there are several safety concerns and the FAA is struggling with how best to deal with those.”

AOPA has been involved in UAS regulatory issues since 1991, when the FAA tasked an aviation rulemaking advisory committee with developing guidance for UAS. In 2004, AOPA asked the FAA to create a government-industry working group to develop consensus standards for operating small UAS weighing 55 pounds or less. AOPA served on the group and the FAA accepted the resulting consensus standards in 2007, but has yet to release a proposed rule.

In the meantime, the FAA has relied on outdated guidance to govern the use of UAS, including Advisory Circular 91-57, which was drafted in 1981. That guidance “does not address commercial UAS operations or line-of-sight and point-of-view operations because in 1981 commercial applications for model aircraft were almost non-existent and having images beamed back to the user to be displayed in Google glasses was science fiction,” AOPA wrote in its statement.

During Wednesday’s hearing, the subcommittee heard from representatives of the FAA, the Government Accountability Office, the Department of Transportation Office of Inspector General, the airline industry, and the UAS industry.


Fight or flight: Amazon gets tough with the FAA

Amazon says if the US agency won’t play, its drone operations will end up overseas. We’ll see whether that threat gets off the ground.

by Donna Tam and Stephen Shankland

December 10, 2014 1:27 PM PST

For Amazon and its drones, the FAA must seem like a heavy cloud cover that just won’t lift.

The online retailer has ambitious plans to try out home delivery of goods via small unmanned aircraft, but needs clearance from the US Federal Aviation Administration to do flight tests outdoors — clearance that, in Amazon’s eyes, can’t come soon enough.

The FAA, meanwhile, is in no rush to allow what could be swarms of pilotless vehicles — not just from Amazon — into airspace also used by commercial and private planes and helicopters. Operating a commercial fleet of drones is currently illegal, but the government agency has approved a limited number of organizations to conduct flight tests. Amazon was hoping to be among those allowed to do trial runs with its drones.

Amazon’s impatience with the oversight process showed through this week in the company’s latest letter to the FAA, in which it threatened to move more of its drone trials overseas.

“I fear the FAA may be questioning the fundamental benefits of keeping [unmanned aircraft systems] technology innovation in the United States,” Amazon’s vice president of global public policy, Paul Misener, wrote in the letter, dated December 7.

The agency said it will continue to review Amazon’s situation and has assigned an inspector to “work closely” with the company, according to a statement.

“The FAA is currently waiting for additional information from the company to complete the application,” the agency said.

Neither Amazon or the FAA would say what additional information the agency requires of Amazon. There is no set timetable for the process, an FAA spokeswoman said.

The new plea from the world’s largest online retailer, which follows a letter Amazon sent in July, underscores the FAA’s caution on drones as it works to establish rules for commercial drone operations. Currently, only hobbyists can fly drones outdoors. Until commercial regulations are in place, the FAA is reluctant to approve widespread outdoor testing, meaning that for now Amazon must conduct such flight tests abroad.

“In the absence of timely approval by the FAA to conduct outdoor testing,” Amazon said in its letter, “we have begun utilizing outdoor testing facilities outside the United States. These non-U.S. facilities enable us to quickly build and modify our Prime Air vehicles as we construct new designs and make improvements.”

Amazon won’t say where, but the BBC reported that the company has a drone facility in the UK. It’s not the only company that has to go overseas — Google has been testing drones in Australia.

Meanwhile, Amazon is testing drones in an indoor space near its headquarters in Seattle, Wash.


The slow approach

The deliberate approach by the FAA is in keeping with its mandate.

“The FAA’s approach is conservative by necessity. Given the number of rogue operators out there who just don’t seem to care, the FAA is moving slowly, although I call it methodically,” said Mark A. Dombroff, an aviation attorney who leads a drone practice at McKenna Long & Aldridge.

Despite those concerns, the government should approve Amazon’s request, he said.

“I see no problem with them testing [drones] outside so long as they observe all the same parameters that the FAA has defined for any exemption being sought,” he said. “I understand that they are agreeable to doing just that, so I think they should get an exemption.”

It’s likely the government is hesitant given Amazon’s ambitious plans for commercial delivery, according to Dombroff.

Amazon last year announced Prime Air, a way to deliver packages that weigh 5 pounds or less in under 30 minutes. More than 86 percent of the millions of products Amazon sells fall in that weight category.

While drones are traditionally associated with military operations, the US government is trying to figure out how these unmanned aircraft will work in a civilian environment. In January, the FAA announced six testing sites that would help the agency determine guidelines for issues related to civilian drone operation, like safety, communications, navigation, air traffic control and privacy. The sites chosen are the University of Alaska, the state of Nevada, Griffiss International Airport in New York, the North Dakota Department of Commerce, Texas A&M University’s Corpus Christi campus and Virginia Polytechnic Institute.

Misener said previously that the company wants to run its outdoor testing closer to its home in Washington. It applied for an exemption in July, arguing its service would benefit the public, and would not harm public safety. The FAA previously approved a handful of exemptions in September to moviemakers operating drones under tight controls.

The FAA initially suggested Amazon apply for an experimental permit instead of exemptions, according to Monday’s letter. The agency said it has issued more than 200 of these experimental certificates to drone operators since 2005.

These permits are applied to a specific drone model, which Misener said would take too long, given how quickly Amazon is developing new models. The drones went through three iterations in the span of two months, according to the company’s initial request, and is likely past its ninth generation by now. Misener called the permit process “lengthy” and “burdensome.”

Misener also played the patriotism card in his letter this week, writing that it is “in the public interest” to keep Amazon’s drone R&D efforts in the US: “Amazon is increasingly concerned that, unless substantial progress is quickly made in opening up the skies in the United States, the nation is at risk of losing its position as the center of innovation for the [drone] technological revolution, along with the key jobs and economic benefits that come as a result.”

Still, the FAA has good reason for its go-slow approach, said Paul Saffo, who forecasts technology trends as a consultant at Discern Analytics.

“The FAA’s ‘slow’ pace might be actually protecting the industry from some horrible accident that would have a vastly greater negative impact,” said Saffo. “First we invent our technologies. Then as a society we decide how to use that technology.”


Rasmussen Reports

What They Told Us: Reviewing Last Week’s Key Polls

Bottom of Form

Saturday, December 13, 2014

It’s disconnect time between Americans and their government once again.

Voters continue to believe that cutting government spending and taxes are the best presents the federal government can give the economy this holiday season.  Instead, Congress is on the brink of passing a $1.1 trillion budget that does neither.

Most voters have said in surveys for years that controlling the border to stop illegal immigration should come before any steps putting those already here illegally on the path to citizenship. Instead, President Obama on his own has exempted up to five million illegal immigrants from deportation, and so far there doesn’t appear to be much Congress can do about it.

The majority opposes the president taking action on immigration issues without Congress, perhaps in part because many don’t believe he is as interested as they are in stopping illegal immigration.  Voters are closely divided over whether their state should join the 17 states now suing the Obama administration over the president’s action.

Voters weren’t clamoring for a report on CIA interrogation methods either, but the Senate Intelligence Committee released one anyway this week. Some in the national security community warned against making the results of the Senate investigation public, saying it’s likely to cause reprisal attacks against Americans overseas. Voters strongly believe it would have been better for Congress to keep the Central Intelligence Agency’s interrogation methods a secret if the disclosures put the American public at risk.

Besides, nearly half of voters favor the harsh interrogation tactics used by the CIA on suspected terrorists and think they elicited valuable information that helped the United States.

Then there’s Obamacare which remains untouched despite numerous voter concerns. Most voters continue to believe the unpopular national health care law will cost the government more than projected and will push up health care costs for all Americans.

Voters aren’t keen on the idea of declaring war on the radical Islamic group ISIS in Iraq and Syria and strongly feel that congressional approval should be required before the president sends U.S. troops into combat. The Senate edged closer this week to authorizing boots on the ground for a war most voters don’t want.

On the holiday front, Americans remain strongly supportive of celebrating Christmas in the public schools and putting religious displays on public land – even as state and local governments run in the opposite direction.

Voters continue to give mediocre reviews to the public schools and remain strongly pro-choice when it comes to things like uniforms, academic calendars and school prayer.

Despite complaints from many in government, Americans are solidly convinced that their local police are their protectors and give them high makes for the job they do. Most also believe deaths that involve policemen are usually the fault of the suspect, not the cop.

But Americans are less sure of the need for police to use factors such as race, ethnicity and overall appearance to determine whom they should randomly search.

As with many issues involving race, black Americans and white Americans have distinctly different views of the police and recent high-profile events involving them in Ferguson, Missouri and on Staten Island in New York.

Most Americans aren’t convinced that recent protests around the country in response to the grand jury decisions in Missouri and New York will bring about desired changes and think such protests are controlled by special interest groups and outside agitators anyway.

Americans are more supportive of police officers wearing body cameras and believe it will reduce the number of fatal incidents cops are involved in.  Interestingly, however, they think the cameras will protect the police more than civilians.

Voters have become slightly less critical of the president since Election Day, although his daily job approval rating still runs in the negative mid-teens.

Democrats have edged ahead on the latest Generic Congressional Ballot, the first time they’ve had the lead since early October.

In other surveys last week:

— Twenty-six percent (26%) of voters think the United States is heading in the right direction. This finding has been under 30% nearly every week for the past year-and-a-half.

Investors are feeling more upbeat, consumers less so.

— It’s Jesus vs. Santa again this Christmas season.

— Americans are in the charitable spirit this Christmas, and more plan to make a donation than last year.

Most adults think their fellow Americans play video games too much. Nearly half of Americans also still believe violent video games lead to more violence in society.


From → Uncategorized

Comments are closed.

%d bloggers like this: