Skip to content

June 13 2015

June 15, 2015


13 June 2015


Blog URL



After the latest hack attack, can feds trust Uncle Sam with their personal information?

By Joe Davidson June 7 at 6:18 PM


For federal employees, the massive data breach at the Office of Personnel Management (OPM) raises a troubling question: Why should the government be trusted to protect their personal information?

OPM says a “cybersecurity incident,” revealed on Thursday, was detected in April. “Incident” is small word for a big theft, a serious and far-reaching hijacking that endangers the personal information, including Social Security numbers, of 4 million current and former federal employees. The cybertheft began in December.

But it’s not the word choice that has federal workers and members of Congress upset. It’s the three Ts — trust, times and time.

On trust, “given the repeated major digital security failures and the lack so far of meaningful accountability, unless the Congress funds and the president takes swift and decisive corrective action, it is impossible to argue that federal employees should trust their employer with their personal information,” said Lee Stone, a NASA scientist and an International Federation of Professional and Technical Engineers officer.

Those repeated failures speak to the number of times the personal information of federal employees has been the target of digital intrusion across government, not just OPM.

“The number of reported information security incidents involving personally identifiable information (PII) has more than doubled over the last several years” at federal agencies, from 10,481 in fiscal year 2009 to 25,566 in 2013, the Government Accountability Office reported last year.

OPM, however, is in a particularly critical position because in some ways it functions like the government’s personnel office. An inspector general’s audit in November said “the drastic increase in the number of systems operating without a valid Authorization is alarming and represents a systemic issue of inadequate planning by OPM program offices to authorize the information systems that they own.”


Samuel Schumach, OPM’s press secretary, defended the agency, saying “OPM took action in February 2014 and developed an aggressive plan to bolster our IT networks and databases and adopt state-of-the-art security protocols.” He noted the audit “credited OPM for developing a plan to strengthen IT security policies” and “where the audit found certain weaknesses, OPM was at that time already planning and implementing certain upgrades and controls.”

If OPM is behind on cybersecurity, which it is, it has plenty of company.

“For fiscal year 2014, 19 of 24 major federal agencies reported that deficiencies in information security controls constituted either a material weakness or significant deficiency in internal controls over their financial reporting,” GAO reported in April. “In addition, inspectors general at 23 of these agencies cited

Another attack on an OPM database was discovered in March 2014. Employees weren’t informed until July, leading to complaints like those heard now about the third T – time – as in the time it takes for agencies to inform staffers about an attack.

Lucy Barber said she’s heard from colleagues about “the outrage [at] the delay between the government knowing about the breach and notifying employees.”

There is outrage in Congress, too. “OPM needs to do what they should have done weeks ago and personally contact each current and former employee impacted and provide all of their resources to help our civil servants deal with this intrusion,” said Rep. Don Beyer (D-Va.).

After learning of the latest intrusion in April, OPM worked with the Department of Homeland Security’s Computer Emergency Readiness Team “as quickly as possible to assess the extent of the malicious activity and to identify the records of individuals who may have been compromised,” Schumach said. “During the investigation, OPM became aware of potentially compromised data in May 2015. With any such event, it takes time to conduct a thorough investigation and identify the affected individuals.” OPM planned to begin contacting employees Monday.

As disturbing as all this is, at least the credit rating of feds might not be at risk. As my colleague Ellen Nakashima reported, the Chinese allegedly stole the information possibly to build their own database of federal employees, not to make bogus flat-screen television purchases at Target, which was the victim of an earlier hack attack.

Previous cyber-hits coupled with the recent one cause Congress, not just the rank and file, to worry about OPM’s ability to protect the workforce.

The latest “reported breach is part of a troubling pattern by this agency in failing to secure the personal data of federal employees – the second major breach in a year,” said Sen. Mark R. Warner (D-Va.). “. . .We cannot afford to keep dragging our feet in addressing the escalating threats posed by hackers out to steal individuals’ personal information.”

One scary thought from OPM: “Since the investigation is on-going, additional PII (personally identifiable information) exposures may come to light.”



OPM Hackers Skirted Cutting-Edge Intrusion Detection System, Official Says

By Aliya Sternstein

June 6, 2015


When attackers compromised a federal personnel system holding records on up to 4 million current and former employees, the files were in an Interior Department data center equipped with the most up-to-date version of a governmentwide intrusion detection tool, a government official with knowledge of the center at the time said Friday.

But that tool, called EINSTEIN 3, would not have been able to catch a threat that has no known footprints, according to multiple industry experts.

The malicious software used to compromise an Office of Personnel Management system in December reportedly had never been seen before and carried no indicators of compromise, or “signatures.”

OPM detected an intrusion in April, the agency disclosed Thursday. The incident marks the fourth publicly known network penetration of an organization maintaining files on federal employees with access to classified secrets, in the past year.

It is unclear who discovered the distinctive characteristics of the malware and other tactics used. What’s known is that, according to the Department of Homeland Security, once those signatures were captured, they were fed into DHS’ EINSTEIN 3, the governmentwide tool that over the past year gained the capability to block attacks, too.

Ultimately, in May, DHS determined the intrusion successfully breached sensitive job-related data on millions of military, civilian and retired federal personnel, according to Homeland Security. An FBI investigation is ongoing.

The mammoth hack, surprisingly, demonstrates that swapping tips about threats can prevent inevitable attacks — like this one by a suspected well-funded group — from accelerating. Some observers say EINSTEIN and complementary OPM-managed continuous monitoring tools that noticed a network penetration eventually detected activity that otherwise could have gone on for years.

The timing of the infiltration coincides with a tense congressional debate over information-sharing legislation that would exchange signatures of malicious campaigns among industry and government. Critics say the measures could expose personal information caught up in network traffic and let companies off the hook for being hacked.


EINSTEIN is No Cure-All, Experts Say

EINSTEIN 3 was deployed on all Internet connections at the Interior “shared services” data center, which facilitates payroll, financial management and contracting for about 20 agencies, according to the government official. The person would only speak on the condition of anonymity because of the sensitivity of the investigation.

The OPM system was segregated, physically in its own enclave inside the Interior center, the official said.

Typically, each agency is responsible for adding more layers of protection to their individual systems, such as login verification, agency-specific network intrusion-detection systems, and testing for holes a hacker can enter through.


Interior Department officials said in a statement they “continue to be vigilant to ensure that necessary security measures are in place to further strengthen and protect agency, customer and employee data.” Interior has a “multipronged remediation strategy to prevent, detect and act against malicious activity on our network in order to respond and recover following an incident,” officials added.

The estimated $3 billion EINSTEIN system is not a cure-all for well-funded campaigns insistent on breaching federal networks, according to security experts.

The tool only looks at the traffic coming into the network as it traverses the Internet service provider, said Ron Gula, chief executive officer of Tenable Network Security, a major contractor for agencies that perform continuous monitoring. DHS is offering all agencies sensors, consulting services and other network surveillance tools under a $6 billion contract.

“The fact that EINSTEIN saw the attack or observed the network traffic from a long time ago is different from the fact that it was recognized as an attack only recently,” he said. Essentially, EINSTEIN cannot act as a real-time detection system unless it knows the specific malware exists in the world.

“At the end of the day, I actually give the federal government high marks for detecting this and reporting it,” Gula said. “It was caught relatively quickly. The reality is, you are not going to keep out all intruders. It’s not a reasonable expectation in today’s day and age.”


At Least They Didn’t Reach NASA, Like Last Time

And the situation might have been even more detrimental had it happened a decade ago, when Interior first began handling payrolls for other agencies

“I remember us being able to go into NASA’s data on astronauts through Interior’s payroll center and it was rather bizarre,” said a former Interior Inspector General Office employee, who was testing for network holes at the time. “Back then, it was like a knife going through butter to get into the center.”

The retired official spoke on the condition of anonymity because of the national security ramifications of the situation.

“We had no problems getting into the Interior payroll system, and then once we were in the Interior payroll system, we were in to all the shared services systems,” the former official said. “That’s the danger of any department that does shared service work.”

In another instance, the worker played the part of a black hat hacker to convince the department security was lacking.

“I knew that the CIO would deny that we were able to get in the payroll system because that was his baby, and so what I did was we got into the payroll system and I moved the secretary’s check,” the official said. “We, of course, gave her the paycheck back.”

The former IG employee then recommended continuous monitoring. Today, the retiree says, “I’m really confident that they’ve got a better-than-average-system, but obviously, it cannot sustain a country-sponsored attack.”



Does cyber breach illuminate a $3B DHS failure?

Amber Corrin, C4ISR & Networks 5:54 p.m. EDT June 5, 2015


The massive data breach at the Office of Personnel Management made public on June 4 exposed personal information of roughly 4 million current and former federal employees. But the attack also revealed that despite the extensive resources sunk into network defenses and confident talk of high-level officials, the government’s data remains poorly defended.


U.S. officials quickly identified China as a possible source of the attack, a charge that China quickly criticized.

The cyber attack on OPM – or more specifically, on Interior Department data centers that house OPM data –occurred despite government-wide cybersecurity efforts led by the Homeland Security Department that include continuous diagnostic monitoring and the $3 billion Einstein network monitoring program.

For its part, DHS leadership said they helped OPM “develop and implement a comprehensive network monitoring plan” that led to OPM identifying the breach in April. That plan included Einstein, according to a DHS statement.

“Using these newly identified cyber indicators, DHS’s United States-Computer Emergency Readiness Team (US-CERT) used the Einstein system to discover a potential compromise of federal [personal identifiable information]. Working with the affected agency and other interagency partners, US-CERT cyber incident response teams were deployed to identify the scope of the potential intrusion and mitigate any risks identified,” a DHS spokesman said in an emailed statement.

According to a DHS official speaking on background, US-CERT reviewed the malware and shared the analysis with the affected agencies and interagency partners, and deployed the signatures to Einstein to protect federal networks. DHS then shared the data with all federal CIOs, and US-CERT also worked with the FBI to disseminate an information bulletin about the malware to the private sector and other cybersecurity stakeholders.

“In this incident, Einstein was used to identify the presence of a cybersecurity incident affecting OPM’s IT systems and data at the Department of the Interior’s data center, which is a shared service center and a means for federal agencies to collaborate and achieve efficiencies,” the official said.

But there are a few different iterations of the Einstein, each more comprehensive than the other, and it’s unclear what agencies do or do not have Einstein in place on their networks – especially the latest version, Einstein 3 (Accelerated) or E3A. All three versions of Einstein are designed to detect and repel malicious traffic on federal networks, and are provided as managed services by internet service providers under DHS direction.

Einstein 3 is scheduled to be deployed across federal networks next year, an acceleration on the original 2018 schedule, Josh Earnest, White House press secretary, said in a June 5 press conference.

But Einstein’s application is uneven across the government for a variety of reasons.

The Department of Interior contracts at least some of its telecommunications services through the Networx contract, provided by Century Link, Verizon and AT&T. Century Link and Verizon reportedly both provide Einstein to federal agencies under a signed agreement, but AT&T refused the agreement without liability protections, according to a former DHS official.

“It’s not clear if they ever did sign. [DHS] was trying to find a way to bring AT&T onboard, but if they didn’t, only CenturyLink and Verizon traffic would have been filtered through the additional signature checks protected by Einstein,” said Chris Cummiskey, former DHS acting undersecretary for management.

AT&T provides at least some of Interior’s telecom services, according to public records, but it is unclear if those services cover the agency’s data centers. AT&T did not respond to requests for comment.

Where Einstein is implemented isn’t the only question the OPM breach raises.

“Einstein should have … detected this, but it also should have protected the exfiltration from happening. Why did it detect the intrusion but not protect against infiltration?” said Mark Weatherford, former DHS deputy under secretary for cybersecurity and now Chertoff Group principal. “The whole secret sauce of Einstein is taking government intelligence and information and applying it in addition to commercially available intelligence and information. It’s supposed to be the bar for government agencies to be able to detect and mitigate better than pure commercial products? So how did this happen? Why did Einstein and other commercial products not notice all this information being transmitted to a foreign country’s IP range?”

It’s a question that is likely to echo in the coming weeks as the fallout from the OPM breach continues. Backers of Einstein insist it’s critical to federal cybersecurity – and that it works – but the program is likely to face serious scrutiny.

“The government has spent hundreds of millions on this; there are committees on the Hill that are invested in and committed to this. So it’s a legitimate question to ask if Einstein couldn’t prevent this breach, is it worth the hundreds of millions we’re putting into it? What is the problem?” Weatherford said.



US Army Mulls Merging Drone Training after Scathing Audit

by Brendan McGarry on June 5, 2015


The U.S. Army is mulling consolidating its drone training programs after a scathing federal review, according to the service’s top officer.

Auditors concluded that pilots of unmanned systems such as the RQ-7 Shadow struggled to complete required training “because they spend a significant amount of time performing additional duties such as lawn care, janitorial services, and guard duty,” according to a May report from the Government Accountability Office, the investigative arm of Congress.

The Army’s outgoing chief of staff, Gen. Raymond Odierno, who plans to retire after his term ends in the fall, touched on the issue during a recent interview with defense reporters in Washington, D.C.

“We were doing training at a couple of different places and I think we want to consolidate it so we can make sure [initial training is] more efficient and then maybe provide a bit more oversight,” he said, without specifying where the activities might be based.

The Army’s unmanned aerial system initial qualification school is located at Fort Huachuca in Arizona. Students are required to take a common eight-week course in aerodynamics, flight safety and navigation. During the next phase of training, which can last between 12 and 25 weeks, students learn to fly and recover one of the service’s three drones, the RQ-7 Shadow, MQ-5 Hunter and bigger MQ-1C Gray Eagle, according to the audit.

The service last year also started a course at Fort Rucker in Alabama in which AH-64 Apache pilots and drone operators teamed up to fly training missions.

Officials at the Army’s intelligence center at Fort Huachuca and aviation center of excellence at Fort Rucker are studying the issue, Odierno said. “They’re going to get back to me on what measures we need to take,” he said.

Of the service’s 65 Shadow units that weren’t deployed in 2014, nearly all of them — or 61 — had the lowest proficiency levels, with less than 340 training hours, according to the GAO report. The units were “untrained on one or more of the mission-essential tasks that the unit was designed to perform in an operational environment,” it stated.

By comparison, 11 of the 13 Shadow units deployed to a combat zone had the highest proficiency levels, with more than 440 training hours.

The Army isn’t the only service struggling to adequately train drone pilots. The Air Force is also filling its ranks with enough unmanned systems operators. It recently announced new incentives to persuade airmen to stay in the field, but fewer than 10 drone pilots were actually slated to receive the $1,500 monthly bonus

Read more:


John Boyd’s Revenge

June 8, 2015 at 5:30 am  •  0 Comments

By B.A. Friedman


One of the most influential names in strategic studies is that of Colin S. Gray. He is not only an authority in the field, but a prolific writer. His book The Strategy Bridge  is no less than a theoretical system which organizes the entire field, including the ranking of major theorists into tiers. Gray is no fan of John Boyd, the irascible Air Force Colonel who invented the well-known “OODA loop” but wrote nothing, preferring instead to communicate with his audience through grueling presentations rather than written works. The slides can be confusing, and the only academic treatment is Science, Strategy and War by Frans P.B. Osinga, so it is understandable that Boyd’s ideas haven’t achieved much purchase in academic strategic studies. Gray is emblematic of most authorities even though Boyd has a devoted following amongst practitioners and an annual conference devoted to his ideas. Increasingly it seems like Boyd’s ideas were quickly dismissed by strategic theory and then left behind.

Gray’s commentary on Boyd is harsh. In The Strategy Bridge, Boyd is not mentioned but is listed in the lowest tier of theorists, titled “Other Contenders.” This is not an inauspicious list as it includes Julius Caesar, Alfred Thayer Mahan, Julian Corbett, J.F.C. Fuller, and Martin van Crevald, but the ranking is conspicuously low. In Another Bloody Century, Gray is much more dismissive, writing: “…Boyd touted a tactical insight derived from personal experience of aerial combat as a general theory of conflict… A major problem with the OODA loop is that its devotees assume that a tactical insight, even principle, will be no less valid at the operational and strategic levels of warfare.” While it’s true that the OODA is at its core a tactical concept and one that ties all of Boyd’s ideas together, Boyd’s strategic ideas cannot be boiled down to just a bigger OODA loop. Still Gray, and the vast majority of the strategic studies community, stopped reading after the A.

Boyd touted a tactical insight derived from personal experience of aerial combat as a general theory of conflict.

But the most reliable test for one’s strategic ideas is history. Or in this case, history in the making. John Boyd’s ideas are evident in three modern day strategic actors and the success they’re currently enjoying is self-evident. Despite the loyalty of his acolytes, the best advocates for Boyd’s ideas are Russia, China, and the Islamic State. Each of these actors, probably without knowing it, are demonstrating Boydian strategic methods. Each of them is using an adroit mix of ambiguity, deception, distribution, and propaganda, all while demonstrating a keen awareness of the moral plane of war and warfare in a way that is serving their ends. To those of us aware of Boyd’s ideas, it comes as no surprise. Everyone else is trying to figure out if there is even a war.

Western militaries built on industrial-era ideas are even inventing the Human Domain to remind them that we are humans. Wherever you come down on whether or not war is a thing, at the very least there is strategic competition and the preparation thereof. In fact, there are three major strategic competitions occurring simultaneously, and each of them exhibit strong Boydian characteristics.

Those characteristics are these. The first is ambiguity. Boyd stressed the need to act in such a way that your opponent can never really be sure exactly what it is you’re doing. Ambiguity is leavened by a healthy dose of deception. Secondly, in each case dispersion is used to increase ambiguity and deception. Even Russia has spread military units out in its eastern territory to distract. This is a violation of the classic principle of mass that US doctrine adheres to so closely. Lastly, the actions taken by these actors are aimed at achieving a mental or moral effect. While the OODA loop is a jumping off point, the essence of Boyd’s ideas is an inversion of an idea originating with Clausewitz: While the Prussian focused on overcoming friction, Boyd focused on increasing the opponent’s friction and thus using it as a weapon.

Russia: Just Say Nyet

This idea is most evident today in the case of Russia’s slow-roll invasion of Ukraine. Russia was so quick to decide and act on the opportunity offered by the Euromaidan protests and subsequent ousting of President Viktor Yanukovych that the Crimean Peninsula was annexed before western observers could decide if something was even happening. The most obvious facet of Russia’s information warfare is the denial of information about Russian troops. As recently as last month, there is still doubt in some minds as to whether Russian troops are even in Ukraine. Additionally, Russia has used military exercises in the region to distract attention from events inside Ukraine, using mass to focus attention where they want it. This method has numerous effects: It trains Russian units, it distracts western and Ukrainian audiences from focusing on the fighting in Ukraine, and intimidates Ukraine and other countries in the region.

Russia is also concurrently conducting cyberwarfare methods to aid in distraction as well as intelligence collection. Russian propaganda efforts include the manipulation of historythreats, straight-forwardmisinformation, and the timeless art of trolling. Importantly, Russia has made a concerted effort to undermine the morale and cohesion of the Ukrainian military by placing agents within it, so much so that it may complicate Canadian plans to provide advisors to the Ukrainians.

China: Nine Dashed Smoke Screen

In the case of China’s efforts to secure greater control over the South China Seas, it uses many of the same methods. At the Naval War College’s 2014 Current Strategy Forum, the Vice Commandant of the US Coast Guard, Vice Admiral Currier, said this: (quoted in this post on Chinese efforts in the South China Sea by Matt Hipple at War On The Rocks)

We see China, in the disputed claims area, using what is now called the coast guard. They took four or five maritime governance organizations, and in a course of a couple of months, painted all the ships white and put a stripe on them, and now it’s called the China Coast Guard. What’s the maneuver there? Is it a soft-power application? Is it a part of their maritime portfolio that we should be aware of?

In a move straight out of The Art of War, China has taken advantage of American views on the role of a Coast Guard (law enforcement except during times of war) to camouflage the fact that they essentially militarized previously non-military assets. China is also attempting to extend its territory in two ways: building oil rigs in disputed waters and building new islands in disputed waters. These efforts will have the effect of establishing de facto Chinese control. Meanwhile, they prevent interference with these efforts through minimal means, using water cannons to fend off Vietnamese boats so as not garner more publicity. By the time a concerted effort on the part of other actors in the region to prevent Chinese encroachment, it will already be a fact and thus harder or impossible to reverse. China is evenproducing globes that include the disputed Nine Dashed Line which demarcates the area to which they lay claim, fostering in the minds of various audiences that the territory is Chinese.

Despite the loyalty of his acolytes, the best advocates for Boyd’s ideas are Russia, China, and the Islamic State.

The Trick of ISIS

In ancient Egyptian mythology Isis used a particularly violent trick to force Ra, the Sun God, to tell her his secret name. She caused a snake to bite him and refused him the antidote, which only she possessed, until he relinquished his secret.

The organization that bears her name is by chance is no less willing to use deception and violence to accomplish its aims. Early in its campaign in Raqqa, Syria after infiltrating a small group of fighters into Syria from Iraq, Islamic State intelligence operatives convinced each rebel group that only other rebel groups would be attacked, disabling a potential rebel alliance against the Islamist group. Until various rebel groups banded together to attack the ISIS fighters in late 2013, this tactic of divide and conquer worked. Upon losing ground to the rebels, ISIS fighters dropped their trademark all black uniforms, adopted the casual civilian clothes of the rebels, and then surprised a rebel group in an attack. The confusion sown by the uniform change collapsed the rebel unity.

In Iraq, ISIS used a tightly-planned shaping campaign to undermine the morale and cohesion of the Iraqi Army before beginning its major offensives. From mid-2013 to mid-2014, ISIS assassinated key leaders in the Iraqi Army both on and off duty, employing both IED attacks and ambushes with small arms. When the conventional offensives against Mosul and other parts of Iraq began, the weakened Iraqi Army- susceptible to the fear of ISIS’ reputation- collapsed. By applying fear over a period of time and then a catalyst, they tricked the Iraqi Army into giving up Mosul without a fight. This campaign to undermine the moral foundation of targeted Iraqi Army units could have been lifted right out of John Boyd’s slides.

In another example, ISIS executed a captured Jordanian Air Force pilot by immolation, an act that shocked the world. In response, Jordan executed two ISIS-connected prisoners of its own. While both prisoners were previously tried and sentenced to death, the knee jerk reaction on the part of Jordan certainly looked like a country that had sunk to its enemy’s level. In one slide presentation, Boyd recommended that one should “sever [the enemy’s] moral bonds.” Inducing a country to truncate its professed due process is one way to do that.

The Islamic State’s fearsome reputation, carefully incubated by ISIS’ sophisticated media arm and iconography down to their black “ninja” style battle outfits, is thus a weapon. This is not a new phenomenon. Entire armies crumpled rather than face the Mongol hordes- another group that cultivated a reputation of fear. Mongol massacres were calculated demonstrations intended to convince the inhabitants of cities to capitulate rather than endure a siege. This was a compensation for early Mongol weakness in seigecraft. The brutality of the Islamic State is a similar, calculated tactic.

Circling Back to Boyd

These efforts at deception and ambiguity may have the effect of hacking the OODA Loop of strategic opponents like the United States. By the time their opponents realize the danger, these actors have already decided and acted. They’re not just out-cycling their opponents; they’re stealing a march and getting a head start.

A simple recitation of one of Boyd’s slides where he summarizes recommendations suffices to demonstrate the similarities:

Probe and test the adversary to unmask strength, weaknesses, his maneuvers and intentions.

Employ a variety of measures that interweave menace, uncertainty and mistrust with tangles of ambiguity, deception and novelty as the basis to sever an adversary’s moral ties and disorient or twist his mental images and thus mask, distort and magnify our presence and activities.

Select initiatives and responses that are least expected.

Exploit, rather than disrupt or destroy those differences, frictions, obsessions, etc., of adversary organism that interfere with his ability to cope with unfolding circumstances.

Subvert, disorient, disrupt, overload or seize vulnerable and critical connections, centers and activities that provide cohesion and permit a coherent OODA cycle in order to dismember the organism and isolate remnants for absorption or mop-up.

The second bullet describes Russia’s actions in Ukraine almost perfectly. The Islamic State’s Mosul campaign resembles the last bullet so much that one would not be surprised if Boyd planned it himself.

In a further summarization in his presentation titled The Strategic Game of ? and ?, a more obscure work than his famous Patterns of Conflict, Boyd described the art of success as, “Shape or influence events so that we not only magnify our spirit and strength but also influence potential adversaries as well as the uncommitted so that they are drawn towards our philosophy and are empathetic toward our success.” Vladimir Putin’s domestic approval ratings have skyrocketed since the Ukraine crisis began. The fact that China is literally reshaping the South China Sea with artificial islands sends a powerful message to other region actors. Despite their savagery, the Islamic State continues to attract followers from all over the globe.

The strategic ideas of John Boyd, long dismissed by the academic strategic theory community, are unfolding before our eyes. Importantly, Boyd did not portray the use of these tactics alongside more “conventional” tactics as some unique new way of war like hybrid, asymmetric, or fourth generation. His vision was simply warfare as it has always been waged. It is only surprising to those who have ignored the prevalence of such methods in history.

Boyd’s Revenge

John Boyd’s ideas have been widely available, for free, for decades but his name remains unmentioned even as those ideas play out in events. One possible conclusion from these trends is that since the United States has invested so heavily in being able to fight and win a large-scale conventional war that it stopped innovating in other forms and areas of warfare. Since the US cannot be challenged in conventional warfighting, other strategic actors innovated in the opposite direction. This is something that General Mattis has warned about. Warnings about the US military becoming a “Hollow Force” have become more frequent in recent years. The typical definition of a hollow force is one that exists on paper with appropriate systems but is untrained and undermanned. Another definition could be a military that is manned, trained, and resourced but is unfamiliar with and unable to fight the wars it will be confronted with. One example is the Prussian Army under Frederick William III- steeped in the traditional training and discipline instilled by Frederick the Great- that was dissected by Napoleon at Jena-Auerstadt and during the following retreat.

One way that the United States can counter these methods, especially in the case of Russia, is to use information gathered by its extensive intelligence apparatus not just for decision-making but as a way of developing a counter narrative. The Western media does a passable job of this on its own, but surely has less information about Russian activities in Ukraine than does US intelligence. Since the US classification system prevents the dissemination of information- even about adversaries- the US government would have to orchestrate a coordinated series of leaks of classified information to develop a counter narrative and to undermine the narrative being presented by Russia. As it stands now, the United States is simply not a player in the battle of the narrative playing out over Ukraine.

One way the United States should not utilize information is to refute rumors of an enemy leader’s wounding that could undermine the morale of his organization. Let them worry.

In any event, it is high time the ideas of John Boyd got another look by strategists and practitioners alike. Writers like Emile Simpson and General Rupert Smith have written works regarding modern warfare in the information age. The New America Foundation has organized The Future of War Project in an attempt to ascertain future trends in war and warfare. The military is always planning ahead, as shown by documents like Expeditionary Force 21 and Win in a Complex World 2020–2040. But as so many thinkers look ahead for answers, they may miss what’s behind them.

This post originally appeared in The Bridge (@Strategy_Bridge) on 1 June 2015.



The Iraqi Army No Longer Exists

June 7, 2015 By Barry Posen


The fog of war lies thick over the battlefields of Iraq and Syria. Deliberate enemy deception, willful self-deception, and the complexity of large-scale combat ensure that the truth about war is almost always obscured by a kind of fog. Occasionally a major event parts the clouds and reveals a few fragments of truth, only to have the fog close in again. The collapse of Iraqi defenses in Ramadi is one such event. But we must look quickly to learn anything at all.

The most important fact revealed by ISIS’s victory is that the “Iraqi Army” no longer exists. This is a different observation from that of Secretary of Defense Carter, who avers that they lost the will to fight. Some people did lose the will to fight in Ramadi. But, we should ask a more fundamental question. Ramadi was under siege for months. How is it that few if any reinforcements were sent to defend a city deemed critical to the defense of Baghdad itself? Public sources reported some fourteen divisions in the Iraqi Army in 2014. Between three and five were destroyed in Mosul, leaving nine. At most one was defending Ramadi. Where were the rest? Indeed, where are they now? How is it that Shiite militias must be called upon to liberate Ramadi? If the Iraqi Army has evaporated, or perhaps more accurately deteriorated into a collection of local militias and palace guards, then the U.S.”re-training” mission in Iraq is vastly more difficult than we have been led to believe. Having claimed to build an Iraqi Army, which seems not to exist, and which one doubts ever really existed, the U.S. military is now trying to build another one, from the ground up. Why will things turn out better this time?

ISIS’s victory in Ramadi also reveals that it is quite capable, not merely tactically, but at the “operational level.” Put another way, it is good not merely at fights, which require committed fanatics who are good with a gun, but at campaigns, which require canny commanders, logistical support, coordinated mutually supporting battles, movement, and intelligence. In Ramadi, despite U.S. command of the air, ISIS was able to sustain its forces for many months. They were able to manufacture very large truck bombs, requiring tons of explosives, to support their final offensive. They attacked under the cover of a sandstorm, which helped neutralize U.S. air power.

The most important fact revealed by ISIS’s victory is that the “Iraqi Army” no longer exists.

Finally, in light of ISIS’s success in Ramadi, we must revisit claimed coalition successes such as the fight at the Syrian border town of Kobani, and the “victory” in Tikrit. It was a mystery why ISIS fought so hard for a worthless border town, in the face of waves of U.S. air attacks. In retrospect, one suspects that they were “going to school” on us—spending lives and equipment to learn how to operate in the face of sustained U.S. air attack, which they apparently have figured out how to do. Central Command has claimed that since the campaign began air attacks have killed 8,500 ISIS fighters. These claims seem implausible. The battle of Tikrit, viewed in light of the Ramadi success, now appears as a matador’s cape, a diversionary operation to draw the attention of Iraqi government forces, militias, the Iranians, and the U.S. away from Anbar province and ISIS’s preparations for the attack on Ramadi. Press reports of ISIS casualties in Tikrit do not suggest large losses. Tikrit was well defended, but not heavily defended — an economy-of-force operation, reliant largely on IEDs. If so, the amount of time and energy and collateral damage it required to re-take that town bodes ill for future attacks on places that ISIS might heavily defend, such as Mosul.

Of course, the fog of war only lifted briefly, and we still cannot see the whole picture, which may be worse, or for that matter, better. But the notion that the Iraqi Army, and the supporting U.S.-led coalition, can soon go on the offensive against ISIS seems a fantasy. If instead, an offensive is launched with the collection of Shia militias that now forms the core of the Iraqi government’s military power, heavily supported by U.S. airstrikes, then we can be sure that any victories they might enjoy will be immensely destructive to the local infrastructure, and will be followed by the most brutal repression of the local Sunni Arab population — not the victory for Iraqi civil society U.S. leaders seek, but rather a guarantee of new waves of recruits for jihad.

What policy therefore ought the U.S. to follow? The ingredients exist in the region for a loose ring of containment around ISIS. That ring strengthens when ISIS pushes into areas populated by other ethnic or religious groups. The U.S. should buck up these defenders with weapons, money, intelligence, and air strikes, when they are under pressure, but should be under no illusions about their capability to defeat ISIS, re-occupy huge swathes of Iraq, and bring those areas into a cohesive Iraqi political community.


Diversity and Hype in Commercial Drone Market Forecasts

by Colin Snow • 9 June 2015


Have you noticed the growing number of market forecasts for the commercial drones industry? I have. Not a week goes by that a new one doesn’t hit my radar. I’m currently tracking about 15. Each in one way or another delivers growth projections for the drone or unmanned aerial system (UAS) sector that are nothing short of phenomenal. But are they, really?

In this post, I’m going to share three secrets to help you understand forecasts better, unpack the hype and diversity of market reports, and hopefully leave you skilled enough to ‘cry foul’ when you see a new report that is, well, questionable. At the end, I’ll give you my personal take on the most popular forecast reports.


  1. All forecasts are wrong

No one argues that forecasts and market projections are a critical part of business planning, management, and strategy. However, the first thing you learn as a forecaster (I was one) is that forecasts are always wrong – it’s just a matter of how wrong. You also learn that the further out in time you forecast (1 year vs. 10 years), the greater the error. And while that might sound gloomy, it is reality, and if you are looking to start or invest in a commercial drone business and you are relying on these forecasts, you should recognize an important trap.

Proper forecasts are created by taking actuals (historical unit sales, purchases, revenue, etc.) and projecting forward in time some kind of trend – either flat, up, or down. Statisticians know that the more historical data you have the greater likelihood your projection will be accurate. But what happens when there is no history to go by? Such is the case with the commercial drones market. It’s a nascent industry, and we have little to no historical data. So here’s the trap. Forecasters have to either borrow historical data from a similar industry or size a market potential with a proxy.

But sometimes the proxy is wrong. Such is the case with the Association of Unmanned Vehicle Systems International (AUVSI) The Economic Impact of Unmanned Aircraft Systems Integration in the United States. It has become the most repeated forecast for the commercial drone market, garnering media attention typically reserved for celebrity weddings and babies born to royalty. Its bottom line forecast is that the UAS market will reach a whopping $82 billion in the 10 years after the FAA issues favorable regulations and that the precision agriculture market will “dwarf all others.” But as we’ve dissected in Five Reasons the AUVSI Got Its Drone Market Forecast Wrong (and subsequently here and here) the proxy, the methodology, and the conclusion is wrong – very wrong.

That’s sad — and a big disservice to the community. Venture investors have a huge variety of questions about the commercial drone market, but two questions stand out in terms of their importance. The first is: What is hype and what is reality? The second is: Is this market really a big, high-growth, high-margin market? If you rely solely upon media hype and AUVSI, your answer would be an unequivocal Yes. The commercial drone market is the biggest, highest growth, best new market opportunity to come along in decades (or maybe centuries…). Really?!

  1. Regulations raise uncertainty

In some markets, traditional forecasting methods just don’t work. Such is the case with the regulated markets. Commercial drones are and will continue to operate in a regulated market – regulated not in the sense that governments are setting price floors or ceilings, but rules that allow or disallow certain commercial activities – like what airspace you can operate in and whether you can operate beyond visual line of sight (BVLOS). (For more on the BVLOS issue see article here.)

Even so, the global drone industry has not sat back waiting for government policy to be hammered out before pouring investment and effort into new ventures. The latest data from CB Insights shows drone startup funding is hitting new highs. Firms have raised more in 2015 than the last three years combined.

The problem is many of those funded vendors are beginning to invest in drone technology (like BVLOS automation) which may take years to be legal. Additionally, some investment is in consumer drone manufacturers that may want to aggressively target specific commercial sectors through acquisitions, internal development, partnerships, and second-tier investment but do so without regard to an actual intended commercial product and/or application. It looks good in a headline, but the devil really is in the detail, as I have noted in FAA Proposed Drone Rules: Market Opportunity Winners and Losers.

  1. Some segments are indistinct

With the advancement of model aircraft and camera technology, it’s not easy to distinguish between a consumer drone and a commercial drone. For example, low-cost camera drones like the DJI Phantom 2 Vision+ and 3DR IRIS+ are sold as consumer products, but marketed to and purchased by professionals who use them for commercial purposes like aerial photography, film making, and videography. Add to this trend the growing number of vendors like Pix4D that provide integrated software specifically for mapping and modeling, and now you have surveyors and geographic information system (GIS) professionals using them in their practices.

So what’s the buyer of a market forecast to do? The report says “commercial” but how can they distinguish the size of the particular market you intend to service or invest in if so many drones are sold for hobby but then used for business? Sorry, I don’t have a happy answer for you. It’s virtually impossible in every case to delineate the difference between the consumer and commercial drones market. If you want to come close a rational number, then you are going to have dissect the numbers yourself and make assumptions about your market based on things like gating factors that drive adoption rates, competing technology, and the price elasticity of incumbent providers. You can factor aircraft sales, but I wouldn’t use it as the base for a market forecast.



Here’s my take on the most popular forecasts. Note that several of these are sold by resellers.

BI Intelligence – has a 32-page report for subscribers (~$400) that forecasts total cumulative drone spending over the next 10 years (2015 to year-end 2024) of $111 billion. It also forecasts that $15 billion of that will be spent on commercial/civilian applications, including R&D costs, software, and hardware. But looking into the numbers it basically recycles AUVSI’s bogus numbers and then ups the Teal Group’s already inflated (and out of touch) forecast.

ABI research – has a research report available to subscribers that says the small UAS market will surpass $8.4 billion by 2018 and by 2019 the commercial sector will dominate the overall small UAS market with revenues exceeding $5.1 billion, roughly five times larger than the prosumer/hobby market, and 2.3 times greater than the military/civil market segment. I respect the work of this firm, but as you can see from the graph in this article they consider prosumer as part of hobby and not commercial as would be relevant. Still, I agree with Dan Kara: “The money to be made is actually in the application space to a large degree.” So why don’t they forecast that as a segment of commercial?

Markets and Markets – sells a 180+ page report on the commercial drones market by type, technology, application, and geography for $4,560. They expect the global market for small UAS to reach $1.9 billion by the end of 2020. They state the obvious and say the increase in civil and military applications remains the driving factor for the global small UAV market. They go on to say that among all the key applications (law enforcement, energy and power, manufacturing, infrastructure, media and entertainment, agriculture, and scientific research) law enforcement will hold the largest market share at ~25%. My research says the opposite it true – at least in the U.S. That’s because adoption by local and state police agencies here already is and will continue to be fraught with controversy over privacy and Fourth Amendment rights.

Idate Research – sells a $2,300 54 page report with a forecast covering 2014 to 2020 for commercial and consumer drones. They predict that once a suitable regulatory framework is introduced and no significant disruption takes place, nearly 170,000 commercial drones will be operating across the globe by the end of 2020, alongside about 12 million hobby drones. It’s hard to tell how they arrive at these numbers since their methodology is primarily qualitative, e.g., obtained from one-on-one interviews and not quantitative or established by cross-referencing public sources and external databases.

Lux Research – has a report available to subscribers that says the commercial UAV market will grow to $1.7 billion by 2025 but will be held back by regulations. It also says that agriculture tops applications and will generate $350 million in revenues in 2025, led by uses in precision agriculture. It envisions utilities to be the second biggest segment at $269 million, and oil and gas third at $247 million. Right off the bat you can discount their numbers since it’s been established over and over that agriculture will not lead the market. Clearly they have not researched thoroughly this or other markets like GIS. Also, their overall number is quite low. DJI is projected to sell above $1 billion in consumer drones in 2015. Given the market tendency for these to be used commercially you can see their 2025 number is not rational.


As you can see there is a wide disparity of assumptions and time horizons – which is why I didn’t create a comparison table. And you can see some of these reports are quite expensive. Will you get an ROI from them? Perhaps. But in some cases the best advice may be that of Will Rogers: “The quickest way to double your money is to fold it in half and put it in your back pocket.”

I would to hear your thoughts on these market forecasts. Send me your comments or write us


Film or Farm: Which is the Bigger Drone Market? – Part 1


This is Part 1 in a two-part series that summarizes my views on why video/film/cinema – not agriculture and farming — will be the largest driver of sUAS commercial businesses. In this part I explore thoughts on the market for video/film/cinema, and below I outline why I believe film and video will lead in market uptake. In Part 2 I’ll outline why I believe agriculture will lag in market uptake.

A total economic impact of $13.6 billion and 70,000 new jobs in the first three years. That’s the forecast for what drones will bring to the U.S. once regulations are in place, according to a March 2013 market study produced by the Association of Unmanned Vehicle Systems International (AUVSI). The report entitled “The Economic Impact of Unmanned Aircraft Systems Integration in the United States,” goes on to say that precision agriculture and public safety will make up more than 90% of this growth. Most important, the report confidently states, “…the commercial agriculture market is by far the largest segment, dwarfing all others.”

These figures get repeated over and over again in the media and across the blogosphere. Existing players and potential new entrants in the UAV market are betting their business futures – and in some cases their entire family’s income and savings – on them. Everybody wants in on the action. But are the media, blogosphere, and AUVSI reports correct? I have some serious doubt. Here’s why: The numbers from my recent study on the impact of Federal Aviation Administration (FAA) rules on the small UAS business say aerial photography and cinema – not agriculture –dominate the other vertical markets and will continue to do so for some time. This two-part post looks at those two industries – film making and agriculture – and attempts to separate market forecast hype from the reality by looking at detailed numbers, market forces, and the specific applications themselves.


“Survey says…”

Validated respondents to my survey represent principals and employees at sUAS companies whose annual revenues span from US$100,000 to more than US$10 million. Every significant market vertical is represented. Survey participants were required to identify their primary commercial service offering. The results appear in the table below.


Primary Service or Product Response Percent

Aerial Photography / Video & Cinematography / Movie /TV 41%

Sales of sUAS aircraft and/or technology 11%

Agriculture / Farming Services 8%

Mapping / Topography / Geospacial / Photogrammetry 5%

Education and Training 5%

Consulting 4%

Data Aggregation or Analytic Services 3%

First Responder Service (Police, Fire, or Medical) 3%

Utilities 2%

Scientific Research 2%

Construction 2%

All Others 13%



Clearly, the dominant service offering is aerial photography / video / cinematography / movie/ TV (41%). Only eight percent of participants identified themselves as offering or wanting to offer agriculture / farming services.

When viewed through the lens of each service provider type, this data offers some interesting insights. For example, the largest group of service providers, aerial photography and cinematography, have current revenues that spread across the whole range (from zero to over $1 million). In fact, several reported revenue over $10 million, a figure no other group – including agriculture – reported. Clearly current UAS market activity runs contrary to the AUVSI forecast.


Money talks

Drone regulation was among many issues the Motion Picture Association of America (MPAA) lobbied on in 2012 and 2013, at a total cost of $4.11 million. According to this report, the MPAA has been constantly appealing to the FAA to let them use smaller drones for film-making purposes. If you follow the market dynamics and technical advancements of the TV and film industry, the push by the MPAA for sUAS makes sense. High-end digital cameras and computer-generated imagery (CGI) effects have drastically reduced film-making costs, and have been delivering scenes that weren’t possible before. Even so, the industry is striving for more technological enhancements every day because audiences expect to see something new and spectacular in each new film. The longstanding arms race in Hollywood among studios vying to deliver the most eye-popping shots and special effects continues unabated.

Drone cinematography is now the new kid on the Hollywood block. A drone costing just a few thousand dollars can deliver high wow-factor shots that were impossible to get before, or could only be captured using expensive cranes, stabilizing equipment, and a manned helicopter. The average TV or movie audience member generally doesn’t realize how much of a production is actually shot by a drone, but the astute viewer can already see drone footage being used everywhere in popular TV shows and movies (sorry FAA). A growing share of Hollywood blockbusters and TV programming involve UAS footage – Oblivion, Man Of Steel, The Hunger Games, The Dark Knight Rises – to name a few.

Drone cinematography is still in its embryonic stage. Multirotor drones that hold cinematography-grade cameras have only a range of up to a mile, and their battery only lasts about 10 to 15 minutes. Still, they give filmmakers a definitive edge over traditional methods. Drones allow directors to pull off mind-boggling, acrobatic camera stunts that would otherwise have been possible only through CGI or maybe not at all. This incredible sense of power and cost savings are the reasons many filmmakers continue to lobby for the commercial use of drones and one of the reason why my research finds this market the largest. Case in point. The FAA just announced on June 2nd that seven aerial photo and video production companies (not any farming or precision agriculture companies) have requested regulatory exemptions under Section 333 of the FAA Modernization and Reform Act of 2012, which would approve commercial drone operations for TV and motion picture work. This is the first industry to do so on such a scale. While beyond the scope of this post, the photojournalism industry is another major force lobbying for drone usage, based on similar logic; getting the shot that keeps the audience riveted to the screen while ridding themselves of the enormous cost of operating manned helicopters.


Photography & Video – Film’s nearest cousins

When you look at the ‘film’ market for drones, there is no clear way to delineate film from video from photography. Aerial photography and video platforms are mostly the same and vary mainly in size, camera-carrying capacity, and technical capabilities that result in each platform being best suited for a certain grade of user (ranging from hobbyist to professional videographer). As I have written in The Democratization of Aerial Photography, technical and financial barriers to entry into the aerial photography, video and film services market are low, so it makes sense there are more players now and there will be more in the future. If a lightweight US$400 GoPro camera can shoot cinematography grade 4K video, and you only need US$1200 to get it up in the air with a small drone, and you can charge a US$1000-$2000 day rate for its use, and audiences are enamored of the resulting images, then it’s no wonder this market is exploding. Besides film and TV, here are some other aerial photography and video-related applications:

•REAL ESTATE – showcase homes, marquee properties, commercial buildings, and structures

•LEGAL – support forensic investigations, insurance claims, and property assessments

•CONSTRUCTION – progress reporting for commercial, residential, and civil engineering

•LAND – landscape architecture, land development, and research

•SPORTS – player and team position analysis


That’s my argument for why I believe aerial cinematography / videography / photography will dominate the early sUAS business market. To put a bow around it all:

•Studios and audience are enamored of the footage / images that can be captured by drones, so there is clear demand for the final product that drones can create.

•The financial and technical barriers to entry are low for many applications, making it easy for businesses to begin offering sUAS-based film and photography services.

•Where the technical and financial barriers are higher (for example, studio quality film production) a technically astute and well capitalized film production industry is eager to get their hands on new technology like drones.

•A lot of filming occurs in a tightly controlled environment on private property, where safety can be ensured and where a compelling case can be made for regulatory exemptions.


In Part 2 of this post, I’ll make my case for why I don’t think farming and agriculture is largest market. Later I’ll be releasing some research in conjunction with Aironovo Advisors on the economics of UAS in agriculture. As always, I’m interested to hear what you think—share your thoughts in the comments below or contact me


Film or Farm: Which is the Bigger Drone Market? – Part 2


This is Part 2 in a two-part series that summarizes my views on why video/film/cinema – not agriculture and farming — will be the largest driver of sUAS commercial businesses. In Part 1, I explore thoughts on the market for video/film/cinema, and below I outline why I believe agriculture will lag in market uptake.


The March 2013 market study produced by the Association of Unmanned Vehicle Systems International (AUVSI) titled “The Economic Impact of Unmanned Aircraft Systems Integration in the United States,” says precision agriculture and public safety will make up more than 90% of the market growth for unmanned aerial systems. The report confidently states, “…the commercial agriculture market is by far the largest segment, dwarfing all others.”


I don’t buy it, and here’s why:

Let’s start with the AUVSI forecast. Read what one commenter said in my last post:

“There is a basic problem with the AUVSI study methodology – it took the total arable land area of Japan and divided it by the number of registered UAS performing agricultural roles in that country to provide a demand factor. It then divided the total amount of arable land in the United States by that same demand factor and used this to forecast its prospective future demand for the agricultural sector as a whole. The problem is, the Japanese agricultural land areas do not correlate in size, capacity, or type of agriculture as performed in the United States. In fact the Japanese usage is largely restricted to spraying of rice paddies on small allotments as a replacement for labor which has shifted to the cities. The only possible comparison that the Japanese land area to UAS numbers ratio that could have potential validity is to compare the Japanese ratio with the total amount of land used in rice cultivation in the United States. That is a very different equation than that used by the AUVSI study and can be predicted to give a very different set of economic figures as a result. AUVSI has used very bad modelling to build its argument on, and its figures should be used very, very, very cautiously.”


He’s right. So how do we get a proper forecast? That will take some time to work out and look for material from me on that later. For now let’s look how modern agriculture has historically adopted and used technology, because the devil’s in the detail.


The farmer and the satellite

With the launch of the Landsat 1 satellite in 1972, NASA funded a number of investigations, including one that examined the spring vegetation green-up and subsequent summer and fall dry-down throughout the Great Plains region of the Central U.S. The researchers for this study found a way to quantify the biophysical characteristics of vegetation from the satellite images. They were able to calculate the ratio of the difference between the red and infrared radiation being reflected back by plants on the ground as a means to determine the vigor of plant life. This led to a metric known as the Normalized Difference Vegetation Index, or NDVI.

NDVI attempts to simply and quickly identify vegetated areas and their condition, and it remains the most well-known and used index to detect the health of live green plants today. Since early satellites acquired data in visible and near-infrared, it was natural to sell it packed up in maps to farmers.

NDVI allows agronomists and producers to identify problem areas and make timely decisions. Scouting maps can be requested at key dates as guidance for field visits. NDVI-based scout maps show variations in the field, so users know where to look in the field to determine where corrective or preventative measures are needed. Users can plan their field visit locations, take it to their GPS or a printable pdf report, and accurately evaluate the reasons for in-field variability.


Monitoring fields

NDVI maps are also used for monitoring fields, detecting anomalies, and for estimating crop yields. A strong correlation has been demonstrated between yields and NDVI at certain crop growth stages, as described in this research. Besides satellite-generated images, farmers also have access to more resolute imagery taken from manned aircraft. They can subscribe to a service like Terravion and GeoVantage to get NDVI maps every week if they like. The greater the frequency, the lower the cost per acre.

Here’s the rub: use of aerial imagery all sounds great until you start to look at the numbers. According to this report, only 21% of service providers (referred to as dealers in the report) who offer aerial imagery say it’s profitable, and it remains less profitable than other precision application services.


To spray or not to spray?

Here’s more interesting detail from examining how farmers are using technology today. Farmers know that plant growth regulators, insecticides, herbicides, fungicides, and mid-season fertilizers applied to selective locations can be effectively used to maximize farm output. Since NDVI maps from satellites or manned aircraft show variation of biomass within a field, farmers can divide those differences into management zones and address crop issues with variable rate spray applications (i.e. use more of this nutrient here, less of that pesticide there). The idea is to minimize costs while increasing yields by using as little as possible of expensive inputs, applying them precisely where and when they are needed.

But here’s some breaking news. The vast majority of farmers do not use variable rate prescriptions, and the trend is currently in the wrong direction. This well-regarded survey says variable rate pesticide application usage decreased from 22% of all farmers in 2011 to 16% in 2013. And it seems there is low adoption of aerial imaging when it comes to providing guidance for targeted nitrogen application as well. Nitrogen fertilizers, which are expensive, are one way farmers are able to achieve the high yields we see today with modern agriculture. But a recent poll of Iowa farmers’ nitrogen management practices show only 25% of corn and soy farmers use aerial imagery to reduce nitrogen application.

The key takeaway is this: farmers already have data-driven tools available to them to make better crop management decisions, and the vast majority are not using them.


The farmer and the drone

Today, farmers have access to low-cost drones with cameras and image sensors on board. These can be purchased for a few thousand dollars and flown by the farmer himself, or if they are lucky – and regulations aside – a local service provider. Basically, the drones can produce the same NDVI images and maps that specialized satellite or manned aircraft image specialist do – only now with much higher resolution images.

You would think farmers would be thrilled with the combination of higher resolution images and more precise GPS coordinates, since it lets them identify problem areas within a few feet of accuracy. In some cases, that is true, and others it is not. A higher resolution means you see more detail – detail that actually may detract from the usefulness of the image, like when it shows a shadow. Is that a shadow or a bad crop area? Hard to tell from the picture. For that, you need to see it with your own eyes, as is done with crop scouting.

Crop scouting – the act of inspecting crops to look for problems such as pests, weeds, irrigation issues, and so forth — is generally done today via a simple drive-by in a pickup or an ATV. Scouting is not a perfect science, and neither farmer nor service provider can assess every plant’s health and crop pressures. However, small drones are portable, and users can fly them over a field and see real-time images on a monitor. Since many farmers go out and scout their crops every couple of weeks manually, a drone crisscrossing the air could perform that work much more effectively. This helps cut down on the time identifying areas that need detail scouting and helps give the proper inputs on where to eventually spray weed control or pesticide, or even determine when it is time to harvest.


Beyond clarity of regulations, what’s missing for widespread adoption?

With the total value of our nation’s crop estimated at $140 billion per year, even a modest improvement in yield would have a substantial aggregate economic impact. However, it’s not yet clear how a UAS can deliver more usable data to a farmer or provides a cost benefit over the existing image solutions available to them today.

What seems to be missing from today’s solution is the expertise to interpret the data, correlate it with what is actually happening on the ground, and recommend a course of action. Services that deliver aerial imaging can provide the data, but someone needs to invest the time, money, skills and software to get actionable insight from it. Right now, it appears that’s not being done well by the dealers who already offer imaging from satellites and manned aircraft. How’s that going to change when they start offering imagery from drones?


Here are few more questions:

•What’s the incentive for a farmer to adopt a new imaging technology when 75% of farmers (at least in Iowa) don’t use what’s available to them now and dealers countrywide say it’s not profitable?

•How will drones change that equation? Why will farmers or crop consultants invest the money, time and expertise analyzing UAS-derived datasets if they aren’t doing the same with the manned aircraft or satellite derived data they can already purchase?

•How will UAS service providers convince farmers that their data is more valuable, more actionable, and has a high ROI when so many farmers seem to be relatively uninterested in data in the first place?

•Are farmers prepared to adjust their field operations and personnel to be data driven, and how will they make this happen?


I’m not saying that farmers won’t use UASs to improve their operations. Some absolutely will, and in fact, some already are. But given all of the underlying complexity, it does beg the question: Is agriculture really the biggest UAV market, “dwarfing all others” as AUVSI asserts?

My answer: I don’t think so. To date, I’ve seen no research that really digs into the critical questions underlying the use of UAS in agriculture and shows the rationale supporting massive, rapid adoption; this despite the massive bets – in terms of time and capital investment – that are already being placed. With so much at stake, I’m thinking that should be the subject of a considerable research study, one that I am currently formulating. Stay tuned for details. Until then, my bet is that film – not agriculture — is the biggest sUAS market.



ISIS Is Using Tunnel Bombs in Iraq

June 8, 2015 By Marcus Weisgerber


The tunnel bomb, a deadly modern riff on an ancient tactic, is emerging as a potent new weapon. Several dozen have been detonated in Syria, while ISIS used them to take the Iraqi city of Ramadi, according to Pentagon officials and documents.

The concept is simple: dig a tunnel long enough to reach under your target, emplace explosives, and hit the detonator. Altogether, at least 45 such bombs have exploded in the past two years in the two countries, according to JIEDDO, the Pentagon organization that seeks ways to defeat improvised explosive devices, or IEDs. Most have been in Syria, but U.S. officials say ISIS is building “a network of bunkers, trenches and tunnels” in Iraq.

“This below the surface attack is particularly destructive to buildings and is appearing increasingly in Afghanistan, Iraq and Syria,” a recent JIEDDO briefing says.

Tunnels have been used for some time by Hezbollah and Hamas in Gaza, generally as passages to smuggle weapons and launch dismounted attacks against Israel. Now their use is spreading, and extending to direct attacks.

In general, tunnel bombs are being used against military checkpoints, buildings and other protected facilities. Short tunnels can be dug in less than 30 days, while longer ones — up to a mile long — take as many as nine months, according to JIEDDO.

“The use of tunnels for IEDs and other purposes will continue to provide a low risk strategic advantage to extremist organizations and therefore requires continued development efforts and fielding of effective mitigation techniques,” JIEDDO says.

Since this type of attack is so effective and destructive, ISIS frequently posts videos of the explosions on YouTube and propaganda websites. The videos show buildings collapsing as massive plumes of smoke and debris fly hundreds of feet into the air.

“As part of an information operations campaign, these attacks are documented and widely proliferated via social media which increases the likelihood of migration to other conflict areas or adoption by other extremist organizations on a worldwide basis,” JIEDDO says.


Iraq & Syria

In Syria, rebels have used tunnels bombs to attack government forces under the control of Bashar al-Assad. Many of these tunnels were dug with hand tools to avoid detection.

In Iraq, ISIS used tunnel attacks to devastating effect in their assault on Ramadi. On March 11, ISIS forces detonated a tunnel bomb under an Iraqi army headquarters, killing an estimated 22 people. The blast consumed seven tons of explosives in an 800-foot long tunnel that took two months to dig, according to the JIEDDO briefing. On March 15, a second tunnel bomb was used to attack Iraqi Security Forces. The city fell two months later.

Beyond bombs, ISIS is believed to be using tunnels to move weapons and avoid detection by American and ally fighter jets and drones. (ISIS may even be exploiting Saddam Hussein’s own tunnel network, which is thought to stretch for 60 miles between palaces, military strongholds, and houses. During the U.S. invasion in 2003, Saddam’s forces used these tunnels to move weapons and as hideouts.)

To find these subterranean passageways, JIEDDO has been seeking help from the scientific community and the oil and gas industry, both of which use specialized equipment and seismic devices to see underground. Some of this technology can be adapted for military use, Col. Timothy Frambes, JIEDDO’s director of strategy, plans and policy, said in an interview Monday. “We’re just trying to figure out what’s the quickest, best technological solution that we can help provide the most complete situational awareness picture of the operating space,” Frambes said.


The work also builds on JIEDDO’s decade-long effort to develop aircraft- and vehicle-mounted sensors that can detect bombs buried in roadways. “The enemy knows that,” Frambes said. “So he has found a way to go subterranean in order to deliver either an explosive charge or just to transit a line of communication.”

The Pentagon is also hoping to learn lessons from Israel, which has sought ways to counter Hamas tunnels in Gaza. That notion is backed by Sen. Kelly Ayotte, R-N.H., who introduced an amendment to the 2016 defense authorization bill that calls for the U.S. to work with Israel on the tunnel problem. The legislation would allow the U.S.”to carry out research, development, test and evaluation on a joint basis with Israel to establish anti-tunneling defense capabilities to detect, map and neutralize underground tunnels into and directed at the territory of Israel.”

A Senate aide said such jointly developed technology could protect battlefield bases and embassies — or even the U.S. frontier. Anti-tunnel work at a site in northern Israel has similar topography to the U.S.-Mexico border, the staffer said.

“Whether it’s criminals smuggling people and drugs into the U.S. under our southern border, or terrorists sneaking into Israel to conduct attacks, tunnels present a serious national security threat to our two countries,” Ayotte said in a statement.



Survey: Aerospace Firms Investing Little in R&D

By Andrew Clevenger 3:27 p.m. EDT June 8, 2015


WASHINGTON — Only half of aerospace and defense companies are actively investing in research and development, according to a survey of industry executives released Monday.

The 14th annual survey conducted jointly by IT firm CSC and the Aerospace Industries Association also found that two-thirds of the 98 respondents from the commercial and aerospace and defense sectors have increased spending on cybersecurity during the last year. Of those, almost half (29 percent) have increased their spending on cybersecurity by 25 percent or more, while fewer than 5 percent said they had decreased their cybersecurity budgets.

Almost half — 48.6 percent — said their vulnerability to cyber threats has increased significantly or somewhat during the past 12 months.

Respondents were split almost down the middle on whether their firms are investing in R&D. For those who said they were, the most popular areas for investment were cyber, UAVs and electronic warfare. Directed energy, alternative energy and hypersonics were mentioned by between 15 and 40 percent of respondents.

Those opting against R&D investment cited instability in the defense budget outlook 64.5 percent of the time. They also blamed low returns or profits on military programs (just under 30 percent), the sale not justifying surrendering intellectual property (around 25 percent) and the high cost of government regulations (around 13 percent).

“In response to pricing pressures and lower government spending, A&D [aerospace and defense] companies are becoming more selective in their R&D investments and are more focused on product innovation and continuous improvement of manufacturing processes,” Tim Ellis, CSC industry general manager for aerospace & defense, said in a prepared statement. “Technology modernization is crucial for nearly every organization, and they’re exploring many ways to modernize, including using commercially available software as a service, migrating certain applications to the cloud, and integrating systems for better data-sharing.”

The survey questioned 98 executives and other personnel, who were almost evenly split between commercial officials (51 percent) and those who deal with government contracts (49 percent). Firms with 10,000 or fewer employees accounted for 51 percent of respondents, while those with between 10,000 and 50,000 employees comprised 22.3 percent. Large firms with more than 50,000 employees represented 27.7 percent of respondents.



OPM data hack may cause extra alarm for troops

By Hope Hodge Seck, Staff writer 7:25 p.m. EDT June 9, 2015


The largest data hack in government history could leave some troops at risk of having their personal information exploited or exposed.

Current and former federal employees began receiving troubling emails from the executive Office of Personnel Management on Monday, notifying them that their personal information was compromised in a massive data breach made public earlier this month. Up to 4 million people may have been affected by the breach, which federal officials said they believe is linked to a Chinese cyber attack.

Media outlets reported that FBI and Secret Service officials, and even cabinet secretaries, may have been victims of the breach. It’s not clear, though, how many active-duty or former troops may be among those affected.

Samuel Shumach, an OPM spokesman, did not say how many service members were estimated to be among the victims, but clarified that the vulnerable are a very specific population.

“No active-duty service member or contractor data was exposed in this incident unless an individual has previous federal civilian service,” he said, adding those affected would be notified between June 8 and June 19 on a rolling basis.

But for troops who fall into this category — particularly those with security clearances — the dangers of having pirated information exposed may be especially high.

Paul Rosenzweig, founder of the homeland security consulting company Red Branch consulting and a senior adviser to The Chertoff Group, said he worried that private information in security clearance questionnaires might be used by a foreign government to blackmail troops and other clearance holders into compromising actions.

“All your overseas deployments, who you know, how you spend your money, prior bad acts, embarrassments ranging from affairs to drug use,” said Rosenzweig, listing information he believed might come to light through the data breach. “… I hold a security clearance myself and I’ve been sitting here thinking of a half-dozen things I haven’t told my wife.”

Though all the sensitive information in the forms was known to the government, there was the risk, he said, that clearance holders might wish to withhold certain facts from spouses or loved ones.

But Andrew Borene, a cybersecurity expert with the Truman National Security Project and a former Marine intelligence officer, said it was unlikely the data could be used for effective blackmail.

“The [forms have] a lot of data, but it lines up with public records anyway,” he said, adding that the questionnaires aren’t used to list prior indiscretions or embarrassments that might otherwise be hidden.

A more threatening prospect, he said, was the potential that stolen information could be used to perpetrate fraud against service members.

Marine Corps Staff Director Maj. Gen. James Laster warned troops to be alert following the data breach in a June 5 announcement that focused on fraud and identity theft risks. He encouraged affected Marines to take advantage of free credit monitoring services and identity theft insurance provided by OPM, and to brush up on existing Corps policies regarding online safety habits and information sharing.

“Our commandant would like for this information and mitigation measures to be shared with all personnel down to the lowest level possible throughout your commands and organizations,” he wrote.

Borene said troops should be on the alert for sophisticated “spear phishing” techniques in which hackers use personal information to create personalized emails that appear to be from a boss or someone else the hacking victim knows.

“If anything looks suspicious, check with the person you know,” he said. “If you mouse over a link to a URL and it shows you the address and the address doesn’t match, that would be something not to open.”

Borene and Rosenzweig agreed the incident should push federal officials to improve security practices and to take the prospect of cyber attacks more seriously.

“There is no question that the federal government as a whole, including Congress, really needs to wake up to the immediacy of cyber threats,” Borene said.

He recommended that Congress move to authorize executive agencies to better collaborate with the private sector in order to safeguard information into the future. The net result of the data breach could be positive, he said, if it were taken seriously.

“It might do good things for operational security across the Pentagon if large numbers of clearance holders became concerned,” Borene said. “It might help to raise individual awareness about responsibility.”

If there is stolen personal data that could be used for blackmail, Rosenzweig suggested that the military branches reach out to clearance holders and inform them that they can disclose any threats they receive to the government with no negative consequences. Those targets would likely include more senior troops with more authority and status, he said. And if it is a coordinated enemy attack, Rosenzweig said, the impact may be felt for decades.

“To me, if it’s the Chinese, it’s going to play out over the next 30 years,” he said.



OPM hackers tried to breach other fed networks

Aaron Boyd, Federal Times 4:06 p.m. EDT June 9, 2015




The full scope of the massive data breach at the Office of Personnel Management might be even larger than first reported, though early indications show the attack was likely contained to OPM servers.

On June 4, OPM announced that records on more than 4 million current and former federal employees had been exfiltrated in a breach traced back to December 2014. The agency first noticed malicious activity on its servers in April after installing more robust security tools and discovered in May that sensitive personal information had been stolen.

The breach could extend further, however, as the same threat signature was detected attempting to access other federal networks.

The breach was immediately reported to the FBI for investigation, as well as the Department of Homeland Security, which manages the Einstein cyber threat detection program. The Einstein program is used to block known threats, though it cannot detect new vulnerabilities or attacks until there is an associated threat signature.

Once the attack signature was identified in the OPM breach, the information was put into the Einstein system, allowing agencies to block any future malicious activity along the same threat vector.

However, once the signature was entered into Einstein, the same malicious activity was discovered on other federal systems, according to a DHS official.

Another official said the signature had been identified elsewhere, however no other successful breaches have been attributed to this attack at this time.

An official at the Interior Department, which manages the shared service data center that houses OPM’s servers, said the investigation is ongoing but, as of yet, the breach seems to be contained to OPM.

“There is currently no evidence that data from other customers was exfiltrated,” the official said.

“The Department of the Interior is working closely with OPM, the Department of Homeland Security and the FBI as they investigate this cybersecurity incident potentially affecting personnel data,” an agency spokesperson said. “Interior is employing a comprehensive, multi-pronged remediation strategy to prevent, detect and act against malicious activity on our network in order to respond and recover following an incident.”

Interior representatives declined to comment further, citing the ongoing investigation.


3D Printed UAVs with Embedded Circuitry

June 10, 2015


While we’ve seen how 3D printing has helped advance multiple industries ranging from modern consumer product design and development to medical applications including the process of 3D bioprinting living tissues to be implanted into humans, one area that has been seeing a large amount of development includes the use of 3D printing to design and fabricate Unmanned Aerial Vehicles (UAVs).

Unsurprisingly, the trend can be linked to an overall surge of interest in the unmanned vehicles as both government organizations including the military as well as consumers who are looking to document their action sports adventures or other activities have both been purchasing and developing their own systems at increasingly high rates.

But for all of the hand-built options or options that we’ve seen that have been made through the use of traditional manufacturing methods, the use of 3D printing has been showing significant promise for the near future of UAV design and fabrication – particularly in regards to the ability to embed circuitry into a 3D print during the 3D printing process.

Among others who have been dedicating a significant amount of time towards better understanding and improving upon the process of adding electronic components to UAVs during an additive manufacturing process include a team of researchers at the W.M. Keck Center for 3-D Innovation at the University of Texas at El Paso (UTEP).

“Researchers around the world have struggled to create 3-D printed electronics in the last decade,” said Eric MacDonald, Ph.D., an electrical and computer engineer at the school. “But we here at UTEP have made tremendous gains and have invented several advanced 3-D printing technologies enabling 3-D electronics.”

Among other developments that incorporate multiple materials (3D printed plastic and circuitry) that have been created by MacDonald and the rest of his team include a prototype of a black and orange UAV aircraft with a two-and-a-half-foot wingspan.

To create the designs, the engineers first model the hardware and circuitry using a dedicated CAD tool. Once the plastic and circuitry components have been modeled, they are virtually assembled before the plastic components are prepared to be 3D printed. Once the parts are sent to a 3D printer, they are carefully monitored by an engineer who then embeds the circuitry part way through the 3D printing process – which effectively embeds the circuitry into the final structure of the design.

While the process of embedding the circuitry by hand might be considered tedious by some, the near future will likely include 3D printers that have robotic arms that are synced to the 3D printer’s data that will be capable of embedding the circuitry through an automated command – meaning that creating consumer electronics or other electronic devices such as UAVs could be as simple to create as static 3D printed plastic objects are now. Additionally, this opens up the opportunity to create entirely-customized designs that previously wouldn’t have been possible to produce due to the high expense of manufacturing … such as a fully-customized UAV that’s designed and fabricated for a specific task.

“Someone can quickly redesign a UAV to fit a specific mission,” said Efrain Aguilera, an engineer who worked on the project. “If you need a drone that can fly long distances, you can increase the wing size, or if you need something stealthy, you can make the drone smaller.”




New military retirement system gets Pentagon OK

By Andrew Tilghman, Staff writer 4:45 p.m. EDT June 10, 2015


After months of official silence, the Defense Department on Wednesday sent to Capitol Hill its formal recommendation for transforming military retirement benefits, a move that is likely to clear the way for major changes to become law.

The Pentagon is officially backing a “blended” system that would shrink the size of the current pension by about 20 percent yet supplement that benefit by offering government contributions to individual retirement investment accounts.

The proposed system would provide for the first time a modest retirement benefit for the vast majority of service members who leave the military before reaching 20 years of service to qualify for the traditional pension.

The Defense Department’s recommendations are mostly similar to the legislation that is gaining steam on Capitol Hill and comes at a time when lawmakers are hammering out the details of their annual defense policy bill.

“We believe very strongly in this and I hope that this does become law,” Laura Junor, the principal deputy undersecretary of defense for personnel and readiness, told Military Times in an interview Wednesday.

The Pentagon on Wednesday sent top lawmakers a six-page “white paper” outlining in detail the military’s official position on the retirement reform efforts. Top defense officials will begin meeting with lawmakers on Capitol Hill on Thursday to discuss the details and specific legislative proposals, Junor said.

The Pentagon agrees with Capitol Hill that a future military retirement system should involve individual investment accounts for all troops and provide government contributions to those accounts as part of a Thrift Savings Plan. Money put in a TSP is not available without tax penalties before age 59 and a half.

In effect, the new retirement system would significantly reduce monthly pension income for so-called working-age retirees, but it would restore that money — and potentially more — after veterans reach age 60.

The Defense Department is also urging some modest changes to Capitol Hill’s military retirement reform bills. That includes eliminating a feature backed by the Senate that would give service members retiring after 20 years of service the option to forgo traditional monthly pension checks and instead receive a lump-sum immediately upon leaving military service.

That lump-sum option was criticized as being a bad deal for troops and, in concept, resembling pay-day lenders that charge exorbitant interest rates. The military essentially agreed, noting in it’s memo to Congress that such a lump-sum payment is a “smart financial decision in very limited circumstances” and “proposed computation methodologies … result in relatively small lump sums, while forgone annuities are significant.”

The Pentagon’s new recommendation also includes a substantial adjustment to the lump-sum “continuation pay” bonus that is part of the current proposals.

Specifically, the bills pending before Congress would provide a lump-sum cash payment at the 12th year of service contingent upon service members agreeing to stay in uniform for an additional four years. Those bills guarantee troops a cash payment of at least 2.5 times their monthly basic pay, and the services could increase that for troops in high-demand career fields.

The Pentagon’s proposal, however, would eliminate that guaranteed minimum payment for troops and seeks more flexibility for the services to determine when and how much continuation pay to offer individual troops.

The Pentagon’s “continuation pay” proposal would look similar to the current system of retention bonuses. But the continuation pay would result in more and higher cash payments going to midcareer troops, said Anthony Kurta, the deputy assistant secretary of defense for military personnel policy.

“This is the cost of doing business under a blended retirement system,” Kurta said in an interview.


“As soon as you reduce [the fixed-benefit pension] particularly in those middle years, the eight to 16 years, you are going to lose retention because the pull to 20 [years] from that retirement is less,” he said.

“That is how the whole system works. We have taken some future compensation and we’ve moved it into current compensation — the current compensation is that continuation pay. Without that, and without talking about that, the new system doesn’t work,” he said.

The push to reform military retirement got a boost in January after the Military Compensation and Retirement Modernization Commission completed its two-year study and sent a slate of detailed recommendations to Congress.

For months, the Pentagon avoided taking a position on the proposals and allowed lawmakers to begin crafting legislation. Both the House and the Senate included many elements of the commission’s recommendations in their current bills.

Now the Defense Department’s recommendations, approved by the top officers from each service, are likely to influence Congress as it works toward a final, single compromise version to send to President Obama.

The military’s recommendations include:

•Shrinking the size of the current pension by 20 percent

•Automatically creating TSP accounts for all troops and beginning government contributions equal to 1 percent of basic pay.

•Automatically setting troops’ voluntary personal contributions to the TSP at 3 percent of basic pay.

•Allowing troops to opt out of that 3 percent voluntary contribution of basic pay only after completing financial literacy training at their first duty station.

•Allowing the TSP to “vest” and be legally transferred to individual service members after two years of service.

•Beginning the government’s dollar-for-dollar match of individual troops’ out-of-pocket TSP contributions, up to 5 percent of basic pay, after individual troops complete four years of service.​

• Allowing the individual military services to offer “continuation pay” to boost retention in specific career fields for troops with between eight and 16 years of service.

•Allowing government contributions to TPS accounts to continue for the duration of service. (Initial proposals called for stopping those payments after 20 years of service.)


The result would provide government funding up to 6 percent of basic pay for those troops who agree to contribute up to 5 percent of their own pay.

A grandfather clause will give current service members a choice.

The Pentagon recommends a new retirement system taking effect in January 2018 and giving current troops at that time two years to decide whether to opt into the new system and begin accruing money in a TSP or to exercise the grandfather clause and remain under the current system.

Defense officials say the proposed plan does not amount to an overall reduction in the benefit.

“One of the joint chiefs’ requirements was that whatever blended plan we came up with, it has to preserve a nearly equivalent lifetime benefit,” Junor said.

The value of the government benefit will depend on the extent troops contribute their own out-of-pocket cash.

“If you completely opt out and never get anything more than 1 percent, obviously you will be worse off than the current plan,” Junor said.

“But even if you hold tight at 3 percent, you will be about the same [as the current system] over your lifetime,” she said. “For those who are financially savvy and contribute 5 percent, they will do a lot better than the current system.”

Adopting a new system will probably save some money for taxpayers, but how much remains unclear. The initial projection is that adoption of the Pentagon’s proposed system would save less than $1 billion each year initially and about $1.2 billion annually in the long run.

The Defense Department projects it will have to pay out matching TSP contributions equal to about 4 percent of total basic pay, but that will depend on the decisions made by millions of service members.

“The likelihood is that it will save us money, but we can’t really forecast with great accuracy how much because of the labor market variable, because of the opt-in rates in the short run,” Junor said.

“We are reasonably sure that it is not going to be an additional bill to the department.”



Hackers May Have Obtained Names of Chinese With Ties to U.S. Government



WASHINGTON — Investigators say that the Chinese hackers who attacked the databases of the Office of Personnel Management may have obtained the names of Chinese relatives, friends and frequent associates of American diplomats and other government officials, information that Beijing could use for blackmail or retaliation.

Federal employees who handle national security information are required to list some or all of their foreign contacts, depending on the agency, to receive high-level clearances. Investigators say that the hackers obtained many of the lists, and they are trying to determine how many of those thousands of names were compromised.

In classified briefings to members of Congress in recent days, intelligence officials have described what appears to be a systematic Chinese effort to build databases that explain the inner workings of the United States government. The information includes friends and relatives, around the world, of diplomats, of White House officials and of officials from government agencies, like nuclear experts and trade negotiators.

“They are pumping this through their databases just as the N.S.A. pumps telephone data through their databases,” said James Lewis, a cyberexpert at the Center for Strategic and International Studies. “It gives the Chinese the ability to exploit who is listed as a foreign contact. And if you are a Chinese person who didn’t report your contacts or relationships with an American, you may have a problem.”

Officials have conceded in the briefings that most of the compromised data was not encrypted, though they have argued that the attacks were so sophisticated and well hidden that encryption might have done little good.


The first attack, which began at the end of 2013 and was disclosed in the middle of last year, was aimed at the databases used by investigators who conduct security reviews. The investigators worked for a contracting firm on behalf of the Office of Personnel Management, and the firm was fired in August.

The broader attack on the personnel office’s main databases followed in December. That attack, announced last week, involved the records of more than four million current and former federal employees, most of whom have no security clearances.

White House and personnel office officials have provided few details about the latest breach. But the Department of Homeland Security has been telling outside experts and members of Congress that it regards the detection of the attack as a success, because it made use of new “signatures” of foreign hackers, based on characteristics of computer code, to find the attack.

In a statement, the personnel office said Wednesday that “it was because of these new enhancements to our IT systems that O.P.M. was able to identify these intrusions.” But the detection happened in April, five months after the attack began.

The list of relatives and “close or continuous contacts” is a standard part of the forms and interviews required of American officials every five years for top-secret and other high-level clearances, and government officials consider the lists to be especially delicate.

In 2010, when The New York Times was preparing to publish articles based on 250,000 secret State Department cables obtained by WikiLeaks, the newspaper complied with a request by the department to redact the names of any Chinese citizens who were described in the cables as providing information to American Embassy officials. Officials cited fear of retaliation by the Chinese authorities.

Officials say they do not know how much of the compromised data was exposed to the Chinese hackers. While State Department employees, especially new ones, are required to list all their foreign friends, diplomats have so many foreign contacts that they are not expected to list them all.

But other government officials are frequently asked to do so, especially in interviews with investigators. The notes from those interviews, conducted by a spinoff of the personnel office called the United States Investigative Service, were obtained by hackers in the earlier episode last year.

Intelligence agencies use a different system, so the contacts of operatives like those in the C.I.A. were not in the databases.

But the standard form that anyone with a national security job fills out includes information about spouses, divorces and even distant foreign relatives, as well as the names of current or past foreign girlfriends and boyfriends, bankruptcies, debts and other financial information. And it appears that the hackers reached, and presumably downloaded, images of those forms.

“I can’t say whether this was more damaging than WikiLeaks; it’s different in nature,” said Representative Adam B. Schiff, a California Democrat who is a member of the House Intelligence Committee, which was briefed by intelligence officials, the Department of Homeland Security and the personnel office on Tuesday. Mr. Schiff, who declined to speak about the specifics of the briefing, added, “But it is certainly one of the most damaging losses I can think of.”

Investigators were surprised to find that the personnel office, which had already been so heavily criticized for lax security that its inspector general wanted parts of the system shut down, did not encrypt any of the most sensitive data.

The damage was not limited to information about China, though that presumably would have been of most interest to the hackers. They are likely to be particularly interested in the contacts of Energy Department officials who work on nuclear weapons or nuclear intelligence, Commerce Department or trade officials working on delicate issues like the negotiations over the Trans-Pacific Partnership, and, of course, White House officials.

In a conference call with reporters on Wednesday, Senator Angus King, an independent from Maine on both the Intelligence Committee and the Armed Services Committee, called for the United States to retaliate for these kinds of losses. “Nation-states need to know that if they attack us this way, something bad is going to happen to their cyberinfrastructure,” he said.

But Mr. King said he could not say if the attacks on the personnel office were state-sponsored, adding, “I have to be careful; I can’t confirm the identity of the entity behind the attack.” The Obama administration has not formally named China, but there has been no effort to hide the attribution in the classified hearings.

The scope of the breach is remarkable, experts say, because the personnel office apparently learned little from earlier government data breaches like the WikiLeaks case and the surveillance revelations by Edward J. Snowden, both of which involved unencrypted data.

President Obama has said he regards the threat of cyberintrusions as a persistent challenge in a world in which both state and nonstate actors “are sending everything they’ve got at trying to breach these systems.”

The problem “is going to accelerate, and that means that we have to be as nimble, as aggressive and as well resourced as those who are trying to break into these systems,” he said at a news conference this week.

The White House has stopped short of blaming Katherine Archuleta, the director of the personnel office, for the breach, emphasizing that securing government computer systems is a challenging task.


Small Drones Are A Big Danger; Think Flying IEDs: CNAS

By Sydney J. Freedberg Jr.
on June 10, 2015 at 10:34 AM


An Army soldier launches a Raven hand-held drone in Iraq.

WASHINGTON: Sometimes small is beautiful. Sometimes small is lethal. While China and Russia are researching stealthy and armed drones, the drunk intelligence analyst who landed a Chinese-made mini-drone on the White House lawn in last month may be the more worrying sign of things to come.

Afghan and Iraqi guerrillas kludged together murderous roadside bombs with scavenged or homebrewed explosives triggered by cellphones or garage door openers, killing more Americans than any of Saddam’s Scud missiles or main battle tanks. What might similarly ingenious insurgents do with off-the-shelf drones?

“We’re seeing capabilities that were previously the monopoly of major military powers are now accessible…to non-state actors, even individuals,” said Kelley Sayler. She’s an associate fellow at Center for a New American Security and author of a report out this morning, “A World of Proliferated Drones.” (CNAS provided us a copy in advance).

“There’s been a lot of discussion around town, particularly as relates to drones in the national security space about high-end drones,” Sayler told me. “We didn’t really see there being discussion on the range of systems that are available…particularly given the availability of low-end systems, hobbyist drones, even commercial drones.”

The biggest danger in the medium term: swarming technology. As drones get not only smarter but cheaper, an enterprising adversary could buy a bunch and release them all at once, with the drones using insect-like artificial intelligence to converge on their target. Lots of little threats carrying lots of little bombs can add up quickly.

“Particularly if you’re looking at systems that can truly navigate autonomously, using those systems en masse is going to enable you to neutralize a much larger target,” Sayler said, “[and] it’s going to be more difficult to defend against because some of the lower end solutions like shooting the thing out with a shotgun might not necessarily be feasible.”

“Drones will enable airborne IEDs [improvised explosive devices] that can actively seek out US forces, rather than passively lying in wait,” Sayler wrote in the report. “Indeed, low-cost drones may lead to a paradigm shift in ground warfare for the United States, ending more than a half-century…in which US ground forces have not had to fear attacks from the air.”

Sophisticated drones are definitely part of that future threat, she said. But they require the resources of an advanced nation-state to develop and operate, and nation-states tend to be less murderously inventive than low-rent irregulars.

“When we are looking at the higher end systems we are seeing something that would be akin to missiles or manned fighters,” Sayler said. “When you’re looking at traditional state use, you are probably going to find more traditional and restrained uses.”

Guerrillas and terrorists, by contrast, generally have much less capability than nation-states, but they are more likely to use what they have in unexpected ways. Hezbollah has fired a drone with almost 60 pounds of explosives at Israel, although it was detected and shot down. Smaller drones are harder to detect, and states less vigilant than Israel — which has anti-missile systems constantly stopping rockets — might not be set up to detect them.

“We’re more looking at a threat that is rising from unanticipated use where US troops or allied troops are not particularly expecting a threat…. and therefore your countermeasures are not really in place,” said Sayler.

The simplest use of off-the-shelf drones would be to spy on US forces. That kind of low-rent reconnaissance could provide a significant tactical advantage without requiring any modifications. With a little jury-rigging, many widely available drones could carry five to 10 pounds of explosive. That’s hardly the same as a vehicle-flipping 500-lb roadside bomb, but it’s enough to kill.

The good news is that if you are aware of the threat, there are plenty of ways to stop it. “If you know these systems are coming … you can shoot them down with a shotgun,” Sayler said. Or, if you’d like to fight robotic fire with fire, there are specialized “drone-hunting drones” that catch unauthorized flying objects in a net.

The easiest way to defend large areas for a long time is jamming. At the very least you prevent the enemy drone from transmitting back intelligence to its operators. For the majority of drones flying today that navigate using either continuous GPS signals or constant remote control by a human, jamming can stop them in their tracks.

The immediate problem is what else you’ll jam. In a wilderness or free-fire war zone, the electronic collateral damage might not matter. In urban counterinsurgency, peacekeeping, or policing, however, you’ll turn the local population against you quickly if you’re constantly scrambling their cellphones. Set the jammers to avoid civilian signals like phones and police radios, and you can bet the bad guys will convert their drone controls to use the same frequencies.

The longer-term problem is that drones are getting smarter and more autonomous. “In the next few years we’re going to see technologies like sense-and-avoid systems being incorporated that allow the drone to autonomously navigate around objects,” said Sayler, reducing the need for a GPS signal or constant human supervision. That makes the coming swarm much harder to stop.



Rasmussen Reports

What They Told Us: Reviewing Last Week’s Key Polls

Bottom of Form

Saturday, June 13, 2015

Some Americans think this checks-and-balances thing is overrated. 

President Obama who bypassed Congress to reshape his health care law and to change the nation’s immigration policy is now upset that the courts may find those unilateral actions unconstitutional. At the same time, in a separate case, the U.S. Supreme Court is expected to rule any day now on the constitutionality of some of the subsidies provided under Obamacare for low-income Americans to buy health insurance.

The president complained earlier this week about the courts standing in his way and fired a warning shot across the bow of the Supreme Court. The system of checks and balances between the executive, legislative and judicial branches of government was designed by the Founding Fathers to assure that a consensus was achieved before national legislation could be implemented.

But 31% of voters think it is more important for government to operate efficiently than it is to preserve our system of checks and balances. 

Twenty-six percent (26%) say the president should have the right to ignore federal court rulings if they are standing in the way of actions he feels are important for the country.

Over half of voters now think Obama has been less faithful to the Constitution than previous presidents when it comes to the executive actions he has taken in the White House.

The president – and leading Republican White House hopeful Jeb Bush – are apparently tone-deaf to the voters when it comes to Ukraine, too. They’re pushing for tougher sanctions on Russia over its involvement in the political crisis in Ukraine, and a bipartisan group of senators wants to do even more by sending additional military aid into the region. Voters still don’t consider Ukraine an important national security issue for America and worry more about our worsening relationship with Russia.

One-out-of-two voters (49%) believe U.S. government policies in the last five years have hurt America’s relations with most other countries. Just 28% think those policies have helped this nation’s standing in the world.

  No wonder then that a sizable number of voters think it’s time for a major new political party because Republicans and Democrats aren’t getting the job done.

That’s no surprise to our regular readers because in surveying last fall, fewer voters than ever felt either major political party has a plan for the nation’s future, with most still convinced that neither represents the American people.

But do voters have more in common with 2016’s presidential contenders than they have had with the candidates in years past?

Rick Perry who recently stepped down as the longtime governor of Texas has announced that he is running again for the Republican presidential nomination, and GOP voters see him just outside the pack of early front-runners.

Lincoln Chafee who held statewide office in Rhode Island both as a Republican and as an Independent is the latest Democratic presidential hopeful, but he has an uphill battle in his bid to become the party’s nominee.

Some pundits have suggested that liberal darling Michael Bloomberg, the former mayor of New York City, should jump into the race for the Democratic presidential nomination, but is Bloomberg really a threat to frontrunner Hillary Clinton?

Supporters for giving the president expanded powers to negotiate trade agreements hoped to push the necessary legislation through Congress by the end of this week. Just over half (51%) of voters still believe it is more important for Congress to pass good legislation as opposed to preventing bad legislation from becoming law, but that’s the lowest level of support in nearly two years. Forty-one percent (41%) now think it’s more important for Congress to stop bad laws from being enacted.

Americans are more likely now to see free trade agreements as job killers.

The president’s daily job approval rating took a turn for the worse at week’s end. Developing trend or just a statistical hiccup? We’ll see

In other surveys last week:

Thirty percent (30%) of voters think the country is headed in the right direction.

— Most voters are unaware that more legal immigrants come to the United States each year than those who enter illegally.

Voters still tend to see no need for more gun control in America and remain strongly opposed to a complete ban on handguns. But semi-automatic and assault-type weapons are another story.

— Americans still overwhelmingly prefer living in a neighborhood where they have the option of owning a gun rather than living where nobody is allowed to be armed.

Are Americans ready to adopt the international metric system of measurement?


From → Uncategorized

Comments are closed.

%d bloggers like this: