Skip to content

June 27 2015

June 29, 2015

 


27 June 2015

Newswire

Blog URL https://newswirefeed.wordpress.com/

 

 

How America Broke Its Drone Force

David Axe

http://www.thedailybeast.com/articles/2015/06/20/how-america-broke-its-drone-force.html

06.20.1512:10 AM ET

 

The Pentagon’s generals amassed an unmanned armada. Then they ran it into the ground.

In a tent at Nellis Air Force Base on the northern edge of Las Vegas, the officer in charge of a U.S. Air Force drone unit strolled into a meeting with the 20 or so pilots and sensor operators under his command. It was in the winter of 2005-2006, and the officer just wanted to try out some ideas he had for boosting unit morale, he recalled later in a conversation with an Air Force historian.

But it was too late. The drone crews from the 15th Reconnaissance Squadron were already “so bitter and angry,” the flight commander remembered. And when he opened his mouth, the drone operators actually booed.

United States Air Force Maj. Casey Tidgewell (R) and Senior Airman William Swain operate an MQ-9 Reaper from a ground control station August 8, 2007 at Creech Air Force Base in Indian Springs, Nevada. The Reaper is the Air Force’s first ‘hunter-killer’ unmanned aerial vehicle (UAV) and is designed to engage time-sensitive targets on the battlefield as well as provide intelligence and surveillance. The jet-fighter sized Reapers are 36 feet long with 66-foot wingspans and can fly for as long as 14 hours fully loaded with laser-guided bombs and air-to-ground missiles. They can fly twice as fast and high as the smaller MQ-1 Predators reaching speeds of 300 mph at an altitude of up to 50,000 feet. The aircraft are flown by a pilot and a sensor operator from ground control stations. The Reapers are expected to be used in combat operations by the United States military in Afghanistan and Iraq within the next year.

Ten years after the Predator drone first flew spy missions for the Air Force, and four years after the U.S. added missiles to the airborne robots to transform them into remote-controlled killing machines, the overworked, under-appreciated community of men and women who actually fly and maintain the Predators hit rock bottom.

And stayed there. For another decade. Drones continued to play a larger and larger role in conflicts around the globe. But no one in charge—from the president to the secretary of defense to the generals overseeing America’s wars—seemed to appreciate that drones require people. More than ten thousand people, in fact. And those people are tired.

It doesn’t help that a Predator, built by California firm General Atomics, is also an unnecessarily labor-intensive bit of technology.

“It’s at the breaking point, and has been for a long time,” a senior Air Force official told The Daily Beast earlier this year. “What’s different now is that the band-aid fixes are no longer working.”

Now the Air Force is taking truly desperate measures. Realizing that business-as-usual could result in a total collapse of America’s vital robot squadrons—and soon—the flying branch is bucking the ever-increasing demand for drone surveillance.

Reversing a 20-year trend of expansion, the Air Force is actually reducing by nearly 10 percent the number of Predator “combat air patrols,” or CAPs, it makes available to the president, the Pentagon brass and generals overseas.

“Cutting CAPs? That never happens,” said Col. Brent Caldwell, commander of the 726th Operation Group at Creech Air Force Base, a drone hub in the desert north of Las Vegas.

To be clear, the Air Force will still possess a lot of drones—more, in fact, than the rest of the world, combined. And those drones will still spy on and occasionally kill America’s enemies. But an era is ending. Where once it might have seemed that the Air Force’s robot arsenal would only grow and grow, now we know that arsenal has a practical limit. The drone force has peaked—at least for a while.

But the cuts are absolutely necessary, according to Col. James Cluff, the top officer in the 432nd Wing at Creech, which oversees most of the Air Force’s drones and drone operators. “We’re going to get to a level we can afford and can train to,” Cluff said, “and that’s got to be enough.”

 

WEARY WARRIORS

As it turns out, operating the Air Force’s growing fleet of killer drones takes a lot of hard work by a lot of people. More than a hundred folks for each robot, in fact—including pilots, sensor operators, intelligence analysts, communications specilists, maintenance techs, bomb-armers and others.

Small teams scattered at secretive airfields all over the world launch and land the drones using line-of-sight radio connections—like steering a remote-controlled toy plane. Once the robot is airborne, the local crews pass control to pilots and sensor operators sitting in trailers at Creech and other bases in the United States. Connected to the drone via satellite, the U.S.-based crews see what the robot sees, tell it where to go and when to fire missiles or drop bombs.

All told, the Air Force employs nearly 11,000 drone operators and can keep 65 Predators and Reapers at a time in the air over Iraq, Syria, Pakistan, Afghanistan, Yemen, Somalia and other war zones. All at a cost of around $4 billion a year.

And remember, the CIA has some Predators of its own and also sometimes takes charge of the Air Force’s drones for secret missions.

It’s a massive organization, but that wasn’t always the case. And therein lies the problem. America’s drone air force has expanded fast. The Army deployed its first Predator to the Bosnia war in 1995. Six years later Predators were patrolling over Afghanistan, but the flying branch still possessed just a handful of them. By 2004—a year into the Iraq war—the Air Force could keep five Predators at a time in the air. That number swelled to eight in 2005, 11 in 2006, and 18 a year later.

All told, the Air Force employs nearly 11,000 drone operators and can keep 65 flying robots at a time in the air over Iraq, Syria, Pakistan, Afghanistan, Yemen, Somalia and other war zones. All at a cost of around $4 billion a year.

Commanders still wanted more. And with Pres. George W. Bush and Congress pouring more and more money into the military, cost wasn’t an obstacle. “We’re going to tell General Atomics to build every Predator they can possibly build,” Air Force Gen. John Jumper, then the flying branch’s top officer, said in 2007. At the time, a single Predator cost around $5 million.

General Atomics began offering the bigger, more powerful Reaper—which is four times heavier than the Predator, twice as fast, flies twice as high and carries six times as many weapons. The Air Force got its first Reapers in 2007. The number of CAPs—that is to say, the quantity of Predators and Reapers in the air at any given moment—jumped to 33 in 2008.

That was the year that then-Defense Secretary Robert Gates famously griped about what he saw as the Air Force’s reluctance to invest in drones and other surveillance technology. “It’s been like pulling teeth,” Gates said.

But the numbers tell a different story. Drone CAPs swelled to 38 in 2009 and 47 the following year. By then, the Air Force’s drones were recording 1,000 hours of overhead video every day, according to Lt. Gen. Larry James, then the branch’s top officer for surveillance.

Still, Gates demanded more. In 2011, he ordered the Air Force to put 65 Predators and Reapers at a time in the air “as fast as possible”—and then be prepared to add even more drones, perhaps another 20.

Now, compared to the military build-ups of previous decades, the drone ramp-up might seem modest. After all, during World War II the Air Force grew from 6,800 planes in 1941 to 80,000 three years later. The difference is that the entire U.S. economy mobilized for wartime production during that war, but no such mobilization has taken place for the today’s comparatively much less intense conflicts. The Pentagon’s budget has grown, but it hasn’t grown tenfold. Indeed, in recent years automatic “sequestration” budget cuts have kept military spending flat.

The Air Force balked. Brig. Gen. David Goldfein, then one of the senior officers in charge of drones, wrote a memo declaring Gates’ edict “both unexecutable and unreasonable.” The Air Force asked Gates to be content with between 50 and 59 CAPs, but the defense secretary stuck to his guns.

The wars never ended. And so year after year, the drone operators at Creech and other bases worked almost non-stop.

Reluctantly, the flying branch added more drones—and more people to operate them—reaching 65 CAPs in mid-2014.

The way the Air Force describes it, the unrelenting expansion never allowed the branch to put in place the procedures for smoothly recruiting and training new drone crews.

“The explosion in demand had created a snowball effect that never allowed the… staff to take a pause and say, ‘Let’s normalize all the processes that we should be doing,'” the Air Force reported in one of its official annual histories from 2012. “Instead, normalization was put off to some future date after the pace of combat operations slowed down.”

But the wars never ended. And so year after year, the drone operators at Creech and other bases worked almost non-stop. “Your work schedule was 12-hour shifts, six days a week,” the Nellis flight commander who got booed in 2005 or 2006 told an Air Force historian. “You were supposed to get three days off after that, but people often got only one day off. You couldn’t even take your 30 days of annual leave; you were lucky to get 10.”

 

PERMANENTLY TEMPORARY

It didn’t help that the Air Force never actually had time to refine the ground station where crews sit and control Predators and Reapers. The very first station was a test model, developed by and for engineers working on the first prototype drones. It was never meant for pilots—to say nothing of combat.

Which is why the screen that tracks the health of the drone’s subsystems displays healthy systems in red graphics. Traditionally in cockpits, red means emergency. And why the Air Force had to add extra screens and keyboards to the bare-bones control station as it added new sensors and other enhancements to the basic Predator, resulting in a chaotic, confusing spread of a dozen screens, four keyboards and four joysticks for a single, two-person crew.

MQ-9 Reaper Primary function: Unmanned hunter/killer weapon system. Speed: 230 mph. Dimensions: Wingspan 66 ft.; length 36 ft.; height 12.5 ft. Range: 3,682 miles. Armament: AGM-114 Hellfire missiles; GBU-12, GBU-38 JDAM. Crew: Pilot and sensor operator on the ground. (U.S. Air Force photo/Staff Sgt. Brian Ferguson) SSgt Brian Ferguson/USAF

Most bizarrely, the early control stations included a telephone that commanders overseas could use to call in target locations. But the phone didn’t integrate with the crew’s radio headsets.

So if a pilot got a call from some commander in, say, Afghanistan—perhaps screaming coordinates for an urgent air strike—the pilot had to wedge the phone between his ear and shoulder next to his radio headset. Meanwhile his hands were busy dancing between joysticks and keyboards, performing the hundred little tasks that kept a Predator in the air and on the prowl.

Finally this year, a drone operator at Creech figured out a way to rewire the phone so calls pipe into the crews’ headsets.

The early control stations included a telephone to call in target locations. But the phone didn’t integrate with the crew’s radio headsets. So if a pilot got a call for an urgent air strike, he had to wedge the phone between his ear and shoulder next to his radio headset.

Overworked and stuck using awkward controls, the drone squadrons developed a reputation for awful work conditions—a rep so bad that the units had a hard time attracting volunteers. So the Air Force yanked pilots from fighter and bomber squadrons to fill out the drone units.

That only made the morale problem worse. “When you have mainly a non-vol[untary] community, what do you expect?” the booed flight commander said. “It’s not going to be a happy place.”

It was around 2011 when the Air Force started panicking. It stopped forcing pilots to join the drone squadrons, but that created a manpower gap. Planners filled it by reassigning instructors from training squadrons to combat squadrons. But that opened up a training gap that meant existing crews had to stay on the job longer, as there were too few new crews to replace them while also steadily expanding the overall drone force.

The drone operators at Creech “are constantly in the fight,” Cluff said. “Some have flown combat straight for three, four, five years.”

 

UNMANNED SHRINKS

Worried about the drone crews’ mental health, in 2011 the Air Force assigned one of the branch’s top psychologists to Creech—a man with a mission so sensitive and so important to these secretive operations that the Air Force won’t even divulge his name.

The anonymous psychologist, along with several doctors and chaplains—all with top-secret clearance, a rarity in their career fields—formed their own “human performance team.” It hangs around the Predator and Reaper squadrons at Creech, constantly assessing the crews’ mental, physical, and emotional health—and offering little tips for minimizing stress and maximizing efficiency.

“We spend a lot of time talking about fatigue,” Maj. Maria Gomez-Mejia, the team’s physiologist, told The Daily Beast. Most of the advice is pretty standard. She said she advises crews to eat right, exercise, avoid drinking too much alcohol and caffeine, and abstain from staring at sleep-disrupting electronic devices right before bedtime.

On occasion, drone crews approach Creech’s doctors asking for “go pills,” legal amphetamines that some pilots pop while, say, flying their single-seat fighter jets across the Atlantic Ocean. But Lt. Col. James Senechal, a “flight doctor” at the desert base, said he’s never given out the pills.

After all, drone squadrons are always busy. If you need amphetamines just to handle a Tuesday, you’re going to need them for Wednesday, Thursday and Friday, too. “If someone is exhausted or incapable, our approach here is it’s better to take a knee,” Senechal explained. Creech will give crews short rest breaks on request, with no negative repercussions.

Even senior officers at the base have asked for down time—and gotten it. A sign on the road leading out of Creech asks drivers if they’re too tired to make it the full 50 miles back to Las Vegas, where many drone operators lives. Free local overnight lodging is available on request, the sign states.

But all these measures are band-aids on a gaping wound. In 2012, the Creech performance team surveyed 1,300 of the base’s 3,900 personnel—and the results were startling. 53 percent complained of manpower shortages. 42 percent said the Air Force assigned them too many administrative tasks. 41 percent complained about working weird hours. 40 percent said shifts were too long. 39 percent said they weren’t getting enough sleep.

The psychologist warned that all this strain can have a “cumulative effect.”

“You get to a point where nothing is going to help but sleep,” Gomez-Mejia said.

This summer, the Air Force resolved that its drone operators were finally going to get some rest. The final straw, Cluff said, was ISIS—the self-proclaimed Islamic State.

Back in 2013, with the last U.S. troops out of Iraq and the war in Afghanistan winding down, the Pentagon assumed demand for drone flights would drop. The Air Force would still be able to put 65 Predators and Reapers in the air—but maybe it wouldn’t have to.

“There was a belief on the part of the government that, as we came out of Iraq and Afghanistan, we could reconstitute,” Cluff said. “But the world situation changed.” Islamic State militants invaded Iraq in mid-2014, compelling the Air Force to surge drones to Kuwait for patrols over Iraq and Syria.

And responding to Taliban assaults on the rickety Afghan government, late last year Pres. Barack Obama slowed the pace of the U.S. withdrawal. As many as 10,000 American troops—and their drones—would remain in Afghanistan through 2015.

Between August and June, Air Force Predators and Reapers flew some 3,300 missions over Iraq and Syria, striking 875 targets. The drones are busier than ever. With no sudden outbreak of peace to give the drones crews the break they’ve needed for a decade, the Air Force recently decided it would unilaterally cut its CAPs from 65 to 60.

It’s a move with major fallout. Fewer drones in the air means fewer crews sitting behind clunky controls for 10 hours at a time. Fewer crews in combat means instructors can return to training new operators to replace worn-out ones. In theory, the 10-percent cut in patrols will finally allow the Air Force to take care of its drone operators. But the cut also means fewer drones overhead keeping an eye on—and striking—Islamic State, the Taliban, al Qaeda and other nefarious actors.

“The Air Force’s decision is to ensure we can support the president and decision-makers for years to come,” Cluff said. “That’s why we’re attacking the manning problem now.”

So far, the Pentagon has not signaled it will override the Air Force’s decision. Through overuse and bad planning over a period of 20 years, America broke its drone squadrons. Maybe now it can fix them.

 

Notifications start going out to federal employees affected by data breach


http://www.stripes.com/notifications-start-going-out-to-federal-employees-affected-by-data-breach-1.353754

By Seth Robson

Stars and Stripes

Published: June 22, 2015

 

YOKOTA AIR BASE, Japan — The Office of Personnel Management has started informing millions of federal employees that it may have lost control of their personal information in a data breach discovered earlier this month.

Hackers, who unnamed U.S. officials say have ties to the Chinese government, appear to have broken into the computer system run by OPM and compromised the personal information of up to 14 million government and military employees, according to The Associated Press.

A message from DOD’s chief information officer sent Monday to U.S. personnel in Japan said OPM has begun notifying about 4 million federal civilians who may have been victims of the breach.

“This incident affects current and former federal, including DOD, personnel,” the message said.

Military records were not part of the data breach, and the only contractors who may have been affected are those who previously held federal civilian positions, the message said.

U.S. personnel stationed in Japan started receiving notification emails over the weekend saying their information may have been compromised.

The agency “recently became aware of a cybersecurity incident affecting its systems and data that may have exposed your personal information,” OPM Chief Information Officer Donna K. Seymour said in an email received Saturday. Compromised data may include people’s names, social security numbers, dates and places of birth and current or former addresses, she said.

“OPM takes very seriously its responsibility to protect your information,” Seymour said in the email. “While we are not aware of any misuse of your information, in order to mitigate the risk of potential fraud and identity theft, we are offering you credit monitoring service and identity theft insurance through CSID, a company that specializes in identity theft protection and fraud resolution.”

Affected individuals will receive a complimentary 18-month subscription to CSID Protector Plus, a service that monitors the Internet and public records for evidence of identity theft. Those affected, regardless of whether or not they enroll in CSID’s service, will get $1 million of identity-theft insurance through Dec. 7, 2016.

However, Seymour added that her message doesn’t mean OPM or the U.S. government accepts liability for losses that might occur from the data breach. Any alleged issues of liability are determined solely in conformance with appropriate federal law, she said.

Employees should note that neither OPM nor any company acting on its behalf will contact them to confirm personal information, Seymour said.

“If you are contacted by anyone purporting to represent OPM and asking for your personal information, do not provide it,” she said.

Monday’s message from DOD’s chief information officer said OPM started email notifications June 8 but that DOD suspended them after recognizing “the inherent security concerns in this methodology.”

DOD notifications were suspended until an improved, more secure notification and response process was in place, the message said.

 

OPM breach a failure on encryption, detection

http://www.federaltimes.com/story/government/omr/opm-cyber-report/2015/06/19/opm-breach-encryption/28985237/

Aaron Boyd, Federal Times 10:18 a.m. EDT June 22, 2015

 

The biggest misstep in the breach of Office of Personnel Management networks was not the failure to block the initial breach but the lack of encryption, detection and other safeguards that should have prevented intruders from obtaining any useful information.

The data stolen in the massive OPM breach was not protected by practices like data masking, redaction and encryption — all of which should become the norm, rather than the exception, Rep. Elijah Cummings, D-Md., said during a hearing held by the House Committee on Oversight and Government Reform.

“We cannot rely primarily on keeping the attackers out. We need to operate with the assumption that the attackers are already inside,” he noted.

But OPM CIO Donna Seymour pointed to aging systems as the primary obstacle to putting such protections in place for certain systems, despite having the encryption tools on hand. As a result, data on at least 4.2 million current and former federal employees was compromised from one database and an untold number of background investigations were exposed in another.

“A lot of our systems are aged,” said Seymour. “Implementing some of these tools take time and some of them we cannot even implement in our current environment.”

Not all experts agree. Kurt Rohloff, associate professor at the New Jersey Institute of Technology and director of the NJIT Cybersecurity Center questioned the claim that legacy systems can’t support encryption.

“The statement that legacy systems cannot encrypt may not be completely true,” Rohloff said. “It may be very expensive to integrate encryption technologies with legacy systems but it is generally possible.”

OPM is currently “building a new architecture, a modern architecture that allows us to implement additional security features,” Seymour said, stating it is on schedule to be deployed this fall. Once that architecture is in place, the agency will be able to employ stronger data protection schemes, she said.

Even if the information had been encrypted, that might not have been enough to stop attackers from getting usable data from this intrusion, OPM Director Katherine Archuleta told the committee, asking DHS Assistant Secretary for Cybersecurity and Communications Andy Ozment to explain further.

“If an adversary has the credentials of a user on the network, then they can access data even if it’s encrypted, just as the users on the network have to access data, and that did occur in this case,” Ozment said. “So encryption in this instance would not have protected this data.”

The only way to prevent malicious actors from obtaining useful data in this case would have been timely detection of the intrusion.

“It’s basically impossible for a target of any real size to be perfect across that whole exposed area,” said Richard Bejtlich, chief security strategist at FireEye and nonresidential senior fellow at the Brookings Institution. “When the intruder gets that first foothold, somebody has to notice and then react to contain the intruder before he can accomplish his mission.”

Despite the speed of computer processing, it still can take hours, days, maybe even weeks for bad actors to find their way around a system and effectively exfiltrate the data.

“If at any point during that timeline you notice they got in … and you contain them, then you win, Bejtlich added. “That’s the difference between a breach where something catastrophic happens and unauthorized access, which is just getting that initial foothold.”

OPM was part of a second set of task orders on DHS’s Continuous Diagnostics and Mitigation (CDM) program, which gives agency’s the tools to track all the assets on their networks and detect anomalies. This functionality, coupled with identity and access management tools slated for the next phase of CDM, could have helped OPM spot the intruders.

Even if the hackers had valid credentials, if they were used from an unusual IP or were discovered accessing information in a database that user should not be in, OPM security officials could have seen something was amiss.

Unfortunately, the first phase of CDM implementation won’t be finished until later this year and solicitations for the second phase are slated for this summer.

“No single system will solve this problem,” Ozment said. “We do need a defense-in-depth strategy.”

 

 

Inside the Air Force’s drone operations

By Brian Everstine, Staff writer 8:42 a.m. EDT June 22, 2015

http://www.airforcetimes.com/story/military/2015/06/22/air-force-drone-operations-creech/28881503/

 

CREECH AIR FORCE BASE, Nevada — The tasking order came in over one of the several computer screens in the extremely cold, air-conditioned metal hut in the middle of the Nevada desert.

Reaper 27, an MQ-9 remotely piloted aircraft with its crew of pilot Maj. Bert and sensor operator Senior Airman Shontae, is tasked with “route sanitation,” protecting a friendly convoy as it attempts to locate and apprehend a high-value target. The threats are outlined: IEDs, ambush points, several enemy fighters along the route.

“Fight on,” Bert says into his headset as he takes the reigns of the MQ-9, the Air Force’s next generation workhorse of a remotely piloted aircraft that is exceedingly busy in fights abroad.

For Bert and Shontae, this recent training mission is the one they fly per month, on average. The RPA operator and sensor operator career field is so busy that they fly operational missions more than six hours every day, with an opportunity to train just once per month. (Fore security reasons the Air Force requested that RPA crews be identified by their first names.)

The Reaper’s cameras zoom in on an insurgent down the road from the “friendly convoy.” The contracted actor stands in the road, firing a fake AK-47 as the Reaper team targets a mock Hellfire missile.

“Splash,” Bert radios as the missile hits, setting off small scale pyrotechnics on the ground to signify a missile hit. .

Air Force leadership recently decided that there has been so much disinformation about its remotely piloted aircraft — the service is battling against the use of the word “drone.” To address this, the service invited a small group of reporters to Creech Air Force Base to watch RPA training, speak with operators and see how the service is addressing morale issues among its RPA operators.

Creech officials repeatedly remind visitors that even though the base sits 45 minutes north of Las Vegas, it is constantly at war. RPA pilots and sensor operators make the drive from their homes, and enter the mobile sheds on base to take control of an aircraft with live weapons over an active battlefield across the globe.

“These aren’t kids flying video games out of their mothers’ basement. These are professional airmen,” Col. Jim Cluff, commander of the 432nd Wing at Creech, said. “The mission our government has given them has said you will fly your wartime mission from the USA. I want them to have a warrior mentality when they walk through that gate.”

The base is responsible for providing intelligence, surveillance and reconnaissance across four combatant commands, those controlling special operations, Africa, Europe and the Middle East. Ninety-nine percent of what the wing does doesn’t include airstrikes, Cluff said. For the remaining part of the mission, the unit follows the same rules of engagement as other aircraft.

“Our targeting is very deliberate,” Col. Julian Cheater, commander of the 432nd Operations Group at Creech, said. “For close air support, we receive information through a secret phone, radio or secret chat. Our targeting is a lot more refined. The clearance is given through a ground commander, be it a first lieutenant right up through the president of the United States, on the authority to engage those targets.”

The men and women of the wing have continued to see high operational requirements in the battle against the Islamic State group, with MQ-1 Predators and Reapers responsible for 3,300 sorties and 875 airstrikes.

 

“We are engaged in every facet of (Operation Inherent Resolve),” Cluff said. “We’re involved because of our persistence, because of what we bring to the fight, we are involved in every engagement.”

This continued operation means very limited training opportunities for the airmen responsible for flying the aircraft. This means limited chances to address common issues, such as a pilot’s ability to control the aircraft on the correct approach for a strike, or the best crosshair placement for airstrikes, to the biggest problem facing RPA aircrews: undermanning. The service simply does not have enough RPA pilots, and will not see enough in the foreseeable future. The service is trying efforts such as increased incentive pay to keep pilots around, while the Defense Department has approved a drop in the constant requirement for RPA “combat air patrols” from 65 to 60 to ease the burden on airmen.

The Air Force has said it needs to train 300 pilots per year to keep up with demand, though it was only able to train 180 in fiscal 2014 when it lost 240 pilots.

But even with the demands facing RPA pilots, Bert said he wants to be clear that most airmen tasked with the job do enjoy their work, despite what some have said in media and pop culture.

“I love the mission,” he said. “We are the silent warriors. You know what you do and you know what effect you have.

“It’s not mindless robots. There’s an enormous amount of people behind each mission working really, really hard to get each mission done. It has a huge impact on the theater. Don’t call me a drone. Don’t think I’m mindless. Don’t think I’m sad. I love my job.”

For Shontae, becoming a sensor operator was her first job in the Air Force, fresh from delivering pizza before she enlisted.

“It’s humbling, especially when you can see what you do save others’ lives and the importance of life,” she said. “It’s my first job, I had to grow up quickly. I’m happy to be here, I chose to be here.”

Creech officials have, however, recognized the challenges airmen in the RPA career field face, and have followed Air Force Special Operations Command’s lead in trying to help airmen out. The base, like AFSOC, set up “Human Performance Teams” made up of operational physiologists, operational psychologists, flight medicine and chaplains all with top secret clearances to be able to go out and talk to airmen about issues they may face.

“We want these experts in and among airmen,” Cluff said. “Talking to airmen where they are doing their jobs.”

In 2014, these airmen were responsible for 13 suicide saves on the base, Cluff said.

The team’s goal is to help airmen dealing with challenges such as overwork due to undermanning, shift work problems and fatigue, which have grown to be the biggest problems facing Creech airmen. In a 2012 survey, airmen said their sources of extreme stress were unit manning, extra duties, shift schedule, long hours and a lack of sleep. The biggest problems caused by these issues manifested in relationships, with about 30 percent of the airmen saying their relationships worsened after being assigned to Creech.

To work on this, the Human Performance Team at Creech wants to change the culture at the base so airmen can realize it is OK to come forward and request time off if they are not able to do their job.

“We want to change the culture here,” Lt. Col. James Senechal, a flight doctor with the 99th Aerospace Medicine Squadron, said. “We want to change to a mindset of being proactive, of being preventative … so you are around for the long haul.”

 

No Patch For Incompetence: Our Cybersecurity Problem Has Nothing to Do With Cybersecurity

Adam Elkus    

June 23, 2015 · in Commentary

http://warontherocks.com/2015/06/no-patch-for-incompetence-our-cybersecurity-problem-has-nothing-to-do-with-cybersecurity/

 

On Wednesday, June 17, Reuters reported tersely that the White House “continues to have confidence” in the beleaguered Office of Personnel Management (OPM) chief Katherine Archuleta. This came on the heels of new information that, among other things, the devastating OPM hack may have had something to do with OPM running high-end systems coded in a semi-obsolete programming language without built-in support for modern security practices. Or that OPM gave root system access (for those that don’t speak UNIX, root is privileged system access authority) to foreign contractors in China. No matter, the White House has “confidence” in the woman that ignored a direct warning from the Office of the Inspector General (OIG) cataloging key vulnerabilities in OPM systems, and who also happens to have worked as the national political director for President Obama’s re-election campaign.

It is time to dispense with the smoke and mirrors surrounding the discussion of cybersecurity. For too long, we have persisted in the delusion that cybersecurity and cyberwarfare are difficult and serious threats due to their technological novelty. We have taken refuge in fantastical fears over the looming, Hollywood movie-esque threat of catastrophic cyber-doom. Breathless articles are penned declaring that “cyber” will “change warfare more than the machine gun.” By defining the problem solely in terms of technology, such musings suggest that the solution is technological. This suggests all we need to do is get the best technical talent on the job and things will be fine. However, while patches are issued all the time for bugs and vulnerabilities in computer systems, there is no patch or security update for systematic, glaring incompetence.

 

The OPM hack demonstrates that cyber-silliness may be far more damaging to American national security than even the most fevered scenario of cyber-doom. Put bluntly, the problem lies not in some esoteric computer science problem. Rather, it is a matter of continuously selecting for and rewarding incompetence. Heads have rolled in government for far lesser setbacks than the OPM hack, yet the administration evinces “confidence” in the woman that presided over the wholesale theft of millions of government workers’ sensitive information.

The fact that the White House still has confidence in Archuleta is not surprising. After all, Obama’s cyber czar is a man that boasts about his own technological illiteracy. Cyber czar Mitch Daniels believes that such petty little things as information technology coding and system details are a “distraction” from policy big-think. Yes, dear reader, I am not cyber-shitting you. Daniels, a man tasked to oversee computer systems of enormous complexity and importance, believes that the details of how they work are a “distraction” from his real job: thinking Big Cyber Thoughts.

Certainly no one expected Daniels to have written his own Linux kernel, and government executives obviously should not be subjected to Google-style whiteboard coding exercises to get hired. However, “[a] man’s got to know his limitations,” Clint Eastwood laconically observed in Magnum Force. As former Defense Intelligence Agency Chief Technology Officer and Joint Task Force-Computer Network Defense veteran Bob Gourley noted, Daniels ought to have regarded his own knowledge gaps as something to rectify or compensate for, not spin as a personal advantage.

OPM director Katherine Archuleta is also an unfortunate case in point. Archuleta bragged about thwarting “10 million [cyber] attacks a month,” a claim that computing professionals and cyber policy specialists greeted with open ridicule. As the New America Foundation’s P.W. Singer tweeted, this is a “[u]seless, meaningless number … My pinkie stops 10 million germ attackers every microsecond. Not a measure of health.” Archuleta’s faux-metrics notably gloss over some other numbers of interest — the amount of vulnerabilities Archuletta ignored, the age of OPM’s legacy systems, the numerical user group classification for root access (given to foreigners physically located on the home territory of a U.S. rival), and the number of up-to-date security systems, practices, and protocols that OPM did not use to protect its data.

Despite all of this, the White House is still confident in Archuleta. After the OPM hack, one shudders to think what she would have to do in order to lose the administration’s confidence. Give the Chinese and the Russians secure shell access into the nuclear command and control system computers, maybe? Subcontract out the job to fix OPM to Edward Snowden or the Islamic State’s web development team? Put the full source code of the dwindling number of National Security Agency programs that Snowden hasn’t revealed on Github and invite Iranian hackers to make a pull request?

Unfortunately, there is no patch for systematic incompetence. No amount of money, new cybersecurity authorities and organizations, or smart hackers lured away from Silicon Valley firms will compensate for the depressingly obvious realization that our government does not care about technical expertise or cybersecurity outcomes writ large and is not at all interested in accountability. We cannot simply run the policy equivalent of a software update and solve our cybersecurity problems without grappling with the disturbing nature of what Daniels and Archuleta represent — our policy elites’ tendency to cry “cyber Pearl Harbor” and nonetheless tolerate massive, systematic, and completely unacceptable levels of stupidity.


Adam Elkus is a PhD student in Computational Social Science at George Mason University and a columnist at War on the Rocks. He has published articles on defense, international security, and technology at CTOVision, The Atlantic, the West Point Combating Terrorism Center’s Sentinel, and Foreign Policy.

 

Computer system that detected massive government data breach could itself be at ‘high risk,’ audit finds

http://www.washingtonpost.com/blogs/federal-eye/wp/2015/06/23/effort-to-improve-security-for-federal-employee-records-at-high-risk-of-failure-audit-finds/?wpisrc=al_alert-COMBO-politics%252Bnation

By Eric Yoder June 23 at 12:10 PM 

 

The computer upgrade that federal officials tout as having detected — although not prevented — a massive breach of information on federal employees is itself at high risk of failure, according to a new internal audit.

The independent inspector general’s office within the Office of Personnel Management is conducting a thorough review of the upgrade but issued a “flash audit alert” to top agency leaders “to bring to your immediate attention serious concerns we have” that require “immediate action.”

“There is a high risk that this project will fail to meet the objectives of providing a secure operating environment for OPM systems and applications,” the alert says.

OPM “has initiated this project without a complete understanding of the scope of OPM’ s existing technical infrastructure or the scale and costs of the effort required to migrate it to the new environment . . . In our opinion, the project management approach for this major infrastructure overhaul is entirely inadequate, and introduces a very high risk of project failure,” it says.

The alert is dated June 17, the same day that top OPM officials participated in a contentious House hearing about two separate breaches, one involving personnel records of current and former federal workers and one involving security clearance application files.

The breach of OPM’s security-clearance computer system happened a year ago, giving Chinese government intruders considerable time to explore the sensitive data and identify information that they wanted to steal, according to details disclosed last week.

The compromise of that system — which includes a wealth of personal, family and financial details on millions of current, former and prospective federal employees and contractors — was uncovered in early June and goes back about a year, government officials said.

The discovery that the security-clear system had been infiltrated came after the detection in April of the compromise of a separate OPM personnel database that contains the personal information, including Social Security numbers, of 4.1 million current former federal employees.

The release of the IG’s audit comes as Congress is set to hold three more hearings this week on the issue and amid growing calls for more disclosure and accountability from OPM.

At last week’s hearing, members of both parties criticized OPM for failing to respond to prior reports from the inspector general warning of vulnerabilities in it computer systems. Those warnings included recommendations, not carried out, that OPM consider shutting down certain systems that did not meet certain security standards.

In response to those criticism, OPM director Katherine Archuleta repeatedly pointed to an ongoing upgrade project that ultimately detected the breaches, although months after they happened.

According to the latest IG report, that upgrade was launched in response to the failed attempt to hack the security clearance files in March 2014, an attempt that was made public several months later. The successful breach of those files happened around that same time, while the breach of the personnel files happened in late 2014.

The upgrade project includes a full overhaul of the agency’s technical infrastructure and then migrating the entire infrastructure into a completely new environment.

“While we agree in principle that this is an ideal future goal for the agency’s IT environment, we have serious concerns regarding OPM’s management of this Project. The Project is already underway and the agency has committed substantial funding, but it has not yet addressed several critical project management requirements,” the alert says.

One such issue is the time required to move the data into the new system, which OPM estimates at 18 to 24 months. “We believe this is overly optimistic and that the agency is highly unlikely to meet this target,” the auditors said.

Also questionable is the ultimate cost and how it will be paid for: “When we asked about the funding for the Migration phase, we were told, in essence, that OPM would find the money somehow, and that program offices would be required to fund the migration of applications that they own from their existing budgets. However, program office budgets are intended to fund OPM’ s core operations, not subsidize a major IT infrastructure project. It is unlikely that OPM will be able to fund the substantial migration costs related to this Project without a significantly adverse impact on its mission, unless it seeks dedicated funding through Congressional appropriation,” the audit says.

In addition, OPM has not completed other standard best practice project management steps such as a study of the scope and timeline, a technology acquisition plan, a test plan, and full implementation plan, it says.

While it was understandable that OPM had to shortcut the initial steps of the project to get it underway, it says, “the other phases of the project are clearly going to require long-term effort, and, to be successful, will require the disciplined processes associated with proper system development project management.”

 

Feds Warn About Use of Encryption by Jihadi Groups; Tech Firms Object to Any Encryption Restrictions    

By: Anthony Kimery, Editor-in-Chief

06/20/2015 ( 3:55pm)

http://www.hstoday.us/briefings/daily-news-analysis/single-article/feds-warn-about-use-of-encryption-by-jihadi-groups-tech-firms-object-to-any-encryption-restrictions/cf4b6e003f5149eecd4c908e24601582.html

 

As the public and congressional debate over the National Security Administration’s (NSA) collection of data under the Patriot Act has raged, so, too, have officials’ concerns over terrorists’ increasing use of sophisticated encryption technology.

At a House Committee on Homeland Security hearing earlier this month, chairman Michael McCaul (R-Texas) stated, “Jihadi recruiters are mastering the ability to monitor, and prey upon, Western youth susceptible to the twisted message of Islamist terror. They seek out curious users who have questions about Islam or want to know what life is like in the so-called Islamic State. They engage, establish bonds of trust, and assess the commitment of their potential recruits.”

And, “From there,” he said, “extremists direct users to continue the conversation on more secure apps, where secure communication hides their messages from our intelligence agencies. Such communications can include advice for traveling to terror safe havens, contact information for smugglers in Turkey, or the membership process for joining ISIS itself.”

Continuing, McCaul said, “I know the officials appearing before us today are disturbed by these trends. Mobile apps like Kik and WhatsApp—as well as data-destroying apps like Wickr and Surespot—are allowing extremists to communicate outside of the view of law enforcement. Equally as worrisome are ISIS attempts to use the ‘Dark’ or ‘Deep Web.'”

“These websites hide IP addresses and cannot be reached by search engines, giving terrorists another covert means by which they can recruit fighters, share intelligence, raise funds and potentially plot and direct attacks undetected,” McCaul stated, noting that, “ISIS tailors its message for specific audiences around the globe and, in doing so, projects power far beyond its growing safe havens by amplifying its battlefield successes and winning over new converts across the world. Its media sophistication helps legitimize its self-proclaimed Caliphate and its perverse interpretation of Islam.”

Nevertheless, “On May 19, 2015, a letter signed by technology industry leaders and advocacy organizations was sent to President Obama; the letter responding to statements by administration officials who, it said, had ‘suggested that American companies should refrain from providing any products that are secured by encryption unless those companies also weaken their security in order to maintain the capability to decrypt their customers’ data at the government’s request,’ and that ‘Congress should ban such products or mandate such capabilities,'” the Middle East Media Research Institute (MEMRI) said in a new report on communications encryption technology now widely being used by Islamist jihadists.

Continuing, MEMRI noted that, “The signatories – among them many of the social media companies used and relied on by ISIS, Al Qaeda, and other jihadi groups – urged Obama to reject any proposal that US companies deliberately weaken the security of their products; they included Google, Twitter, Facebook, Internet Archive, Microsoft, Apple, Dropbox, LinkedIn, Tumblr, Wikimedia Foundation and Yahoo, as well as the American Civil Liberties Union, the Council on American-Islamic Relations and the American-Arab Anti-Discrimination Committee.”

Ironically, the tech industry’s letter stated, “Strong encryption is the cornerstone of the modern information economy’s security. Encryption protects billions of people every day against countless threats—be they street criminals trying to steal our phones and laptops, computer criminals trying to defraud us, corporate spies trying to obtain our companies’ most valuable trade secrets, repressive governments trying to stifle dissent, or foreign intelligence agencies trying to compromise our and our allies’ most sensitive national security secrets.”

The following day, FBI Director James Comey, in addressing the third annual Georgetown Cybersecurity Law Institute symposium, called the letter “depressing,” because it “contains no acknowledgement that there are societal costs to universal encryption.” Comey said he deals every day where “cyber and counterterrorism merge,” and discussed the potential consequences to law enforcement of the default encryption of communications on mobile devices and computers.

“The logic of universal encryption is inexorable that our authority under the Fourth Amendment … is going to become increasingly irrelevant,” Comey stated.

Earlier in May, US Cyber Command head and NSA director Adm. Michael S. Rogers said in response to a question about jihadis’ use of encryption that, “A whole set of actors out there is increasingly using encryption as a vehicle to attempt to evade the legal and lawful framework we use both from an intelligence framework, as well as from the law enforcement side.”

On June 19, though, White House Press Secretary Josh Earnest stated, “The administration firmly supports the development and robust adoption of strong encryption. The President himself has acknowledged that it can be a strong tool to secure commerce and trade, safeguard private information, and promote free expression and association. At the same time, we’re also understandably concerned about the use of encryption by terrorists and other criminals to conceal and enable crimes and malicious activity.”

“In 2007, MEMRI’s Jihad and Terrorism Threat Monitor Project began monitoring Al Qaeda’s use of encryption technology,” MEMRI Executive Director Steve Stalinsky told Homeland Security Today. “At the time, this was limited to its own software, Mujahideen Secrets, which has been updated periodically over the past eight years. Osama bin Laden even realized the value of encryption technology for Al Qaeda and recommended its use, as was recently disclosed in the documents [taken from Bin Laden’s Abbottabad, Pakistan home when he was finally killed]. Mujahideen Secrets remained in widespread use among jihadis; from 2010-2013 it gained popularity among Western jihadis, as it was advertised in every issue of Al Qaeda in the Arabian Peninsula’s (AQAP’s’) English-language Inspire magazine.”

“Since then,” Stalinsky continued, particularly with the emergence of ISIS, jihadis have both increased their use of encryption technology, moving from Mujahideen Secrets to other software and messaging options, and become more reliant upon it. This phenomenon, combined with these groups’ expanding use of largely US-based social media such as Twitter, has evolved into a substantial national security threat, as MEMRI’s new report on the encryption technology “embraced by ISIS, Al Qaeda and other Jihadis.”

“With increased dependence on apps and software,” he said, “ISIS and its online legions of supporters on Twitter are now openly promoting the next generation of encryption and privacy apps – Kik, Surespot, Telegram, Wickr, Detekt, TOR, and new ones as they are created.”

Stalinsky also said, “Jihadis have enjoyed the debate taking place between the US government and technology companies, from Apple and Android to Twitter and Yahoo, who are in the process of creating new encryption technology that will not allow built-in backdoor access, and therefore they are hoping this will mean there is less chance their conversations will be listened to. As one pro-ISIS activist cited in the new report, ‘Jihadi John’ (@Islammujahideen) tweeted, ‘The NSA revelations are of extreme academic value, they are really useful and we do operate in accordance with their uncoverings.'”

“In previous reports, MEMRI highlighted how Al Qaeda as well as ISIS were relying heavily on jihadis’ own encryption software,” the latest MEMRI report stated. Since then, however … distribution of this software among jihadis has slowed, and reliance on new Western social media apps, particularly encrypted ones, has increased.”

“Since its beginnings, ISIS has embraced technology and has used encryption, incorporating these as part of its daily activity and actively recruiting individuals with skills in these areas,” the new MEMRI report said. “For example, in an interview published June 4, 2015, a former computer science student from Madagascar spoke about his conversion to Islam and his decision to join ISIS: ‘I was studying computer science in Antananarivo University and met some brothers from India who were Muslims … After reading the Koran and the Sirah i.e. biography of Prophet Mohammad, I came to this conclusion that the Islamic State have the true methodology and truth … I decided to join Islamic State Caliphate … Now I am asked by Ameer Abu Qubaisa Al Anbari to join the IT department because I have degree in BCS.'”

 

 

Aurora first to fly large UAS in FAA-Designated Griffiss test site

by Press • 23 June 2015

http://www.suasnews.com/2015/06/36718/aurora-first-to-fly-large-uas-in-faa-designated-test-site/?utm_source=sUAS+News+Daily&utm_campaign=905ac1f40b-RSS_EMAIL_CAMPAIGN&utm_medium=email&utm_term=0_b3c0776dde-905ac1f40b-303662705

 

Aurora Flight Sciences announced today that from June 12-15, 2015 the company’s Centaur optionally piloted aircraft (OPA) flew multiple unmanned flights from Griffiss International Airport in Rome, New York. The successful test flights were conducted in full collaboration and compliance with Oneida County’s Griffiss UAS Test Site, which is managed by Northeast UAS AirSpace Integration Research Alliance (NUAIR). The flights marked the first time any large scale, fixed wing aircraft has flown at either of six FAA-designated unmanned aircraft test sites in the U.S.

 

“Having Centaur lead the way in the U.S. as the first large aircraft to fly in one of the FAA-approved test sites is an important milestone for our company, Griffiss, and the FAA,” said Dr. John S. Langford, chairman and CEO of Aurora. “This aircraft is coming into high demand from a range of customers, bothMilitary and commercial interests, in the U.S. and abroad. The flights conducted at the Griffiss site enable our company to offer these customers an aircraft that has been at the leading edge of efforts to integrate unmanned aircraft into the U.S. national airSpace.”

Aurora’s Centaur OPA is a highly flexible, cost-effective airborne solution to a range of Military and commercial unmanned aircraft requirements. The manned flight option enables access to airports worldwide without the need for large transport aircraft. Conversion to the unmanned flight mode, which is accomplished with minimal conversion time (under four hours) provides the flexibility needed for a wide range of applications. Centaur’s small footprint, based on the Diamond DA42, provides an unmatched solution for clandestine operations and low profile ISR missions. And the platform supports an unmatched range of payload types and specifications, making it the optimal solution for numerous commercial and Military applications.

“Global interest in the Centaur has increased dramatically in recent months,” said Langford. “And a number of customers have expressed interest in the one-two punch of combining Centaur’s medium altitude, long-endurance capability with unique expertise acquired on other Aurora unmanned aircraft programs.”

“Our proven long-endurance, medium altitude platforms are ready for action, whether deployed by theMilitary for ISR missions, or in the skies meeting the needs of a wide range of other security, scientific or commercial applications,” said Langford.

About Aurora Flight Sciences

Aurora Flight Sciences is a leader in the development and manufacturing of advanced aeroSpacevehicles. Aurora is headquartered in Manassas, VA and operates production plants in Bridgeport, WVand Columbus, MS; and a Research and Development Center in Cambridge, MA. To view recent press releases and more about Aurora please visit our website at www.aurora.aero.

 

 

First Drone Deliveries Coming July 17

by Press • 23 June 2015

BY ANNA ATTKISSON, TOMS GUIDE

http://news.discovery.com/tech/robotics/first-drone-deliveries-coming-july-17-150622.htm

 

Drone deliveries in the U.S. will soon be an official, government-sanctioned activity.

A collaboration between NASA, Flirtey and Virginia Tech has received approval from the Federal Aviation Administration fly unmanned aircraft on July 17 to deliver pharmaceuticals to a free medical clinic. The fixed wing aircraft from NASA Langley and multi-rotor delivery drones from Flirtey will become the world’s first autonomous aerial delivery services.

Organizers of the event hope to prove that drone usage need not be nefarious or purely for enthusiasts. In fact, the goal of these drones is to bring life-saving meds to an under-served community.

“This is a Kitty Hawk moment not just for Flirtey, but for the entire industry,” said Flirtey CEO Matt Sweeny in a statement. “Proving that unmanned aircraft can deliver life-saving medicines is an important step toward a future where unmanned aircraft make routine autonomous deliveries of your every day purchases.”

The hexacopter that Flirtey uses, which is made by the University of Nevada, Reno, is made of carbon fiber and aluminum. It also sports some 3-D printed components.

It can range more than 10 miles from home base, and can lower cargo via tethered line. Built-in safety features, such as a low battery alert, will automatically return the craft to a safe location. In case of a low GPS signal or full communication loss, there’s also an auto-return home feature.

The drones will deliver up to 24 packages of prescription medication, weighing 10 pounds. The event is part of the Wise County Fairgrounds’ Remote Area Medical USA and Health Wagon clinic.

 

 

EXCLUSIVE: Signs of OPM Hack Turn Up at Another Federal Agency

By Aliya Sternstein

June 22, 2015 7 Comments

NEXTGOV

http://www.nextgov.com/cybersecurity/2015/06/signs-opm-hack-have-turned-national-archives/116005/

 

The National Archives and Records Administration recently detected unauthorized activity on three desktops indicative of the same hack that extracted sensitive details on millions of current and former federal employees, government officials said Monday. The revelation suggests the breadth of one of the most damaging cyber assaults known is wider than officials have disclosed.

The National Archives’ own intrusion-prevention technology successfully spotted the so-called indicators of compromise during a scan this spring, said a source involved in the investigation, who was not authorized to speak publicly about the incident. The discovery was made soon after the Department of Homeland Security’s U.S. Computer Emergency Readiness Team published signs of the wider attack — which targeted the Office of Personnel Management — to look for at agencies, according to NARA.

It is unclear when NARA computers were breached. Suspected Chinese-sponsored cyberspies reportedly had been inside OPM’s networks for a year before the agency discovered what happened in April. Subsequently, the government uncovered a related attack against OPM that mined biographical information on individuals who have filed background investigation forms to access classified secrets.

The National Archives has found no evidence intruders obtained “administrative access,” or took control, of systems, but files were found in places they did not belong, the investigator said.

NARA “systems” and “applications” were not compromised, National Archives spokeswoman Laura Diachenko emphasized to Nextgov, “but we detected IOCs,” indicators of compromise, “on three workstations, which were cleaned and re-imaged,” or reinstalled.

“Other files found seemed to be legitimate,” such as those from a Microsoft website, she said. “We have requested further guidance from US-CERT on how to deal with these” and are still awaiting guidance on how to proceed.

It will take additional forensics assessments to determine whether attackers ever “owned” the National Archives computers, the investigator said.

Diachenko said, “Continued analysis with our monitoring and forensic tools has not detected any activity associated with a hack,” including alerts from the latest version of a governmentwide network-monitoring tool called EINSTEIN 3A.

EINSTEIN, like NARA’s own intrusion-prevention tool, is now configured to detect the tell-tale signs of the OPM attack.

“OPM isn’t the only agency getting probed by this group,” said John Prisco, president of security provider Triumfant, the company that developed the National Archives’ tool. “It could be happening in lots of other agencies.”

Prisco said he learned of the incident at a security industry conference June 9, from an agency official the company has worked with for years.

“They told us that they were really happy because we stopped the OPM attack in their agency,” Prisco said.

The malicious operation tries to open up ports to the Internet, so it can excise information, Prisco said.

“It’s doing exploration work laterally throughout the network and then it’s looking for a way to communicate what it finds back to its server,” he added.

Homeland Security officials on Monday would not confirm or deny the situation at the National Archives. DHS spokesman S.Y. Lee referred to the department’s earlier statement about the OPM hack: “DHS has shared information regarding the potential incident with all federal chief information officers to ensure that all agencies have the knowledge they need to defend against this cybersecurity incident.”

The assault on OPM represents the seventh raid on national security-sensitive or federal personnel information over the past year.

Well-funded hackers penetrated systems at the State Department, the White House, U.S. Postal Service and, previously in March 2014, OPM. Intruders also broke into networks twice at KeyPoint Government Solutions, an OPM background check provider, and once at USIS, which conducted most of OPM’s employee investigations until last summer.

 

On Wednesday, the House Oversight and Government Reform Committee is scheduled to hold a hearing on the OPM incident that, among other things, will examine the possibility that hackers got into the agency’s systems by using details taken from the contractors.

 

Work Unveils First Space Ops Center For Intel Community And Military


By Colin Clark

on June 23, 2015 at 2:18 PM

http://breakingdefense.com/2015/06/work-unveils-first-space-ops-center-for-intel-community-and-military/

 

GEOINT: For the first time, all the nation’s spy satellites and the military’s satellites will be tracked from a single location, allowing the two communities to develop tactics, techniques and procedures together, Deputy Defense Secretary Bob Work said here today.

“But the thing we need most is s space operations center, and we are intent on setting up a joint interagency and combined space operations in which both the IC and DoD sit,” he told a standing-room only audience at the GEOINT conference. Work said this center is his “highest priority,” presumably in the space realm. A spokesman for Work clarified that this would not be the lead operations center for American satellites but a backup, part of the pentagon’s urgent development of space resilience in the face of the growing threats from Russia and Chinese space weapons.

Work said the new center would be operational within six months, which means it must have been in development for some time. One well informed former senior Pentagon official said Air Force Gen. John Hyten, head of Air Force Space Command, was tasked with developing the center in coordination with the National Reconnaisance Office (NRO), which builds and operates the nation’s spy satellites.

“The Department is committed to creating space resiliency. As such, we are working closely with the Intelligence Community (IC) to establish a back-up to the Joint Space Operations Center that is located at Vandenberg Air Force Base in California. Details on the back-up continue to be worked,” Work’s spokeswoman Lt. Cmdr. Courtney Hillson said in an email.

“We know that our nation’s space architecture faces increasing threats. It’s important that the DoD and the IC work together to address those threats and better integrate space capabilities. Together, we will think through innovative approaches to space control – which includes a back-up to JSPOC – to ensure we can respond in an integrated and coordinated fashion.”

The main space command site is the Joint Space Operations Center (JSPOC) at Vandenberg Air Force Base. It is a new setup, built to replace the Cold War-era command center which simply could not handle modern communications and data flow.

Among the benefits of such a center could be “to provide opportunities for collection or ops that might be missed under current arrangements (although there probably would not be many such). There might even be opportunities for better SSA, and for doing it more efficiently, if those opportunities can be exploited without divulging sensitive capabilities,” Bob Butterworth, former senior advisor to the head of Space Command and was a staffer on the President’s Foreign Intelligence Advisory Board, as well as on the Senate Select Committee on Intelligence, said in an email

The biggest unresolved issue in all this may be the most fundamental one — during a war, who commands the US space response?

“But the more interesting question, I think, is still unanswered: Who runs the heavens? That is, under what conditions does the commander of STRATCOM direct which assets go where to do what, vs conditions under which the IC and the military each control their own, vs conditions under which each will control their own in accordance with a jointly agreed oplan?” Butterworth wondered.

Brian Weeden, space analyst at the Secure World Foundation, said this is all being driven by two things: the Chinese ASAT test, combined with the 2010 ASAT testing that likely went nearly to GEO orbit. “The U.S. is interpreting that as a potential threat to U.S. national security satellites in GEO, which provide critical strategic communications, warning, and ISR. The second driver is Russia’s recent use of “hybrid warfare” to annex Crimea and undermine Ukraine, and otherwise antagonize NATO. The U.S. is interpreting that as a signal that international law and norms may be less effective for restraining potential adversaries,” Weeden said in an email.

A space intelligence analyst raised one other issue: the role of the commercial sector in providing space situational awakeners. This analyst — who is familiar with the JSPOC’s capabilities — said AGI’s new SSA center provides “eye watering” capabilities, exceeding most of what the government can do. Will the new joint center make use of this data as well, the analyst wondered.

Given that the commercial sector greatly outnumbers the DoD and IC in sheer numbers of satellites, one hopes they are being included in the new DoD-IC space center.

 

Why Can’t We Play This Game?

June 24, 2015 | General Michael Hayden

http://www.thecipherbrief.com/articles/why-cant-we-play-game

 

Jimmie Breslin borrowed a line from manager Casey Stengel to title his chronicle of the worst team in baseball history, the 1962 Mets. Stengel plaintively asked, “Can’t Anybody Here Play This Game?” Given recent events, Americans could be asking the same question about their government’s cyber performance.

Earlier this month the Office of Personnel Management announced that someone had grabbed super user status on OPM computers, taking the records of more than four million current, former and retired government employees and, then, within a week OPM added that an attacker had been in the database of the government’s far more sensitive security clearance system for almost a year. Recent estimates put the number of people affected at 18 million.

We’ve seen breaches before, but these were particularly numbing. The massive files of American government names, social security numbers, dates and places of birth, jobs, training and benefits gives an adversary data that can be used to coerce, blackmail or recruit U.S. sources. Access to the security clearance database would disgorge even more detailed personal information, including the foreign contacts of American officials.

Fingers quickly pointed to China, and why not? The Chinese have pretty much had a freehand in American databases for the better part of a decade and the attacks fit their policy, their needs, their tactics and their tools. The only thing missing was a formal American accusation.

But let me quickly add that I do not blame the Chinese. If we determine that China did this, we would be assigning responsibility, but blame is a different matter. I blame China when they penetrate American industry (an unfair nation state vs. private company fight) and rip off intellectual property for commercial gain (something we view as criminal).

This wasn’t that. This was legitimate state espionage, one government going after another for information that could contribute to its national security. As Director of the National Security Agency, given the opportunity against similar Chinese information, I would not have hesitated for a second…and I wouldn’t have had to get anyone’s permission to do it.

This is what serious nation states do. All of them. There is no shame for China here. This is all shame on us.

So how has the U.S. government responded? Well, if there is official outrage about our incompetence, it has been kept well hidden. We’ve gotten our share of somber press briefings, but there have been no visible consequences for catastrophic failure. I could add predictable failure, as well, since OPM’s own Inspector General last year said that the network was so bad that several systems should be shut down. But they weren’t.

A tone of self-congratulation seemed to surface at the inevitable Congressional hearings as OPM claimed that, but for its recent IT security modernization program, the penetrations would still be undetected. Despite the new tools, however, OPM was still unwilling or unable to precisely characterize the damage or identify the perpetrator.

We then went through an interlude of comic relief, the kind necessary in all tragedies. The White House directed that all federal agencies conduct a 30-day cyber sprint to apply patches and the other elements of basic cyber hygiene that they apparently had not done in the preceding months and years.

Then OPM, as required by law, began notifying folks whose personal information had likely been compromised. Tens of thousands of emails were sent directing government employees to — wait for it — click on the embedded hyperlink to take advantage of the data breach protection services being offered. Recognizing that just such an action (a spear fishing attack) had likely enabled the original breach, the Department of Defense (DoD) directed its employees to trash the OPM message.

In front of Congressman Jason Chaffetz and the House Oversight Committee, OPM Director Katherine Archuleta invoked a bit of the Homer Simpson defense (“It was like that when I got here”) when she said, “Cyber security problems take decades in the making…the whole of government is responsible…”

Not a defense I would have adopted (especially if I had been at OPM more than two years), but one not without some truth. After all, until the OPM breach, we were fixated on the damage done by Bradley/Chelsea Manning in DoD until he/she was eclipsed by Edward Snowden in NSA. And one can fairly wonder what of the insider threat needed explaining after Manning, but before Snowden. And it’s probably fair to note that in both cases (like the OPM case) the downloading of massive amounts of data went undetected.

It’s not only the executive branch that has been late to need. The last two Congresses have failed to pass cyber security legislation that would have given liability protection to firms sharing cyber threat information with one another and with the government.

And Chairman Chaffetz was an enthusiastic supporter of the USA Freedom Act designed to rein in the allegedly renegade National Security Agency and its wanton depredations of American privacy. Little more than forty-eight hours after voting to limit the Nation’s most powerful cyber force, Chaffetz and the rest of Congress was demanding to know how the personal records of millions of Americans could have been violated by a foreign power. Perhaps they misidentified the real threats to American privacy.

In reviewing Breslin’s book, the New York Times –with tongue in cheek– described it as “one of the most imaginative spoofs of the year.” Jimmy Breslin, the review went on, “has invented a fabulous baseball club he calls the Mets.”

Except that the ’62 Mets were real. Just like the sorry state of our cyber defenses.

By the way, seven years later the Mets were the world champions.

Shouldn’t we get on with it, too?

General Hayden is a retired four-star General in the United States Air Force. He was the Director of the Central Intelligence Agency from 2006-2009 and the Director of the National Security Agency from 1999-2005. He is also an investor in The Cipher Brief.

… – See more at: http://www.thecipherbrief.com/articles/why-cant-we-play-game#sthash.JdfNY1UB.dpuf

 

 

Fly4Me gets FAA approval, launches ‘Uber for drones’

by Press • 24 June 2015

http://www.suasnews.com/2015/06/36734/fly4me-gets-faa-approval-launches-uber-for-drones/?utm_source=sUAS+News+Daily&utm_campaign=3ca97d27d1-RSS_EMAIL_CAMPAIGN&utm_medium=email&utm_term=0_b3c0776dde-3ca97d27d1-303662705

 

One of the first companies to get a drone business off the ground in New England is not a next-generation robotics company but rather a small startup that’s betting that people are already itching to hire freelance drone pilots for an aerial photo shoot.

Cambridge-based Fly4Me hosts a website that connects drone pilots with customers who want surveys, maps, building inspections, and other tasks suited to a drone’s unique perspective. The startup officially opened for business last week, following approval from the Federal Aviation Administration this spring.

The commercial use of drone aircraft — usually small, inexpensive remote-controlled gadgets — is still heavily regulated by the federal government. Entrepreneurs have argued that this approach has stalled innovation in the space. Fly4Me’s FAA certification says it can “conduct community training workshops, research and development, and aerial inspections of buildings and land within the United States.”

It’s among the first group of some 600 companies that the FAA has approved to fly drones commercially. Also on that list is Boston-based insurer Liberty Mutual, which got the green light last week to conduct inspections of roofs, homes, and large structures after events like a fire.

Fly4Me formed in December and got FAA approval in mid-April.

A beta version of its website debuted last week. There, homeowners or companies who need an aerial scout can post a description of their job, and pilots who own and fly camera-carrying drones can register, view listings, and bid for a gig.

http://www.betaboston.com/news/2015/06/22/fly4me-gets-faa-approval-launches-uber-for-drones/

 

 

Plan B For Iran

If the nuclear negotiations go bad, the U.S. has a backup: Obama can drop the MOP, the world’s largest non-nuclear bomb.

By MICHAEL CROWLEY

June 24, 2015


http://www.politico.com/magazine/story/2015/06/plan-b-for-iran-119344.html#.VYv876PbKUm

 

President Barack Obama’s nuclear diplomacy with Iran may yet fail. On Tuesday, exactly one week before a June 30 deadline for an agreement, Iran’s Supreme Leader delivered his latest in a series of defiant statements, setting conditions for a deal—including immediate relief from sanctions, before Iran has taken steps to limit its nuclear program—that Obama will never accept. Secretary of State John Kerry warned last week that the U.S. is prepared to walk away from the talks. And even if a deal is reached, the story is not over. The Iranians may break or cheat on an agreement, and try build a nuclear weapon anyway.

That’s why, at least three times in the past year, a B-2 stealth bomber has taken off from an Air Force base in Missouri and headed west to the White Sands Missile Range in New Mexico. For these missions, the $2 billion plane was outfitted with one of the world’s largest bombs. It is a cylinder of special high-performance steel, 20 feet long and weighing 15 tons. When dropped from an altitude likely above 20,000 feet, the bomb would have approached supersonic speed before striking a mock target in the desert, smashing through rock and burrowing deep into the ground before its 6,000 pounds of high explosives detonated with devastating force.

“It boggles the mind,” says one former Pentagon official who has watched video of the tests.

Those flights were, in effect, trial runs for the attack on Iran that President Barack Obama, or his successor, may order if diplomacy can’t prevent Iran from trying to build a nuclear weapon.

Think of it as Plan B for Iran. The failure of diplomacy might lead the U.S. to turn to a weapon finally ready for real-world action after years of design and testing. The so-called “Massive Ordnance Penetrator,” or MOP, represents decades of military research, dramatically accelerated in recent years, focused on the problem of destroying targets buried deep underground.

 

That research once revolved around places like Russia, Iraq and North Korea. But in recent years, aided by a little-known military team of intelligence analysts, geologists and engineers, it has come to focus on Iran. More specifically, a uranium enrichment facility burrowed more than 250 feet into a mountain, about two hours’ drive south of Tehran.

Iran’s facility, known as Fordow, houses 3,000 centrifuges that can enrich uranium to a purity suitable for nuclear weapons. Fordow is not Iran’s only enrichment facility, or even its largest. But it is the best protected. And it would be all Iran needs to develop a nuclear weapon.

The mock desert target was almost certainly meant to simulate Fordow.

When Obama officials say that “all options are on the table” to stop Iran from getting a nuke, they are in effect speaking in code about the MOP. The MOP is what Secretary of State John Kerry was clearly referring to when he recently told Israeli TV that the U.S. has “designed and deployed a weapon that has the ability to deal with Iran’s nuclear program.” When CNN recently put the question directly — can the MOP destroy Fordow? — to Secretary of Defense Ashton Carter, he was succinct: “Yes. That’s what it was designed to do.”

Crews load the Massive Ordnance Penetrator in a test in March 2007 at White Sands Missile Range in southern New Mexico. | AP Photo

The Pentagon is otherwise coy. “We maintain military options should diplomacy fail,” is all said Col. Ed Thomas, spokesman for Joint Chiefs of Staff chairman Gen. Martin Dempsey, would tell POLITICO. But former government officials and experts spoke in far more detail. They described a wonder of military hardware that combines high technology with brute physics. It’s a weapon they hope will help intimidate the Iranians into making—and keeping—a deal.

“The message the Pentagon wants to send,” says Loren Thompson, a military consultant and analyst with the non-profit Lexington Institute, “is that there is no safe haven.”

 

***

Military planners have studied ways to blow up would-be safe havens since at least World War II, when Britain employed so-called “earthquake” bombs with names like Grand Slam and Tallboy against buried German targets. After a lull during the Cold War, when ICBMs and thermonuclear bombs were all the excavation considered necessary for military targeting, targeted bunker busting came back into favor again when the 1991 Gulf War revealed Saddam Hussein’s elaborate underground network—including a bunker whose German architect boasted it could survive a nearby nuclear blast. The subject seized the Pentagon’s attention anew after September 11, particularly after the early hunt for Osama bin Laden in Afghanistan showed that even B-52 carpet-bombing could only rattle al Qaeda’s mountain lairs. One 2001 report to Congress estimated that there were more than 10,000 buried or “hardened” targets worldwide requiring specialized bombs—many of them in North Korea and China—and that the number was growing.

In August of 2002, an Iranian political opposition group revealed the existence of an underground uranium enrichment facility at Natanz. News of Iran’s secret nuclear program startled Washington, though the site was too shallow to escape the reach of existing American munitions.

The 2009 discovery of the enrichment lab at Fordow was another matter. Fordow is a much smaller facility than Natanz, but it is buried deeper, better reinforced, and protected by mountain rock. In Washington, the Pentagon hit the gas pedal on its bunker buster program and its ability to detect and analyze underground sites.

A locus of this activity is a secretive arm of the Pentagon known as the Underground Facilities Analysis Center (UFAC). Established in 1997 and run by the Defense Intelligence Agency (DIA), the UFAC does not have a website; a DIA spokesman offered few details about it. But it is no backwater. According to one 2009 defense industry report—one of very few news articles to acknowledge the center’s existence— the UFAC’s staff swelled from 20 employees to 240 in its first decade. The number is probably now much higher.

Read more: http://www.politico.com/magazine/story/2015/06/plan-b-for-iran-119344.html#ixzz3e4xYlAt6

 

Rasmussen Reports

What They Told Us: Reviewing Last Week’s Key Polls

Bottom of Form

Saturday, June 27, 2015

The shooting massacre at a black church by a young white supremacist in Charleston, South Carolina late last week was a tragic development in the nation’s ongoing conversation on race relations. Following the shooting, several prominent politicians – including Republican Governor Nikki Haley – called for the removal of the Confederate flag from the state’s capitol grounds.

Sixty percent (60%) of Likely U.S. Voters agree with this view and say the Confederate flag should not be flown at South Carolina’s statehouse. However, voters are more divided as to what the flag means: 43% say it symbolizes Southern heritage, while 39% say it symbolizes hatred. There’s a sharp difference of opinion between white and black voters on this question.

Rachel Dolezal, a white woman who identifies as black, recently resigned her post as president of a Washington chapter of the NAACP amidst outrage over her racial identity. Interestingly, black voters are far less critical of Dolezal and don’t think she should have left her job at the NAACP. Still, most voters of all ethnicities believe that racial identity is determined by birth, not preference.

The Department of Housing and Urban Development is set to release new regulations meant to diversify wealthy neighborhoods, but voters overwhelmingly say that it is not the government’s job to try to bring those of different income levels to live together. A majority of voters (59%) say the racial or ethnic makeup of the neighborhood was not important in deciding where to live, including 27% who say it is Not At All Important. 

In other news this week, the U.S. Supreme Court handed down several major rulings, including one that will uphold federal subsidies for health insurance even in states that don’t have health care exchanges under Obamacare. Most voters (62%) say the best way to reduce health care costs is through more free market competition between insurance companies, while 26% say more government regulation will lower costs. 
More than half (52%) say letting states compete to determine the more effective standards and guidelines would do more to reduce health care costs, compared to 38% who say having the federal government establish a single set of standards and regulations is better at cost control.

The high court also ruled that same-sex marriage be legal in all 50 states. Voters are still fairly divided over the issue of gay marriage: 46% favor same-sex marriages, up from a low of 42%, while 41% oppose. But one-in-three think it should be up to the state to decide.

We’ll release new findings on the Supreme Court rulings on Obamacare and gay marriage next week.

Louisiana Governor Bobby Jindal is the latest addition to the crowded Republican field in 2016, but he ranks low among GOP voters.  

In other surveys last week:

— The U.S. Food and Drug Administration announced last week that food companies have three years to phase out partially hydrogenated oils, the main source of trans fat, and voters appear to be on board with the idea.

— The Republican party has been getting lots of news coverage lately, due to its ever-growing candidate pool for the 2016 presidential election. But while GOP contenders have been throwing their hats in the ring left and right, what’s happening on the Democratic side, especially its main frontrunner, Hillary Clinton? We decided to find out what America thinks.

— Voters still strongly believe the order of events, marriage then children, is important in starting a family.

— When it comes to building wealth, voters don’t see an easy way out: they still believe most people get rich by working hard.

Twenty-eight percent (28%) of Likely U.S. Voters now think the country is heading in the right direction.

Advertisements

From → Uncategorized

Comments are closed.

%d bloggers like this: