Skip to content

December 12 2015

December 17, 2015




12 December 2015


Blog URL



Lockheed demonstrates UAS traffic control

Michael Peck, Contributing Writer 3:53 p.m. EST December 7, 2015


Lockheed Martin has demonstrated that unmanned aircraft systems could be integrated into national airspace.

Lockheed tested an unmanned aircraft and an unmanned helicopter in conjunction with the company’s prototype UAS Traffic Management (UTM) system. “The Stalker XE UAS provided data and a precise geolocation to the unmanned K-MAX cargo helicopter, which conducted water drops to extinguish a fire, while the UTM tracked the UAS operations and communicated with Air Traffic Control in real time,” said a Lockheed announcement.

“This demonstration represents the path forward for flying UAS in the NAS [national airspace] using flight service-based UTM capabilities to extend the technology and systems that air traffic controllers know and understand,” said Paul Engola, Lockheed Martin vice president Paul Engola. “We were able to successfully modify the existing K-MAX and Stalker XE ground control software to connect to the UTM services and conduct the firefighting mission.”


Pentagon to Confer with Justice on Having Women Register for the Draft

Hope Hodge Seck

Dec 7, 2015


A new legal analysis released by the Defense Department finds “the landscape … has changed” since a 1981 Supreme Court case ruled that women could be excluded from registering for the draft.

The gradual opening of combat positions to female troops, culminating in Defense Secretary Ash Carter’s Dec. 3 announcement that all military jobs would open to women, changes the factual context of the male-only draft, the two-page analysis found.


Currently, only male United States residents between ages 18 and 26 are required to register for the military draft. The 1981 case Rostker v. Goldberg found the male-only draft to be constitutional because women were excluded from combat by law and policy.

“The Court deferred to Congress’ explanation that ‘if mobilization were to be ordered in a wartime scenario, the primary manpower need would be for combat replacements,'” the analysis states. ” … The landscape on the assignment of women has changed since Rostker was decided.”

The opening of combat jobs to women began with the repeal of statutes barring women from being assigned to aircraft and ships engaged in combat, the memo states. It continued in 2013 when the Defense Department rescinded the 1994 Direct Ground Combat Definition and Assignment Rule, mandating that all jobs open to female troops, barring any exceptions granted by the Secretary of Defense.

Carter’s recent announcement confirmed that there would be no exceptions to the integration mandate. He acknowledged that his decision to open all jobs to women could result in female troops being required to register for the draft.

“It is an issue that’s out there. Unfortunately it’s subject to litigation,” he said during his briefing.

That case, National Coalition for Men vs. the Selective Service System, is due to be considered by the U.S. Court of Appeals for the 9th Circuit in California on Tuesday.

In October, Army Secretary John McHugh said “true and pure equality” would require that women register for the draft following gender integration in combat jobs.

“If we find ourselves as a military writ large where men and women have equal opportunity, as I believe we should [open selective service to women],” he said.

The Pentagon’s analysis did allow, however, for the possibility that other rationales not considered by the Supreme Court might serve to limit the draft requirement to men. The memo did not describe what those rationales might be.

“The [DoD] will consult with the Department of Justice as appropriate regarding these issues,” the analysis concludes.



Budget ’17: Pentagon Planning Cuts in Production, R&D

By Aaron Mehta 2 p.m. EST December 6, 2015


WASHINGTON — As it puts the finishing touches on its fiscal 2017 budget plan, the Pentagon is preparing to slow down programs in production and limit R&D funds to protect end strength and readiness levels.

Over the past week, two top Pentagon officials, Comptroller Mike McCord and Frank Kendall, undersecretary for acquisition, technology and logistics, made it clear that to make up an expected $15 billion delta between what the congressional budget deal gave the department and what the Pentagon planned on having will require targeting the equipment, and not personnel, side of the budget.

On Nov. 30, McCord said, “There will probably be some slowdowns in modernization programs,” in the Pentagon’s budget request, noting that he does not see “any major changes to the size of the force” being included.

Then on Dec. 2, Kendall warned that “the disproportionate hits on ’17 are going to be on modernization. I think that will probably be more on production than R&D.”

The focus on cutting modernization shows that end-strength reductions have hit their limits, said Mark Gunzinger of the Center for Strategic and Budgetary Assessments,

In recent years the Pentagon “prioritized modernization over maintaining a larger force in the near term,” Gunzinger said. “So, it reduced its end strength, attempted to retire some legacy capabilities such as the A-10, and proposed initiatives to cut its overhead, including a new round of base closures and modest compensation reform.”

But many of those proposals were killed in Congress, and the services have expressed concern that further end-strength cuts would create too much risk, leaving the Pentagon no alternative but to “begin modest reductions in some modernization programs,” Gunzinger added.

Mackenzie Eaglen of the American Enterprise Institute said the reductions may indeed be modest. “Many programs may take a hit, but it will be like in 2013 — there can still be winners that lose relatively less or only a few production units,” rather than whole programs being gutted, she said.

And, she noted, the Pentagon is hoping to save some money through creative accounting, including fuel pricing and optimistic economic assumptions, perhaps getting the total delta down to about $10 billion, with anything cut potentially finding its way back to funding via the overseas contingency operations (OCO) fund once Congress gets involved.

Asked after his speech if production of the F-35 joint strike fighter could be slowed down, Kendall indicated it was likely.

“The F-35 is not — it is impossible in this budget to entirely protect it, just put it that way,” Kendall responded. “Dollar for dollar, it probably gives us more combat capability than any other investment we’re making, but we have a lot of other things that we have to do as well. So it’s not entirely fenced. I can’t say it’s entirely fenced [off from cuts].”

However, he did say programs that make up the nuclear triad — the Ohio-class submarine, Long Range Strike-Bomber and new ICBM designs — would be a “priority” in the budget.

At the same time, McCord said to expect some savings from the bomber program compared with the Future Years Defense Program, the result of the contract award sliding to the right. Simply put, because the contract was delayed, less money is needed in FY17 and it can be pushed to the next year.

What else could be cut? Eaglen highlighted Army helicopter procurement as one area that could be slowed. The CH-47F and UH-60M helicopters are operating under a multiyear procurement and so are unlikely to see big production dips. The AH-64E and UH-72 Lakotas are not under multiyear and so may be more attractive targets for the Pentagon, although the Lakota is seen as a priority for training and the AH-64E is expected to enter a multiyear in 2017.

Another target could potentially come from procurement of Naval aviation assets, such as the V-22 or F/A-18, although the latter has proved intensely popular in Congress. And the Air Force, in the midst of a series of large modernization programs, could once again kick funding for the T-X trainer replacement and the Joint Surveillance Target Attack Radar System (JSTARs) aircraft down the road.

Speaking Dec. 1 at an event hosted by the Atlantic Council, Gen. Mark Welsh, Air force chief of staff, said he would continue to “push hard” to fund the JSTARS recapitalization program in the fiscal 2017 budget, but noted that nothing is certain — particularly given discussions inside the Pentagon about whether the current JSTARS plan is the right way forward


R&D Concerns

Those looking for good news can turn to McCord, who said that the Pentagon’s OCO request will include a “pretty significant increase” for the European Reassurance Initiative, the umbrella term for spending to support exercises, training and equipment in Europe in the wake of Russia’s invasion of Ukraine.

That increase will be focused on a “more robust” version of what the US has done so far, in part by “continuing a higher level of presence and exercising, especially with our Eastern European partners,” McCord said.

The biggest difference from the current funding, he said, will come from “some more permanent investment, whether it be prepositioning or basing for some additional presence and additional posture capability in Europe that would be a little more long term in nature.”

Despite production taking the biggest hit, Kendall said he was “most concerned about R&D” funding in the FY17 budget.

“If you don’t do the R&D you won’t have a product at all,” Kendall said. “It’s a fixed cost. Once you take the R&D out you are denying yourself future products, in any quantity, period.”

His comments were notable, given the focus from Defense Secretary Ash Carter and Deputy Defense Secretary Bob Work on the “Third Offset” strategy to develop new technologies that will maintain the US military advantage.

“Given the pressure on our budget and given the things we talked about earlier, the best we’re going to be able to do is to start the earlier phases of [the technology programs that make up the Third Offset],” Kendall said. “We don’t have the money to make the major investments.”

“We’re trying to fit as much of that [R&D funding] in the budget as we can, at least to move the technology forward to position ourselves for starting EMD in a few years from now,” he later added.

Both Gunzinger and Eaglen agreed that does not mean the Pentagon is walking away from the Third Offset strategy, but instead shows the disconnect between what the Pentagon wants to do and is able to do under the current budget environment.

At the same time, any limit on R&D funding hurts the Pentagon’s ability to develop the new game-changing technology it needs to fulfill the goal of the Third Offset, Eaglen said.

And while noting the Pentagon is “dead serious” about getting technology up and moving, Gunzinger warned that any delay may “extend the window of opportunity for our adversaries to implement their own offset strategies.”



Hackers to Pentagon: You’re Doing Cyber Wrong

by Tobias Naegele | Dec 4, 2015


What happens when you bring together some of the nation’s leading hackers, the Pentagon’s chief of training and an Air Force Academy professor who teaches cyber skills to cadets? They all agree on one thing: The government’s approach to cyber security is coming up short.

They sat on the dais, an unusual assortment of experts at a conference for military simulation and training experts. No prepared speeches, just a wide open Q&A.

Their message in three bullets:

•You can’t teach cyber defense without a thorough understanding and expertise in cyber offense

•Cyber is all about breaking the rules. If you try to break cyber defense into a series of check-box requirements, you will fail

•The Fifth Domain, as cyber is sometimes called in the military (joining air, land, sea and space) is not like the others. There is no high ground and the weapon you wield today may not even exist tomorrow


In the center was Frank DiGiovanni, director of Force Readiness and Training at the Pentagon, joined on his far left by Martin Carlisle, professor of computer science at the Air Force Academy. Sharing that stage were three of the best-known ethical hackers in the business: Jeff Moss, founder of Black Hat and DefCon, the two best-known annual hacker conferences; John Rigney, co-founder of Point3 Security, a Maryland cyber firm, who says he made his first hack at age 8; and Brian Markus, CEO of Aries Security, best known for his “Wall of Sheep” – an annual rite at the DefCon event, where he posts the names of all who have exposed themselves to security cyber hacks while attending the conference, which brings together some of the world’s top hacking talent.

What these five know about cyber security – or how to defeat it – can’t be cataloged. Indeed, part of their message is that cyber security, or cyber warfare, is so fluid, so rapidly evolving, that trying to define it or contain it is essentially impossible.

The government and industry are both in a quandary over the cyber challenge, partly because it’s unclear where their missions start and stop. America is fighting its cyber battles like the British fought in the American Revolution, he said. Back then, the British fought out in the open, following a well-drilled formula for combat. The Americans countered with guerilla warfare, fighting from the woods.

By limiting most of our defenders to defense-only approaches, the United States is effectively fighting while hand-cuffed. Cyber attackers, on the other hand, whether criminals or nation states, are playing without rules.

Said Markus: “We’re going up against a 300-pound fighter with one hand behind our back. We are going in with too many limitations.”

That’s the first thing cyber training needs to take into account: Cyber warriors have to be able to think like their attackers, and to do that they need to train like their attackers. Instead of focusing on rules and process, they need to focus on puzzle- and problem-solving.

Certifications are useful in understanding what people know, Carlisle said, but they are of limited use in fighting the active cyber attacker. Hackers buy cyber defense technology and then work on their own to defeat it. So one can’t be satisfied that having the best tools will be enough to protect your network.

The key to developing cyber talent isn’t to teach people to do well on certification tests, Carlisle and the others said, but rather to teach them to think and problem solve.

Said DiGiovanni: “If you think you can catalog every known thing that can happen to you, you’re wrong from the beginning…. To do this right, the training environ needs to be able to go beyond the square where you know exactly what you’re doing. The minute you do that, it’s exploitable. Someone will find a weakness in that training regimen and attack it.”

Similarly, Rigney questioned military efforts to standardize network design. “One attack profile means one target,” he said.

Cyber security is complex and fluid. Everything is changing, all the time, the panelists said. The military has the capability and the mission to develop the right tools. But to be successful, its policies and approach will have to change – and not just in how people are trained. One problem several panelists mentioned is that even when the military gets the training right, it sometimes mishandles the talent it produces.

This problem is not the military’s alone. Industry also makes mistakes. Markus described training programs to teach cyber skills that were highly successful, only to fail when it came to retaining talent. “When you train a bunch of people, and they get really excited, and amped up, and they have all this great knowledge of effects and warfare, and then you say, ‘Go watch the SOC [cyber operations center] logs,’ they say, ‘Fine, I quit. I want to go do something else.’ That’s why the industry is bleeding out people. They train them to be offensive warfare personnel, and then they have them go watch a gate.”

The military, everyone agreed, needs to be careful not to follow that model.

Carlisle, who emphasized he was speaking on his own behalf, and not for the Air Force Academy or the Air Force itself, said he rejects two common notions in military circles: First, that it’s ok to train for defense only out of concern about the risks involved with teaching people how to hack. “The military has certain fields, SEALs for example, who we accept that we train them to act with a certain degree of lethality. We should treat cyber the same way,” he said. Second, there are leaders who are satisfied to train cyber personnel only to lose them to industry after five or six years. Those leaders say what they really need are managers, not technical experts. “I reject that hypothesis,” he said.

The heart of cyber warfare, the panel agreed, is offensive operations. These are essential military skills they said, which need to be developed and nurtured – in order to ensure a sound cyber defense.


US Air Force Running Out of Bombs to Fight ISIS

Fox News | Dec 06, 2015 | by Fox


The US military says its 15-month bombing campaign on the Islamic State is depleting its munitions supply and that additional money and other support is “critical” for “the long fight.”

“We’re expending munitions faster than we can replenish them,” Air Force Chief of Staff Gen. Mark Welsh said Friday. “We need the funding in place to ensure we’re prepared for the long fight. This is a critical need.”

The Air Force has reportedly fired more than 20,000 bombs and missiles in Syria in the fight to dismantle the self-proclaimed Islamic State.

Air Force officials say they have enough munitions right now but project a shortage and want more long-term planning and funding to meet future needs.

“B-1s have dropped bombs in record numbers,” Welsh also said. “We are able to manage inventories to sustain operations against ISIL at this time. We do need funding in place and the ability to forecast for production to be ready for the long fight … We continue to work on a longer term funding strategy which is absolutely required.”

Russia and France have over just the past few weeks began bombing ISIS targets in Syria. And Great Britain earlier this week decided to join the US-led bombing coalition, following a recent series of ISIS terror attacks outside of the Middle East. Russia is not part of the coalition.

The Air Force now has an estimated 142,000 “smart bombs,” or guided munitions, and 2,300 Hellfire missiles, used in drone strikes to kill terrorists.


Supreme Court Hears Arguments on ‘One Person, One Vote’


DEC. 8, 2015


WASHINGTON — The Supreme Court on Tuesday heard arguments in a voting rights case that has the potential to shift political power from urban areas to rural ones, a move that would provide a big boost to Republican voters in many parts of the nation.

The case, Evenwel v. Abbott, No. 14-940, will address a question many thought had been settled long ago: What is the meaning of the principle of “one person, one vote”?

The principle, rooted in cases from the 1960s that revolutionized democratic representation in the United States, applies to the entire American political system aside from the Senate, where voters from states with small populations have vastly more voting power than those with large ones. Everywhere else, voting districts must have very close to the same populations.

But the Supreme Court has never definitively ruled on who must be counted: all residents or just eligible voters?

The difference matters, because people who are not eligible to vote — children, immigrants here legally who are not citizens, unauthorized immigrants, people disenfranchised for committing felonies, prisoners — are not spread evenly across the country. With the exception of prisoners, they tend to be concentrated in urban areas.

Their presence amplifies the voting power of people eligible to vote in urban areas, usually helping Democrats. Rural areas that lean Republican, by contrast, usually have higher percentages of residents eligible to vote.

Tuesday’s case, a challenge to voting districts for the Texas Senate, was brought by Sue Evenwel and Edward Pfenninger. They are represented by the Project on Fair Representation, a small conservative advocacy group that has been active in cases concerning race and voting.

The group was on the winning side in 2013 in Shelby County v. Holder, which effectively struck down the heart of the Voting Rights Act, freeing nine states, mostly in the South, to change their election laws without advance federal approval. The group is also behind a challenge to affirmative action in admissions at the University of Texas at Austin to be argued on Wednesday.

In court papers, Ms. Evenwel and Mr. Pfenninger said they live in “districts among the most overpopulated with eligible voters” and that “there are voters or potential voters in Texas whose Senate votes are worth approximately one and one-half times that of appellants.”

Last year, a three-judge panel of the Federal District Court in Austin dismissed the case, saying that “the Supreme Court has generally used total population as the metric of comparison.” At the same time, the panel said, the Supreme Court has never required any particular standard. The choice, the panel said, belongs to the states.

Almost all states and localities count everyone, and the Constitution requires “counting the whole number of persons in each state” for apportioning seats in the House of Representatives among the states. There are practical problems, many political scientists say, in finding reliable data to count only eligible voters.

Federal appeals courts have uniformly ruled that counting everyone is permissible, and one court has indicated that it is required.

In the process, though, several judges have acknowledged that the Supreme Court’s decisions provide support for both approaches. The federal appeals court in New Orleans said the issue “presents a close question,” partly because the Supreme Court had been “somewhat evasive in regard to which population must be equalized.”

In 1990, Judge Alex Kozinski, in a partial dissent from a decision of the federal appeals court in San Francisco, said there were respectable arguments on both sides.

Counting everyone, he said, ensures “representational equality,” with elected officials tending to the interests of the same number of people, whether they are voters or not. Counting only eligible voters, on the other hand, he said, vindicates the principle that voters “hold the ultimate political power in our democracy.”

In 2001, the Supreme Court turned down an opportunity to decide the question, in another case from Texas.

“The one-person-one-vote principle may, in the end, be of little consequence if we decide that each jurisdiction can choose its own measure of population,” Justice Thomas added. “But as long as we sustain the one-person-one-vote principle, we have an obligation to explain to states and localities what it actually means.”


How the NSA uses behavior analytics to detect threats

Clint Boulton



The National Security Agency has significantly enhanced its capabilities for detecting cyber-threats in the two-plus years since former NSA contractor Edward Snowden pilfered and disclosed classified information. The multi-layered capabilities, which include user behavior analytics, now protect a private cloud that provides storage, computing and operational analytics to the intelligence community, CIO Greg Smithberger tells

“There are a number of initiatives we have underway there to really use a lot of our big data analytics, a lot of the technology we have developed for our foreign intelligence mission, as well as technology we’ve developed inside our Information Assurance Directorate,” says Smithberger, who began his new job six months ago after serving in various operational foreign intelligence roles over the past 27 years. He says the NSA is using automated capabilities “to up our game” for detecting and responding to anomalies, including anything from external attacks to suspicious internal activity.

The NSA has taken it on the chin from the mainstream media and privacy advocates because several revelations by Snowden, who while working as an NSA contractor through Booz Allen in 2013 copied and began releasing documents detailing NSA secret programs that surveil communications in the U.S. and abroad. The documents shed new light about the government’s monitoring of phone and email records to surveil terrorism suspects. The controversy is regularly stoked with new findings, including the New York Times revelation that the NSA augments the way it sifts through large amounts of digital data in pursuit of bad actors.

NSA analytics capabilities thwart internal, external threats

The NSA has similarly enhanced threat detection for its own network, which analysts, operatives and engineers use for a variety of intelligence-gathering tasks.

Smithberger says that one of the obvious examples includes the capability to spot anomalies as when a credentialed user accesses the network at a strange time and from an unusual geographic location. Imagine, for example, a user bearing credentials of a Virginia-based NSA analyst, who normally access sensitive information from 7 a.m. to 7 p.m., trying to access the same information from Tel Aviv at 3 a.m. Eastern Standard Time. Such behavioral analytics, which incorporate profiling and anomaly-detection based on machine learning, is new but gaining steam in the corporate arena, where it is used to detect breaches early by prioritizing the most reliable alerts, according to research conducted by Gartner analyst Avivah Litan.

The NSA is conducting real-time forensic analysis of cybersecurity software and appliances, including firewalls, VPNs and audit logs on every network device “so that we can observe things that humans cannot put together on their own,” Smithberger says. He adds there are other, far more “subtle” methods of threat detection, though he declined to describe such capabilities. “I’m not going to get into all of the details here,” Smithberger says. “But it’s a matter of understanding what is normal on your network, what is authorized on your network with pretty fine granularity … and comparing the observed, in real time, to what has been authorized and what is normal.”

Bottom of Form

These measures protect a meticulously constructed private cloud that, Smithberger says, deploys technologies similar to what you would expect from public cloud services such as Amazon Web Services, including virtualized servers and applications. However, there are key differences, as the technology is arranged to grants access to a variety of analysts and operatives with varying levels of classification, ranging from low level to top secret. The access is tightly controlled down to each data element layer. Two analysts conducting identical information queries on this system may see different results, based on the security clearances, Smithberger says.

“There’s multiple layers inside the network, outside of the network to separate us from the outside world … very much a layered security model with combinations of government-developed, custom developed for government and commercial products,” Smithberger says. “That paranoid, layered defense is really the best answer and, frankly, if you get that right then if there are inside problems they become visible as well.”

Private cloud, done public cloud style

The private cloud itself could be considered a triumph. Cultivated under the Intelligence Community Information Technology Enterprise (ICITE) program, which in 2011 proposed a cloud environment that allows the intelligence community to securely access and share information. Defense Intelligence Agency Director David Shedd said in March that “cultural resistance,” not technology, was the greatest impediment to building the private cloud.

Smithberger says the NSA private cloud is fully operational today, thanks to the help of several government contractors and his internal IT staff, who replaced a number of aging commercial and custom-built servers, database software and applications, many of which isolated data. By upgrading these technologies in the construct of an integrated resource pool, the NSA says it will be better positioned to analyze its information assets, thus better serving analysts, operatives and other constituents.

[ Related: NSA approves Samsung and Boeing mobile devices for employee use ]

Smithberger says this private cloud has much finer grained security than anything that’s commercially available. But he stopped short of proclaiming the NSA’s private cloud is impenetrable.

“It’s arrogant for anyone to say that it is impossible to get to the network,” he says. “I would say that there are lots of mechanisms in place with lots of scrutiny to protect our classified world from the outside world and we continue to develop new ideas all the time to shore that up and layer additional pieces — let’s say we are a very hard target.”



As It Fights ISIS, Pentagon Seeks String of Bases Overseas




WASHINGTON — As American intelligence agencies grapple with the expansion of the Islamic State beyond its headquarters in Syria, the Pentagon has proposed a new plan to the White House to build up a string of military bases in Africa, Southwest Asia and the Middle East.

The bases could be used for collecting intelligence and carrying out strikes against the terrorist group’s far-flung affiliates.

The growth of the Islamic State’s franchises — at least eight militant groups have pledged loyalty to the network’s leaders so far — has forced a debate within the Obama administration about how to distinguish between the affiliates that pose the most immediate threat to the United States and Europe and others that are more regionally focused. The regional groups, some officials say, may have opportunistically adopted the Islamic State’s brand to bolster their local clout and global stature.

In the midst of that debate, senior military officials have told the White House that the network of bases would serve as hubs for Special Operations troops and intelligence operatives who would conduct counterterrorism missions for the foreseeable future. The plan would all but ensure what Pentagon officials call an “enduring” American military presence in some of the world’s most volatile regions.

Administration officials said that the proposal for the new basing system, presented to the White House this fall by Gen. Martin E. Dempsey during his final days as chairman of the Joint Chiefs of Staff, was not intended to be a specific Pentagon proposal to combat the affiliates of the Islamic State, also known as ISIS or ISIL. The officials said that it was meant primarily as a re-examination of how the military positions itself for future counterterrorism missions, but that the growing concern about a metastasizing Islamic State threat has lent new urgency to the discussions.

The White House declined to comment about continuing internal deliberations. The plan has met with some resistance from State Department officials concerned about a more permanent military presence across Africa and the Middle East, according to American officials familiar with the discussion. Career diplomats have long warned about the creeping militarization of American foreign policy as the Pentagon has forged new relationships with foreign governments eager for military aid.


Officials said the proposal has been under discussion for some time, including this week during a White House meeting of President Obama’s cabinet. Shortly after General Dempsey retired in September, Defense Secretary Ashton B. Carter referred to the plan in a little-noticed speech in Washington. “Because we cannot predict the future, these regional nodes — from Morón, Spain, to Jalalabad, Afghanistan — will provide forward presence to respond to a range of crises, terrorist and other kinds,” Mr. Carter said. “These will enable unilateral crisis response, counterterror operations, or strikes on high-value targets.”

Pentagon planners do not see the new approach as particularly costly by military standards. One official estimated it could be in the “low millions of dollars,” mainly to pay for military personnel, equipment and some base improvements.

For the approach to have any chance of success, analysts said, regional American commanders, diplomats and spies will have to work closely together and with Washington — something that does not always happen now — to combat threats that honor no borders. “You can’t just leave this on cruise control,” said Vikram J. Singh, a former official at the Pentagon and State Department who is now vice president for national security and international policy at the Center for American Progress.

Officials said that the Pentagon’s proposed new architecture of bases would include four “hubs” — including expanding existing bases in Djibouti and Afghanistan — and smaller “spokes,” or more basic installations, in countries that could include Niger and Cameroon, where the United States now carries out unarmed surveillance drone missions, or will soon.

The hubs would range in size from about 500 American troops to 5,000 personnel, and the likely cost would be “several million dollars” a year, mostly in personnel expenses, Pentagon officials said. They would also require the approval of the host nation.

The military already has much of the basing in place to carry out an expansion. Over the past dozen years, the Pentagon has turned what was once a decrepit French Foreign Legion base in Djibouti, in the Horn of Africa, into a sprawling headquarters housing 2,000 American troops for military operations in East Africa and Yemen.

Similarly, the American military has been using a constellation of airstrips in Africa, including Ethiopia and Burkina Faso, for surveillance missions flown by drones or turboprop planes designed to look like civilian aircraft, to collect intelligence about militant groups across the northern part of the continent.


How ISIS Expanded Its Threat

The Islamic State emerged from a group of militants in Iraq to take over large portions of Iraq and Syria, and now threatens other countries in Europe and elsewhere.

The Pentagon plan also calls for a hub in the Middle East, possibly Erbil, in northern Iraq, where many of the 3,500 American troops in Iraq are based.

The new approach would try to bring an ad hoc series of existing bases into one coherent system that would be able to confront regional threats from the Islamic State, Al Qaeda or other terrorist groups — including possible attacks against American embassies, like the assault on the diplomatic compound in Benghazi, Libya, in 2012. It would also ensure that the bases would receive regular financing in the annual Pentagon budget and it could lengthen — and make more predictable — troop deployments, especially among Special Operations forces who often rotate assignments every several months.

A second senior Pentagon official said the proposal was still very much in its early stages, with some officials advocating a larger string of new bases in West Africa, and others, mindful of African fears about a large American military footprint on the continent, saying the main hub for West Africa would actually be located in southern Europe. Any American bases in Africa, they said, might have approximately 500 soldiers.

The size of the bases will most likely depend on the regional threat. American officials said intelligence was still murky on how the various affiliates are tied to Islamic State leadership, and some disagreements between spy agencies. For instance, American officials said that the intelligence agencies were generally unanimous in their view that the Islamic State affiliate in Libya and some of the other franchises had strong ties to the group’s leaders in the Islamic State’s self-declared caliphate in Syria and Iraq, and that they had a desire to carry out its agenda of attacking the West.

But there is greater uncertainty about groups like Boko Haram, a Nigerian-based Islamic militancy responsible for years of destruction in north-central Africa. The group announced its allegiance to the Islamic State this year, but American officials have given conflicting statements about the strength of Boko Haram’s bonds to the Islamic State’s top leadership.

Gen. Joseph E. Dunford Jr., who took over in October from General Dempsey as chairman of the Joint Chiefs, told Congress this month that he saw little to distinguish among the Islamic State affiliates. He said that the Islamic State’s inclusion of Boko Haram and other militant groups into its fold was part of a “global dynamic.”

“These threats are difficult to confine to one place,” he said, adding that was why the United States needed to strike at the Islamic State not only in Iraq and Syria but also in “other places where it is.”

But Gen. David M. Rodriguez, commander of the Pentagon’s Africa Command, said around the same time that he did not see strong ties between the Islamic State and Boko Haram, which he indicated still saw itself as a regionally focused group.

One American intelligence official, speaking on condition of anonymity because he was discussing classified assessments about the various groups, said that the Islamic State “does not vet the new affiliates” with the same scrutiny that Al Qaeda does, and generally welcomes any opportunities to build its global brand. The affiliates, he said, are a mélange of different identities and agendas — and some might not be “completely subsumed” into the Islamic State.

While he said that some groups were the result of active efforts by the Islamic State to expand its global presence, others like Boko Haram and the Islamic State branch in the Sinai Peninsula were products of local circumstances and were seeking to exploit the group’s resources and prominence.

They are flying the Islamic State flag, he said, “in an attempt to elevate their cause.”



Why Do People Join ISIS? Here’s What They Say When You Ask Them

December 8, 2015 By Patrick Tucker


President Obama on Sunday night said that it was “clear” that Tashfeen Malik and her husband, Syed Rizwan Farook, the two alleged assailants in the San Bernardino mass shooting, had “gone down the dark path of radicalization, embracing a perverted interpretation of Islam that calls for war against America and the West.” He did not speculate as to why people journey down that path or prescribe how the United States might deter, or detour, them. But a March report from Lebanon-based Quantum Communications provides some insight.

The researchers from Quantum collected televised interviews with 49 fighters in Syria and Iraq — some in custody, some who had defected, and some who were still in the fight. They analyzed the fighters’ statements using a psycho-contextual analytical technique developed by Canadian psychologist Marisa Zavalloni to divine the motivational forces and personal characteristics of the subjects.

It is a small sample, not entirely random, but given the difficulty of surveying a group like ISIS, still provides value. How much value? Michael Lumpkin, assistant defense secretary for special operations/low-intensity conflict, cited the report in his recent visit to Congress.

Defense One showed the report to University of Maryland professor Arie W. Kruglanski, one of the principal investigators at the National Center for the Study of Terrorism and the Response to Terrorism. He responded, “The content analysis that the researchers employed is a well respected method of gleaning information from contents of interviews … More importantly the findings make sense to me.”

Almost all research on terrorism faces this problem of finding a truly random sample, said Paul Davis, a senior principal researcher at the RAND Corporation and a professor of policy analysis at the Pardee RAND Graduate School. “I applaud the article,” Davis said. “It is consistent with the strong finding we’ve found and continue to find, which is that motivation is very important and that motivation varies.”

The Quantum researchers grouped the fighters into nine categories, based on the reasons they gave for joining ISIS. They are:

Status seekers: Intent on improving “their social standing” these people are driven primarily by money “and a certain recognition by others around them.”

Identity seekers: Prone to feeling isolated or alienated,these individuals “often feel like outsiders in their initial unfamiliar/unintelligible environment and seek to identify with another group.” Islam, for many of these provides “a pre-packaged transnational identity.”

Revenge seekers: They consider themselves part of a group that is being repressed by the West or someone else.

Redemption seekers: They joined ISIS because they believe it vindicates them, or ameliorates previous sinfulness.

Responsibility seekers: Basically, people who have joined or support ISIS because it provides some material or financial support for their family.

Thrill seekers: Joined ISIS for adventure.

Ideology seekers: These want to impose their view of Islam on others.

Justice seekers: They respond to what they perceive as injustice. The justice seekers’ ‘raison d’être’ ceases to exist once the perceived injustice stops,” the report says.

Death seekers: These people “have most probably suffered from a significant trauma/loss in their lives and consider death as the only way out with a reputation of martyr instead of someone who has committed suicide.”

The nine potential identities are not equally represented among the survey pool.

In his testimony before Congress in October, Lumpkin said that the Pentagon would begin to make active use of the framework. “As things are developed, just as our enemies target specific audiences, we … have to have unique messages directed to these nine different bins,” he said.

Perhaps one of the most important findings is that the fighters’ motivations tended to vary by their country of origin.


Foreign fighters from places like the United States and Western Europe were far more likely to be facing some sort of identity crisis, a desire for a personal sense of recognition that ISIS provides. They were also more likely to be motivated by a rejection of Western culture. A story in the New York Times over the summer, titled “ISIS and the Lonely Young American” details how ISIS sympathizers who are able to make contact with curious and socially isolated Westerners and then manufacture a sense of community and belonging through constant online interaction (not simply one-way messaging, as some have suggested.)

People who joined ISIS from another Muslim country, however, are far more motivated by the perceived plight of the Syrian sunnis. For this group, the report found that “fighting the Assad regime are the most common catalysts (45%).” They are primarily thrill and status seekers.

The fact that joining ISIS could have a benefit in terms of one’s immediate social status underscores how differently ISIS is perceived in the Arab world than in the West.

Internal ISIS fighters — Sunni fighters primarily from Syria and Iraq — were also motivated by money and status. “Internal fighters believe they have a mission to defend their community (duty, Jihad) but they also have personal interests (money, staying alive),” according to the report.

It quotes one jihadist: “He asked me, ‘Why don’t you join us…leave your work and consider me your financier.'”

The Quantum study is not an exploration of “lone wolf” attacks, as the San Bernardino shooting appears to be. And, of course, it doesn’t answer every question about the group’s appeal, nor specifically its appeal to Malik and Farook.

Farook had familial roots to Pakistan but was a native citizen of the United States. Malik was born in Pakistan and reportedly had strong ties to Saudi Arabia. This suggests that the two embarked on different “paths toward radicalism.” And much about their motivation remains a matter of mystery, and will likely remain so.

What the report does suggest, however, is that ISIS is not a monolith. It has various attractions to those who would join up or take action on its behalf. It’s unclear what the United States can do about the attraction of any group or cause to socially isolated individuals.

The interviews with “internals” expose one of the organization’s most glaring vulnerabilities, especially in the way it recruits and deals with individuals on its home turf in Iraq and Syria. The fighters identified money as a significant motivator, as significant as jihad itself. This suggests that reducing ISIS’ ability to raise funds will decrease its allure. The group also identified the perceived persecution of Sunnis as a rallying cause. This suggests that Iraqi Security Forces who are Sunni, or Sunni rebels in Syria, could peel away at the group’s recruitment base in those areas.

On Sunday, Obama reiterated that the allied coalition will target oil fields, a key source of revenue for the group. He also said that a “sustainable victory” would come only by “working with local forces who are fighting to regain control of their own country.

It’s an overt announcement that follows a quieter step in that direction.

In October, Defense Secretary Ashton Carter announced that he had placed Army Lt. Gen. Sean MacFarland in charge of the coalition fighting ISIS in Iraq and Syria. MacFarland is credited with orchestrating the so-called “Sunni Awakening,” and establishing partnerships with Sunni tribal sheiks, a program that eventually produced 200 such partnerships.

In terms of fighting ISIS messaging, the president announced, “We are cooperating with Muslim majority countries, and with our Muslim communities here at home, to counter the vicious ideology that ISIL promotes online.”

The administration has been under pressure to do more in this area, and the 2016 National Defense Authorization Act, or NDAA, provides some additional authority to the Defense Department. It states, “The Secretary of Defense should develop creative and agile concepts, technologies, and strategies across all available media to most effectively reach target audiences, to counter and degrade the ability of adversaries and potential adversaries to persuade, inspire, and recruit inside areas of hostilities or in other areas in direct support of the objectives of commanders.”

The military is expected to rely heavily on outside contractors in the effort, due to what Special Operations Command commander Gen. Joseph L. Votel described as a “lack of organic capability” to counter ISIS’ online messaging.

Is this sort of undertaking—the attempt to categorize different militants on the basis of motivation using social psychological techniques—even legitimate? The results are more qualitative than quantitative. The question of whether or not psychology, or the social sciences in general, are as reliable or credible as natural sciences such as chemistry that produce repeatable results is not new. But it is science. The U.K. Science Council defines science as “the pursuit and application of knowledge and understanding of the natural and social world following a systematic methodology based on evidence.” The ultimate value of social science can not be solved in one article. The Quantum report is in keeping with the conventions and practices contemporary of social science research according to two leaders in the field.

Marketers have used social psychology for decades to make billion dollar decisions about how to sell products to people and to understand how different external and internal factors motivate people to take action. That’s exactly what the Pentagon is charged with doing, now. Stopping the spread of radicalism via social media is, fundamentally, a challenge of marketing. So it stands to reason that marketing should have some place in that fight.

The draw of the Islamic State is not as irresistible as today’s headlines suggest, but that doesn’t mean that the United States is yet able to reach the group’s target audiences with something more appealing.



DoD CIO Says Spectrum May Become Warfighting Domain

By Sydney J. Freedberg Jr.

on December 09, 2015 at 3:37 PM


WASHINGTON: Pentagon officials are drafting new policy that would officially recognize the electromagnetic spectrum as a “domain” of warfare, joining land, sea, air, space, and cyberspace, Breaking Defense has learned. The designation would mark the biggest shift in Defense Department doctrine since cyberspace became a domain in 2006. With jamming, spoofing, radio, and radar all covered under the new concept, it could potentially bring new funding and clear focus to an area long afflicted by shortfalls and stovepipes.

The new electromagnetic spectrum domain would be separate from cyberspace, although there’s considerable overlap between the two. “Wireless” is just another word for “radio.” Any wireless network relies on radio frequency transmissions that can be jammed by traditional electronic warfare like any other RF device — or it can be hacked by wirelessly transmitted malware, in a hybrid of electronic and cyber attack. But the consensus among officials and experts seems to be that the electromagnetic spectrum world — long divided between electronic warriors and spectrum managers — is so technologically complex and bureaucratically fragmented by itself it must be considered its own domain, without trying to conflate it with cyberspace.

Cyber has certainly gotten more attention and, often, money than the electromagnetic spectrum. Would making the spectrum a domain fix that? It would not magically manifest the missing $2 billion a year the Defense Science Board says is needed to rebuild American electronic warfare capabilities such as jamming. Nor would calling the spectrum a domain somehow turn back the clock on the 20 years China and Russia have spent catching up while American electronic warfare largely stood still. Nor would it reduce the American military’s dependence on inherently vulnerable wireless networks for everything from commanding troops to sharing intelligence to flying drones to knowing exactly where we are.

But instead of trying to fix such complexly interrelated problems piecemeal, it would help to have a big picture endorsed at the highest levels of the Pentagon. No less a figure than Deputy Defense Secretary Bob Work has chartered an “electronic warfare executive committee” (EXCOM) to advance a “department-wide” approach to the problem.

I first heard of the draft “domain” policy almost in passing during a presentation last week to the Association of Old Crows, an electronic warfare group, by a contractor for Defense Department’s Chief Information Officer. “The policy…is in the works,” said Troy Orwan, a retired Air Force EW officer himself, “and in that policy we are going to ask the Secretary of Defense and the Chairman of the Joint Chiefs, to declare a sixth domain, EMS, to man, train, and equip.”

Yesterday, Pentagon CIO Terry Halvorsen confirmed in a statement to Breaking Defense that his office “will be the Departmental lead for these efforts” to explore a wide range of policy options for the electromagnetic spectrum, “to include the potential recognition of the EMS as a domain.”

“They’re careful not to describe the EMS as a domain in their statement,” noted Bryan Clark, a former aide to Chief of Naval Operations and electronic warfare advocate Adm. Jonathan Greenert. “They’re trying to parse their words — I think too much — because they’re worried about the implications if they call the EMS a domain.”

“While there’s no automatic money attached,” Clark continued, “the concern is that by calling it a domain, you create these turf battles over who’s primarily responsible” — as occurred to some extent over cyberspace.

Even acknowledging that potential downside, however, “it’s very encouraging,” Clark said. “Calling EMS a domain [would] be very helpful in guiding our operating concepts.”

Halvorsen’s involvement is encouraging in itself, said David Fahrenkrug, who teaches cyber warfare at Georgetown University. (Full disclosure: I took his course). First, the DoD CIO traditionally stuck to spectrum and network management issues while steering clear of operational issues, which helped create the gap the new policy is trying to bridge. Second, Halvorsen himself was the Navy’s CIO before he was the Defense Department’s, and — especially under Adm. Greenert– the Navy is the lead service in using the electromagnetic spectrum in warfare.

“The Navy understands electronic warfare and its relationship to information warfare and cyber probably better than anybody,” said Fahrenkrug, a recently retired Air Force colonel with no pro-Navy bias.

Certainly Halvorsen’s statement minces no words on the importance of the topic. “The department understands that EMS Superiority is a crucial enabler to achieving superiority in all other domains and must be considered a prerequisite to all successful operations,” Halvorsen said. “The EMS transcends all domains.”

In fact, one critique of the “EMS domain” idea is that it actually understates the importance of the electromagnetic spectrum. You can stage airstrikes without troops on the ground (as we’ve done in Syria until recently), conduct naval operations without land-based air support, or even send in foot troops without air cover. None of these things is a particularly good idea, but they’re physically possible.


By contrast, modern military ships, aircraft, and ground forces cannot operate without using the electromagnetic spectrum. They haven’t been able to do so for about a century. At a very minimum, you need to communicate via radio (unless you want to go back to the World War I days of runners, pigeons, and easily cut telephone cables). US forces today are constantly transmitting and receiving via wireless networks: downloading intelligence from satellites, sharing plans, checking their position on GPS, and so on and on.

“This issue has been simmering for several years now,” said Dave Hime, president of the Association of Old Crows. “Part of that discussion includes whether to treat the EMS as a separate domain, or a critical element of every warfighting domain. The difference may be subtle between these two constructs, but it is a discussion… that needs to take place.”

“I would be hard pressed to show any domain that would not use some form of ESM [electromagnetic spectrum maneuver] to conduct operations,” said Navy Captain Michael Hutchens, who works on the information, operations, & plans section (N3/N5) of the Navy staff. “This subtle difference leads me to the opinion that ESM is inherently different than a domain. During [an AOC conference] panel, I referred to it as a ‘critical capability’ required to successfully operate within one, or any, of the domains. One could make an argument that describing ESM as a critical capability is an understatement.”

Does that make the spectrum unique, though? “All these domains impact the other domains,” countered Clark. “With the reach of precision weapons, the maritime domain and the land domain are not really mutually exclusive any more”: US warships can launch cruise missiles at targets in landlocked Afghanistan, Chinese launch sites well inland can threaten US ships far out to sea. The air domain overlaps both land and sea. Space overlaps them all. Cyberspace extends everywhere a computer might be linked to a network.

It’s worth repeating that a new electromagnetic spectrum domain would remain separate from cyberspace. But the consensus at the Association of Old Crows conference was that cyber and electronic warfare would never completely “converge” into a single entity. EW can deliver cyber warfare payloads much like an Air Force plane can drop paratroopers or a Navy transport can offload tanks, but in each case there are still two different environments — one natural, one human-made — that require two different skillsets to operate in effectively.

“Don’t mess with physics because physics will mess with you, and physics always wins,” said Orwan. “They’re two separate domains.”

So whether or not the electromagnetic spectrum is designated as a domain unto itself, coordinating electronic and cyber warfare will remain a complex challenge. No wonder that Fahrenkrug, among other skeptics, sighs that “domain discussions are red herrings.”

Not so, said Clark. The point of making the spectrum a domain isn’t to emphasize its separateness, let alone to create a separate military bureaucracy to run it, he argued. It’s to force the Defense Department to acknowledge it as an arena of military operations in its own right, with its own unique characteristics to consider. “If you start describing the EMS as a domain,” Clark said, “they start thinking about it as a place where we operate.”

Operating in the spectrum has proven hard enough in peacetime, with the commercial wireless industry successfully pressuring the government to sell off more frequencies where the military could once operate. It got even harder in Afghanistan and Iraq, where the simultaneous spread of wireless command networks and of jammers to disable roadside bombs meant US forces were often inadvertently jamming each other. Now imagine if someone were trying to jam us on purpose.


“If we went to war against a near peer… he wouldn’t have to turn on any jammers, we’d already have problems,” said Orwan. “If he turns on his jammers and starts doing electronic attack, and if he combines that with cyber, wow.”

The Russians have been studying such tactics for a long time, said Thomas Taylor, deputy director for policy, technology and EMS operations for DoD CIO Halverson. Taylor noted that Admiral Sergey Gorshkov, commander of the Soviet Navy for three decades, said that “the next war will be won by the side which best exploits the electromagnetic spectrum.” China is catching up too, Taylor said.

“We need to evolve to one capability where we’re managing the electromagnetic spectrum as a domain…in order to generate EMS superiority,” Taylor told the AOC conference.


So how close are we?

“I wish I could come out and tell you the policy is going to be signed tomorrow and it’s going to declare a sixth domain. I can’t,” Orwan said. “All I can tell you is we’ve been asked to draft a policy and start analyzing the possibility of declaring a sixth domain.”

That will take months or years, he warned. “When you’re talking three services that at times don’t work well together, when you’re talking OSD staff… the Joint Staff and COCOMs [combatant commands], getting everybody on the same sheet of music and taking into account their perspectives is a long process.”


The full text of DoD CIO Halvorsen’s statement is below:


In September 2013 the Department released its Electromagnetic Spectrum Strategy, A Call to Action, which presents a framework for how the Department should rapidly adapt to the changing spectrum environment, evolve to electromagnetic spectrum operations and to assess and respond to spectrum regulatory changes. Additionally, the Strategy helped shape the new Joint Concept for Electromagnetic Spectrum Operations (JCEMSO). The Chairman of the Joints Chief of Staff approved this concept in March of this year, solidifying his vision for how the Joint Force will operate in future constrained, congested and contested electromagnetic spectrum (EMS) operating environments (EMOEs) and establish EMS Superiority.

The Department understands that EMS Superiority is a crucial enabler to achieving superiority in all other domains and must be considered a prerequisite to all successful operations. In response to the pressing need to implement both the DoD EMS Strategy and JCEMSO, the Department has taken steps that strive to establish policy and assign responsibilities to achieve EMS Superiority through efficient and effective Electromagnetic Spectrum Operations (EMSO), which will enable the optimization of EMS access and use/maneuver throughout the full range of military operations, and defines EMSO as all spectrum dependent (SD) activities occurring within the EMS.

As part of this guidance, the Department will investigate all requirements and ramifications of its enactment, to include the potential recognition of the EMS as a domain. As the EMS transcends all domains the Department must systematically evolve its capabilities to ensure effective EMS operations. As the Primary Staff Assistant (PSA) to the Secretary of Defense for spectrum, the Office of the DoD Chief Information Officer (CIO) will be the Departmental lead for these efforts in close cooperation and coordination with the all appropriate DoD Components.



US Intel Community Taps Encryption-Busting Tech Firm for Digital Spying

December 9, 2015 By Frank Konkel Nextgov

The venture capital arm of the CIA is buying in to a Canadian company that says it can access certain encrypted technologies.


Amid growing terrorist threats from groups like ISIS and increasingly successful cyberattacks from nation states like China, the U.S. intelligence community today announced it will invest in a company that produces digital forensics software.

In-Q-Tel, the IC’s technology investment arm, did not disclose how much funding it will provide the Canadian-based Magnet Forensics, but officials said they believe the company and its flagship product, the Internet Evidence Finder, are promising examples of innovation in the expanding field of digital forensics.

Internet Evidence Finder, the 4-year-old company’s most popular product, is used by 2,700 public safety organizations across 92 countries, primarily for law enforcement purposes. It recovers and analyzes unstructured data, like social media posts, text from chat rooms and emails from computers and other Web-connected devices.

The company bills its software as useful for “cybercrime, terrorism, child exploitation and insider threats,” but it’s likely the first two avenues are the most interesting for In-Q-Tel. Use cases for such technology include both predicting terrorism or cyberattacks and piecing together the digital pieces after an event.

Comments made recently by Jad Saliba, founder and chief technology officer of Magnet Forensics, suggest another interest In-Q-Tel might have in the company: mitigating encryption.

Saliba’s company collects digital evidence from devices, including the “unbreakable” iPhone, according to a report in the Toronto Star last month.

“While conducting such digital forensic investigations on (an Apple device) is becoming increasingly difficult due to increased encryption, we’re committed to continuing to innovate to support our partners in law enforcement so they can get the critical evidence they need for their investigations,” Saliba said in a statement to the Star.

Following the terrorist attacks carried out by ISIS in Paris, U.S. intelligence officials, including CIA Director John Brennan, said encryption technologies were making it more difficult to monitor terrorists.

Recently, key lawmakers proposed the first bills addressing encrypted communications, suggesting tech companies work with government to address the issue. British lawmakers considered a bill last month that would have allowed the police to force tech companies to decrypt communications.

Such legislation isn’t out of the question in America, though it would surely draw ire from privacy advocates who have more legal footing to stand on. It’s likely, though, the intelligence community wants to explore every avenue it can in exploiting encryption.



F-35 Officials Prove Need for Cyber Testing by Cancelling One

December 7, 2015


The troubled F-35 recently hit another snag when, as first reported by Politico, the Joint Program Office (JPO) refused to proceed with the required cyber security tests of the F-35’s massive maintenance computer, tests needed to determine the computer system’s vulnerability to hackers. The JPO argued that such realistic hacker tests could damage the critical maintenance and logistics software, thereby disrupting flights of the approximately 100 F-35s already in service. But that simply raises obvious and disturbing questions about what could happen in combat. But on the broader question of how DoD buys weapons today, this is a clear demonstration of the folly of approving production on expensive systems long before they have been fully designed and thoroughly tested, a now common practice on almost all major Defense procurements.

The scheduled cyber tests target the vulnerability of the F-35 Autonomic Logistics Information System (ALIS). According to Lockheed Martin’s website, ALIS “integrates a broad range of capabilities including operations, maintenance, prognostics and health management, supply chain, customer support, training and technical data.” ALIS is designed to be a “single, secure information environment” that connects the plane’s on-board failure diagnostics with its maintenance management and the logistics supply system. In theory, ALIS would identify a broken part, order a replacement through the logistics system, and tell the maintenance crews what to fix. Cyber tests are particularly important for the F-35, which is commonly referred to as a “flying computer.” The plane has approximately 30 million lines of software code controlling all of the plane’s functions, from moving flight surfaces to creating images in its infamous $600,000 helmet. All this is tightly integrated with the ALIS program, which many consider to be the plane’s largest vulnerability. Should an enemy hack the ALIS system successfully, they could disable F-35 systems in combat, cause disastrous crashes, or ground the entire fleet.

The ALIS software and computer has seen its fair share of problems already. Last year, Joint Strike Fighter Program Executive Officer, Lt. Gen. Christopher Bogdan, had to admit that the software was “way behind.” Maintenance crews supporting the Marine Corps’ F-35 demonstration aboard the USS Wasp this summer found themselves going off base to transfer ALIS computer files to their laptops over a commercial Wi-Fi network when the ALIS system proved incapable of handling the massive data files. Elsewhere, maintenance personnel report that 80 percent of the issues identified by ALIS are “false positives,” reporting parts as broken when they weren’t. Determining which ALIS reports are real and which are not is a time-consuming process for maintenance crews, adding significantly to their workloads when they are already overburdened by the F-35’s significant reliability shortfalls.

Realistic cyber testing is required of all military systems “capable of sending or receiving digital information,” according to a 2014 memorandum from the Department of Defense’s top weapons tester. “The cyber threat has become as real a threat to U.S. military forces as the missile, artillery, aviation, and electronic warfare threats which have been represented in operational testing for decades,” wrote Dr. Michael Gilmore, Director of Operational Test & Evaluation. “Any data exchange, however brief, provides an opportunity for a determined and skilled cyber threat to monitor, interrupt, or damage information and combat systems,” he added.


Dr. Gilmore proscribed testing of such systems to be completed in two phases. The first is an internal assessment by the program’s designers to attempt to identify potential problems and security gaps through an “overt and cooperative examination to identify all significant vulnerabilities and the risk of exploitation of those vulnerabilities.”

The second phase brings in outside “Red Teams” to simulate hacker attacks on the system to identify vulnerabilities. DOT&E uses adversarial teams certified by the National Security Agency to “act as a cyber aggressor presenting multiple intrusion vectors consistent with the validated threat.” Tests of this kind are often referred to as penetration or “pentesting” in civilian circles. By using highly skilled teams of computer hackers to break into the system, the combat user, weapons buyer, and designer learn if and how the system can be disrupted or exploited—and whether its vulnerabilities can be fixed.

It’s not as if this is a theoretical threat. The Department of Defense admitted in 2013 that a foreign power had hacked into unclassified F-35 subcontractor systems and stolen large amounts of sensitive information about the aircraft. The DoD would not say which foreign power stole the data at the time, but earlier this year, documents released by Edward Snowden confirmed the Chinese stole the information from Lockheed Martin in 2007.

The Air Force’s investigation into the breach was initially resisted by the F-35’s prime contractor, Lockheed Martin, Shane Harris described in his book @War. They were only able to determine that the company’s networks had been breached repeatedly after the Air Force generals in charge of the program at the time insisted that Lockheed and its subcontractors cooperate. The stolen information included vulnerabilities of the aircraft and its software.

Left unsaid is whether the program office would rather have operations disrupted now by friendly testers or later by hackers when the planes are engaged in combat.

The F-35 program office may have inadvertently confirmed the gravity of the concerns about software vulnerability with their statements regarding the testing delay. A program spokesman says the office “did not initially approve a cyber-vulnerability test due to the lack of a risk assessment related to operational F-35 assets.” In other words, the office fears the tests could end up disrupting real-world flight operations of the F-35s already in service. Left unsaid is whether the program office would rather have operations disrupted now by friendly testers or later by hackers when the planes are engaged in combat.


Concurrency Increasing Software Risks and Vulnerabilities

This speaks to one of the major, fundamental failures with the F-35 program: its unprecedented level of concurrency. Concurrency is the overlapping of development, testing, and production in an acquisition program. Advocates of the strategy claim it is a way to shorten the time necessary to field a weapon system. In reality, concurrency has historically slowed down the acquisition process and greatly increased costs.

Highly concurrent programs increase the risk that systems built early in the process will require expensive fixes or retrofits after problems are identified during subsequent testing. The Defense Department’s Undersecretary of Acquisition, Technology, and Logistics reported to Congress that the costs of concurrency for the F-35 program last year were $1.65 billion. These costs include “recurring engineering efforts, production cut-in, and retrofit of existing aircraft.” The report hardly painted a flattering picture of the practice.

Concurrent software development issues are hardly new. Frank Conahan, an assistant comptroller with the then-named General Accounting Office, warned against the practice in testimony before the Senate Armed Services Committee in 1990. Even then, nearly a decade before the Joint Strike Fighter program began, Mr. Conahan correctly identified software development as the one of the biggest risks to success in highly concurrent programs. “If the software doesn’t work, then the weapon system as a whole is not going to work the way it should,” he said.


The practice is becoming increasingly entrenched for several reasons. Defense contractors and the Pentagon tend to understate costs and overstate performance. Hence they have a strong motivation to spread subcontracts across as many congressional districts as they can (known as “political engineering”) and sell the Pentagon as many units as possible before an under-performing program becomes obvious to everyone. Those with a vested interest in the program then have a great deal to lose if a system does not perform well during testing. A recent example is the now famous dogfight test between an F-35 and the older F-16 the F-35 is designed to replace. The F-16 performed much better and prompted many to question the value of the entire Joint Strike Fighter program.

But because the F-35 is already in multibillion-dollar production employing thousands of people in hundreds of congressional districts, the plane has a great deal of political support. At least, that is the image Lockheed Martin wishes to cultivate. Parts of the aircraft are built in factories all across the country before eventually arriving in Fort Worth for final assembly. Lockheed Martin says the F-35 relies on suppliers from 46 states and provides an interactive map touting this fact. The reality is the majority of the work is done in only two states, California and Texas. Several states counted in the 46 have twelve or fewer jobs tied to the F-35. Still, there are precious few politicians willing to cast a vote that will be portrayed as “killing jobs” when campaigning for reelection.

The military services and defense contractors have a long history of working and lobbying to avoid realistic operational testing of new weapons systems.

A much better way of doing business is known as “fly before you buy,” the almost universal buying practice in commercial, non-defense procurement. Former Director of Operational Test & Evaluation Tom Christie says when done properly it “will demand the demonstration, through actual field testing of new technologies, subsystems, concepts, etc. to certain success criteria before proceeding at each milestone, not just the production decision.” In other words, acquisition decisions can be made based on performance achieved rather than capabilities hoped for.

The military services and defense contractors have a long history of working and lobbying to avoid realistic operational testing of new weapons systems. A common claim is that testing of this kind is too expensive and adds unnecessary delays to an already lengthy weapons acquisition process. In fact, the most recent industry effort to avoid realistic testing resulted in a provision in the National Defense Authorization Act requiring DOT&E to “ensure that policies, procedures, and activities implemented by their offices and agencies in connection with defense acquisition program oversight do not result in unnecessary increases in program costs or cost estimates or delays in schedule or schedule estimates.” However, these claims are false. The Government Accountability Office (GAO) recently released an audit showing that operational testing does not cause significant cost increases or schedule delays in major weapons programs.

The Pentagon and defense contractors will continue to avoid independent, realistic testing out of their own self-interest. The GAO said it well in its recent report: “postponing difficult tests or limiting open communication about test results can help a program avoid unwanted scrutiny because tests against criteria can reveal shortfalls, which may call into question whether a program should proceed as planned.” This is why Congress created the independent DOT&E in 1983 with broad, bipartisan support (the amendment creating the office passed 95-3 in the Senate)—one of the most important and lasting achievements of the military reform movement of the 80s. To this day, the office provides a vital service to strengthening national security and protecting the men and women in combat who must actually use the equipment the Pentagon buys.


Rasmussen Reports

What They Told Us: Reviewing Last Week’s Key Polls

Bottom of Form

Saturday, December 12, 2015

Donald Trump appears to have defied the media and the political status quo once again.

Following the terrorist killings in San Bernardino, California, Trump called for a temporary ban on Muslim immigration to the United States. He was quickly denounced by President Obama, Hillary Clinton, most of his opponents for the Republican presidential nomination and most media outlets for establishing an unprecedented religious litmus test. Trump countered that we’re at war with radical Islamic terrorism and that his suggestion is just common sense. A sizable majority of Republicans – and a plurality of all voters – agree with Trump and support a ban on Muslim immigrants.

Just one-in-three voters (34%), however, give Obama good or excellent marks for his response to the mass shooting in San Bernardino. 

In a speech to the nation Sunday night following the first major attack by radical Islamic terrorists on American soil in several years, the president outlined the measures being taken to fight the radical Islamic State group (ISIS), called for more gun control and cautioned against anti-Muslim bias. But 69% of voters think the San Bernardino incident is primarily a terrorism issue rather than a gun issue

Meanwhile, belief among voters that the terrorists are winning the War on Terror is near its highest level ever in regular surveying since 2004.

Perhaps then it’s no surprise that at week’s end, belief among Republicans that Trump is their next likely presidential candidate is nearing a record level in our latest Trump Change survey.

Voters also are far more likely to think the media is biased against Trump than against his chief Democratic rival Clinton

The president’s daily job approval rating fell during the week to the high negative teens. 

Despite Obama’s call for more gun control and his continued demonization of the National Rifle Association, most Americans believe the gun policies of the NRA make this country safer, perhaps in part because 51% think more gun control will hurt law-abiding citizens the most.

Wayne LaPierre, CEO of the National Rifle Association, has said, “The only way to stop a bad guy with a gun is with a good guy with a gun.” The NRA and others have suggested that the presence of more Americans with concealed carry gun permits will reduce the number of people killed in violent incidents in this country. Americans tend to think that’s true but aren’t strongly sold on the idea. 

Still, gun sales set a single-day record on the day after Thanksgiving. Gun owners strongly believe that having a gun in the house makes them safer.

Americans in general are also more convinced than ever that media coverage of mass shootings inspires copycat killers.

Yet while Americans take their rights very seriously, they’re also increasingly worried about domestic terrorism. With this in mind, they appear willing to waive some of their rights in exchange for public safety.

In other surveys last week:

— Only 25% of voters think the country is headed in the right direction.

Jesus vs. Santa. Who’s the winner this year?

— Christmas may be the commercial extravaganza of the year, but for most Americans it’s still the day that celebrates the birth of Jesus Christ.

— Americans are also embracing the holiday season in a very charitable mood.


From → Uncategorized

Comments are closed.

%d bloggers like this: