Features
UPDATED: Big payday for Global Hawks
If the Global Hawk unmanned planes are on the rocks, one wouldn’t know it by the Pentagon’s contract announcements. Northrop Grumman is being awarded a contract worth up to $555.6 million for “Global Hawk modernization,” according to a May 13 announcement.
Sunrise or sunset for Global Hawks? Credit: Northrop Grumman
The work will include “engineering efforts,” “configuration management,” and “studies and analyses.” It's supposed to be done by May 14, 2015.
One thing the money won't be used for is to buy three more of the high-flying spy planes, as Congress told the Air Force to do in the 2013 National Defense Authorization Act. "I've confirmed. It's not for aircraft procurement," Air Force spokesman Ed Gulick said by email.
Air Force officials are in tense talks with congressional staff members to try to win relief from the buy-more-Global Hawks requirement. They argue that the additional planes -- Block 30 versions costing at least $100 million each -- wouldn't be delivered until 2017, three years after the Air Force finishes its congressional mandate to keep flying the Block 30s through 2014.
Congress and the Air Force have been at loggerheads since early 2012, when the Air Force did an about face and said it wanted to stop buying or flying the Block 30 versions of the Global Hawks -- the versions that were intended to be most like the piloted U-2s. Only months earlier, the Defense Department told Congress the planes were critical to national security, a requirement to keep money flowing under the Nunn-McCurdy cost control law. Congress reacted by telling the Air Force to keep flying the Block 30s through December 2014, and in fact buy more of them.
Just last month the Air Force reiterated that it wants to put its 18 Block 30 Global Hawks in storage after 2014. Aviation Week reported earlier this year that the radar-equipped Block 40 versions might be killed too.
DoD: China aims for Falklands-like capability
China is emphasizing stand-off precision weapons, space and cyber capabilities in its continued effort to upgrade its military, according the Defense Department’s annual report on China released today.
The congressionally-mandated report, “2013 Military and Security Developments Involving the People’s Republic of China,” says the People’s Liberation Army wants to be ready to fight short, regional, high intensity information wars that span kinetic, cyber and information warfare.
While China wants to become a stronger regional power, its Navy also wants to develop an ability to project power globally for short bursts of several months, “similar to the United Kingdom’s deployment to the South Atlantic to retake the Falkland Islands in the early 1980s,” the report says. “However, logistics and intelligence support remain key obstacles, particularly in the Indian Ocean.”
China’s ongoing military expansion is an extension of its strategic goals which include defending resources and shipping lanes, said David F. Helvey, deputy assistant secretary of defense for East Asia, at a press conference.
The PLA has undertaken a series of missions related to those goals, such as anti-piracy operations, regional naval maneuvers, and a growing number of bilateral military exercises with nations such as Pakistan and Mongolia. However, much of its regional operations and training remain focused on the Taiwan Strait, Helvey said.
Beyond Taiwan, China continues to grow its presence in the South and East China Seas with military and civilian law enforcement vessels.
Ongoing military acquisitions and upgrades include the development and deployment of new generations of area-denial weapons such as anti-ship and ballistic missiles. China is also developing two stealth fighters, the J-20 and J-31, although Helvey said both aircraft are still very much in the prototype stage with no formal operational training programs yet established. He said the Defense Department doesn’t expect either aircraft to be fully operational before 2018.
China has also been active in both the space and cyber realms. In 2012, China conducted 18 space launches and continues work on tactics designed to limit or deny access to space by other nations during wartime.
The PLA has also been very active in cyberspace and continues to develop a cyber warfare doctrine, which partly explains the intrusions into U.S. government and commercial networks, many of which are attributable to Chinese cyber intelligence units, according to the report.
The increased military growth is reflected in the nation’s growing defense budget. Although China’s official military budget for 2013 is $114 billon, reflecting a continuous spending growth of 10.7 percent for nearly two decades, the Defense Department estimates China’s actual military expenditures for 2012 to be between $135 billion to $215 billion.
Despite these concerns, Helvey said that the U.S. government continues to work on developing a stable military relationship with China. These efforts include various national visits by high level U.S. and Chinese officials and ongoing work on regional and international security agreements. He noted that China is considering participation in the multinational Pacific Rim 2014 exercise.
DIA’s new analytics course requires tradeoff
The DIA director promised his tenure would amount to more than changing riders, and here’s a case in point. DIA plans to push forward later this year with a new advanced intelligence analytics course that will have DIA civilians training together with uniformed staff.
DIA Director Lt. Gen. Michael Flynn
The change will require temporarily slowing down deployment of analysts to the combatant commands in 2014.
The course will be called PACE for Professional Analyst Career Education. DIA describes it as an enhancement of its existing Defense Intelligence Strategic Analysis Program. DIA plans to launch a pilot version in October and the first six-month course in 2014.
The agency anticipates cranking out about 200 analysts a year through PACE.
Most pilot projects are hatched to earn buy-in for controversial ideas, but DIA says the PACE pilot will improve the final version.
“Feedback from students and instructors will be considered before the program is fully launched,” DIA says in a written statement.
The catch is that PACE will mean slowing the arrival of DIA analysts to joint intelligence operations centers for about a year. DIA set up these JIOCs following the 2006 Quadrennial Defense Review, which ordered improved intel coordination for the combatant commands.
DIA Director Lt. Gen. Michael Flynn said slowing the throughput of new analysts will be worth it, because civilians will get the same skills and professional develop opportunities afforded to uniformed staff.
“Those of us in uniform know exactly what our professional development opportunities will be, whether you’re a private coming in or whether you’re a lieutenant coming in,” Flynn said at last month’s C4ISR Journal conference.
Civilians have had less training, and PACE is meant to fix the problem.
“I want to make sure that (civilian analysts) are all trained; that they are trained in the tradecraft; they’re trained...all in a similar way; they know about the tools,” he said.
DIA describes PACE as “the first mandatory advanced analytics training for DIA civilians.” It says it wants to create analysts who are “comfortable with complexity and uncertainty; can navigate informational and contextual ambiguity."
The course is designed for all civilian analysts at DIA's GG-12 employment grade and below, and for enlisted staff at the E-6 grade or below and for officers at the O-3 grade or below in the DIA National Capitol Region.
Forecast: More of the same from North Korea
The Pentagon’s homework assignment was to tell Congress about North Korea’s strategic intentions and military capabilities. The report delivered to Congress today (five months late) offers a bleak prediction of North Korea’s likely behavior under Kim Jong Un. The analysis is based largely on developments through mid-2012, the exceptions being brief references added in editing to the December Taepo Dong 2 missile launch and the February nuclear test. Here are excerpts from the unclassified version, “Military and Security Developments Involving the Democratic People’s Republic of Korea”:
Image from the website of the Democratic People's Republic of Korea
• “Under Kim Jong Il, DPRK strategy had been focused on internal security; coercive diplomacy to compel acceptance of its diplomatic, economic and security interests...We anticipate these strategic goals will be consistent under North Korea’s new leader, Kim Jong Un.”
• North Korea “retains the capability to inflict
serious damage on the ROK, despite significant
resource shortfalls and aging hardware.”
• “North Korea’s continued pursuit of nuclear technology and capabilities and development of long range ballistic missile programs, as reflected in the December 2012 Taepo Dong 2 missile launch and April 2012 display of a new road-mobile intercontinental ballistic missile, underscores the threat to regional stability and U.S. national security posed by North Korea.”
• “The regime’s greatest security concern is opposition from within, and outside forces – primarily South Korea – taking advantage of internal instability to topple the regime and achieve unification of the Korean Peninsula.”
• “In North Korea’s view, the destruction of regimes such as Ceausescu, Hussain, and Qadhafi was not an inevitable consequence of repressive governments, but rather a failure to secure the necessary capabilities to defend their respective autocratic regime’s survival.”
• “The DPRK seeks recognition as an equal and legitimate international player and as recognized nuclear power that is eventually able to normalize its diplomatic relations with the Western world and pursue economic recovery and prosperity. The DPRK’s rhetoric suggests the regime at this time is unlikely to pursue this second goal, at the expense of the primary goal of pursuing its nuclear and missile capabilities.”
• “…North Korea uses small-scale attacks to gain psychological advantage in diplomacy and win limited political and economic concessions, all while likely believing it can control escalation.”
• “North Korea is making some efforts to upgrade its conventional weapons. It has reinforced long-range artillery forces near the DMZ and has a substantial number of mobile ballistic missiles that could strike a variety of targets in the ROK and Japan. However, we assess that the DPRK’s emphasis will be to leverage the perception of a nuclear deterrent to counter technologically superior forces. “
• “North Korea probably has a military computer network operations (CNO) capability. Implicated in several cyber attacks ranging from computer network exploitation (CNE) to distributed denial of service (DDoS) attacks since 2009, the North Korean regime may view CNO as an appealing platform from which to collect intelligence.”
• “…a space launch does not test a re-entry vehicle (RV), without which North Korea cannot deliver a weapon to target from an ICBM. Development also continues on a new solid-propellant short-range ballistic missile (SRBM).”
OPINION: How to make your staff cyber-smart
Even the strongest, most expensive safe in the world is useless if you don’t keep its combination a secret. The same is true for data protection. If your company has state-of-the-art encryption technology, it’s unlikely to be effective unless your employees are security-wise.
Mark Knight is director of product management at Thales e-Security
Employees must make daily tradeoffs between security and productivity, which means regular security training is necessary for safeguarding company and customer data. Common sense alone is not an answer. For example, should an employee connect an encrypted USB stick to print confidential files from a hotel’s business center computer? No, even though the USB is encrypted never trust business center PCs. A hotel PC might be infected with malware that could copy confidential files from the USB stick and distribute them online. Would your employees notice and flag an intercepted SSL (Secure Socket Layer) browser session to a cloud-based business service? In many cases they wouldn’t; users have often become desensitized to security warnings and without regular training may absent mindedly click “Ignore” or “Accept” when a security warning appears.
What precautions should be taken when travelling abroad? When travelling, the risk of Internet connections being intercepted may grow, so always connect to your corporate VPN. When using a cloud-based meeting service, what are the associated risks? Several meeting services offer a publically accessible list of scheduled meetings and meeting room PINs are often used for several meetings. What might a customer or competitor hear or see if they dialed in early? Who may have access to call recordings?
Here are top recommendations for ensuring your employees are security-wise:
1. Build a Culture Of Good Personal Security
Advanced Persistent Threats generally start with hackers focusing on high reward targets such as IT administrators and employees with access to data or applications. Canny attackers can leverage social media to gain background information to identify and attack their victims. For example, by identifying a victim’s social network it becomes much easier to send a convincing phishing email that appears to come from a trusted colleague. Organizations must educate and empower their employees to make sensible decisions regarding how much personal information they expose when sending emails or posting job-related information on social networks.
2. Don’t Mix Security with Productivity
IT departments frequently depend on technical measures like web security products and Acceptable Use Policies to administer good security practices. Avoid mixing security and productivity policies in a generic set of abstract restrictions: staff will be less inclined to bypass technical controls or ignore policies during their lunch break if they grasp the purpose and threats behind the organization’s Acceptable Use Policy.
3. Implement Dual Control
Organizations of all sizes must implement strong dual control for their sensitive operations in order to remain secure. Even with strong cryptography and responsible employees, attackers can target “super users,” an employee with high-level access who represents a single point of vulnerability in the eyes of an attacker. For example, if software-based encryption is used, a systems administrator frequently has access to data encryption keys. If this administrator’s account is compromised by a social engineering attack, then all his organization’s data will be at risk to exposure. Therefore, make sure more than one person must authorize all access to sensitive data or sensitive encryption keys.
4. Classifying Data
Every mobile and portable device today is equipped with fast fiber-optic broadband speeds and large memory capacity. Large amounts of data can leave an organization within seconds. All employees should be encouraged to classify and apply protective markings to sensitive assets to empower them to make good information security judgments. If sensitive data is classified properly, staff will know when it is safe to access a file on a personal tablet and when a document should only be edited on a remote desktop to reduce exposure. With the widespread adoption of bring-your-own-device policies, organizations should consider providing their employees with subsidized security solutions for use at home as part of an enterprise PKI or public key infrastructure that can issue digital certificates and enforce limited trust.
5. Train The Trainers
Last but not least, ensure that all IT staff, PC support, administrators, and others who frequently contact employees are regularly briefed on security. IT staff are fundamental to developing a culture of proactive security through formal training and by demonstrating and cascading good security practice in daily communication with end users.
Effective and future proof security requires a shift in approach that is only achieved when employee training is a priority. The way we configure and use information technology is just as critical as the selection of security products and policies. While the return on investment for security is hard to measure, periodic training as part of a balanced and holistic approach to security will result in greater incremental benefits per dollar spent than security strategies that depend solely on technology and security products.
USAF edges toward career intel chief
When then-Brig. Gen. Robert Otto took command of the Air Force's U-2 and Global Hawk planes in 2008, one of his first steps was to sit down with rank-and-file intelligence officers. Otto wanted to understand the intelligence process, not just the collections gathered by the 9th Reconnaissance Wing at Beale Air Force Base, Calif. The sessions were a good way for Otto, a U-2, Global Hawk and F-15 pilot, to start building credibility among career intel officers.
Lt. Gen.-select Bob Otto will be the Air Force's next intel chief
The approach paid off. Otto has been confirmed by the Senate to become the Air Force’s next intel chief. He'll pin on a third star in late June and replace Lt. Gen. Larry James, who is retiring.
Air Force intelligence professionals respect Otto, but his arrival brings mixed emotions for them.
Once again, someone from outside the ranks of the Air Force’s career intelligence officers has been chosen to serve as the service’s deputy chief of staff for intelligence, surveillance and reconnaissance. It's frustrating to Air Force intel officers. They look at the Army and see intel lifers like Lt. Gen. Mary Legere rising to the top.
A lot has improved for Air Force intel officers since a 2005 C4ISR Journal article used the term “glass ceiling” to describe their flagging promotion rates. But Otto’s selection confirms that not enough has changed to put a career person in the job, one officer said.
Emotions are mixed, but bitterness isn't one of them. Otto’s credentials are hard to question. After Beale, he went to the Pentagon to serve as director of intel capabilities at Air Force headquarters. Since July 2011, he's been running the service’s intelligence field operations as commander of the Air Force Intelligence, Surveillance and Reconnaissance Agency at Joint Base San Antonio-Lackland in Texas.
Otto’s most notable role in recent years might be an unofficial one. He's the expert the service calls on whenever intel mistakes are made in Afghanistan. He hasn't hesitated to criticize his fellow pilots when the facts lead there.
In 2010, Otto led an investigation into the killing of 23 civilians in Uruzgan province. He blamed the mistake partly on confusing communications by an Air Force Predator crew. In 2011, a Predator crew killed a Marine and a Navy corpsman in the Sangin Valley after mistaking them for Taliban fighters. That was the last straw.
Otto successfully pushed to establish direct voice links between the Predator crews and analysts at the Air Force’s Distributed Ground System fusion sites. Analysts were viewing full motion video simultaneously with the Predator crews but they could only send computer chat messages if they saw things going wrong.
Intel officers respect Otto for all that. His career over the last five years could be seen as a bridge toward the day when a career intel officer is picked for the top intel job.
It will happen eventually, one officer said.
OPINION: Sequester politics carry hidden costs
There was one moment in Rep. Michael McCaul’s address at the C4ISR Journal conference that I found especially telling. The topic was sequestration.
“Not to get political, but it was the president’s idea,” said the Texas Republican and chairman of the Homeland Security Committee. McCaul said “certain” people “are not taking on” the entitlements issue.
In other settings, this boilerplate line might have drawn applause, but you could have heard crickets chirp when it was uttered here.
The industry and military are beginning to reel over sequestration, both financially and in terms of the missions they’re trying to accomplish. The intelligence community should be a no-politics zone, but they've been dragged in. “We catch terrorists. It’s kind of important,” one biometrics specialist told me a few weeks ago.
As a conference attendee put it later, Congress needs to do its job.
The job should be to work it out with the president, regardless of who put the country in this pickle. There's an old expression about "losing the streets" -- meaning public opinion -- and that's starting to happen for Republicans in the defense and intelligence industries.
Damage to the Republican brand is one impact but there are others. No one can claim with a straight face that attending a conference is as important as the cuts that are starting to be felt in daily intelligence work. But the collateral damage is a loss of unclassified collaboration time for military and intelligence officials. As the Boston bombings are likely to remind us, old-fashioned person-to-person relationships are critical to effective intelligence sharing.
Not every problem can be solved inside a lead-walled sensitive compartmented information facility. That's especially true if the issue involves allies or international partners.
Military officers and intelligence officials shouldn't have to use personal leave time to attend a professional conference. We're lucky some of them are doing just that.
Staffs see a deal coming on cyber legislation
Democratic and Republican congressional staff members are striking an upbeat tone about the possibility of getting a version of the Cyber Information Sharing and Protection Act through both houses of Congress this year, notwithstanding controversy over whether the bill’s privacy protections go far enough.
“Chairman Feinstein has said in no uncertain terms, ‘Go out and get this done,’” said Andrew Grotto, a staff member on the Senate Select Committee on Intelligence, where Sen. Dianne Feinstein, D-Calif., is chairman.
Grotto and other congressional staff members discussed the prospects for cyber legislation at the annual C4ISR Journal conference today.
The bill that passed the Republican-controlled House of Representatives April 18 promises to “reasonably limit” the retention or disclosure of cyber information associated with specific people. It would establish a process for federal and state governments and private companies to share details of cyber attacks and threats.
The American Civil Liberties Union says the bill would create a loophole in privacy laws by allowing companies to share Internet user data with the National Security Agency.
Grotto’s staff counterpart on the Republican-led House Permanent Select Committee on Intelligence, Thomas Corcoran, agreed that differences between Republicans and Democrats are not insurmountable.
Receiving threat information from the private sector’s security industry would be especially important: “Despite what the ACLU would have you believe, the NSA does not have sensors all over the Internet,” Corcoran said.
The session moderator, former Department of Homeland Security official Paul Rosenzweig, challenged the staff members to give a one word answer about whether Congress would pass cyber legislation.
Corcoran and Grotto said yes. Staff member Kevin Gates of the House Armed Services Committee said probably.
Clapper defends intel handling
The director of national intelligence was in push-back mode at the annual C4ISR Journal conference, suggesting that the U.S. intelligence community was right to view Russian tips about the radicalization of Tamerlan Tsarnaev with a healthy dose of skepticism.
Director of National Intelligence James R. Clapper
The U.S. has long taken a “trust but verify” attitude to Russian claims in arms control issues, James R. Clapper said. Suddenly the U.S. was supposed to take Russia’s warnings about Tsarnaev "without question." Clapper said he finds that amusing and ironic.
>>More from Clapper below: IT overhaul deadline slips to August; Mandiant report could incite China; sequestration hurts; limits of domestic intel>>
Clapper said the bombing case has entered a “post-event witch-hunt phase, which is predictable.”
He counseled patience. "I think it would be a real good idea to not hyperventilate for a while until we get all the facts," he said.
Clapper said the country’s going to have to grapple with how much domestic intelligence it wants in the wake of the Boston bombings:
"I think at some point we have to come to a judgment here on just how intrusive you want Big Brother to be. To me as a citizen, not just as the head spy of this country, I think we need to think about that,” he said.
Clapper said finding a “lone wolf” is difficult. “I think the bigger issue here is what is the government’s responsibility for mind-reading and determining the point at which someone self radicalizes,” he said.
As he left the venue, Clapper shook hands with House Homeland Security Committee Chairman Rep. Michael McCaul, R-Texas, who was on his way in to address the audience.
McCaul had a different take on the question of whether the bombers were lone wolves. “It’s astounding to me” that some members of the intelligence community have already concluded that there was no foreign involvement in the Boston bombings, he said. “They just got his computer," he said.
McCaul said he agrees that the mood of the nation is shifting toward protecting civil liberties, even in the wake of the bombings.
Clapper Excerpts>>
Mandiant report>>"The downside of outing the Chinese is of course they’ll go to school on us.”
Domestic surveillance>> "...there’s a bigger issue here that no one is thinking about, and that is the extent to which you want the government monitoring U.S. citizens behavior, monitoring their social media."
Sequestration>> "No one ever thought sequestration would actually happen. It’s egregious. It’s mindless...the entire federal budget is divided into what are called PPAs, planned program activities. And so I have several hundred of them in the NIP (National Intelligence Program), and of course the way sequestration works is every one of them have to be equally taxed. And some of those are nothing but people. "
Intelligence Community Information Technology Enterprise (ICITE) overhaul>> “We’re sort of declaring IOC here in August, and I must tell you having done this a couple times before, we are well past the euphoria state on, 'Gee, what a great idea this is,' into the passive aggressive phase, which is predictable and it just takes some consistent, persistent management.”
Cyber-intel sharing stuck in 20th Century
When the National Security Agency discovers malware it thinks another agency should know about ASAP, the next step is a maddening one for an agency steeped in high technology. The NSA staff member must pick up a telephone and call an expert at the other agency.
NSA's Neal Ziring. Credit: www.kristinasherk.com
The NSA’s Neal Ziring has a whole shtick worked out to capture the frustration of it all: “Is Bob there? No, he’s out to lunch? Tell him to call me back.”
Ziring is the technical director inside NSA’s Information Assurance Directorate. He told Deep Dive he wants the NSA and other agencies to establish an automated “information exchange” that would instantly share samples of malware code and analyses among agencies, and possibly the private sector.
The need for speed was a common theme here at the McAfee Public Sector Summit.
McAfee’s Phyllis Schneck, chief technology officer for public sector work, drew snickers for one of her briefing charts. It showed a black and white photo of office workers labeled “people speed.” Another photo showed cables plugged into a computer, and it was labeled "light speed." A third photo showed the inside of the Capitol Building, and it was labeled “no speed.”
It was an obvious reference to the failure of cybersecurity legislation in Congress.
President Obama issued a cybersecurity executive order in February to try to compensate, but Ziring said it’s no substitute for spelling out in law when and how the NSA can share what it knows with the private sector.
“The executive order kind of bumps (threat sharing) up to the top of the priority list,” he said.
It declares the White House’s intention to “increase the volume, timeliness, and quality of cyber threat information shared with U.S. private sector entities.”
An executive order can only do so much, given the strict legal authorities NSA operates under: “We’re doing what we can within the authorities we have today. We believe we could do more,” Ziring said.
If the authority question is worked out, data could be shared with the private sector in a “machine readable format,” he said.
“NSA might use it to send (threat information) to FBI or the private sector,” he said.
