Government Executive - Authors - William New

Director of science agency foresees more budget cuts

William New — Wed, 12 Jan 2005 00:00:00 -0500

The final fiscal 2005 budget "indicates that we're in a very difficult budget climate and that the administration puts a very high priority on reducing the budget deficit, and that's going to affect our programs in the discretionary budget, including research," Bement said in a Monday interview at NSF's Arlington, Va., headquarters. "On top of that, we're going to have to take a realistic view of the budget climate in setting our goals for the near term."

"Of course, my hope is that we'll continue to grow," he added, "but not at the rate expected under the Investing in America's Future Act of 2002," which authorized a doubling of NSF appropriations from fiscal 2003 through fiscal 2005.

Bement said he is working to stress to budgeters "the importance of investing in the future and the strong linkage between science investment, economic development and job creation if we're going to maintain our own."

The key to raising NSF's budgetary fortunes, he said, is to "convince the various science communities that they have to speak with one voice." Those communities include fields such as biology, engineering and math.

"They only weaken their case when they take a parochial point of view," Bement said. "It's important that the case we make is that science across the board is an investment priority and can lead to not only short-term benefits but longer-term benefits for the nation."

Bement noted that a nation with low savings levels such as the United States relies on investments in education and in research and development to stay ahead of its global competitors.

He said national priorities for research are set by the White House's Office of Science and Technology Policy and Office of Management and Budget, and that NSF follows those priorities.

"You'll find activities throughout our whole program reflecting those priorities," he said, pointing to homeland security R&D, nanotechnology, networking and information technology R&D, water resources and climate change, and "extreme events" like tsunamis and earthquakes.

"These are very strong [Bush] administration priorities, and NSF is a key player," he said. "Anything we can do to link our university research programs to the challenges facing the nation will enhance our chances for budget success."

Bement said most research agencies were involved in security-type activities before the Homeland Security Department was created. He said the department is mainly focused on obtaining existing technologies for the short term, and said he has been told by Homeland Security science and technology directorate chief Charles McQueary that even in the future, the department will depend on other agencies for long-term research.

Bement also said NSF's percent change in funding only lags agencies that are "more mission-oriented, addressing priorities such as the war on terrorism [and] homeland security."

]]>

Ex-cybersecurity czar focuses on global coordination

William New — Tue, 11 Jan 2005 00:00:00 -0500

The intent of the program is to coordinate global efforts on cybersecurity and cyber crime, identify gaps and develop "metrics" for measuring success. "It's almost like creating a NATO of the cyber security world," said Howard Schmidt, a former adviser to President Bush.

Schmidt is building the program based on the operational elements of a national cyber security program developed by the former director of Homeland Security's cybersecurity division, Amit Yoran, who left in the fall.

Schmidt said he hopes to have the partnership in place by early summer but those involved are not looking for fanfare. Some companies have pledged support but asked that their names not be used. Schmidt's project complements the separate, private-sector National Cyber Security Partnership, he said.

Through his consulting firm, R&H Security Consulting, Schmidt is on a $383,000 contract to provide leadership and assistance in developing the program for the National Computer Emergency Readiness Team (US-CERT), which joined forces with Homeland Security last year. Schmidt scaled back his work at eBay to do the partnership work, which he said in a Tuesday interview has been time-consuming.

The contract includes $120,000 for international travel, a figure Schmidt said was an estimate and was arrived at without his input. Schmidt is the only consultant in the firm, which has some administrative support based on the West Coast, he said.

The role of US-CERT and Homeland Security in cyber security is to coordinate the variety of efforts taking place in institutions, intergovernmental bodies and the private sector, Schmidt said.

He said his role has not changed with the departure of Yoran. Among other projects, Schmidt participated in a confidential departmental meeting with cyber-security stakeholders last week in Wye River, Md. That meeting brought together experts from a wide range of perspectives to share views.

One issue debated at the meeting was what information government and the private sector should share with each other, according to participants. Both sides have long said they need more information to better protect cyber assets.

Schmidt spoke Tuesday after participating in an interagency workshop on cyber security held at the Commerce Department. At the event, a new publication was released by the American Bar Association's privacy and computer crime committee. The new booklet draws together key points from three preceding publications on cyber crime, security and privacy.

The Wye River meeting was led by Andy Purdy, acting director of the Homeland Security Department's cyber-security division. Schmidt downplayed the impact on the nation's cyber security of the departure of Yoran and last week's news of the departure of US-CERT Director Larry Hale.

"The vast majority of work has to be done in the private sector," he said. "I'm not that concerned."

But Schmidt did say the level of the official responsible for cyber security is important because it can bring resources and authority to get things done.

]]>

Publicized intelligence briefing riles Homeland Security officials

William New — Wed, 05 Jan 2005 00:00:00 -0500

Smith issued a press release earlier this week announcing that he has "locked in" a Thursday meeting with senior department officials to discuss intelligence and data used as the basis for issuing grants for urban areas in 2005 under a department initiative.

Smith said he scheduled the meeting after learning New Jersey's allocation would be cut 40 percent despite its proximity to New York City, which would get an approximately 300 percent increase, an aide said.

"As soon as it became clear that New Jersey's threat-based grants from Homeland Security were in question, I contacted Undersecretary Asa Hutchinson," Smith said. "He promised me he would facilitate a classified briefing."

Expected to join Hutchinson at the meeting is Sue Mencer, director of the Office of Domestic Preparedness, which manages the grant program. Officials from the department's Information Analysis and Infrastructure Protection directorate also are to attend, Smith's office said. Smith also invited all members of the New Jersey delegation to attend, as well as Acting Governor Richard Codey and his counterterrorism chief.

But the Homeland Security Department source said reaction within the agency has been strong because such an announcement could draw heightened scrutiny on Capitol Hill and in the media to shared intelligence. Grant allocations were hotly debated in the last Congress and are expected to come up again in this Congress, although much of that debate has focused on a different, formula-based program.

The program that Smith has targeted, the Urban Areas Security Initiative, is threat-based. "This will hold the intelligence community back from going up for meetings," the official said. "It spooks the briefers, and puts everybody in a bad position. This is amateur hour at best."He said while department officials regularly hold classified meetings with members of Congress, they are conducted quietly.

Smith's aide defended the decision, saying the issue has gotten "intense media interest" in New Jersey. As the "dean" of the state's delegation, Smith is expected to arrange such meetings and "felt he should be open about it," the aide said.

"We're not springing this on them. We told [the department] there would be press availability after the meeting," he said. "There shouldn't be any surprise."

]]>

Industry eyes future as cybersecurity language is killed

William New — Tue, 07 Dec 2004 00:00:00 -0500

Senate staff dropped the provision that would have created an assistant secretary for cybersecurity during negotiations in mid-November, according to congressional and private-sector sources. One source said Bob Liscouski, Homeland Security's assistant secretary for critical infrastructure protection, went to Capitol Hill and succeeded in making the case for keeping cybersecurity under his jurisdiction rather than making it equal. The department did not return a call for comment by press time.

The source said the White House accepted the change, perhaps "unwittingly." A White House spokesman on Tuesday could not comment on ongoing negotiations. Both chambers appear likely to debate a compromise intelligence bill this week.

The House Homeland Security Committee'S Cyber Security Subcommittee on Monday recommended that the Bush administration elevate the status of the official focused on cyber security. On Tuesday, the Cyber Security Industry Alliance (CSIA) made the recommendation among others for the administration's second-term agenda.

Industry groups such as CSIA and the Information Technology Association of America (ITAA) have been lobbying the House and Senate leadership to put the cyber-security language back into the intelligence bill, but CSIA also is looking to next year.

"I'm not optimistic it's going to make it in if the bill is passed today," CSIA President Paul Kurtz said after a press briefing on the group's 12 recommendations. "It's a missed opportunity, no doubt. But we have created a better foundation for creating an assistant secretary position."

Kurtz said the lobbying efforts have raised understanding on the Hill and in the administration of the need to elevate the position. "I'm confident they are going to be looking at this in the 109th Congress," he said.

CSIA's other recommendations include: quick ratification of the Council of Europe cyber-crime convention; exemplary government procurement practices; stronger information sharing and analysis centers; selection of a federal agency to track the costs of cyber attacks; more cybersecurity research and development; greater funding for the National Institute of Standards and Technology; improvements in the federal security-certification process; and improved security of digital control systems used by utilities.

Government oversight of cybersecurity is going through a transition. Amit Yoran departed as the cybersecurity director at Homeland Security in October, leaving no department employee with sole responsibility for the issue. His replacement, Andy Purdy, is a contract worker.

In Congress, Bob Dix, staff director at the House Government Reform Committee's technology subcommittee, will leave at month's end for Texas-based Citadel Security Software. He will serve as the company's vice president of government affairs and corporate development. And Margie Gilbert, a top aide at the House Homeland Security Committee's Cyber Security Subcommittee under Mac Thornberry, R-Texas, was in that job on detail from the Defense Department and has returned.

]]>

Former cybersecurity chief recounts successes during his tenure

William New — Fri, 03 Dec 2004 00:00:00 -0500

Yoran said he plans to stay active in cybersecurity, and among other new projects he is now advising the private information sharing and analysis centers that some business sectors have set up to protect their computer networks.

Before working at Symantec, Yoran was the CEO of cybersecurity firm Riptech, which Symantec acquired.

He was interviewed by Technology Daily senior writer William New. Here are edited excerpts.

NJ: Why did you leave the Homeland Security Department at this time?

Yoran: My departure came about because we were able to complete a lot of goals and objectives in cybersecurity. These included creating a start-up within the department to help them deal with cybersecurity, recruiting highly skilled technical folks, and crafting a series of projects and initiatives to help the department get off on the right foot on cyber-issues. I think the objectives were largely achieved. Since the agreed-upon objectives were achieved, I thought it was time to move on.

NJ: Was there any truth to reports that you were unhappy with the situation at Homeland Security?

Yoran: Clearly, there are frustrations for any entrepreneurial spirit in any large bureaucracy. There were some challenges in that environment, but it was time well spent, and the mission is an important one.

NJ: Can you talk more about the accomplishments under your term?

Yoran: In addition to standing up the division and recruiting, we increased the number of bridges and interaction points with the private sector. Last year, the department was criticized for holding a summit that included just four industry groups. Now there are 30 partners representing all industrial economic sectors and government entities working together. For the first time, we tabulated [the Internet presence] of the federal government -- 5,700 different network blocks, some very small, with about 200 computers; some very large, with literally billions of addresses. For the first time, the federal government can begin to understand what its IT assets might be. We also assessed what the federal government's Internet vulnerability profile looks like. When completed, this will be the largest Internet vulnerability assessment ever. We also pulled together a cyber-incident response coordination group ... so should there be a cyber-incident of national significance, the federal government's pockets of cybersecurity capability and authority could be brought to bear in a coordinated fashion.

NJ: What remains for the department and the government to do on cybersecurity?

Yoran: While we have made some progress, a significant amount of work lies ahead. The department, in whatever form it chooses, needs to make a meaningful statement that it is committed to playing a significant leadership role in cybersecurity. What the next step for government will be in cybersecurity has yet to be defined and clearly articulated to the other parts of government and to the private-sector partners that are critical to the nation's homeland-security efforts and cyber-efforts.

NJ: Some experts have recommended that more attention be paid to cybersecurity of government systems. Do you agree with that?

Yoran: There is a dire need for government to radically reform how it looks at securing its own systems. There's a tremendous amount of paperwork involved. I would say the structured approach that government uses to secure its IT cyber-systems is largely, if not entirely, ineffective. Harnessing our effort on the security woes and deploying technical countermeasures and protections might actually solve more problems than the reams of paper we're currently producing.

NJ: Some experts and members of Congress have suggested that primary cybersecurity responsibility should be moved from Homeland Security, possibly to the Office of Management and Budget. Do you agree? Others have proposed that the cybersecurity position with the department be elevated to an assistant secretary level.

Yoran: I still think that for Homeland Security to be the sector-specific agency for cybersecurity is fundamentally the right approach. And the department needs to clearly define its programs, commitment, and long-term dedication and leadership to this important issue. It is important to the nation that, regardless of what level the position takes on, the department deals with cybersecurity in an aggressive and proactive fashion. Cybersecurity issues have to be truly integrated along with physical security into government grant programs, emergency preparedness and response programs, the Office for Domestic Preparedness, and state and local programs.

NJ: What kind of person do you recommend to follow you?

Yoran: This is really something that the administration and department need to decide. I believe a career bureaucrat who understands technology but is more adept at working with government systems for human resources, budget, and internal departmental politics is critical. Those issues seem to have great influence on cyber-efforts' ultimate likelihood of success or failure.

]]>

Ex-cyber chief expects information security transformation

William New — Thu, 02 Dec 2004 00:00:00 -0500

"I think in the next two to four years, there is going to be a radical transformation of the information security field," Amit Yoran, the former director of the Homeland Security Department's cyber-security division, said Thursday at an E-Gov Institute conference.

Through the increased globalization of networks and new technologies and methods for transmitting content, he said, "within the next three years, you will not be able to define where your enterprise network begins and ends."

The current focus on "firewalls" to block unauthorized people from accessing networks and on identifying patterns of undesired activity will be required but will be an increasingly smaller part of the solution, Yoran said. "We need to ... revolutionize our thinking," he added, noting that government tends to lag three to five years behind the private sector.

Yoran said government needs to foster the development of computer platforms with a reduced amount of unpredictability because unpredictability translates into vulnerabilities. The cycle of trying to stay ahead of hackers by identifying vulnerabilities and applying patches will take "years if not decades" to change, he said.

Yoran said he does not believe there should be concern over the trustworthiness of software based upon where it was produced because many developers within the United States are foreign.

He also called for change in the "completely ineffective" certification process for government agencies' procurement of software by minimizing paperwork and increasing software testing. Other problems include the fact that different labs get different results and that only larger organizations are being forced to endure the process.

There is a limited amount of information about cyber vulnerabilities and threats that the government has and can share with the private sector, Yoran said, adding that private-sector information shared with government should be better protected.

He had no recommendation for small technology companies seeking contracts with Homeland Security, though he said he no longer recommends that they partner with larger systems integrators.

He did recommend increased federal spending on cyber security in the future.

Yoran ended his year in government service in October. He said his accomplishments include forming a coordination group to respond to cyber incidents. That change coordinated "pockets of cyber expertise" from the CIA, Defense Department, FBI, National Security Agency, Secret Service, and the departments of Energy, Homeland Security, Justice, State and Treasury, he said.

The group developed a common understanding on national capabilities at the top-secret level and on who has authority in a national-level cyber incident. Officials still need to define what authority government has in such events and how to use it, Yoran said.

Yoran, who reports say left his government post out of frustration with the attention cyber security received at the department, also warned against combining cyber and physical security, as the latter is "very slow to change" to better turn intelligence into information for the "war-fighters" of cyber security.

]]>

Intelligence agencies accused of hoarding best analysts

William New — Tue, 30 Nov 2004 00:00:00 -0500

The nine agencies that have "fusion" centers intended to bring other agencies' experts together are keeping their best talent in their own centers and sending less-talented analysts to the others' centers, 9/11 Commission member Jamie Gorelick said at a homeland security conference sponsored by the FCW Media Group and E-Gov Institute.

"It's a proliferation of fusion with none of the best people in one place," Gorelick said. "It's a recipe for disaster."

In addition, Gorelick urged reforms to better adopt new security technologies and include the views of the technology industry. "I think the voice of the technology community needs to be heard," said Gorelick, a former deputy attorney general during the Clinton administration. The commission worked "very closely" with the industry in preparing its report, she said.

Gorelick acknowledged that some commission recommendations on technology use are being implemented but said there are outstanding needs.

She called for establishing an overarching information infrastructure for the various intelligence agencies, including a system for sharing data gleaned by each agency, and for clarifying who makes decisions about the information. Currently, no one is overseeing coordination among agencies. "We have a sense of urgency" for an information-sharing architecture, she said.

Gorelick said the new national intelligence director the commission proposed would not be "starting from nowhere" but would have to be built up and could be functional "reasonably quickly." And the national counter-terrorism center could be built on the Terrorist Threat Integration Center created last year.

Agencies have no excuse not to share information now that the USA PATRIOT Act, the anti-terrorism law passed shortly after the terrorist attacks, "obliterated the shield" each agency used to guard information as though it were power, she said.

Gorelick also said agencies need to work more with the private sector. There is "an enormous degree of frustration" in the private sector about getting technologies to the government, she said. "Technologies to protect critical infrastructure are well-advanced beyond what the government can digest," she said. "We need greater leadership there."

Larger firms are frustrated, and some of the smaller firms, which might be the most innovative, are "completely daunted" by the process for offering their technologies, she added.

There also is a "fair amount of frustration" within the federal government in the ability to acquire and use technologies, Gorelick said. For instance, there is no way for government agencies to jointly test a new technology even if it will be used for the same purpose.

Separately, Gorelick said the commission supports the intelligence reform legislation stalled in Congress but would not support further weakening its recommendations. The bill "is not perfect," but it is "a beginning," she said.

]]>

Pentagon official: We need new security technologies

William New — Tue, 23 Nov 2004 00:00:00 -0500

"To win the war on terror, we must look to our private sector, specifically our high-tech industry," Paul McHale, assistant Defense secretary for homeland defense, told a homeland security conference sponsored by E.J. Krause and Associates.

McHale, whose office bridges the gap between Defense and the Homeland Security Department, said the vision is to push the U.S. borders out, using the country's technological advantage to "shape the battle space" and keep terrorists off balance. Protecting the nation requires identifying terrorist threats well before they reach U.S. ports, he said.

An entirely new nautical surveillance approach is likely within six months, he said. It will use the latest ship-based systems and unmanned aerial vehicles to prevent threats by sea.

McHale identified several areas of technological need to fulfill the vision. The government must be able to detect radiological, biological, chemical and other types of threats, and "first responders" to emergencies and other workers must have adequate protection through suits or other mechanisms, he said.

In addition, the private sector needs to create better non-lethal weapons to protect critical infrastructure, the vast majority of which is said to be in private hands. Authorities also need affordable communications equipment that is compatible with other systems, superior shoulder-launched missile defenses, and better equipment for extracting people from disaster sites. Right now, he said, injured people still would have to be removed on plastic sleds.

New surveillance systems are needed, McHale said. Biometric technology, which scans faces, hands or other physical attributes for identities, is critical to the government's vision for security, he added. Appropriate attention must be paid to U.S. citizens' privacy, he said, adding that much of the technology likely will be deployed overseas.

Also at the event, Tom DiLenge, majority chief counsel at the House Homeland Security Committee, said there has been "very little oversight" in Congress of critical infrastructure assets from a strategic perspective. At times, he said, there have been "pseudo debates," such as the one following the Northeast electricity blackout last year.

DiLenge said he is "very optimistic" that the committee will be made permanent after this year but said the debate continues over transferring jurisdiction from other committees.

The issue is expected to be high on the agenda of the House Republican Conference next week, he said. Jurisdictional agreements are still being resolved with the Transportation and Infrastructure Committee, which governs emergency services, Coast Guard and aviation security, and with the Judiciary Committee, which oversees border security and immigration issues.

Top priorities for the committee next year, should it survive, would be cyber security, encouraging the development and acquisition of anti-terrorism technologies, and restructuring state and local anti-terrorism aid on the basis of risk assessments, he said. The department must finish assessing critical infrastructure risks in December.

]]>

Supercomputing bill set for House action next week

William New — Thu, 11 Nov 2004 00:00:00 -0500

But House Science Committee aides said the measure, H.R. 4516, is only a piece of a larger effort needed by the U.S. government to keep the nation globally competitive.

The House passed a similar version by voice vote July 7, and the Senate passed an amended version by voice vote Oct. 10, just before lawmakers adjourned for the campaign season. They return to Washington next week for a brief post-election session focused primarily on federal spending and intelligence legislation.

The supercomputing bill would authorize $50 million in fiscal 2005, $55 million in fiscal 2006 and $60 million in fiscal 2007.

The version before the House next week has several small but substantive changes from the earlier version, according to a House aide. The supercomputing debate began in the Senate on a companion measure, S. 2176, but after the House passed its bill, the Senate Energy and Natural Resources Committee acted on the House legislation.

Before the committee approved it, however, negotiations were held with House staff to draft a version both sides would like. That is the version the Senate ultimately passed.

The Senate removed a House provision that would authorize the National Science Foundation to support research into the societal implications of high-performance computing. One source said the provision arose from concerns by Rep. Brad Sherman, D-Calif., about using such computers to create human-like "sentient beings."

The Senate also added a provision that would require Energy to establish a software development center, but the House negotiators opposed it, as they generally discourage the creation of new centers in lawmakers' districts that might be considered "pork," the House aide said.

House aides argued that supercomputing centers already exist and could work on software. A compromise changed some words so the provision could be interpreted as creating a "virtual" center rather than a physical structure, the aide said.

Negotiators also removed a requirement that the Energy secretary act through the department's Science Office. The department's National Nuclear Security Agency also uses supercomputing and is separate from the Science Office. The reference to the office was removed.

House Science Committee Chairman Sherwood Boehlert, R-N.Y., has set his sights on the reintroduction early next year of a more comprehensive bill, H.R. 4218, to create a national, interagency, high-end computing program. The House passed the measure July 7, but it has languished in the Senate Commerce, Science and Transportation Committee ever since, lacking a "champion" to push it through, the House aide said.

A high-end computing interagency process was created in a previous law, but "that process is largely broken," the aide said. For instance, an annual document intended to help appropriators by reporting agencies' spending on supercomputing now trickles out at the end of each fiscal year, not the beginning.

]]>

Ex-cybersecurity chief calls on feds to step up efforts

William New — Wed, 10 Nov 2004 00:00:00 -0500

"The government doesn't know what its IT assets are," said Amit Yoran, who resigned as director of the Homeland Security Department's cybersecurity division last month. He added that the government is much like large multinational organizations, where cybersecurity awareness does not cut across all divisions.

A recognized private-sector expert, Yoran said he tried to address the problem during his one-year stint at Homeland Security. By the time he left, he said the department had made progress in mapping which of the 127 federal entities are responsible for what parts of the government's cyber assets. His office found that there are 5,700 different "network blocks" across government.

The division also began asking about agencies' Internet exposure in order to understand the risks. But scanning the 5,700 networks for that exposure is "a Herculean effort" and is ongoing, he said. Yoran spoke at a conference sponsored by the Computer Security Institute.

Generally, Yoran said the government's risk assessments appear to be largely based on consultants' reports rather than on an actual examination of the systems. His vision for the government is to use the government-wide knowledge of risks to take more coordinated, effective security steps.

There are "pockets" of top-flight cybersecurity skill within the government, Yoran said, and they need to be pulled together. Doing so will be fundamental to getting buy-in from the private sector, which owns about 80 percent of the nation's critical infrastructure, he added.

Yoran said the future is bright for cybersecurity, especially for making more secure software. "We are still at the very early stages of cybersecurity," he said. A new way of thinking is ushering in the next generation of technologies, and the government needs to be out front in encouraging that transformation, he said.

"We really need to revolutionize how we think about cybersecurity," Yoran said. "In three years time, there will be no definable perimeters on our systems." The typical systems, such as firewalls and intrusion-detection systems, will not be efficient any longer, he predicted.

"You won't be able to protect or own all of the information you are providing to your customers," Yoran said. "In many cases, you won't even be able to identify where the data resides."

Yoran's departure from the division caused concern among industry and in parts of the government that cyber security is not sufficiently high-profile in the government. He declined to comment on how the position should be structured, except to say that there should be sufficient access to senior-level decision-makers and that the person should have solid political skills.

Yoran also said that while there is great experience at Homeland Security in physical security, "the same is not true for cybersecurity."

]]>

Feds urged to set electronic voting standards

William New — Tue, 09 Nov 2004 00:00:00 -0500

While political scientists likely will find additional evidence of voting problems in last week's presidential election, it is unlikely to overturn the outcome. But that should not dissuade government officials and others from doing all they can to improve a system full of vulnerabilities before the next election, an e-voting expert said Tuesday.

"We have all kinds of evidence of machines misbehaving," Dan Wallach, an assistant professor of computer science at Rice University in Houston, said at a computer-security conference sponsored by the Computer Security Institute. "[But] what really keeps me awake at night is the notion of undetectable tampering."

Wallach said he favors optical-scanning machines, which he said are more accurate than electronic punch-card systems. But paper receipts are essential to ensure that votes are tallied the way they were cast, he said.

If software is buggy, there is no fallback for counting votes, as seen in some precincts last week. Right now, Americans must use a "faith-based system," trusting that their votes are properly recorded somewhere, he added.

Currently, only three independent testing authorities are given the voting machines' software code, which some critics argue is counterintuitive for an open election system. The authorities release only a decision that a system meets Federal Election Commission standards.

Those standards need to be raised, Wallach said, adding that a more complex method of certification is needed and that the code needs to be more secure.

He said a vendor "absolutely" could hack into a system and described various ways that fraud could be perpetrated and concealed. Voters and election officials also could tamper with systems, he said, and logic and accuracy tests of voting machines could be faked.

Voting methods are subject largely to state laws, and systems vary by state and even county. Federal or state legislation is needed to outline e-voting "best practices," Wallach said.

He proposed several improvements, including printing optically scanned paper ballots on special paper that is physically placed in ballot boxes by voters, or using a Brazilian system of letting voters see paper ballots beneath glass but not touch them.

Some ways of checking the veracity of last week's voting were employed. For instance, several states used forms of "parallel voting," in which voting machines were randomly pulled in some precincts and tested during the day.

Wallach also recommended using special voting computers less susceptible to hacking than the ordinary computers used for tabulations.

He said there is "a lot of political pressure" from disaffected Democrats to change the system. But he added that voting is "not a partisan issue" and that many election officials are "explicitly nonpartisan."

He said additional funding might be needed to make the changes because much of the money under a 2002 federal election law already has been spent on the existing, flawed machines. But he said there are ways to engineer cheaper -- and better -- machines.

]]>

Agencies in race to smash supercomputing records

William New — Mon, 08 Nov 2004 00:00:00 -0500

The race is on again to build the world's fastest supercomputer, and in the past two weeks, two efforts led by federal agencies have beaten the record that was held for two years by Japan. The developments bode well for U.S. international competitiveness, experts said, but there can be no rest yet.

NASA and Silicon Graphics Inc. late last month announced that the space agency's new Columbia supercomputer is the most powerful in the world. Driven by an Intel Itanium 2 processor, it reached a sustained performance of 42.7 teraflops per second, or 42.7 trillion calculations per second.

Then last week, Energy Secretary Spencer Abraham announced that the IBM-made BlueGene/L supercomputer, which was developed for nuclear-weapons stockpiling, attained a performance of 70.72 teraflops per second.

Both computers eclipsed the two-year record of Japan's Earth Simulator, which was rated at 35.86 teraflops per second, and an earlier peak of 36.01 teraflops per second by BlueGene/L.

Cray, the historic supercomputing leader, also has returned en force with shipments of its XT3 supercomputer, which sells for $2 million apiece. The XT3 was designed for Sandia National Laboratories as part of its "Red Storm" system, which will perform at more than 40 peak teraflops per second. The Forest Service will use a Cray computer to predict wildfires.

The apparent return of U.S. supercomputing and its significance for U.S. scientific capabilities is not lost on scientists and government officials.

"High-performance computing is the backbone of the nation's science and technology enterprise, which is why the department has made supercomputing a top priority investment," Abraham said in a Thursday statement. "Breakthroughs in applied scientific research are possible with the tremendous processing capabilities" of computers such as BlueGene/L.

Bob Bishop, the CEO of SGI, said at the unveiling of the NASA supercomputer that "supercomputing stimulates innovation and helps companies compete in today's global marketplace." He added, "Beyond the results that we will see in science and engineering, I believe there will be a trickle-down effect throughout our economy of these innovations and discoveries." He predicted a boost to the U.S. economy and security, new jobs at home and inspiration for a new generation of scientists and engineers.

Bishop said his company developed its Columbia computer in 120 days, compared with the several years it took to develop BlueGene/L. He added that SGI has 2,600 employees and one factory, in Chippewa Falls, Wis., compared with IBM's 319,000 employees worldwide.

After IBM broke the record Thursday, he said, "The bottom line is [that] this is a two-horse race, and to quote IBM itself, 'No one is number one forever.'"

The National Academies' National Research Council, meanwhile, will release a new report on Monday outlining the federal government's needs for supercomputers.

After industry pressure, the White House Office of Science and Technology Policy has become involved in the effort, as it increasingly recognized the need for better hardware and software. OSTP Director John Marburger said in July that "something is happening in the world of computing that is about to alter this."

"The hardware we take for granted is not capable of doing all that we should like to do, and we know today that much more power is potentially available to us," Marburger said at a Council on Competitiveness conference for high-performance computing users. "If that potential is realized, it will once again transform ways of doing business. In today's globally competitive economy, we cannot afford to leave this opportunity to others."

The council is sponsoring a panel discussion on the importance of advanced computing to U.S. competitiveness at the Supercomputing 2004 conference that began over the weekend and runs through this week in Pittsburgh. The event features top government, research and industry experts addressing the latest issues.

In July, the council produced a study on the use and impact of high-performance computing resources in industry. The study, compiled by the research firm IDC and sponsored by the Defense Advanced Research Projects Agency, found that high-performance computing is increasingly critical to companies' competitive survival. Some of the 33 executives surveyed said more powerful and easier-to-use computers could save them billions of dollars.

In June, Marburger charged the President's Information Technology Advisory Committee with assessing federal research in computational science, which is an application of high-end computing for things such as weather and climate modeling. PITAC will hold a town-hall event at the supercomputing conference this week.

David Nelson, director of the national coordination office for information technology research and development, said after a PITAC meeting on Thursday that "supercomputing has tremendous promise, but it's up to us to realize that promise." He said he expects the initiative to go forward in the second Bush administration.

Daniel Reed, chair of the PITAC subcommittee on computational science, gave a progress report at the subcommittee's Thursday meeting. He said a key application for supercomputing is weather and climate, as it impacts 40 percent of the $10 trillion U.S. economy. Currently, emergency authorities "over warn" by a factor of three, or more than 200 miles, when natural events are predicted, Reed said. That costs an average of $200 million extra per month.

Reed said the subcommittee also has heard that there is a "disconnect" between commercial practice and the computing infrastructure needs of government and academia. In addition, he said investment has been too short term, and a "roadmap" of priorities is needed by decade.

Other problems Reed cited include a limited number of senior leaders, inadequate interdisciplinary education, little interagency coordination, the need for better software, and the availability of government and academic computing resources to all agencies and industries.

Some experts see the role for government in supercomputing as providing greater resources and coordination. In August, Marburger circulated a memorandum for agency heads that highlighted the need for more research and development. In it, he described a recent report of a high-end computing revitalization task force that calls for a coordinated R&D plan.

The fiscal 2005 White House budget called for $2 billion for the networking and information technology R&D program, an increase of 14 percent from 2001.

On Capitol Hill, House Science Committee Chairman Sherwood Boehlert, R-N.Y., supports supercomputing, which he said on Friday "has become an essential resource for U.S. industry and academia."

Boehlert predicted enactment of a high-end computing bill, H.R. 4516, before the end of the year. The bill, an amended version of which the Senate passed Oct. 10, would require the Energy Department to establish and operate one of the world's leading high-end computing facilities to conduct advanced scientific and engineering research and development.

The department also would be called on to develop advancements in high-end computing hardware and software. The bill would authorize $50 million for fiscal 2005, $55 million for fiscal 2006 and $60 million for fiscal 2007.

Early next year, Boehlert said, the committee will begin work again on a comprehensive supercomputing bill similar to another measure, H.R. 4218. The legislation would establish a national high-end computing program, delineating the responsibilities of entities like Energy, NASA, the National Science Foundation, the National Institute of Standards and Technology, and the Environmental Protection Agency.

The House passed the bill July 7, but it has languished in the Senate Commerce, Science and Transportation Committee since then.

]]>

Ridge statement sows confusion on cybersecurity chief

William New — Wed, 13 Oct 2004 00:00:00 -0400

The department is backpedaling on Tuesday's comments from Homeland Secretary Secretary Tom Ridge that the cybersecurity position would be elevated to an assistant secretary with responsibility over telecommunications. Homeland Security Spokesman Brian Roehrkasse said Wednesday that the department "believes the position needs to be elevated but is still working out the details and specifics."

"We're in the final stages," he said, doing it "concurrently with reviewing the House intelligence reform legislation" that would elevate the post to an assistant secretary with responsibility for the National Communications System.

Ridge told the National Infrastructure Advisory Council on Tuesday that the department is preparing to make the director of the national cybersecurity division an assistant secretary. That would put cybersecurity on par with the assistant secretary for infrastructure protection, who currently oversees the issue.

Department officials since have told reporters that Ridge misspoke. A department source said Homeland Security actually is leaning toward making the cybersecurity director a deputy assistant secretary but has not ruled out the assistant-secretary level.

But there has been no public announcement recanting Ridge's comments to senior technology executives. That has left industry executives confused because they heard Ridge make his remark publicly but have seen no retraction other than in press reports.

The difference in the level for the cybersecurity post is significant to industry, which sees a deputy assistant secretary as little to no change from the current situation, which recently contributed to the abrupt departure of cybersecurity director Amit Yoran.

Several key industry associations sent a letter to House leaders last week arguing that the assistant-secretary level is the "appropriate solution" to an issue that they said requires greater attention, as part of the war against terrorism. The signers included the Business Software Alliance (BSA), Cyber Security Industry Alliance (CSIA), Information Technology Association of America (ITAA) and TechNet.

CSIA President Paul Kurtz said on Wednesday that he still stands behind the letter.

Without cybersecurity, there is no physical security," said Dexter Ingram, BSA's director of information security policy. "Therefore, the elevation of cyber security within [the department] is critical to America's national security strategy." BSA favors an assistant secretary, he said.

"We need a full-time government official at a sufficiently high level in the Department of Homeland Security focused solely on cyber security, with the clout to take America's information infrastructure off of the table for terrorists," ITAA President Harris Miller said. "We support the creation of an assistant secretary for cyber security." Miller said ITAA was the first organization to call for the creation of a "cybersecurity czar."

]]>

Naming of interim cyber chief not the solution, industry says

William New — Wed, 06 Oct 2004 00:00:00 -0400

Sources said the department internally circulated the announcement Tuesday that Donald "Andy" Purdy, the deputy director of the department's cybersecurity division, soon will be named to replace former director Amit Yoran, who resigned on short notice last week.

Paul Kurtz, executive director of the Cyber Security Industry Alliance and a former presidential adviser on critical infrastructure protection, worked with Purdy in the White House during the development of the February 2003 National Strategy to Secure Cyberspace. He praised Purdy but said, "I think the focus should be on the position, not the incumbent."

"So often in Washington, it's the perch from which you sit and the authority you have," he said. Authority, control over budgets and access to senior administration officials are key to getting things done, he said. "The way it's structured now, I don't see that happening," Kurtz added. "You could put a lot of people in that spot and it won't happen."

Kurtz echoed others in industry in supporting a provision now in the House intelligence reform bill that would elevate cybersecurity two levels within the department, from the current rank of director up to assistant secretary.

Kurtz argued that the department's concern that elevating the position would separate the protection of physical and cyber infrastructures is not logical because both areas still would be overseen by the undersecretary for information analysis and infrastructure protection.

He said that the nature of cybersecurity is "wholly different" from physical security and that moving cyber security beside physical security, instead of under it, would improve the ability to focus on physical security. Currently, the cybersecurity director reports to the assistant secretary for infrastructure protection.

Another information security source said Purdy is not well-known to industry. Besides Yoran, a former Symantec executive, past cybersecurity leaders in the administration have included White House cybersecurity "czar" Richard Clarke and Howard Schmidt, former co-chair of the White House Critical Infrastructure Protection Board. The source said Purdy is "just not in their league."

Trained as a lawyer, Purdy previously served on the president's critical infrastructure board focused on information security and privacy. Before that, he served as acting general counsel for the U.S. Sentencing Commission, and on the House Ethics Committee and the House select committee that investigated President John F. Kennedy's assassination. He also was a producer for NBC News and CBS News.

Purdy filled in for Yoran at a Wednesday forum on the common criteria being developed for information security. He did not discuss Yoran's departure but outlined department activities and called for industry to do more to protect information. He said there would be a greater focus on a national cybersecurity strategy "in the weeks and months ahead."

]]>

Official's departure revives push for promoting DHS cyber chief

William New — Tue, 05 Oct 2004 00:00:00 -0400

Within hours after news Friday that Yoran, director of the department's national cybersecurity division, had quit with one day's notice, staff from various congressional committees met to discuss the issue, government sources said. Earlier in the week, the issue had appeared finished for the year over seemingly insurmountable committee jurisdictional differences.

A new, trimmed provision to raise cybersecurity's status in Homeland Security appeared in Monday's Rules Committee version of an intelligence reform bill, H.R. 10. The new provision would elevate cyber security two levels, from director to assistant secretary, and give the new assistant secretary primary authority over the National Communications System.

Harris Miller, president of the Information Technology Association of America, said on Tuesday that the inclusion of the amendment "means the issue will not be an afterthought" in government. "Unfortunately, it had to take a fairly high-level departure" for it to get included, Miller said. "Certainly [Yoran's] departure served to re-energize the issue."

One attendee insisted that the congressional meeting was not a reaction to Yoran's departure but rather an attempt to meet the Friday deadline set by House leadership for amendments to the intelligence bill.

Yoran's departure caused a stir at senior levels of the Bush administration, an administration source said Monday. Yoran met with Homeland Security Secretary Tom Ridge the day before his departure. After the announcement, Robert Liscouski, assistant secretary for critical infrastructure and Yoran's boss, was harshly criticized by the White House Homeland Security Council, the source said.

Yoran sent a farewell e-mail to colleagues Sunday night cataloguing dozens of accomplishments of his office during his year there.

The original language to elevate cyber security in the department contained several pages of specific authority for the department. A competing bill from the House Government Reform Committee emerged last week and was viewed by some as an attempt to wrest back primary jurisdiction over cybersecurity.

Friday's meeting included staff from the Government Reform, Homeland Security, Judiciary and Science committees. "We're pleased that the negotiations were productive," Science Committee Chief of Staff David Goldston said. "We were able to limit the provision to a notion on which there was broad agreement."

Still in the House intelligence bill is a provision that would add a specific mention of information security to agencies' systems-planning requirements. The Rules Committee may vote on the bill Wednesday, with floor action expected Thursday.

If passed by the House, the issue will be addressed in House-Senate negotiations.

The original House language was offered as an amendment to the Senate intelligence reform bill Monday but was ruled non-germane to the bill by the parliamentarian, sources said. That amendment was more extensive in the responsibilities it would have given the next cyber-security chief.

]]>

Federal officials declare visa delays nearly resolved

William New — Tue, 05 Oct 2004 00:00:00 -0400

"I think we have now solved many of the structural problems these [security] programs created," Stewart Verdery, a Homeland Security Department assistant secretary for border and transportation, said at a meeting of the President's Council of Advisers on Science and Technology (PCAST). "I think we're now battling the perception of these issues more than the substance." Verdery said the backlog for processing scientists' visas is declining.

Janice Jacobs, a State Department assistant secretary for visa services, said visa policy is significantly better, and the government remains open to hearing about continuing problems.

There were "many, many" people delayed in 2002, Jacobs said, but steps have been taken to improve the situation. The number of foreign visa applicants and issuances dropped after the terrorist attacks, and researchers have been heading instead to competing countries.

"I think there's no question that [foreigners] feel the U.S. is a less-welcoming place," she said. "That's something we need to work on."

Jacobs said about 2 percent of applicants, including cases involving technology transfer, are subject to vetting in Washington. A separate team has been created to handle such cases.

A year ago, the average processing time for these cases was about two months. As of September, 98 percent of those cases were being processed within 30 days or less, she said. And the State Department also has obtained "commitments" that delays related to terrorist checks and other advisory opinions will be resolved, she added.

As of this month, all of the 211 overseas posts issuing visas were expected to be collecting fingerprints for biometric processing, and all are able to use a consolidated database to exchange the information they collect electronically.

Jacobs cautioned that visa issues remain highly volatile in Congress and that her bureau is currently the subject of five Government Accountability Office investigations.

Verdery said one contributing factor has been a decision, due in a few weeks, that will make Homeland Security the arbiter in cases where agencies cannot agree on a visa application.

Charles Vest, president of the Massachusetts Institute of Technology, said there still is "a surliness" in the business and academic communities about visa delays.

The use of biometrics at the border is speeding entries, officials said. Verdery noted that the U.S. system for tracking foreigners' entry and exit can check travelers against terrorist and criminal databases within six seconds. Within a year or so, a "personal folder" for each traveler will allow analysis of metrics such as the number of visa issuances, he added.

"I think there are still a lot of misperceptions out there about delays," Jacobs said. "If you haven't tested the system recently, you're going to find very significant improvement."

]]>

Panelists call for more work on cybersecurity, no mandates

William New — Tue, 28 Sep 2004 00:00:00 -0400

"I'm very concerned that we haven't gotten there yet," Chrisan Herrod, chief security officer at the Securities and Exchange Commission, said of the adoption of cybersecurity standards at the highest levels. "CEOs in America still don't get it as much as you'd think they would, given the events of the last three years."

Herrod also said she was "appalled" at the process across all agencies for vetting people who have access to secure information.

At a Capitol Hill panel forum on cybersecurity, Robert Holleyman, president and CEO of the Business Software Alliance, and others called for greater awareness-raising to get businesses and individuals to "lock their doors" to computer attacks. Holleyman said the United States remains the world leader on cyber security.

Bob Dix, staff director for the House Government Reform Committee's Technology Subcommittee, urged greater adherence to existing laws. He said the subcommittee's chairman, Rep. Adam Putnam, R-Fla., is looking at whether a section of a 2002 law aimed at improving corporate accountability could reasonably be extended to apply to cyber security.

He also said information security needs to be elevated to the boardroom level. "There are still far too many people that view IT security as a technology issue instead of a business management issue," Dix said.

He said the committee is looking at an incentive package to reward agencies that take steps to protect information. One possibility is a temporary "safe harbor" from liability if something goes wrong. The panel also is working on metrics to determine whether agencies are making progress and considering an investment tax credit for companies that make cybersecurity upgrades, Dix said.

Agencies and information security companies are working to spread the word and develop better industry "best practices." But further whittling of those best practices is needed, panelists said.

Jeffrey Goldthorp, chief of the network technology division at the FCC, said the Network Reliability and Interoperability Council has developed about 700 practices, including some 300 for homeland security. The FCC is working to determine which practices apply to which industry sectors, he said. Goldthorp also said he is traveling around and speaking to companies, while also doing online seminars with associations for small businesses.

Laura DeMartino, the FTC's legal adviser on cyber security, said her agency is spreading awareness but also has an enforcement role. But it is not "playing a 'gotcha game'" for companies in violation, she said.

]]>

Cybersecurity measures not likely in intelligence reform

William New — Tue, 28 Sep 2004 00:00:00 -0400

The bill being considered by various committees contains a provision that requires agencies to include cybersecurity in their planning, but two larger cyber-security measures will not be included.

Over the past week or so, GOP leaders gave consideration to inclusion of a House Homeland Security Committee bill to elevate the status of cybersecurity within the Homeland Security Department two levels, from a director to an assistant secretary, and to strengthen the agency's responsibilities. At the same time, the House Government Reform Committee introduced legislation that would clarify and enhance the cyber-security oversight of the White House Office of Management and Budget.

The Homeland Security bill does not have the clear support of the department and was seen by some critics as a move by the committee to strengthen its case for being made permanent next year. The Government Reform bill ruffled feathers as some interpreted it as moving too much oversight to OMB, though committee staff argue the agency already has the policy oversight and Homeland Security would be left with operational oversight.

Both bills have been put off to next year to get agreement, aides said. Government Reform does not plan to attach its cybersecurity bill when it votes on the intelligence reform bill on Wednesday.

The House Science Committee, which has jurisdiction loosely over cybersecurity research and development and standards, does not support either bill in their current forms but will continue negotiating on the language of the Homeland Security Committee bill, according to committee Chief of Staff David Goldston.

Industry generally supports elevating cybersecurity within Homeland Security. Dexter Ingram, director of information security policy at the Business Software Alliance (BSA), said the group "looks forward to working with the Government Reform Committee on strengthening OMB's information-sharing coordination capacity within the federal government, as well as working with the House Select Homeland Security Committee on strengthening cyber security within the Department of Homeland Security."

One of the main reasons the new department was created was because security operations cannot be done out of the White House, said Frank Cilluffo, former special assistant to the president for homeland security.

In addition, policymakers didn't want to separate physical and cyber security and instead sought to "marry up" these two issues, he added. Elevation of cybersecurity within Homeland Security would separate them and should not be pursued, he said. Cilluffo noted that there is a senior director for cyber security on the White House Homeland Security Council who "rides shepherd" on cybersecurity policy within the White House.

Cilluffo said OMB always "gets a bite at the apple" through managing agency budgets. He said Homeland Security should have more flexibility in its budget to address the rapid pace of technological advances.

]]>

Officials closely watching AID electronic finance system

William New — Thu, 16 Sep 2004 00:00:00 -0400

The effort to provide an immediate, integrated accounting system for AID missions worldwide is being funded on a multi-year basis. In the report for the bill to fund foreign operations in fiscal 2005, the House Appropriations Committee said it "remains intensely interested" in the rollout of the system, known as Phoenix.

The House bill, H.R. 4818, would provide $13.3 million for the program next year, while the Senate draft measure approved this week is silent on the project.

AID is among the federal entities to consistently score "red," or unsatisfactory, for its e-government operations since the Bush administration implemented the traffic-light grading system of the President's Management Agenda. For the latest scorecards issued in March and June, however, AID received "yellow" marks for "mixed results."

Arizona Republican Jim Kolbe, chairman of the House Appropriations Foreign Operations Subcommittee, has praised the agency for its progress in implementing the program and recently singled out its administrator for his efforts to improve AID's financial management. Kolbe cited last year's AID inspector general report on the system, which found for the first time that clean, unqualified audits could be performed on AID's fiscal 2003 financial statements.

No significant problems were found as a result of the audits, though the report said the agency "is not in substantial compliance" with federal standards.

The inspector general must submit this year's report by Nov. 15 to the White House Office of Management and Budget.

AID implemented Phoenix in Washington last year and successfully launched test projects in five of its missions in August. "This is one of the most successful implementations in the federal government," AID Chief Financial Officer Lisa Fiely said. It has stayed within budget and has rolled out with "few hitches," she added.

Fiely said the old system did not meet regulations and was inefficient. The system used in field offices still does not comply with regulations. The agency plans to deploy the technology to some 50 of its more than 70 missions by the end of 2005, she said. Other plans include merging the system with the State Department.

Fiely said AID cannot address one potential problem. In some developing countries, there may not be sufficient bandwidth, or communications capacity, for immediate updates from missions. In those countries, AID is looking for ways to bypass the problem, such as storing data until lines are freed. But Fiely noted that immediate knowledge of mission budgets is important to help identify overspending quickly.

Kolbe said agency managers do not have the ability to obtain "timely, reliable and complete financial and performance data on foreign-assistance programs on a consistent basis." He added, "We have miles to go before we can say this system was successfully rolled out to the field."

]]>

Some in tech industry critical of Bush administration's cybersecurity efforts

William New — Fri, 03 Sep 2004 00:00:00 -0400

"It's likely that we'll have to wait until after the election for there to be any real changes," said Tom Galvin, a vice president at information security firm VeriSign.

A provision to elevate the position of the Homeland Security Department's top specialist on cybersecurity from a director to an assistant secretary is stuck in an embattled House authorization bill. And an effort within the department in July to lift the directorship to a deputy assistant secretary level went nowhere, according to government and industry sources.

Cybersecurity currently falls under the responsibility of the assistant secretary for infrastructure protection in the directorate for information analysis and infrastructure protection.

In addition, a meeting of all stakeholders in the debate on the status of cybersecurity issues will not happen before the election, according to a department spokeswoman. The department is considering holding a one-year anniversary meeting of a December 2003 summit that gave momentum to the cyber-security issues, she said.

A dozen House Democrats sent a letter to department Secretary Tom Ridge in early August raising concerns about a vulnerability assessment on critical infrastructure and key assets, including "cyber infrastructure." They cited possible inconsistencies in the process for creating a database of some 33,000 critical assets and sites nationwide and requested a deadline for completion of the vulnerability assessment.

Key signers of the letter included: House Homeland Security Committee ranking member Rep. Jim Turner. R-Texas; Zoe Lofgren. D-Calif., ranking Democrat on the Cybersecurity, Science and Research and Development Subcommittee; and Loretta Sanchez, D-Calif., the ranking member on the Infrastructure and Border Security Subcommittee.

But the government is working on cybersecurity issues. The White House Office of Management and Budget last week issued a memorandum that orders federal agency heads to set minimum information security standards as required under a 2002 law.

"This is the single-most useful thing the government has done to improve cybersecurity," said Alan Paller, the research director at the Sans Institute, a cybersecurity research and education organization.

Homeland Security's cyber division also has continued to work on issues but has not sought publicity for its efforts. For instance, it sent a progress report to the House Homeland Security Committee in June that has not been made public.

And earlier this month, the Energy Department announced that it and Homeland Security have opened a test center for the U.S. Computer Emergency Readiness Team (US-CERT). The center is a "key part" of a national initiative to enhance the security of computer-based control systems that support the operation of U.S. critical infrastructure, according to a release.

The Homeland Security cyber division is fully staffed, according to one department official. But it may be physically moving in the coming weeks, possibly to Arlington, Va., sources said.

]]>

Report urges defense to help with domestic technologies

William New — Thu, 19 Aug 2004 00:00:00 -0400

"Many of the needs of emergency-response personnel could be addressed by technologies developed by the Army and other military services, so [Homeland Security] and [Defense] should partner to answer these needs," committee Chairman John Lyons said in a statement. Lyons is a retired director of the Army Research Laboratory in Adelphi, Md. The report identifies the Army as the service with the most experience in providing support to civilian authorities.

The report, which is based on analysis from March, praised the Bush administration's efforts on homeland security but criticized its lack of planning.

"The paradigm for conducting the overseas 'homeland defense' phase of this war [on terrorism] is well understood," the report said. "However, at home the situation is much different. As of this writing ... no coherent planning paradigm or operational model for homeland security yet exists."

The report added that although a "national operational concept" for emergency response is being developed, no fully approved comprehensive framework exists to pull together the efforts of federal, state and local responders. "While much has been done in homeland security, there is much more to accomplish," it said.

The academy specifically highlights the military's strength in command, control, communications, computers, intelligence, surveillance and reconnaissance, or so-called C4ISR. "The committee believes that C4ISR is a high-payoff capability that offers great return on investment for the nation," it said, while acknowledging that other conclusions could be reached with more analysis.

The committee recommends that the Army, coordinating with Defense, work with Homeland Security to create a process for collaboration and sharing between the Army and Homeland Security. The panel also recommended assisting Homeland Security in establishing the research, development, testing and evaluation infrastructure to support emergency responders.

The recommendation also calls for finding common areas of science and technology collaboration, with a focus on the development of architecture to enable the integration of the technologies into a system. And finally, the committee suggested establishing a process for joint operations, including training and exercises, shared standards, and systems that can communicate with each other.

The report highlights the different ways the Army and the emergency-responder community acquire technologies. Defense has a "very well-developed" model with formal procedures and management, while emergency responders go through local purchasing agents with varied or no formal procedures.

Defense "had the most experience in coming up with new technologies for security, so they're the logical place to start," said James Lewis of the Center for Strategic and International Studies. But he added that the department may not accept because of past public outcry about its research on a database technology known as Total Information Awareness, or TIA.

The department "will see the letters T, I, and A glowing in the sky in red," Lewis said.

]]>

Appropriators recognize Pentagon tech needs

William New — Tue, 29 Jun 2004 00:00:00 -0400

This year is no exception, and with war commitments, defense spending is reaching new heights. Both the Senate and House in recent weeks have passed bills whose tabs exceed $416 billion to fund the Defense Department in fiscal 2005. The president requested $417.8 billion, including two amended requests, one of them $25 billion in emergency spending for war.

The Senate passed the bill, H.R. 4613, on a 98-0 vote Thursday; the House passed its competing version on a 403-17 vote two days earlier.

Technology is a key part of military spending as the department tries to stay ahead of enemies and rivals both in products and process, and the Senate Appropriations Committee report to that chamber's Defense spending bill shows an understanding of the importance of technology. The report includes numerous line items on tech-related programs and activities, including research and development.

For instance, the committee report says the Appropriations Committee recognizes the merits of commercially available encryption technology and encourages the Air Force to explore its use. "The committee understands this technology could be utilized for the protection of highly sensitive, special-access programs and could allow for communication of such data using commercial networks," the report said.

The Senate bill does not summarize Defense spending for information technology as the House measure does. The legislation did not differ significantly from the committee report on any major IT programs, according to a Senate aide.

Funds would be allotted for defense systems on the Internet, in the air and in outer space, on and under water, and on every type of topography. Many line items are designed to bolster IT systems and training. Research and development of far-reaching technological capabilities, such as data mining and threat detection, also would be funded in various accounts.

The Senate added tens of millions of dollars to the president's request for space technology. It also increased the request for research by hundreds of millions of dollars, ranging across disciplines from semiconductors to nanotechnology to cognitive computing systems.

The Senate would give $2.9 billion to the Defense Advanced Research Projects Agency (DARPA), the department's research arm. But the committee called on DARPA to submit a comprehensive plan on transitioning its technologies to the military services or acquisition agents.

The committee also expressed concern in its report over the flexibility DARPA has in its budget. It said DARPA's director has the ability to discontinue programs and transfer resources through a review process that evaluates how promising and relevant the technologies are.

The committee also directed DARPA to increase the number of program elements included in its budget pertaining to individual programs. The move would increase transparency for each program, over half of which request more than $200 million in resources. Last year, the Senate cut funding for a DARPA data-mining technology called Total Information Awareness.

]]>

Officials duck questions on passenger screening system

William New — Thu, 24 Jun 2004 00:00:00 -0400

Testifying before a Senate Appropriations subcommittee, Tom Blank, an assistant administrator at the Transportation Security Administration, said the program is under review for possible changes to reflect privacy and civil-liberties concerns, and he signaled that the program would not be ready until next year.

Blank said he could not give a timeline for implementing the Computer-Assisted Passenger Pre-screening System (CAPPS II) because it "depends on the outcome of the review." When directly asked by Sen. Patty Murray, D-Wash., about the interim steps to complete the review, he said those steps "go to layers of security."

He cited other programs in place or underway, arguing that the existing pre-screening program - which Sen. John McCain, R-Ariz., earlier this week noted did not identify the Sept. 11, 2001, terrorists - is not without value. Blank said the government has a "no-fly list" but added that it expects the Terrorist Screening Center (TSC) to help to provide pre-screening security until CAPPS II goes online. The TSC will be based on a unified watch list that officials have stated repeatedly will not be operational before year's end.

When asked what is delaying the process, Blank said the Bush administration is working to address the privacy concerns, a point supported by a top privacy advocate this week. "We have heard the concerns of the privacy and civil-liberties community," Blank said. CAPPS II "will not go forward until we satisfy those concerns."

Some observers have suggested that the delay is not due to technological issues but rather the political difficulty in forcing airlines to share their passengers' information with Homeland Security, especially months from a presidential election. Airlines have said they need a legal requirement to share the information, and Homeland Security officials this week were vague about the shape that requirement might take.

Officials also have insisted that the department has no data to test CAPPS II.

But on Wednesday, TSA chief David Stone revealed that five major airlines shared sensitive passenger data with private companies contracted by TSA to develop the CAPPS II technology.

The American Civil Liberties Union (ACLU) late Wednesday said the revelation raises "serious concerns" that the nation's privacy law was breached. ACLU also said the disclosure "should raise serious red flags" about privacy and due process related to the program.

The main focus of the hearing of the Transportation, Treasury and General Government Appropriations Subcommittee on was on racial profiling in airport screening.

At the hearing, Murray also noted the inclusion of a provision in the Homeland Security appropriations bill requiring the General Accounting Office to confirm that steps have been taken to protect personal privacy. She said a GAO report on the subject earlier this year found the department "woefully behind."

]]>

Calls for better intelligence data sharing intensify

William New — Thu, 24 Jun 2004 00:00:00 -0400

The issue has become central to the investigation of the Sept. 11, 2001, terrorist attacks, and the commission looking into it is expected to release a report next month.

The House Homeland Security Committee - a new entrant to the longstanding debate about intelligence "stovepipes," the term used to describe communications that travel only vertically, within agencies, and not to other agencies - was the locus for Thursday's discussion.

Former Director of Central Intelligence James Woolsey recommended that Congress hold executive session hearings with top officials from the various intelligence agencies and generally backed a proposal by California Democratic Rep. Jane Harman to create a new director of national intelligence (DNI).

Former Virginia Gov. James Gilmore, who headed a security commission, offered support for the currently temporary Homeland Security Committee to continue its work but said the committee that holds such hearings must be "steeped in expertise." He said a national director would need budgetary and personnel authority in order not to be a "sitting duck."

Gilmore also raised questions about working with the Defense Department, which he said has the most money, power and talent. "They don't work with the CIA, and they don't work with the DNI under the proposal, and they don't work with Homeland Security," he said.

Markle Foundation President Zoe Baird recommended that the committee focus on setting rules for information sharing. She presented Markle's proposal to create a central database for intelligence from all sources, accessible by anyone who needs more information at any time.

Several committee members raised concerns about the lack of government success in improving information sharing. "Almost three years later, all must acknowledge that, despite serious and sustained efforts by responsible government agencies, we still do not have the level of timely, routine and unfettered information sharing we know we need to prevent terrorism and respond to it as effectively as we must," said committee Chairman Christopher Cox, R-Calif.

Committee ranking Democrat Jim Turner of Texas provided a chart showing the competing information-sharing systems within rival agencies. He said that picture was further complicated by the addition of the Homeland Security Department and the Terrorist Threat Integration Center (TTIC), an interagency intelligence-fusion center housed at the CIA.

"Creating and maintaining multiple intelligence centers is a recipe for continued confusion, and the failure to coordinate the work of these various centers has real-world consequences," he said.

Several committee members and witnesses said the nation's "first responders" to emergencies, especially local police, will continue to be a primary source for intelligence. They said states and localities continue to lack access to key information and to tools for sharing it. Turner said first responders would not know who to call in a national emergency.

Separately, the U.S. Joint Forces Command on Thursday announced that it is seeking industry help in developing a more efficient multinational information-sharing environment.

]]>

Delay in passenger-screening system aggravates senator

William New — Tue, 22 Jun 2004 00:00:00 -0400

Privacy concerns have indefinitely derailed Bush administration efforts to implement a computer system for pre-screening airline passengers, a senior official said Tuesday. But a key senator took issue with the delay.

Asa Hutchinson, the undersecretary for border and transportation security at the Homeland Security Department, said the department is working with the White House on how to proceed with the Computer-Assisted Passenger Pre-screening program (CAPPS II). Testifying before the Senate Commerce, Science and Transportation Committee, he said no testing has been done yet and after the hearing could not give a timeline for its completion.

Several senators wary of the expected heavy travel this summer highlighted the need for new technologies to streamline airport security. Hutchinson described Transportation Security Administration's (TSA) "war-room mentality" in efforts to prepare for the heaviest air travel season since before the Sept. 11, 2001, terrorist attacks.

"We need to be more aggressive in the use of technology," said committee Chairman John McCain, R-Ariz. He cited the need to speed the passenger screening process and reduce costs.

The administration is working to upgrade the existing system for scanning passenger information before flights depart to the United States. Hutchinson said that because domestic and international passengers would not be expected to voluntarily provide their information, it must be mandated.

"As we think through the right way to get to that data for testing, we are evaluating the full system as to what security measures can be put into place ... whether the CAPPS II system should be modified in any way," he said after the hearing.

McCain called the progress on CAPPS II "very disappointing." He said the program is "way behind schedule and significant details have yet to be developed," and that means the nation continues to rely on the "existing outdated CAPPS system that failed to catch the terrorists."

"If CAPPS II cannot be implemented, TSA must come up with some sort of system to facilitate a preliminary screening regime so that all the stress of screening is not focused on the passenger checkpoints," McCain said. The chairman stopped short of pressing Hutchinson for details on the delay, however.

In a second panel, the Air Transport Association of American (ATA) warned that CAPPS II could have a negative impact on the public's use of commercial aviation if privacy issues are not resolved properly. ATA suggested that the system's scope be narrowed to potential terrorists and not criminals, and said it would impose "substantial" requirements on passengers, airlines and ticket reservation and distribution entities.

In his testimony, Hutchinson described wide-ranging efforts to develop new systems and technologies. He highlighted new investments in technology research and development but echoed the airline industry view that technology to defend airplanes against shoulder-fired missiles should not be implemented too quickly.

Sen. Barbara Boxer, D-Calif., accused the department of "foot-dragging" on the issue.

Hutchinson also denied that there are bureaucratic "turf" problems within the department despite the various backgrounds of the existing agencies moved into the department.

]]>