About Defense Tech

Defense Tech examines the intersection of technology and defense from every angle and provides analysis on what’s ahead.

Tip Us Off

Tip for Defense Tech?


It’s Confidential!

Homeland Security

MRAPs Won’t Stop Underwear Bombers

Friday, January 8th, 2010

I couldn’t resist folks. I penned an op-ed piece for Military​.com yesterday based on the Obama administration’s reaction to the Great Christmas Day Underwear Bombing Caper.

Bottom line is that everyone discussing this attempted terrorist attack and the responses to it are talking about defense, and we hear nothing about offense.

I use the analogy of the MRAP scurry to describe the automatic reaction to pile more concrete into America’s TSA Maginot Line.

All the after-action testimony, recommendations and takeaways resulting from the attempted Christmas Day bombing by Nigerian jihadist Umar Farouk Abdulmutallab will not get us one inch closer to preventing these kinds of attacks on our countrymen in the future. Everyone is conspicuously ignoring the simple fact that the only way to prevent such a plan from ever evolving into action is to detain or kill the people plotting it before they even get to the airport. But no one’s talking about any of that, and you surely won’t see it in any official mea culpa…

…But what the MRAP did not do was prevent an IED from exploding. The MRAP did not kill one single IED emplacer, nor did it destroy a single IED-making plant, fabricator or planner. Instead, what eventually stopped the IEDs from going off was killing and capturing the people financing, sheltering, building and putting the IEDs into the ground and drying up support for those who might follow. It was an aggressive offensive strategy that stopped the IEDs, not hunkering down inside a bank vault on wheels — snipers, not cold-rolled steel, proved the decisive factor.

In the piece, I tell Military​.com readers not to bother reading the White House report or the list of changes mandated by the administration. But here, we gotta take a look at a few of them and try to contain our laughter.
Potus Directive Corrective Actions 1–7-10
More gadgets and gizmos for overworked (or voyeuristic) TSA screeners to see through our clothes:

Agressively pursue advanced screening technology, protocols and procedures, especially in regard to aviation and other transportation sectors…

Hey State Department, let’s just think about whether we should be issuing visas to dudes who we’re warned might be terrorists…?

Review visa issuance and revocation criteria and processes, with a special emphasis on counterterrorism concerns…

Time to reorganize an already reorganized (new) organization:

[DNI shall] immediately reaffirm and clarify roles and responsibilities of the counterterrorism analytic components of the Intelligence Community in syncronizing, correlating and analyzing all sources of intelligence related to terrorism.

…huh? Have you ever heard more bureaucratic drivel? All it’s missing is “synergize across platforms to increase revenue streams to facilitate top leveling and skill rebalancing.”

And this last one is my favorite:

[The NSA will] develop and begin implementation of a training course to enhance analysts’ awareness of watchlisting processes and procedures in partnership with the National Counterterrorism Terrorist Center and the Terrorist Screening Center.

Great, now the code breakers and cell phone signal listeners get to spend a Thursday and a Friday in “workshops” to “enhance awareness” of watchlists. I would love to have been in the meeting where this little morsel of “reform” was hashed out. How about a course on how to send a signal through AQ in the AP’s cell phones so their heads will explode when they’re coordinating an attack…oh, yeah, sorry — they’re “suspects.”

 You get my point. Here’s my walkoff, now let the pile-on begin!

President Obama said in his Jan. 7 remarks after the release of the White House report on the Christmas Day attack that “of course, there is no fool proof solution” to preventing such an attack. Well, actually, there is. Leave a smoking hole from a Reaper drone where the next Abdulmutallab sets foot instead of relying on some overworked TSA screener to interpret what’s in someone’s underwear at an airport security stop.

– Christian

VH-71 Conundrum

Thursday, July 30th, 2009

I’m not sure how I feel about this story, but I think it’s worth discussing here.

So the White House launched a program to replace its ageing fleet of VH-3D Marine One helicopters with a Lockheed/Augusta version several years ago. All the whistles and bells were included on the newer version, including all that expensive nuclear hardening technology.

But soon requirements increased and costs ballooned out of control until finally DefSec Gates had enough. With a boss who let him have what he wanted, Gates decided to cancel the new helicopter after five had been pretty much built and four more were near completion.

According to HAC-D chairman John Murtha, the Secret Service was to blame for the requirements creep and cost increases. They loaded on all kinds of things the VH-71 had to be able to do and tied program engineers in knots. His logic is, fine, let’s have a new program, but let’s keep the ones we have so we don’t throw the baby out with the bath water.

But the White House is threatening to veto the defense bill over a House initiative to keep the nine in the pipeline going. According to my friend Jen DiMascio at Politico…

If the final bill were to include funds that continue the existing VH-71 program or would prejudge the plan to re-compete the presidential helicopter program, the presidents senior advisers would recommend that he veto the bill, the White House said in a Statement of Administration Policy.

But looking ahead to a House debate Thursday over the defense spending bill, supporters of the VH-71 are parsing the presidents veto threat, hoping to find wiggle room to keep the program aloft with $400 million the cost to get five partially completed birds in the air, supporters say.

We have five that are close to 70 percent complete and four more that are less developed. You have at least nine of these that should be completed, said Rep. Maurice Hinchey (D-N.Y.), who paints his position in economic terms.

More than $3.2 billion has already been spent on the VH-71. If it were eliminated, up to $4 billion would be completely wasted, Hinchey said. In contrast, he said, starting a new program could cost $14 billion to $22 billion. The whole thing is just so illogical.

Now, that makes sense to me. We’ve already paid for some pretty high speed executive helos, so why not use them, right? But I see Gates’ point too. If you’re going to recompete the program, doesn’t it naturally prejudice the competition if you already have fielded planes from one of the manufacturers. And what does it do for the logistics and maintenance pipeline to have more than one helo servicing the Marine One mission? It becomes a pretty expensive pain in the butt.

So I’m open to consider either option and would like to hear where you all come down on this. Clearly it’s time to replace the Marine One fleet and I’m sick of hearing “service life extension program” whispering through the halls. Those ALWAYS come out more expensive than they’re billed and we need to roger up and build a new plane for a critical mission.

– Christian

Problems Crop Up During Deepwater Trials

Tuesday, April 22nd, 2008


Sea trials have found eight major concerns with the Coast Guard’s new National Security Cutter, but service officials say they are confident the ship, christened Bertholf, will pass acceptance tests soon.

Northrop Grumman Corp. is building the Bertholf as part of the Coast Guard’s Deepwater Modernization program, a $24 billion effort to upgrade the agency’s ships, aircraft and communications gear. So far, it’s been a bumpy ride — the Coast Guard had to shelve one of its boat projects as too ambitious, while another project foundered after eight upgraded 123′-foot cutters proved unseaworthy.

Now the Coast Guard is hoping the Bertholf will change the project’s momentum. The ship is a few months behind schedule, but Coast Guard officials say there haven’t been any big hiccups this year. The mid-April acceptance trials were a big milestone — the Coast Guard wants to accept the ship by the end of this month so it can start training its crew. The latest list of technical issues hasn’t dented the agency’s optimism.

“These acceptance trials are good news for the Coast Guard because the number of starred cards written for Bertholf is extremely low, considering this is a first-in-class ship. The Coast Guard is confident that the contractors will be able to resolve all materiel deficiencies aboard Bertholf in a timely manner,” Coast Guard spokeswoman Laura Williams said Monday.


Cash for the Mad Scientist in You!

Tuesday, June 12th, 2007


In an effort to inject some competition for small businesses with innovative ideas in the defense and security arena, a small group of London Business School students put together a contest last year that awards a healthy chunk of cold hard cash to entrepreneurs with bright ideas.

Called the Global Security Challenge, this year judges will focus on technology products that can be used to prevent, defend against, cope with or recover from terrorist incidents, other criminal acts, natural disasters, including identifying or locating perpetrators of these actsExamples of our areas of interest are biometrics, detection sensors, network security, data storage, biotechnologies, and search software.

In order to qualify, the company or entrepreneur can have zero income but no greater than $5 million USD in annual revenues. The competition is open to worldwide idea meisters and the winner could garner $500,000 to get their security innovation started.

The first round of entries closes on June 30. So if you have that new ACME robo retna scanner terrorist ID detection array thats just been sitting in the garage waiting for some cash injection to get it off the ground, this may be your chance.


What’s Next for Deepwater?

Wednesday, May 2nd, 2007

What began as an ambitious but mostly overlooked scheme to modernize the Coast Guards entire fleet of ships and aircraft over a 20-year period has, just five years after conception, turned into one of the most troubled and criticized U.S. military programs.
303649466_b8bfdb24d6_m.jpgThe $24-billion Deepwater initiative was launched in 2002 with a contract naming Integrated Coast Guard Systems — a partnership between electronics maker Lockheed Martin and shipbuilder Northrop Grumman — the lead systems integrator for the program, meaning the firms, rather than the Coast Guard, would be responsible for selecting subcontractors to handle the aircraft, electronics and shipbuilding work.


Pharma Hearts Big BARDA

Monday, December 11th, 2006

And who wouldn’t love a seven-foot Amazonian woman leading the Female Furies to save the day? Oh, we’re not talking about the DC comics book character “Big BARDA”? It’s also the name of a new Department of Health and Human Service’s (DHHS) effort? Well, we can talk about that, too.
big_barda2.jpgLast Thursday, the Senate approved legislation within the “Pandemic and All-Hazards Preparedness Act” (S. 3678) to create a Biomedical Advanced Research and Development Agency (BARDA). This particular legislation has been in the works for about two years as Congress has tried to address industry gripes about Project BioShield, the DHHS effort intended to fastrack industry’s development and fielding of medical countermeasures used in the response to a terrorist CBRN incident.
The biggest challenge to the U.S. government has been to encourage industry to make drugs that may never be used, and if given out in large quantities during an emergency, may be misused or abused by the general public and/or panicky emergency responders. Big Pharma took a look at the risks, the liability insurance needed, and the profit margin, and said “no thanks, we’ll stick to curing male impotence issues.” However, little brother Pharma (the small start-up labs struggling to break out) said “give us an indemnification agreement against future liability suits and make it worth our while and we’ll talk.” In short, that’s what BARDA’s role will be.
The legislation is much more pretty-sounding. It says the DHHS Secretary will coordinate the acceleration of countermeasure and product advanced research and development by:

— facilitating collaboration between DHHS and other agencies, industry, academia, and other persons, with respect to such advanced research and development;
– promoting countermeasure and product advanced research and development;
– facilitating contacts between interested persons and the offices or employees authorized by the Secretary to advise such persons regarding requirements under the Federal Food, Drug, and Cosmetic Act; and
– promoting innovation to reduce the time and cost of countermeasure and product advanced research and development

The legislation also authorizes BARDA to execute a $1 billion budget, and it limits any disclosure of specific technical data or scientific information that is created or obtained during the countermeasure and product advanced research and development carried out under subsection © that reveals significant and not otherwise publicly known vulnerabilities of existing medical or public health defense against biological, chemical, nuclear, or radiological threats. That means FOIA or FACA requests would not apply to BARDA working groups or the National Biodefense Science Board.
That part is a little controversial, and was one of the main reasons why it’s taken Congress two years to actually try to improve Project BioShield. DHHS has awarded a few procurement contracts for anthrax vaccines, a botulinum toxin antiviral, and potassium iodide, but not much else. This legislation will enable BARDA to “help” industry through the long, expensive process of making other vaccines, ones that probably won’t have too much use outside of emergency response to the very low probability of bioterrorism incidents. Needless to say, industry loves this idea and can’t wait for the House to agree to the words and print this baby into law.

Passage by the U.S. Senate of this bill, which includes critical BARDA provisions and provisions to reauthorize bioterrorism grants, is an important and necessary step toward improving America’s defenses against bioterrorism and pandemic diseases.
This legislation recognizes that the ‘Valley of Death’ remains a barrier to effective countermeasure product development, and authorizes the Biomedical Advanced Research and Development Authority (BARDA) within the Department of Health and Human Services. Through BARDA, contracts and grants for advanced research and development will be made to companies working on products to protect the American people. The bill also contains important contract reforms that improve upon the advances made under Project BioShield, by allowing, for example, milestone payments and surge capacity provisions to improve the viability and sustainability of biodefense product development and manufacture.
Significantly, the Senate-passed bill contains strong funding levels and important provisions to permit competing companies to cooperatively respond to government-declared emergencies without violating antitrust laws.

The “Valley of Death” refers to the time period between industry’s drug development and the FDA’s approval of the drug. The current BioShield legislation doesn’t award any federal funds until the industry firm is producing the actual approved drug, and the small pharma firms just don’t have the investments to make it that long. Thus, like a superhero racing to the rescue, comes Big BARDA!
- Jason Sigger

Getting Right with the 9/11 Commish

Friday, December 8th, 2006

Since the elections in November, there’s been plenty of talk about Democratic plans to implement the 9/11 Commission recommendations (or not). Advocates of the idea have touted it as a critical and timely response to issues left unaddressed in the last two years, with incoming House Speaker Nancy Pelosi making their implementation “one of the centerpieces of her ‘first 100 hours’ legislative agenda” according to the Washington Post. Skeptics have scoffed at this notion, with the Heritage Foundation’s James Carafano telling the AP in late November that “I don’t think there’s a lot more to do there” and “I think we’re done.“
Amidst all of this rhetoric, there’s an easy way to resolve this dispute: go to the source. That’s what I’ve done over the last two weeks, going one-by-one through the each of the 41 recommendations in the 9/11 Commission Report, looking at what’s been done to date, and analyzing what the 110th Congress could potentially do to make progress on each and every one of these recommendations.
You can read the complete analysis in this 25-page paper:
Implementing the 9/11 Commission Recommendations: An Analysis.
Overall, I think the analysis shows that there is a lot that the incoming Congress can do to respond to the 9/11 Commission’s recommendations, not only in terms of authorizing legislation, but also in terms of funding, oversight, investigations, public communications, and personal outreach. These recommendations are neither a panacea nor a finish line (there is no finish line against a constantly evolving threat), but they are still a useful set of recommendations that can improve our counterterrorism, homeland security, and intelligence capabilities, and they are part of a credible security agenda for the next Congress.
Christian Beckner (cross-posted from Homeland Security Watch)

Free the Wonks!

Monday, November 13th, 2006

For those who believe in transparent government and fact-driven legislation, the power shift in the U.S. Congress represents a unique opportunity to open up one important Congressional institution to the Internet and bring back another one twelve years after it was disbanded.
The Congressional Research Service publishes first-rate, succinctly-written analyses of policy issues, including hundreds of reports on homeland security issues over the last few years. But you wouldn’t know that from looking at the CRS website, which contains none of the entity’s content. This has been the situation with CRS reports dating back to the early days of the World Wide Web, largely at the behest of former House Administration Committee Chairman (and recently convicted felon) Bob Ney.
Congressional staffers are often willing to send out CRS reports to constituents, and as a result the reports eventually get out into the public domain, but sometimes after delays of weeks or months. I’ve made an effort to dig out every homeland security-related report I can over the past 7–8 months, as you can see here, and there are many other groups such as the Federation of American Scientists who have created excellent CRS report sites. But our yeoman’s work is a poor substitute for direct, real-time access to new CRS reports at the crs​.gov site. The new Democratic leadership in the House and the Congress should set the CRS free on day one of the 110th Congress.
A second important Congressional institution, the Office of Technology Assessment, has faded into a distant memory over the past decade, but it once played a critical role in advising Congress to make sense of technology issues. It was disbanded following the Republican takeover of Congress in 1994, a sacrificial pawn with a $20 million/year budget to the budget-cutting rhetoric of that election. But with the federal government today spending $135 billion/year on R&D today, the disbandment of OTA looks penny wise but pound foolish. It’s not possible to prove a counterfactual, but I’m confident that there would be a better-informed Congressional allocation of R&D funding and much less waste if the OTA still existed today.
In particular, the homeland security domain has deeply needed the OTA over the past five years. DHS has frequently struggled to articulate an R&D agenda for key mission requirements, and Congress has too often provided only surface-level oversight of the Department’s technology challenges.
Take the example of R&D on explosive detection systems for aviation security. After 9/11, Congress moved quickly to invest billions of dollars in new machines, and start R&D efforts for a next generation of technology. Those decisions were made, as best I can tell, without any long-run plan for how TSA would migrate from this first-generation of technology to the next-generation. This is exactly the kind of guidance that the OTA could have helped to provide upfront. In the absence of such strategic advice, the migration path to a new generation of technology continues to be informed too much by reactions to the news of the day (e.g. the UK plot and liquid explosives detection) and competing industry pressures, and not enough by a long-term strategy.
For this reason, and countless others, it would be an excellent investment to bring back the Office of Technology Assessment. It will undoubtedly take some time to bring it back to its prior level of competence, but it’s a project worth undertaking.
p.s. For those interested in the work of the OTA as it applies to homeland security, check out its excellent report from 1992 entitled “Technology against Terrorism: Structuring Security” which serves as a prescient guide to many of the challenges still facing DHS today.
Christian Beckner (cross-posted from Homeland Security Watch)

Homeland security after the midterms

Thursday, November 9th, 2006

The final results of the 2006 midterm elections are now all but in, and it’s clear that the Democratic party will have a 30 seat majority in the House and a 51–49 majority in the Senate. This will lead to a number of key changes in the Congressional agenda for homeland security. Here are seven that are likely to be near the top:
1. Implementing the 9/11 Commission recommendations. In the aggregate, this idea is an oversimplification, because a number of the recommendations are not amenable to legislative fixes. But many of them can be addressed by legislation, e.g. resolving emergency spectrum issues and making grant allocations completely risk-based. On this latter issue, the barrier to date hasn’t been a Dem-Rep divide; it’s been a big state vs. small state divide, and nothing in the current realignment changes that. I also think there’s a lot of work to be done on the recommendation concerning how the “U.S. border security system should be integrated into a larger network of screening points.“
One other important recommendation by the 9/11 Commission concerned the creation of permament homeland security committees. I’ve written repeatedly about this issue over the last two years, arguing that while the arrangement in the House is more or less sufficient, the Senate did not go far enough in empowering the HSGAC. If the Democratic leadership in the Senate is concerned about implementing the 9/11 Commission recommendations, the first thing that they need to do is give the HSGAC broader authority over transportation security (which is at Commerce now), chemical facility security (which EPW has claims some authority over), and border security (which is now at Judiciary) at a minimum. Perhaps the “government affairs” part of the HSGAC should be spun off to the Senate Budget Committee as part of this realignment, since it’s the other Senate committee that has a government-wide focus. For more on this issue, see this post from September.
2. Rail and transit security. According to a story in CQ (subscription req’d), HSC Chairman-elect Bennie Thompson is already planning to bring up rail and transit security language that had been removed from the port security bill during the final conference as a new piece of legislation early in the 110th. While there are limits to what can be done to counter rail and transit threats, I think we are clearly not doing enough today — see this post from July for more on this topic — and movement on such legislation is warranted.
3. Chemical plant security. The language that was attached to FY 2007 DHS appropriations on chemical plant security was a sham, and made a mockery of the comprehensive legislation that had been passed by the HSC and HSGAC on a bipartisan basis earlier in the year. Hopefully one of the first things that the Democratic leadership in the House and the Senate will do is go back to these bills, fix a couple of the small flaws in them, and get this passed and to the President’s desk. I’d be surprised if he would veto such a bill.


The Fake Boarding Pass Saga

Tuesday, October 31st, 2006

boardingpass_veganstraight.jpgLast week Christopher Soghoian, a 24 year-old Ph.D. student in information security at Indiana University, whipped together a website that allowed anyone to create a fake Northwest Airlines boarding pass. He hoped to bring attention to a security hole that allows anyone, including someone on the No-Fly list, to enter the security line with a fake document. Instead he got another kind of attention.
For those unfamiliar with the story, it’s one I’ve been following in my blog and in a proper news story forWired News since Soghoian told me about his site Wednesday night.
Soghoian, a security researcher who has done work at Google, Apple and IBM, told me the site’s purpose was to demonstrate the futility of the No-Fly list:

I want Congress to see how stupid the TSA’s watch lists are. Now even the most technically incompetent user can click and generate a boarding pass. By doing this, I’m hoping [Congress] will see how silly the security rules are. I don’t want bad guys to board airplanes but I don’t think the system we have right now works and I think it is giving us a false sense of security.

Even without his generator, the No-Fly list can be avoided:

If you can purchase a ticket over the internet with a pre-paid debit card and can fly without I.D., then for domestic flights the No-Fly list doesn’t work.

On Friday, Congressman Ed Markey (D-Mass) called for the site to be shut down and arrested, and later that day, the FBI shuttered the site and met with Soghoian. Whatever he said must not have been convincing, since the FBI raided his house with a search warrant signed by a judge at 2 a.m. Saturday morning and seized his computers, though they didn’t arrest him. Markey then retracted his call for Soghoian’s arrest on Sunday and in fact, suggested the government hire him instead (though Markey called the site a ‘lousy way’ of publicizing the problem).
Since Sunday, the story has slowed considerably. Soghoian has lawyers now and isn’t talking to reporters, though is occasionally updating his blog.
Soghoian’s site exploited a well-known security hole, one first publicized by security expert Bruce Schneier in 2003, given the full-on Slate treatment in 2005, and, according to security blogger Adam Shostack, was explained to high-level Homeland Security officials in 2004.
That doesn’t mean all security researchers applaud Soghoian’s method. Indeed, Avi Rubin, who’s best known for his voting security work, told Xeni Jardin that his former teaching assistant should have shown this to the government privately.
So what’s the upshot? Will the government ban boarding passes ticketed at home? Will they prosecute Soghoian for building this site? Won’t other hackers put their own version online? Will this prompt reconsideration of the use of notoriously ineffective watch lists for domestic travel?
The short anwsers, in my opinion, are No, No, Maybe but not as many as you’d expect, Definitely Not.
The long answers are here at 27BStroke6, which despite Noah’s dig, is a great name for a blog. (ThinkBrazil).
– Ryan Singel
Photo: VeganStraightEdge