I’m not sure how I feel about this story, but I think it’s worth dis­cussing here.

So the White House launched a pro­gram to replace its age­ing fleet of VH-​​3D Marine One heli­copters with a Lockheed/​Augusta ver­sion sev­eral years ago. All the whis­tles and bells were included on the newer ver­sion, includ­ing all that expen­sive nuclear hard­en­ing technology.

But soon require­ments increased and costs bal­looned out of con­trol until finally DefSec Gates had enough. With a boss who let him have what he wanted, Gates decided to can­cel the new heli­copter after five had been pretty much built and four more were near com­ple­tion.

According to HAC-​​D chair­man John Murtha, the Secret Service was to blame for the require­ments creep and cost increases. They loaded on all kinds of things the VH-​​71 had to be able to do and tied pro­gram engi­neers in knots. His logic is, fine, let’s have a new pro­gram, but let’s keep the ones we have so we don’t throw the baby out with the bath water.

But the White House is threat­en­ing to veto the defense bill over a House ini­tia­tive to keep the nine in the pipeline going. According to my friend Jen DiMascio at Politico…

If the final bill were to include funds that con­tinue the exist­ing VH-​​71 pro­gram or would pre­judge the plan to re-​​compete the pres­i­den­tial heli­copter pro­gram, the pres­i­dents senior advis­ers would rec­om­mend that he veto the bill, the White House said in a Statement of Administration Policy.

But look­ing ahead to a House debate Thursday over the defense spend­ing bill, sup­port­ers of the VH-​​71 are pars­ing the pres­i­dents veto threat, hop­ing to find wig­gle room to keep the pro­gram aloft with $400 mil­lion the cost to get five par­tially com­pleted birds in the air, sup­port­ers say.

We have five that are close to 70 per­cent com­plete and four more that are less devel­oped. You have at least nine of these that should be com­pleted, said Rep. Maurice Hinchey (D-N.Y.), who paints his posi­tion in eco­nomic terms.

More than $3.2 bil­lion has already been spent on the VH-​​71. If it were elim­i­nated, up to $4 bil­lion would be com­pletely wasted, Hinchey said. In con­trast, he said, start­ing a new pro­gram could cost $14 bil­lion to $22 bil­lion. The whole thing is just so illog­i­cal.

Now, that makes sense to me. We’ve already paid for some pretty high speed exec­u­tive helos, so why not use them, right? But I see Gates’ point too. If you’re going to rec­om­pete the pro­gram, doesn’t it nat­u­rally prej­u­dice the com­pe­ti­tion if you already have fielded planes from one of the man­u­fac­tur­ers. And what does it do for the logis­tics and main­te­nance pipeline to have more than one helo ser­vic­ing the Marine One mis­sion? It becomes a pretty expen­sive pain in the butt.

So I’m open to con­sider either option and would like to hear where you all come down on this. Clearly it’s time to replace the Marine One fleet and I’m sick of hear­ing “ser­vice life exten­sion pro­gram” whis­per­ing through the halls. Those ALWAYS come out more expen­sive than they’re billed and we need to roger up and build a new plane for a crit­i­cal mission.

– Christian

Sea tri­als have found eight major con­cerns with the Coast Guard’s new National Security Cutter, but ser­vice offi­cials say they are con­fi­dent the ship, chris­tened Bertholf, will pass accep­tance tests soon. 

Northrop Grumman Corp. is build­ing the Bertholf as part of the Coast Guard’s Deepwater Modernization pro­gram, a $24 bil­lion effort to upgrade the agency’s ships, air­craft and com­mu­ni­ca­tions gear. So far, it’s been a bumpy ride — the Coast Guard had to shelve one of its boat projects as too ambi­tious, while another project foundered after eight upgraded 123′-foot cut­ters proved unseaworthy. 

Now the Coast Guard is hop­ing the Bertholf will change the project’s momen­tum. The ship is a few months behind sched­ule, but Coast Guard offi­cials say there haven’t been any big hic­cups this year. The mid-​​April accep­tance tri­als were a big mile­stone — the Coast Guard wants to accept the ship by the end of this month so it can start train­ing its crew. The lat­est list of tech­ni­cal issues hasn’t dented the agency’s optimism. 

“These accep­tance tri­als are good news for the Coast Guard because the num­ber of starred cards writ­ten for Bertholf is extremely low, con­sid­er­ing this is a first-​​in-​​class ship. The Coast Guard is con­fi­dent that the con­trac­tors will be able to resolve all materiel defi­cien­cies aboard Bertholf in a timely man­ner,” Coast Guard spokes­woman Laura Williams said Monday.

(more…)

In an effort to inject some com­pe­ti­tion for small busi­nesses with inno­v­a­tive ideas in the defense and secu­rity arena, a small group of London Business School stu­dents put together a con­test last year that awards a healthy chunk of cold hard cash to entre­pre­neurs with bright ideas.

Called the Global Security Challenge, this year judges will focus on tech­nol­ogy prod­ucts that can be used to pre­vent, defend against, cope with or recover from ter­ror­ist inci­dents, other crim­i­nal acts, nat­ural dis­as­ters, includ­ing iden­ti­fy­ing or locat­ing per­pe­tra­tors of these act­sEx­am­ples of our areas of inter­est are bio­met­rics, detec­tion sen­sors, net­work secu­rity, data stor­age, biotech­nolo­gies, and search software.

In order to qual­ify, the com­pany or entre­pre­neur can have zero income but no greater than $5 mil­lion USD in annual rev­enues. The com­pe­ti­tion is open to world­wide idea meis­ters and the win­ner could gar­ner $500,000 to get their secu­rity inno­va­tion started.

The first round of entries closes on June 30. So if you have that new ACME robo retna scan­ner ter­ror­ist ID detec­tion array thats just been sit­ting in the garage wait­ing for some cash injec­tion to get it off the ground, this may be your chance.

– Christian

What began as an ambi­tious but mostly over­looked scheme to mod­ern­ize the Coast Guards entire fleet of ships and air­craft over a 20-​​year period has, just five years after con­cep­tion, turned into one of the most trou­bled and crit­i­cized U.S. mil­i­tary pro­grams.
The $24-​​billion Deepwater ini­tia­tive was launched in 2002 with a con­tract nam­ing Integrated Coast Guard Systems — a part­ner­ship between elec­tron­ics maker Lockheed Martin and ship­builder Northrop Grumman — the lead sys­tems inte­gra­tor for the pro­gram, mean­ing the firms, rather than the Coast Guard, would be respon­si­ble for select­ing sub­con­trac­tors to han­dle the air­craft, elec­tron­ics and ship­build­ing work.

(more…)

Since the elec­tions in November, there’s been plenty of talk about Democratic plans to imple­ment the 9/​11 Commission rec­om­men­da­tions (or not). Advocates of the idea have touted it as a crit­i­cal and timely response to issues left unad­dressed in the last two years, with incom­ing House Speaker Nancy Pelosi mak­ing their imple­men­ta­tion “one of the cen­ter­pieces of her ‘first 100 hours’ leg­isla­tive agenda” accord­ing to the Washington Post. Skeptics have scoffed at this notion, with the Heritage Foundation’s James Carafano telling the AP in late November that “I don’t think there’s a lot more to do there” and “I think we’re done.“
Amidst all of this rhetoric, there’s an easy way to resolve this dis­pute: go to the source. That’s what I’ve done over the last two weeks, going one-​​by-​​one through the each of the 41 rec­om­men­da­tions in the 9/​11 Commission Report, look­ing at what’s been done to date, and ana­lyz­ing what the 110th Congress could poten­tially do to make progress on each and every one of these rec­om­men­da­tions.
You can read the com­plete analy­sis in this 25-​​page paper:
Implementing the 9/​11 Commission Recommendations: An Analysis.
Overall, I think the analy­sis shows that there is a lot that the incom­ing Congress can do to respond to the 9/​11 Commission’s rec­om­men­da­tions, not only in terms of autho­riz­ing leg­is­la­tion, but also in terms of fund­ing, over­sight, inves­ti­ga­tions, pub­lic com­mu­ni­ca­tions, and per­sonal out­reach. These rec­om­men­da­tions are nei­ther a panacea nor a fin­ish line (there is no fin­ish line against a con­stantly evolv­ing threat), but they are still a use­ful set of rec­om­men­da­tions that can improve our coun­tert­er­ror­ism, home­land secu­rity, and intel­li­gence capa­bil­i­ties, and they are part of a cred­i­ble secu­rity agenda for the next Congress.
– Christian Beckner (cross-​​posted from Homeland Security Watch)

For those who believe in trans­par­ent gov­ern­ment and fact-​​driven leg­is­la­tion, the power shift in the U.S. Congress rep­re­sents a unique oppor­tu­nity to open up one impor­tant Congressional insti­tu­tion to the Internet and bring back another one twelve years after it was dis­banded.

The Congressional Research Service pub­lishes first-​​rate, succinctly-​​written analy­ses of pol­icy issues, includ­ing hun­dreds of reports on home­land secu­rity issues over the last few years. But you wouldn’t know that from look­ing at the CRS web­site, which con­tains none of the entity’s con­tent. This has been the sit­u­a­tion with CRS reports dat­ing back to the early days of the World Wide Web, largely at the behest of for­mer House Administration Committee Chairman (and recently con­victed felon) Bob Ney.
Congressional staffers are often will­ing to send out CRS reports to con­stituents, and as a result the reports even­tu­ally get out into the pub­lic domain, but some­times after delays of weeks or months. I’ve made an effort to dig out every home­land security-​​related report I can over the past 7–8 months, as you can see here, and there are many other groups such as the Federation of American Scientists who have cre­ated excel­lent CRS report sites. But our yeoman’s work is a poor sub­sti­tute for direct, real-​​time access to new CRS reports at the crs​.gov site. The new Democratic lead­er­ship in the House and the Congress should set the CRS free on day one of the 110th Congress.

A sec­ond impor­tant Congressional insti­tu­tion, the Office of Technology Assessment, has faded into a dis­tant mem­ory over the past decade, but it once played a crit­i­cal role in advis­ing Congress to make sense of tech­nol­ogy issues. It was dis­banded fol­low­ing the Republican takeover of Congress in 1994, a sac­ri­fi­cial pawn with a $20 million/​year bud­get to the budget-​​cutting rhetoric of that elec­tion. But with the fed­eral gov­ern­ment today spend­ing $135 billion/​year on R&D today, the dis­band­ment of OTA looks penny wise but pound fool­ish. It’s not pos­si­ble to prove a coun­ter­fac­tual, but I’m con­fi­dent that there would be a better-​​informed Congressional allo­ca­tion of R&D fund­ing and much less waste if the OTA still existed today.
In par­tic­u­lar, the home­land secu­rity domain has deeply needed the OTA over the past five years. DHS has fre­quently strug­gled to artic­u­late an R&D agenda for key mis­sion require­ments, and Congress has too often pro­vided only surface-​​level over­sight of the Department’s tech­nol­ogy chal­lenges.
Take the exam­ple of R&D on explo­sive detec­tion sys­tems for avi­a­tion secu­rity. After 9/​11, Congress moved quickly to invest bil­lions of dol­lars in new machines, and start R&D efforts for a next gen­er­a­tion of tech­nol­ogy. Those deci­sions were made, as best I can tell, with­out any long-​​run plan for how TSA would migrate from this first-​​generation of tech­nol­ogy to the next-​​generation. This is exactly the kind of guid­ance that the OTA could have helped to pro­vide upfront. In the absence of such strate­gic advice, the migra­tion path to a new gen­er­a­tion of tech­nol­ogy con­tin­ues to be informed too much by reac­tions to the news of the day (e.g. the UK plot and liq­uid explo­sives detec­tion) and com­pet­ing indus­try pres­sures, and not enough by a long-​​term strat­egy.
For this rea­son, and count­less oth­ers, it would be an excel­lent invest­ment to bring back the Office of Technology Assessment. It will undoubt­edly take some time to bring it back to its prior level of com­pe­tence, but it’s a project worth under­tak­ing.
p.s. For those inter­ested in the work of the OTA as it applies to home­land secu­rity, check out its excel­lent report from 1992 enti­tled “Technology against Terrorism: Structuring Security” which serves as a pre­scient guide to many of the chal­lenges still fac­ing DHS today.
– Christian Beckner (cross-​​posted from Homeland Security Watch)

The final results of the 2006 midterm elec­tions are now all but in, and it’s clear that the Democratic party will have a 30 seat major­ity in the House and a 51–49 major­ity in the Senate. This will lead to a num­ber of key changes in the Congressional agenda for home­land secu­rity. Here are seven that are likely to be near the top:
1. Implementing the 9/​11 Commission rec­om­men­da­tions. In the aggre­gate, this idea is an over­sim­pli­fi­ca­tion, because a num­ber of the rec­om­men­da­tions are not amenable to leg­isla­tive fixes. But many of them can be addressed by leg­is­la­tion, e.g. resolv­ing emer­gency spec­trum issues and mak­ing grant allo­ca­tions com­pletely risk-​​based. On this lat­ter issue, the bar­rier to date hasn’t been a Dem-​​Rep divide; it’s been a big state vs. small state divide, and noth­ing in the cur­rent realign­ment changes that. I also think there’s a lot of work to be done on the rec­om­men­da­tion con­cern­ing how the “U.S. bor­der secu­rity sys­tem should be inte­grated into a larger net­work of screen­ing points.“
One other impor­tant rec­om­men­da­tion by the 9/​11 Commission con­cerned the cre­ation of per­ma­ment home­land secu­rity com­mit­tees. I’ve writ­ten repeat­edly about this issue over the last two years, argu­ing that while the arrange­ment in the House is more or less suf­fi­cient, the Senate did not go far enough in empow­er­ing the HSGAC. If the Democratic lead­er­ship in the Senate is con­cerned about imple­ment­ing the 9/​11 Commission rec­om­men­da­tions, the first thing that they need to do is give the HSGAC broader author­ity over trans­porta­tion secu­rity (which is at Commerce now), chem­i­cal facil­ity secu­rity (which EPW has claims some author­ity over), and bor­der secu­rity (which is now at Judiciary) at a min­i­mum. Perhaps the “gov­ern­ment affairs” part of the HSGAC should be spun off to the Senate Budget Committee as part of this realign­ment, since it’s the other Senate com­mit­tee that has a government-​​wide focus. For more on this issue, see this post from September.
2. Rail and tran­sit secu­rity. According to a story in CQ (sub­scrip­tion req’d), HSC Chairman-​​elect Bennie Thompson is already plan­ning to bring up rail and tran­sit secu­rity lan­guage that had been removed from the port secu­rity bill dur­ing the final con­fer­ence as a new piece of leg­is­la­tion early in the 110th. While there are lim­its to what can be done to counter rail and tran­sit threats, I think we are clearly not doing enough today — see this post from July for more on this topic — and move­ment on such leg­is­la­tion is war­ranted.
3. Chemical plant secu­rity. The lan­guage that was attached to FY 2007 DHS appro­pri­a­tions on chem­i­cal plant secu­rity was a sham, and made a mock­ery of the com­pre­hen­sive leg­is­la­tion that had been passed by the HSC and HSGAC on a bipar­ti­san basis ear­lier in the year. Hopefully one of the first things that the Democratic lead­er­ship in the House and the Senate will do is go back to these bills, fix a cou­ple of the small flaws in them, and get this passed and to the President’s desk. I’d be sur­prised if he would veto such a bill.

(more…)

Last week Christopher Soghoian, a 24 year-​​old Ph.D. stu­dent in infor­ma­tion secu­rity at Indiana University, whipped together a web­site that allowed any­one to cre­ate a fake Northwest Airlines board­ing pass. He hoped to bring atten­tion to a secu­rity hole that allows any­one, includ­ing some­one on the No-​​Fly list, to enter the secu­rity line with a fake doc­u­ment. Instead he got another kind of atten­tion.
For those unfa­mil­iar with the story, it’s one I’ve been fol­low­ing in my blog and in a proper news story for Wired News since Soghoian told me about his site Wednesday night.
Soghoian, a secu­rity researcher who has done work at Google, Apple and IBM, told me the site’s pur­pose was to demon­strate the futil­ity of the No-​​Fly list:

I want Congress to see how stu­pid the TSA’s watch lists are. Now even the most tech­ni­cally incom­pe­tent user can click and gen­er­ate a board­ing pass. By doing this, I’m hop­ing [Congress] will see how silly the secu­rity rules are. I don’t want bad guys to board air­planes but I don’t think the sys­tem we have right now works and I think it is giv­ing us a false sense of security.

Even with­out his gen­er­a­tor, the No-​​Fly list can be avoided:

If you can pur­chase a ticket over the inter­net with a pre-​​paid debit card and can fly with­out I.D., then for domes­tic flights the No-​​Fly list doesn’t work.

On Friday, Congressman Ed Markey (D-​​Mass) called for the site to be shut down and arrested, and later that day, the FBI shut­tered the site and met with Soghoian. Whatever he said must not have been con­vinc­ing, since the FBI raided his house with a search war­rant signed by a judge at 2 a.m. Saturday morn­ing and seized his com­put­ers, though they didn’t arrest him. Markey then retracted his call for Soghoian’s arrest on Sunday and in fact, sug­gested the gov­ern­ment hire him instead (though Markey called the site a ‘lousy way’ of pub­li­ciz­ing the prob­lem).
Since Sunday, the story has slowed con­sid­er­ably. Soghoian has lawyers now and isn’t talk­ing to reporters, though is occa­sion­ally updat­ing his blog.
Soghoian’s site exploited a well-​​known secu­rity hole, one first pub­li­cized by secu­rity expert Bruce Schneier in 2003, given the full-​​on Slate treat­ment in 2005, and, accord­ing to secu­rity blog­ger Adam Shostack, was explained to high-​​level Homeland Security offi­cials in 2004.
That doesn’t mean all secu­rity researchers applaud Soghoian’s method. Indeed, Avi Rubin, who’s best known for his vot­ing secu­rity work, told Xeni Jardin that his for­mer teach­ing assis­tant should have shown this to the gov­ern­ment pri­vately.
So what’s the upshot? Will the gov­ern­ment ban board­ing passes tick­eted at home? Will they pros­e­cute Soghoian for build­ing this site? Won’t other hack­ers put their own ver­sion online? Will this prompt recon­sid­er­a­tion of the use of noto­ri­ously inef­fec­tive watch lists for domes­tic travel?
The short anwsers, in my opin­ion, are No, No, Maybe but not as many as you’d expect, Definitely Not.
The long answers are here at 27BStroke6, which despite Noah’s dig, is a great name for a blog. (Think Brazil).
– Ryan Singel
Photo: VeganStraightEdge