DOD Responds to Commission on Wartime Contracting’s Concerns
Readers
of this site are likely familiar with the issues raised by the
independent Commission on Wartime Contracting in Iraq and Afghanistan
(CWC). Over
and over, CWC has expressed its concerns with how DOD exercises
oversight on the contractors supporting the warfighters in Southwest
Asia. For example, in this article, we told you that the CWC had issued its interim report, entitled, “"At What Cost? Contingency Contracting in Iraq and Afghanistan." In this article,
we told you about testimony before the Commission, in which then-DCAA
Director April Stephenson blamed "faulty accounting, cost-estimating,
purchasing and other business systems" for "millions of dollars" of
contractor overbillings to the Department of Defense (DOD). We told
you about a Federal Times article that quoted Director Stephenon's
testimony: "When a contractor’s business system and related internal
controls are inadequate, the data generated by the contractor’s system
is unreliable, which in turn, results in the risk of noncompliances with government laws and regulations, mischarging, fraudulent acts and contract overpayments."
Later
on, we reported the fascinating war between bureaucracies that was
playing out before us all. While the attacks took place in many
forums, some of the nastiest took place at the CWC. For instance, based on some of the CWC testimony and comments, we asked if DCAA and DCMA would be merging in order to end their “dysfunctional” contractor oversight.
Nearly four months after the CWC told DOD to go back and rethink its approach to contractor oversight, the
Pentagon submitted its official response to the CWC’s “eight issues of
immediate concern.” The report, issued to the Under Secretary of
Defense (Acquisition, Technology & Logistics) by the “Task Force on
Wartime Contracting” (TFWC) on December 17, 2009, was made public on
January 26, 2010. As we mentioned, the TFWC report, which can be found
here, addressed eight issues –
1. Risk associated with drawdown of troops in Iraq
2. Shortage of contract management personnel in theater and training
3. Acceleration of transition to the new LOGCAP IV contract
4. Adequacy of contractor business systems
5. Greater accountability in the use of subcontractors
6. Proper transition of lessons learned from Iraq to Afghanistan
7. Establishment of a contracting command in Afghanistan
8. Proper training and equipping of security contractors.
The
TFWC was chaired by Mr. Shay Assad, Director, Defense Procurement and
Acquisition Policy (DPAP), and had the following objectives: mapping
CWC observations to the eight issues of immediate concern, identifying
current DOD initiatives, and tracking whether DOD’s initiatives would
address the CWC areas of concern.
The report, which can be found here, concluded that every CWC concern
was being addressed by a current DOD initiative. Almost all of DOD’s
initiatives had been started prior to CWC expressing its concerns. The
report’s conclusions were summarized as follows—
The Task Force [TFWC] reported that it believes the DoD
initiatives are the right solution set and therefore does not recommend
pursuing alternatives. The progress on these initiatives is largely
moving forward as planned, but some key initiatives, primarily in the
area of resourcing contingency contracting officer’s representatives
and subject matter experts, are experiencing major challenges. The
Task Force is focusing on improving progress in these areas and will
continue to work with senior leaders to remove the barriers.
Savvy
readers will recognize the diplomatic tone of the summary, which might
also be translated (by a less bureaucratic translator) as telling the
CWC that the DOD recognized the issues before they were brought to its
attention, has initiated effective counter-measures, and has things
well in hand. So thank you very much, CWC, but no thanks.
We
want to examine, in some detail, how the report addresses two CWC
concerns: (1) adequacy of contractor business systems, and (2) greater
accountability in the use of subcontractors. Our examination will
focus on whether the details in the report support the conclusions as summarized by DPAP.
Adequacy of Contractor Business Systems
The
report maps five CWC observations to this issue. Two observations
relate to DCMA and three to DCAA. The report notes that subcommittee
11 of the Department’s Panel on Contracting Integrity “will focus on
establishing consistent processes and procedures to address contractor
business system deficiencies.” However, the subcommittee’s
“comprehensive review and analysis of
the Department’s audits and evaluations of contractor business systems
will take time.” Moreover, both DCMA and DCAA have inadequate
resources to address oversight requirements.
The
“good news” is that DCAA has already issued “more than 100 cost
suspensions totaling more than $500 million” in its testing of
contingency operations support contractors in Southwest Asia. In
addition, DCAA has issued audit guidance that has “clarified what
constitutes a significant deficiency and eliminated the ‘inadequate in
part’ opinion in an attempt to reduce the apparent confusion regarding
the expectation of the contractor and CO regarding the reported
deficiencies.”
Of the five observations, two are rated as Yellow (experiencing challenges) and two are rated Green (on track). The fifth observation (lack of resources within DCAA is a significant factor contributing to ineffective audit coverage) does not seem to have
been addressed in any detail within this section of the report, even
though it is one of the CWC observations that is mapped to this issue.
Our assessment: This
area was evaluated with some measure of optimism. Lack of DCAA
resources was not addressed (though it was noted that DCAA has given
in-theater audits its highest priority). Importantly, the report was
misleading because the DCAA audit guidance it asserts “clarified” and
“attempt[ed]
to reduce … confusion” did nothing of the sort—and was actually
criticized by nearly all stakeholders for increasing confusion and
reducing the value of DCAA’s audit reports in this area. We do not
believe the details support the overall conclusion(s) in this area.
Greater Accountability in the Use of Subcontractors
There was only a single CWC concern mapped to this issue. In the words of the report—
Contractors
are incentivized to control costs, because costs are reviewed twice a
month by the government. Cost analyses, regression analyses, and spend
plan analyses identify trends and potential cost savings or
unanticipated increases that will result in budget variances. DCMA
works aggressively with contractors to address such variances. Cost
control is included in the award-fee criteria.
In addition, as the report notes—
In
addition, DCMA monitors the use of subcontracts by verifying the
requirement in theater, after which the ACO in the DCMA corporate
office reviews and provides a formal consent to subcontract. LOGCAP IV
is in the process of instituting cost variance analysis reporting.
This area was rated Yellow (experience challenges) because it is a relatively new area of emphasis. In the words of the report—
The
Department is monitoring LOGCAP and taking steps to protect the
government and the soldier. However, the increased focus on
subcontractors is relatively new—driven by a March 2009 OSD Peer Review
of the LOGCAP IV contracts. The TFWC is rating this yellow until a
complete award-fee cycle demonstrates the effectiveness of this
approach.
Our
assessment: The initiatives discussed in the report are good, insofar
as they go. We would be more impressed if innovative approaches were
mentioned, such as mapping the supply chains of the various tiers of
subcontractors and developing more real-time cost and schedule statusing.
The report notes that 70 percent of the work is performed by
subcontractors; and this seems to us to be a proper area of emphasis.
Although there appears to be a good use of statistical and EVM tools,
we would have hoped for more in this area.
Based
on our analysis of two of the eight areas of CWC concern, we are not
overly impressed with the TFWC report. If it serves to get the CWC off
DOD’s back, perhaps that’s good enough. But despite our cynicism, many
of these areas are real problems that affect the oversight of LOGCAP
and other DOD contractors; they need to be addressed. DPAP, the
Business Integrity Panel, and the various subcommittees should be
encouraged to tackle these tough problems with more than bureaucratic
platitudes.
Government Contractors and the Foreign Corrupt Practices Act
The Foreign Corrupt Practices Act of 1977 (15 U.S.C. 78 et seg, as amended) (aka the FCPA)
applies to any SEC-registered entity doing business outside the United
States. It has two main provisions—(1) an anti-bribery provision
(which is enforced by the DOJ and gets most of the attention), and (2) a books-and-records provision, which is enforced by the SEC.
The first provision prohibits covered entities from making corrupt payments to foreign officials for the purpose of obtaining or retaining business. But it’s a bit more comprehensive than that simple entence might lead one to believe. Individuals and firms may also be penalized if they order, authorize, or assist someone else to violate the antibribery
provision or if they conspire to violate those provisions. The
provision prohibits paying, offering, promising to pay (or authorizing
to pay or offer) money or anything of value.
There’s more: Corrupt
payments made through intermediaries are also prohibited. It is
unlawful to make a payment to a third party, while knowing that all or
a portion of the payment will go directly or indirectly to a foreign
official. According to the Department of Justice, the term "knowing" includes conscious disregard and deliberate ignorance.
But some payments aren’t corrupt. According to the Department of Justice’s FCPA Guide for Laypersons—
There is an exception to the antibribery
prohibition for payments to facilitate or expedite performance of a
‘routine governmental action.’ The statute lists the following
examples: obtaining permits, licenses, or other official documents;
processing governmental papers, such as visas and work orders;
providing police protection, mail pick-up and delivery; providing phone
service, power and water supply, loading and unloading cargo, or
protecting perishable products; and scheduling inspections associated
with contract performance or transit of goods across country.
With respect to the books-and-records provision, a related statute requires that—
(2)
Every issuer which has a class of securities registered pursuant to
section 78l of this title and every issuer which is required to file
reports pursuant to section 78o(d) of this title shall--
(A) make
and keep books, records, and accounts, which, in reasonable detail,
accurately and fairly reflect the transactions and dispositions of the
assets of the issuer; and
(B) devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that--
(i) transactions are executed in accordance with management's general or specific authorization;
(ii)
transactions are recorded as necessary (I) to permit preparation of
financial statements in conformity with generally accepted accounting
principles or any other criteria applicable to such statements, and
(II) to maintain accountability for assets;
(iii) access to assets is permitted only in accordance with management's general or specific authorization; and
(iv) the
recorded accountability for assets is compared with the existing assets
at reasonable intervals and appropriate action is taken with respect to
any differences.
Often
improper payments under the FCPA anti-bribery provision are also
violations of the books-and-records provision, given that the
transactions are likely to be hidden in a company’s accounting system, and because enforcement agencies tend to believe that the corrupt payments would never have been made if the company had effective internal controls in the first place.
The prominent law firm Gibson Dunn published a thorough review
of FCPA activity in 2009. According to that review, “In what is
becoming nearly an annual event, 2009 once again saw record levels of
FCPA enforcement actions brought by DOJ and the SEC. … It is clear that
this trend of heightened enforcement activity will not soon subside. Mark Mendelsohn,
the peripatetic Deputy Chief of the Fraud Section in DOJ's Criminal
Division and the government's top criminal FCPA enforcer, recently
confirmed that DOJ has least 130 open FCPA investigations.“ We
encourage you to follow the link and read this excellent recap of
recent enforcement activity and emerging trends.
Why
is the FCPA of interest to aerospace/defense companies? Well, the FCPA
was originally enacted—at least in part—in reaction to the news that
Lockheed (now called Lockheed Martin) had bribed foreign officials to
the tune of roughly $22 million to help sell its planes. According to this article,
the company routinely engaged in bribery of foreign officials in
countries such as West Germany, Italy, Japan, and Saudi Arabia. News
of the bribes led to the resignations of Lockheed’s Chairman of the
Board of Directors as well as its Vice Chair and President. In
addition, of course, A&D companies sell
their commercial and military goods and services globally, often
through local agents and subcontractors, meaning they are vulnerable to
the making of corrupt payments.
So it was not really surprising that on January 19, 2010, the Department of Justice announced
that “Twenty-two executives and employees of companies in the military
and law enforcement products industry have been indicted for engaging
in schemes to bribe foreign government officials to obtain and retain
business.” 21 of the alleged FCPA violators were arrested in Las
Vegas; and one was arrested in Miami, as a result of 16 separate
indictments—representing “the largest single investigation and
prosecution against individuals in the history of DOJ’s enforcement of
the Foreign Corrupt Practices Act (FCPA).”
According to the DOJ announcement—
The indictments allege that the defendants engaged in a scheme to pay bribes to the minister of defense for a country in Africa. In fact, the scheme was part of the undercover operation, with no actual involvement from any minister of defense. As part of the undercover operation, the defendants allegedly agreed to pay a 20 percent ‘commission’
to a sales agent who the defendants believed represented the minister
of defense for a country in Africa in order to win a portion of a $15
million deal to outfit the country’s presidential guard. In reality, the ‘sales agent’ was an undercover FBI agent. The defendants were told that half of that ‘commission’ would be paid directly to the minister of defense.
The defendants allegedly agreed to create two price quotations in
connection with the deals, with one quote representing the true cost of
the goods and the second quote representing the true cost, plus the 20
percent ‘commission.’ The defendants also allegedly agreed to engage in a small ‘test’ deal to show the minister of defense that he would personally receive the 10 percent bribe.
The
DOJ notes that “This ongoing investigation is the first large-scale use
of undercover law enforcement techniques to uncover FCPA violations and
the largest action ever undertaken by the Justice Department against
individuals for FCPA violations.”
In addition, the announcement states that “Each of the indictments
allege that the defendants conspired to violate the FCPA, conspired to
engage in money laundering, and engaged in substantive violations of
the FCPA. The indictments also seek criminal forfeiture of the
defendants’ ill gotten gains. The maximum prison sentence for the
conspiracy count and for each FCPA count is five years. The maximum
sentence for the money laundering conspiracy charge is 20 years in
prison.”
The
DOJ announcement continues an annoying trend we noticed, where
individuals are named as alleged perpetrators, but the companies that
employ them (or that they head) are not named. It takes some sleuthing
to match individuals to companies—sleuthing that the group Project on Government Oversight (POGO) was willing to undertake. See the results of their efforts here. POGO’s oft-maligned Federal Contractor Misconduct Database shows sixteen
aerospace/defense contractors that have either been charged with, or
pleaded guilty to, FCPA violations. None of the 16—or indeed any other
Federal Contractor listed in POGO’s database—was among the companies
employing any of the 22 individuals nabbed in the recent undercover
operation. The only “name” company involved was the venerable Smith
& Wesson of Springfield, Mass. That company’s statement, which
contained zero details, can be found here—for what it’s worth. (Not much.)
It is not clear that any other company is an SEC-registrant, and hence
none of the others may be subject to the books-and-records provision.
Of course, the anti-bribery provision is quite sufficient—especially
when linked to allegations of money-laundering. No need to pile-on.
We’ve
noted before the difficulty in being a Government contractor, and all
the controls and systems that must be established in order to assure compliance
with a myriad of statutes, regulations, and rules. For those companies
doing business outside the U.S.—especially those that are
SEC-registrants—the FCPA is an important compliance area that is worth
spending some time and effort thinking through, in our view.
|
Government Contract Accounting Issues Associated with Joint Ventures
It’s been ten years
since I first tackled government contract accounting issues associated
with joint ventures. (See “Accounting, Cost and
Pricing Issues in Strategic Alliances and Teaming
Agreements,” Strategic Alliances and Teaming
on Government Contracts: Winning Combinations for the Next
Century, American Bar Association, 2000.) At that time, my co-authors
(Jim Check and Jason Aiken) and I asserted that “The structural form
and, more importantly, the substance of an alliance arrangement will
bear significantly on determining whether costs are allowable and how
they are allocated.”
We discussed three
primary scenarios—
1. Each alliance member
will incur all costs individually and no costs will be incurred by the
alliance (the “unpopulated alliance” scenario).
2. The alliance will
incur all costs and no alliance member will incur any
costs (the “populated alliance” scenario).
3. Each alliance member
will incur some costs as an individual entity, while some costs will be
incurred by the alliance (the “hybrid alliance”
scenario).
In the first scenario
above, all costs (including costs of the alliance’s infrastructure such
as program management, billing, audit support, etc.) are incurred by an
alliance memberand included on that member’s
billings to the alliance entity. The alliance entity is simply a shell
without any of its own costs, employees, or control systems. In the
second scenario, the alliance is brought to life by infusing it with
working capital, employees, and control systems. The alliance
implements all necessary business systems, including payroll
processing, purchasing, property control, etc. The alliance will
develop its own indirect rate structure and calculates is own indirect
cost rates, based on the direct and indirect costs it incurs. In such
circumstances, the alliance may require its own Disclosure Statement.
Finally, in the third scenario there are at least two structures
involved—that of the alliance entity and those of the alliance
members. Alliance members may operate as both owners and
subcontractors, depending on how the work is allocated.
Although there are
several different forms of “alliance” (including teaming agreement or
Special Business Unit), the most prevalent type is the
joint venture. Joint ventures (JVs) offer the
opportunity to present a single, unified face to a customer, to create
a separate cost structure and benefit packages, and to utilize the
alliance members’ past performance information for purposes of winning
a proposal.
The
DCAA Contract Audit Manual (CAM) discusses audit issues associated with
JVs at 7-1800. According to the CAM—
A
joint venture, proposed and established as a separate business entity,
should have its own set of books and supporting documentation
sufficient for an audit trail. Transactions should be recorded
consistent with the joint venture agreement, and care must be taken to
ensure that the joint venture bears its equitable share of the costs.
A joint venture, proposed and established as a separate business
entity, should have its own set of books and supporting documentation
sufficient for an audit trail. Transactions should be recorded
consistent with the joint venture agreement, and care must be taken to
ensure that the joint venture bears its equitable share of the
costs.
More
recently, in its role as adjudicator of bid protests, the GAO has addressed
the need
for a JV to have an adequate accounting system suitable for cost
reimbursement contracts, as well as whether a JV needs to file a CASB
Disclosure Statement.
In PMO Partnership
Joint Venture (B401973.3, 1/14/2010), the Department of
Transportation (DOT) rejected PMO’s offer because it considered the
JV’s indirect cost structure to be “unacceptable.” In the words of the
hired auditor (BMC)—
Indirect cost rates were not projected for the PMO Partnership and
used in the cost proposal in accordance with FAR 31.203. Instead the
indirect cost rates for each partner were used separately in the cost
proposal. A budget should have been developed for the partnership
entity and projected indirect rates should have been calculated from
the budget and used in the cost proposal. As a result the indirect
costs included in the cost proposal are questioned . . .The cost proposal
should be for the PMO Partnership Joint Venture Entity and should not
list the costs for each partner separately. The PMO Partnership Joint
Venture is a separate entity in and of itself and that is how the costs
should be presented in the cost proposal. . . .
Because the JV’s
indirect structure was found unacceptable (and by the way noncompliant
with CAS 401), the entity’s offer was rejected and PMO protested the
contracting officer’s decision. As a preliminary matter, DOT’s
argument that the JV had violated CAS 401 was dismissed because the JV
was a qualified small business concern, and thus exempt from the
requirements of CAS 401. In addition, GAO noted that the Government
had “not explained why the particular overhead rate structure proposed
by PMO-JV would lead to an inconsistency in the application of cost
accounting practices or a loss of financial control over costs during
contract performance.” Accordingly, the protest was
sustained.
Similarly, in McKissack+Delcan JV
II (B401973.2, 1/13/2010) the JV’s
offer to
DOT was rejected
because the JV member maintaining the accounting records
(Delcan) would
utilize Canadian GAAP instead of US GAAP. Moreover,
“The proposal
submitted to the Government does not show that the joint venture is an
independent entity. An independent joint venture for Government
contracting purposes would have employees committed from each company
and the indirect rate structure would be unique to the joint venture. .
. . In addition, the indirect rate structure proposed is Delcan's; the
proposal should contain an indirect rate structure specific
to McKissack & Delcan Joint Venture
II.” However, as
the protest evolved the Government abandoned its
initial position(s) and ended-up with the same arguments it used with
respect to PMO, namely that the JV’s “accounting
system is inadequate because MD-JV's failure to submit a unique
indirect rate for the joint venture violates CAS
401.” As with
PMO, the protest was sustained.
In both protests above, DCAA failed to appreciate that a JV need
not be “populated” and might simply consist of the costs of its
members. On the other hand, companies wishing to enter into a JV or
other strategic alliance should be mindful of the blind spot(s) in
DCAA’s audit approach, and take care to link proposed indirect costs to
the form and substance of the alliance entity they have
chosen.
Finally, in Northrop Grumman/Textron (B400837, 2/17/2009)
the two companies protested award of the Joint Light Tactical Vehicle
(JLTV) contract to the GTV Joint Venture (a JV between General Dynamics
Land Systems and AM General) because (among other things) GTV failed to submit a CASB Disclosure Statement for the JV. GAO
noted that “GTV’s
proposal indicated that 100 percent of the contract costs would be
accounted for by subcontracts with the two joint venture members,
apportioned between
them equally. GTV indicated
in its proposal that a CAS disclosure statement had previously been
submitted, and specifically cited in this regard disclosure statements
submitted by AM General and GDLS.”
GAO relied on the DCAA audit guidance that states—
The
need for a joint venture CAS Disclosure Statement depends upon the
characteristics of the venture itself. The determination must be made
on a case-by-case basis. Where the joint venture is the entity actually
performing the contract, has the responsibility for profit and/or
producing a product or service, and has certain characteristics of
ownership or control, a Disclosure Statement should be required. Where
the venture merely unites the efforts of two contractors performing
separate and distinct portions of the contract with little or no
technical interface, separate joint venture disclosure may not be
required.
Because “GTV’s proposal in fact incorporated CAS disclosure
statements applicable to the contemplated contract effort” the protest
was denied.
To sum up, there are undeniable attractions to forming a joint
venture or similar alliance to pursue government business. But doing
so presents difficulties—not the least of which is ensuring alignment
between the form/structure of the alliance and its cost structure, and
navigating the submission of CASB Disclosure Statements. Based on
recent GAO decisions, auditors will not be sensitized to the possible
forms of the alliance, and may misevaluate what is presented, unless
pains are taken to clearly show how proposed costs are consistent with
how costs will be accumulated and billed after contract
award.
Thinking Cyber—Threats, Security, Testing
We’ve
posted about this before but you need to hear it again. The next big
war between nation states probably won’t be fought using tanks and
planes; it will probably be fought in cyberspace. The war could be
over before a single shot is fired, with the winner being the first to
shut down the other side’s electrical and information grids. The
soldiers of the next war are in training now. And the United States is
way behind other nations in training and equipping its cybersoldiers.
In this article, we told you about French Rafale fighters being grounded because the Conflicker
worm invaded the French Navy’s mission planning system via an infected
thumb drive, and we reported that the British Ministry of Defense and
its aircraft carrier HMS Ark
Royal were similarly attacked by computer viruses. In response to
pervasive cyber threats, in June 2009 the Pentagon established USCYBERCOM as a subordinate unified command under the U.S. Strategic Command.
"My
own view is that the only way to counteract both criminal and espionage
activity online is to be proactive. If the US is taking a formal
approach to this, then that has to be a good thing. The Chinese are
viewed as the source of a great many attacks on western infrastructure
and just recently, the US electrical grid. If that is determined to be
an organized attack, I would want to go and take down the source of
those attacks." – Lt. Gen. Keith Alexander, nominated USCYBERCOM Commander, May 2009 (quoted here)
In another article, we told you about
the U.S. Cyber Challenge, where children as young as high-school age
are invited to participate in “contests” (that look an awful like
training exercises) in which their nascent skills in cyber attack and
defense are “nurtured and developed”. Those participants who stand out
from the rest will be offered grants, scholarships, advanced training,
and/or full-time employment, in order to become full-fledged
“cyber-security practitioners, researchers, and warriors.” We noted
that the impetus for this effort was the fact that the U.S. had
belatedly recognized how far behind China it had fallen in this area.
More recently, media outlets
carried reports of China’s apparent involvement in a sophisticated
attack on Google, in which “the e-mail accounts of several Chinese
human rights activists had been compromised.” This Reuters article discusses China’s Hong Ke (Red Visitors) and
quotes a blogger as saying, “China may not be where the U.S. is
militarily, but it clearly has invested a lot of brainpower in
developing capabilities that can offset the U.S. advantage in
force-on-force conflict.”
The foregoing is but a bit of background to the discussion of the Comprehensive National Cyber Security Initiative, the Department of Homeland Security’s National Cyber Security Center, and DARPA’s National Cyber Range. It is in these arenas that the United States is developing its offensive and defensive doctrines for fighting the next war.
The Comprehensive National Cyber Security Initiative (CNCI)
dates back to 2008, when then-President George W. Bush issued National
Security Presidential Directive 54 to improve how the Federal
government protects sensitive information from hackers and nation
states trying to break into agency networks. Much of the details
surrounding CNCI are classified, but reports indicate that its
multi-year budget may be as much as $40 billion.
Apparently, the Department of Homeland Security (DHS) is the lead CNCI agency. Reports assert that DHS uses an automated system known as Einstein
to collect security information, such as notifications of intrusions
via sensors deployed in agencies’ networks, and reporting that
information to the U.S. Computer Emergency Readiness Team (US-CERT).
In addition, one article reported that “Defense and intelligence
agencies were assigned an operational role, particularly for computer
systems and networks deemed more sensitive to national security. Those
agencies were expected to focus on counterterrorism efforts.”
The National Cyber Security Center (NCSC) is tasked with protecting the Federal government’s communication networks from domestic and foreign threats. After a rough start in which the NCSC head quit over allegations of undue influence by the National Security Agency (NSA), the NCSC has lowered its profile under the direction of long-time Microsoft Executive Phil Reitinger. In a rare interview posted on Govinfosecurity.com, Mr. Reitinger let drop some tidbits about the NCSC. He said, “I was talking before about the National Cybersecurity Division, which is part of cybersecurity communications. The National Cybersecurity
Center is an even smaller group that will be growing form perhaps
somewhere in the neighborhood of five people to perhaps 25 by the end
of the year, so it is going to be much more than doubling but it is a
smaller group of people.”
Finally, let’s discuss DARPA’s National Cyber Range (NCR). According to the DARPA press release:
“The goal of the NCR program is to revolutionize the state of the art
of the Nation’s cyber testing technology, and develop a computer
systems test bed on which cyber scenarios can be evaluated
simultaneously to provide a comprehensive, qualitative and quantitative
assessment of the security of information and automated control systems
that are under development.” DARPA’s vision for the NCR is to
“simulate the entire internet, allowing soldiers to drill in virtual
simulations ranging from a small scale computer virus to a World War
III-sized conflict,” according to this article.
Northrop Grumman won the Phase I concept design work, but contracts for
Phase II efforts, which include building and evaluating “prototype
ranges and their corresponding technology,” were awarded to John
Hopkins University-Applied Physics Laboratory and to Lockheed Martin.
While Aviation Week & Space Technology magazine is excited about the Next Generation Jammer (NGJ),
focusing on new techniques in Electronic Attack and Electronic Warfare,
the real future of warfare is already taking shape behind computer
screens and in large-scale testbeds
and laboratories. For example, the January 18, 2010 edition of
AW&ST describes that the future of electronic attack weapons as
including “a magazine filled with electron pulses, information
scrambling data streams and invasive algorithms.” That may well be
true, but if the planes that carry the NGJ and its science fiction
weapons can’t take off because the military command and control
structure has been hacked from abroad, or if the mission planning and
guidance maps have been altered via undetected intrusion, then those
weapons will avail us very little. Instead, AW&ST might want to
think about getting excited about cyber.
|
