TSA wasted $56B on junk security

But the last several years’ worth of plots on the friendly skies indicate the terrorists have switched their game plans. In January, a suicide bomber didn’t try to board a plane at Moscow’s Domodedovo airport.

He detonated before going through security, in the crowded entranceway, killing 35 people and wounding over 150 more. Last fall, al-Qaida’s Yemen branch skipped the boarding call and shipped bombs packed in printer cartridges back to the States.

Less conspicuously, terrorists have started to infiltrate the airlines and airports themselves. Rajib Karim, for instance, worked as an IT specialist for British Airways.

But inspired by al-Qaida YouTube preacher Anwar al-Awlaki, Karim offered to help al-Qaida sneak bombs aboard planes at London’s Heathrow airport, and claimed to have support from sympathetic airport workers.

The airlines and airports barely conduct employee background checks, Brandt claims — and of course, none of those employees need to go through a “porno scanner,” get a pat-down or have their luggage rifled through.

Cory Doctorow.

Mobile Banking Changes Fuzzy Within FFIEC’s New Rules

Some may call it a convergence of three game-changing forces that are rewriting financial institution security at warp speed. First, there is the U.S. government demand that financial institutions – credit unions included – comply with new security guidelines issued by the interagency Federal Financial Institutions Examination Council to take effect in January 2012.

Force two: survey data underlining the reality that a significant percentage of consumers are holding back from mobile banking precisely because of fears of security breaches. Those concerns are backed by new research from security firm ThreatMetrix of Los Altos, Calif., which reported one in five consumers or 21% felt “completely protected” against fraudsters while using mobile banking tools, said ThreatMetrix CEO Reed Taussig.

Force three: it may be paradox but some credit unions around the country nonetheless report buoyant demand, much more than forecast, for mobile banking, which is emerging as the must-have technology of the moment. Add those forces together and by any yardstick, the coming few months may shape up as an interesting time for credit unions and their technology gurus.

As for the buoyant demand, the numbers may prove it. At Columbia Credit Union in Vancouver, Wash., the $769 million institution said it introduced mobile banking three months ago and already, 20% of online banking users have registered to use it. “The adoption was much quicker than we had anticipated,” said Jen Shefner, assistant vice president of e-commerce at Columbia.

The story is similar at the $2.2 billion State Employees Credit Union of Maryland Inc. in Linthicum. Of its 248,000 members, more than 20,000 of them are mobile banking users, said Kristen Heerema, product manager. Demand, particularly following the rollout of a new iPhone app in August, is strong, she added. Karen Haugen, a marketing manager at SECU, said that about 25% of the institution’s online banking users are signed up for mobile banking.

Amid the rush into mobile banking, questions persist about the security of the channel and that is precisely where the FFIEC standards enter, said Mickey Goldwasser, vice president of marketing at Q2eBanking, an Austin, Texas-based developer of mobile banking tools. “The FFIEC guidance surprised no one,” Goldwasser said. “It says the same guidance for online should be applied to mobile. They are telling institutions to be prepared.”

At Fiserv, mobile manager Calvin Grimes added “The new [FFIEC] guidance has gotten a lot of attention. What the government is doing is extending existing security policies into the mobile space. Every institution will interpret this differently. FFIEC is not necessarily prescriptive.”

That last bit is key. Other than putting forth a so-called layered approach, the FFIEC guidelines offer few specifics, said Avivah Litan, vice president at Gartner Inc., an information technology research and advisory company in Stamford, Conn. “This area is starting to heat up. I am getting calls from clients every day about what they should be doing,” said Litan, who agreed that the written FFIEC materials offer sparse details, especially in regards to smaller institutions and what they need to be doing to secure their mobile banking channel. “There are no clear directions from the regulator,” she noted.

An oddity about the FFIEC guidance is that despite what is happening in the marketplace, it is surprisingly mum in regard to offering security guidance specifically targeted at mobile banking. “It is interesting that FFIEC doesn’t talk at all about mobile,” said Laura Mather, founder of security firm Silver Tail Systems in Menlo Park, Calif.

Maybe that vagueness in the FFIEC guidance is why some institutions now report they are in a study mode. “We are putting a plan for FFIEC in place. We are doing a risk assessment,” said Shefner with Columbia. “We are working with vendors, and we are looking at the new recommendations and how they affect all of our channels.”

At SECU, product manager Ron Waters said, “Our compliance strategy is to be within guidelines. We are working with third-party vendors. We always work with a broad team to meet all the compliance points. We take compliance requirements seriously.”

The $400 million Generations Federal Credit Union in San Antonio, Texas is also in evaluation mode regarding the new FFIEC rules. “[We] are in the process of reviewing third-party vendors to come in and conduct an assessment. We don’t anticipate their being too many changes as we do try to keep up on the various technologies,” wrote Ashley Harris, Generations FCU director of public relations, in an emailed statement.

“However, and of course that’s a big however, there is always room for improvement,” Harris said. “When that third party comes back with the assessment, we’ll develop a plan from there to address anything that they come across.” Just what should credit unions focus on in the run up to January?

Brian Abele, vice president of product management at Q2eBanking, shared what that firm is advising its credit union clients. “The FFIEC guidance talks about a layered approach,” Abele said. “We agree. Effective security is about having multiple layers. We emphasize there is no panacea.”

Abele cautioned that the FFIEC is not the end-all when it comes to security and mobile banking. “Complying with the regulatory aspect is critical but the ultimate goal is not having something bad happen to your members.”

Symplified®, the Cloud security company, today announced that the Visiting Nurse Service of New York (VNSNY), the largest not-for-profit home health care organization in the United States, has implemented Symplified for centralized cloud identity and access management.

VNSNY recently modernized an IT infrastructure that serves more than 15,000 users by deploying several new SaaS (Software as a Service) applications. Symplified enables VNSNY to enforce access security policies, provide single sign-on (SSO) from any device, and audit usage of these business critical applications for compliance reporting.

Founded in 1893 by Lillian Wald, the first public health nurse in the United States, VNSNY cares for 140,000 patients in the greater New York metro area, and its over 14,000 health care providers care for over 30,000 New Yorkers on any given day. The company turned to Symplified for a centralized access management solution that secures six public cloud applications as well as several private cloud apps. Symplified’s ability to audit cloud application usage was also a key selling point for VNSNY which must meet data governance requirements for HIPAA and HITECH Act compliance.

“Symplified’s ability to protect popular and less well known cloud applications, support our business processes and integrate with an existing Active Directory-based identity infrastructure were extremely important to us,” said Larry Whiteside, CISO of Visiting Nurse Service of New York. “We have six SaaS applications that have gone live thus far and I am highly impressed with the speed and ease with which we have been able to roll these out to our very large, very mobile user base. Moving forward, we plan to utilize Symplified for more web-based applications, not only externally, but internally as well.”

Beyond SSO: Symplified Delivers Comprehensive Cloud IAM

Symplified provides VNSNY with comprehensive identity and access management (IAM) capabilities for its SaaS and other applications, including:

• Centralized access control and governance that leverages the existing Active Directory identity infrastructure for provisioning/de-provisioning and user/group permissions.
• Secure single sign-on for a very large and highly mobile user base that makes SaaS applications available on any device from any location according to the user’s identity and authorization permissions.
• Usage auditing that provides visibility into third party applications for regulatory compliance reporting required by the HIPAA and HITECH mandates.

“Four of the six SaaS applications VNSNY began with are not well known and weren’t SAML-ready, but we were able to demonstrate just how easily and quickly Symplified can add applications into the Trust Fabric® ecosystem,” said Josh Forman, vice president of service delivery for Symplified. “This enabled us to meet VNSNY’s business go-live timelines for the new applications and satisfy their stringent security and standardization requirements.”

About Symplified Cloud Security Company

Symplified enables companies to extend and enforce identity, access management, and SSO security policies on private and public Cloud applications. The Symplified Suite unifies Web access management, federated SSO, auditing and user management across any access device. This service can be delivered using an on-premise managed appliance or via the Symplified Trust Cloud™ which is woven into the fabric of the global, massively scalable Amazon Web Services platform. Symplified has been recognized by the Wall Street Journal, CRN, Network World, the RSA conference, and others for its innovations.

The company’s management team created Web access management market originator Securant and the ClearTrust product, which was acquired by RSA Security. Symplified has received financing from leading venture capital firms Granite Ventures and Allegis Capital. The company is headquartered in Boulder, Colo., with offices in Mountain View, Calif.

Visit us on the web at www.symplified.com.

Evans Mavhina, a guard at the mall, was testifying in the High Court in Pretoria in the murder trial of Zwakahle Mavundla, 27, of Joubert Park in Johannesburg. Mavundla is accused of the murder of Jaco Pretorius in August 2009. The former policeman, who headed the guarding division at Protea Coin Security, died behind the wheel of his car. He was shot in the abdomen while trying to block the escape of one of the men who robbed a jewellery store in the mall.

A saleswoman at Sterns jewellery store, Adelaide Semela, testified that Mavundla and two other men had demanded money from her at gunpoint shortly after the store opened. When she told them there was no money in the store, they ordered her to put jewellery into plastic bags. The robbers dropped most of their loot and ran out after a security guard entered the store. The robbers told him to lie down, but he ran out screaming for help.

Mavhina testified that a customer pointed a firearm at him shortly after he entered the store that morning. Two other men searched him and took his cellphone and wallet. Mavhina was kneeling down when he decided to take a chance. He ran out and shouted for help. When he looked back, he saw the three men running in the opposite direction. He followed and saw two of the men jumping into a getaway car.

Mavundla was too slow for the car and ran towards Nelmapius Road with Mavhina hot on his heels. The guard tried to stop cars. The driver of one car tried to block Mavundla’s way, but he took out a firearm and shot at the driver through the window. While the car’s driver continued driving, Mavhina and a group of others followed Mavundla when he ran under the bridge at the R21.

road. Two men and a Coin Security guard took out their firearms and pointed them at Mavundla, who still had a gun in his hand. When they warned him to drop the gun or they would shoot him, Mavundla took off his jacket, rolled his firearm in the jacket and put it on the ground. The group then tied Mavundla’s hands with his own belt before the police took him from the scene, the guard testified.

Mavundla has pleaded not guilty to a charge of murder and other charges, including two of robbery with aggravating circumstances, three of assault, unlawful possession of a firearm and ammunition and a charge of conspiracy in terms of the Riotous Assemblies Act. The State alleges he conspired with at least two other men to engage in a spree of robbery and theft at the mall that day.

Media Security Company Irdeto Buys BayTSP

Irdeto, a global software security and media technology company based in the Netherlands, announced this morning that it has acquired BayTSP, a Santa Clara, California-based company that specializes in anti-piracy services.

The addition should be a strong fit for Irdeto’s ActiveCloak for Media end-to-end protection platform. BayTSP has worked with most of the major Hollywood studios, providing intelligence on the distribution of pirated content. ”We leave no stone unturned on the Internet,” says Stuart Rosove, CEO of BayTSP – and now vice president, head of integration for Irdeto. BayTSP will keep its California offices.

BayTSP works by monitoring up to 1 billion points of detection every month, including peer-to-peer networks, cyberlockers, and live streaming sites. It gathers information and reports back to its major studio clients. Being acquired by Irdeto “made a hell of a lot of sense” for both the company and its clients, says Rosove. As studios become distributors, they need to understand the flow of content once it gets past their walled gardens, he adds. Solid intelligence helps them make informed high-level decisions.

BayTSP offers two types of services. First, it provides search and discovery for digital assets, allowing clients to understand how their media is spread. Second, it offers enforcement and compliance services, such as cease and desist notices, and working with some ISPs to remove pirated content. it doesn’t offer litigation services, however.

While Irdeto’s ActiveCloak has been moving in this area, “BayTSP offers a much wider variety and more services in that area,” says Christopher Schouten, Irdeto’s senior director of solutions marketing.

Neither company disclosed the terms of the acquisition.

The agreement is part of a settlement between the TSA, the American Civil Liberties Union and the ACLU of Florida. In August 2009, the ACLU filed an administrative complaint on behalf of an Air Force veteran who was refused a job as a transportation security officer (TSO) with the TSA because he is HIV-positive.

“Not only does this discrimination perpetuate misconceived notions about people with HIV, it could create situations where HIV-positive people are forced to hide their status in order to keep their job or seek employment,” said Michael Lamarre, who was refused a job after he disclosed his HIV status for a physical. Lamarre had otherwise passed a lengthy interview and screening process. “If a person feels they could be the target of discrimination, he may avoid getting tested and never know his true HIV status, or could delay much-needed life-saving treatment.”

When Lamarre applied for the job in 2008, he was told he was rejected because his HIV status made him more susceptible to infections like colds and viruses, and that it was for his own protection. The TSA based its denial on Lamarre’s T-Cell count and the medication he was taking, despite assurances to the TSA from his treating physician that he was perfectly capable of performing the job.

Lamarre, an Air Force veteran who also previously worked for the National Security Agency, has never had any of the medical conditions associated with AIDS, and has been able to control his HIV through medication. There was no doubt that Lamarre, who annually rides in a two-day, 165 mile bike ride for charity and has always held a steady job, was healthy enough to perform the duties of a TSO.

“We are hopeful that TSA’s willingness to settle this case, and its agreement to review its medical guidelines, are indications that in the future the agency will employ practices that reflect what the medical community has known for years – people with HIV are fully capable of doing their job and can live active and healthy lives,” said Randall Marshall, legal director of the ACLU of Florida. “All employers, especially our federal agencies, should have policies to ensure that no one is denied the right to earn a living because of their HIV status.”

“It’s frustrating that people continue to face discrimination based on misguided ideas of what it means to live with HIV,” said Rose Saxe, senior staff attorney with the ACLU AIDS Project. “We are glad that the TSA will be re-assessing its medical guidelines.”

Reducing sodium intake has been proven to cut high blood pressure—a major risk factor for strokes and heart attacks. Federal nutrition guidelines recommended those 51 and older get no more than 1,500 mg of sodium per day (the same goes for blacks and those with high blood pressure, diabetes or kidney disease, regardless of age). But a CDC analysis of 19,000 Americans (using data from 20o5-2008) found 98.6 percent of those who should cut sodium to 1,500 mg per day eat more than that.

Most of the sodium you get in your diet doesn’t actually come from the salt shaker, the CDC notes. This is one way good-intentioned people often fail at cutting back on sodium, by thinking, oh, I’ll just add less salt to my food! About 75 percent of the sodium in the typical American diet is added to the food during processing (for packaged foods) or preparation (for restaurant food). One more good reason to work more fresh, unprocessed foods into your diet!

Social Security Boost For Working Retirees, Too: Yesterday’s announcement that Social Security recipients will be getting a 3.6 percent increase in benefits next year was likely met with relief by retirees who depend on that money to get by. But will the raise make a difference for those who collect Social Security and another paycheck? Possibly: The Social Security Administration has also bumped up the limits on the amount working ‘retirees’ can earn without seeing a cut in Social Security benefits, Forbes’ Kerry Hannon reports.

First off: There is no earnings limit for workers of ‘full’ retirement age (66 for people born 1943-1954). For folks who’ve elected to take Social Security benefits earlier than that, the earnings limit has been raised to $14,160. For example, a 62-year-old could make $14,160 in income without getting less Social Security benefit money; but for every $2 earned over $14,640, that person will lose $1 in benefits

It is important to note, though, that these benefit reductions are not truly lost,” Hannon writes. “Your benefit will be increased at your full retirement age to account for benefits withheld due to earlier earnings, according to SSA.”

While the Social Security program lets you begin getting payments as early as 62, full benefits don’t begin until age 66. Individuals can increase their payments by 7 to 8 percent each year they wait to take benefits, up to age 70. [Confused about when to claim benefits? We have answers.]

Friday Quick Hits:
The FDA has recalled 20 brands of ‘natural’ diet pills because they contain the banned diet drug Meridia. Rod Stewart notwithstanding, male fertility declines with age, too.

President Obama’s jobs plan was once again blocked by Senate Republicans. This version of the bill had been narrowed to providing $35 billion to state and local governments to prevent layoffs of teachers, police officers and firefighters.

The Bridge School Benefit Concert—started by Neil and Pegi Young in 1986 to raise funds for the non-profit Bridge School for children with severe impairments—will celebrate its 25th year with performances from Young, Tony Bennett, Carlos Santana, Dave Matthews, Arcade Fire and more.

And what older people should consider before taking an antidepressant.
(Photo: Chijo Takeda/Getty Images)

President Obama

“I face the world as it is and cannot stand idle in the face of threats to the American people,” he told the Nobel Committee in Oslo. “For make no mistake: Evil does exist in the world. A non-violent movement could not have halted Hitler’s armies. Negotiations cannot convince al-Qaeda’s leaders to lay down their arms.”

In the 11 months before the speech and the 22 months since, a president heralded as a liberal and hailed as a pacifist has built his national security record by taking out terrorists, stepping up drone attacks, sending 30,000 troops into Afghanistan and clearing the air for a NATO war against Libya that led to Moammar Gadhafi’s death Thursday.

As he heads toward a difficult re-election race, polls show voters believe Obama is handling the title “commander in chief” better than other aspects of his job — the economy, for instance. Belittled during the 2008 campaign by Hillary Rodham Clinton as ill-equipped to handle 3 a.m. phone calls at the White House and by Republican Sen. John McCain for backing “the path of retreat and failure” in Iraq, Obama has built a record on national security that’s proving difficult to attack.

“Without putting a single U.S. servicemember on the ground, we achieved our objectives, and our NATO mission will soon come to an end,” the president said Thursday in the White House Rose Garden. (He might have added: without the initial backing of Pentagon leaders and without seeking approval from Congress.)

“This comes at a time when we see the strength of American leadership across the world,” he said. “We’ve taken out al-Qaeda leaders, and we’ve put them on the path to defeat. We’re winding down the war in Iraq and have begun a transition in Afghanistan. And now, working in Libya with friends and allies, we’ve demonstrated what collective action can achieve in the 21st century.”

It was ironic that Obama’s 2008 foes were left to applaud Thursday’s events. On Capitol Hill, McCain said, “The administration deserves great credit” for Gadhafi’s demise. Clinton — piling up frequent flier miles in Obama’s employ as secretary of State — was hard at work in Afghanistan after meeting with Libyan transitional leaders in Tripoli on Tuesday. Her first reaction: “Wow!”

“There is a cold pragmatism about this president, and a very clear-eyed understanding that nation-states such as the United States have to use force or threaten to use force in order to achieve policy objectives,” says Andrew Exum, senior fellow at the Center for a New American Security, who led Army platoons in Iraq and Afghanistan from 2001-04.

Gadhafi’s downfall, however long in coming after his 42-year domination of Libya, could justify Obama’s decision to “lead from behind” rather than help NATO and Libyan rebels with more U.S. air power early on. Still, after doling out credit, McCain said on CNN “this would have been over a long time ago” if the administration had done just that.

Not so, countered Democratic Sens. John Kerry of Massachusetts and Carl Levin of Michigan, who chair the Foreign Relations and Armed Services committees. ”Though the administration was criticized both for moving too quickly and for not moving quickly enough, it is undeniable that the NATO campaign prevented a massacre and contributed mightily to Gadhafi’s undoing without deploying boots on the ground or suffering a single American fatality,” Kerry said. “This is a victory for multilateralism and successful coalition-building in defiance of those who derided NATO and predicted a very different outcome.”

‘Smart and daring and luck‘

Obama’s record on the international front might not help him very much next November. The economy — top issue for six of 10 Americans — is in a stall. Unemployment is at 9.1%, and financial markets are subject to sudden, precipitous slides. Drawn-out debates about the federal deficit and national debt — ranked second in most polls — have tied his administration in knots.

On national security, Obama has done most of what he set out to do. He ended combat operations in Iraq to focus on Afghanistan and al-Qaeda. He’s worked in concert with allies as much as possible but gone it alone when necessary — most noticeably in ordering the stealthy, risky mission to kill Osama bin Laden in Pakistan.

He has requested small increases in defense spending later denied by Congress and reversed field on earlier decisions to close the military detention facility at Guantanamo Bay and hold terrorist trials in civilian courts. He has relied for advice on Bush administration holdovers such as Robert Gates and David Petraeus.

“It’s a combination of smart and daring and luck,” says Richard Clarke, a State Department official in the Reagan administration who held top counterterrorism posts under George H.W. Bush, Bill Clinton and George W. Bush. “He does have this element of courage to him.”
Republican presidential candidates, such as former Massachusetts governor Mitt Romney, say he’s talked too much and spent too little, leaving the United States weakened on the world stage. They say he’s let Israel down by boosting Palestinian statehood and propped up Iran by accepting the results of its presidential election.

Liberal Democrats, such as House Minority Leader Nancy Pelosi have criticized the pace at which he wants to remove troops from Afghanistan. They want an end to the 10-year-old war there — as do some GOP presidential candidates, such as Jon Huntsman and Ron Paul. Even so, the president’s hard-nosed approach to national security could neutralize any advantage Republicans typically have on that issue and bring him grudging respect — even campaign contributions — from the defense industry.

“Money follows power,” says Sheila Krumholz, executive director of the Center for Responsive Politics, which tracks campaign spending. “I think money can be swayed even for an individual who’s perceived to be aligned with one side.” If the impact on his re-election chances is minimal, the record being left for historians to analyze could be the strongest of any Democratic president since Harry Truman.

John F. Kennedy fumbled the Bay of Pigs invasion. Lyndon Johnson’s presidency was brought down by the Vietnam War. Jimmy Carter lost re-election after failing to free 52 U.S. hostages in Iran. Clinton’s first military operation ended with the deaths of 19 U.S. soldiers in Somalia.

“There’s no doubt Obama’s had a better first term in the White House on foreign policy than any Democrat going back to Truman, and frankly better than most Republicans’ first terms as well,” says Michael O’Hanlon, a defense expert at the Brookings Institution.

Actions speak louder than words.

To hear Obama tell it during his first year in office, his presidency would be defined by peace efforts and reconciliation.
He told thousands of Czech Republic citizens in Prague of his dream of “a world without nuclear weapons.” He told thousands of Egyptians in Cairo of his desire to seek “a new beginning” with the Muslim world. He told his Oslo audience at the Nobel Peace Prize ceremony that they should “reach for the world that ought to be.”

But behind the rhetoric, Obama didn’t veer far from the counterterrorism policies of the Bush administration. In fact, U.S. military and intelligence cooperation has led to far more successes against al-Qaeda, including the killings of Osama bin Laden in May and Anwar al-Awlaki in September.

However, under Obama’s watch, the United States has stepped up unmanned drone strikes against terrorist targets in Pakistan and Yemen, showing a willingness to extend the war on terrorism beyond the borders of Afghanistan and Iraq. The president went against many of his own advisers by launching airstrikes against Libya in March. While setting target dates for troop withdrawals from Afghanistan, Obama has weathered the worst days of that war. This month, he ordered about 100 U.S. troops into central Africa to help put an end to atrocities by the Lord’s Resistance Army.

The triumphs and tragedies have come fast and furious. At Fort Campbell in early May, Obama met many of the Special Forces members who raided bin Laden’s lair in Pakistan. At Dover Air Force Base in early August, he saluted 30 fallen troops whose helicopter crashed in Afghanistan.

“He has had to make a very difficult set of decisions that only a commander in chief has to make about the use of force,” says Ben Rhodes, deputy national security adviser for strategic communications. “You experience the extraordinary achievements of our military. At the same time, you are confronted with the extraordinary sacrifice.”

Obama’s approach to the wars in Iraq and Afghanistan has won support among many defense experts. By ending the unpopular combat mission in Iraq and vastly reducing the U.S. presence there, he enabled the Pentagon to focus its efforts and resources on the more popular war in Afghanistan.

“I give him credit for more carefully defining what we’re trying to do militarily,” says Jon Alterman, director of the Middle East program at the Center for Strategic and International Studies. That careful definition has led the Pentagon to cancel numerous weapons systems to limit defense spending. But Obama has sought small increases each year despite the need to reduce the federal budget deficit.
“The perception out there is that he has cut defense,” says Todd Harrison of the Center for Strategic and Budgetary Assessments. But even with the demise of F-22 fighter jets, Army combat vehicles and Navy destroyers, he says, “All that did was slow the rate of growth.”
Liberals, conservatives still upset.

Many of the same analysts who credit Obama for maintaining a strong national defense predict it won’t help him much in 2012.
Conservatives aren’t likely to be swayed. They say the United States has lost respect by seeking to engage Iran, setting deadlines for troop withdrawals in Afghanistan, not standing fully behind Israel and insisting on multilateralism rather than asserting American supremacy.

“No doubt the killing of bin Laden will win some centrist votes,” says Elliott Abrams, a deputy national security adviser in the Bush administration and assistant secretary of State in the Reagan administration. Still, he says, “any Republican would do the things conservatives applaud, but would not do the things we oppose.”

“Getting bin Laden and the drone strikes in general are helpful, but more as a prophylactic for the president,” says Peter Wehner, who worked for the past three Republican presidents. “It helps prevent further erosion for him, rather than wins him votes.” Although the threats to defense spending over the coming decade are dictated by bipartisan deficit-reduction efforts, Obama has argued for savings while some Republicans support increases. The biggest threat to military spending is the automatic cuts that would happen if lawmakers can’t agree on tax increases and reductions in Medicare and other entitlement programs.

“The hard-liners will always feel as if Obama has been soft on our enemies,” says Loren Thompson, chief operating officer of the pro-defense Lexington Institute. “But you can’t come to that conclusion looking at the way he’s spent money or the way he’s deployed forces. They’re reacting to the tone of the administration rather than to the substance of what he’s actually done.”

Liberals have a harder time reconciling Obama’s words in Prague, Cairo and Oslo with his actions in Afghanistan, Pakistan and Yemen. That could harm the president next November more than his centrist appeal on national security matters could help him.

“The base of the Democratic Party is in large part disillusioned with the war on terror, and the war in Afghanistan specifically,” Exum says.

Defense donations go both ways

As Obama focuses on fundraising while his potential Republican opponents battle each other for the nomination, he can take heart that defense industry money has flowed in his direction before.

During the 2008 presidential cycle, Obama raked in more than $1.1 million from defense companies, compared to $750,000 for McCain, a former prisoner of war in Vietnam. Those figures are from the Center for Responsive Politics, which this year shows Obama has received more than $50,000 — about as much as all his GOP rivals combined.

The president also leads in contributions from people who work at the Pentagon or one of the military branches, according to the center. He has raised $35,000, slightly more than Republican Ron Paul, who promotes a non-interventionist foreign policy, and far more than other Republican candidates.

Over the past two decades, the defense industry’s political contributions have flowed more to the party in power. Democrats received the majority of the funds from 1991-94, when they controlled Congress. Republicans gained the upper hand in defense donations after they won House and Senate majorities in 2004. The money tilt switched back to Democrats when they took over Congress in 2007. Now, it has tilted back to Republicans.

Which way will the money flow in the next 12 months is anyone’s guess. “I would imagine that it would be a close call,” Krumholz says.

Cloud has become a key part of the NSA's IT strategy

He said that cloud computing–his remarks indicated that he was largely speaking about private cloud computing–will help deliver better information to soldiers and intelligence professionals where and when they needed it, cut costs, and at the same time provide the NSA and Department of Defense with better insights into its networks, since consolidation is one prerequisite of a robust cloud strategy. “When you think about the cloud, look at what Google, Amazon are doing with the technology,” he said. “It’s absolutely superb. We need to go from our legacy databases to the cloud.”

Security, Alexander acknowledged, is a key concern in the cloud, but he said that the cloud also brings advantages in terms of what he termed “collapsing the enclave.” Today, he said, the military and Cyber Command often have too little insight into what is going on in isolated and segmented military and intelligence networks to understand if they are in fact secure. A broader cloud infrastructure, he added, would both enable his organizations to get a better end-to-end view of their networks and be able to put security measures and virtual segments in place to maintain security.

Alexander also championed cloud computing as an example of a technology that will help the DOD fulfill its IT efficiencies requirements, part of major wider push to make the DOD more efficient in order to reinvest money elsewhere in the military. Other initiatives there include thin clients.

In addition to his remarks on cloud computing, Alexander also gave an update on Cyber Command and the latest cybersecurity threats, noting that the DOD would soon have new strategic guidance and rules of engagement for the cyber world that include an offensive cyber strategy for “reasonable, proportional responses” to cyberattacks and threats. The DOD has already put out its initial operational guidelines, but that will soon be followed additional doctrine from the Joint Chiefs of Staff and then Cyber Command, Alexander said. “We are working on a set of rules for cyber,” he said. “The laws of armed warfare do apply.”

An offensive strategy that would inform decisions like when and how to go after botnets will likely be part of the broader doctrine, Alexander said. “The advantage is on the offense,” he said, adding that part of the question is who will play that role. “Is it the FBI? Is it the NSA? Is it the military or is it the Internet service providers? Somebody can turn that off.”

Alexander also said that he is continuing to push for better information sharing between the government and private sector, particularly of sensitive cyber information, and said that information sharing processes are being examined as part of a pilot with defense contractors.

Our annual Federal Government IT Priorities Survey shows how agencies are managing the many mandates competing for their limited resources. Also in the new issue of InformationWeek Government: NASA veterans launch cloud startups, and U.S. Marshals Service completes tech revamp.

The huge K-25 facility at Oak Ridge

Newly available U.S. Government documents show that the Nuclear Regulatory Commission determined in May that the company’s Global Nuclear Fuels-Americas branch had committed five infractions in its laser enrichment program. GE-Hitachi hopes to win licensing approval for the nation’s first such laser facility by next June.

The proposed plant near Wilmington, N.C., would employ an as-yet experimental process to commercially enrich uranium for fueling nuclear power stations worldwide. If successful in an industrial setting, laser enrichment could be carried out in relatively small facilities and significantly reduce the cost of reactor fuel.

At least one of the violations in the company’s so-called Global Laser Enrichment effort involved “willful actions” and “deliberate misconduct,” according to an NRC letter obtained under the Freedom of Information Act.

The Nuclear Regulatory Commission has not publicly released the May 19 notification letter it sent to the GE-Hitachi entity. However, it made the document available to GSN in heavily redacted form, citing proprietary information and security concerns for the selected omissions. Many key words and phrases are missing from the document, so the specific nature of the violations remains largely unclear.

What is apparent from the text, though, is that the violations were “security-related” and were deemed troubling because of the potential for harm. David McIntyre, an NRC spokesman, on Tuesday declined to discuss the breaches on the basis that the agency does not publicly address security matters.

In May, however, the nuclear commission found at least one infringement of regulations serious enough to constitute a “Severity Level II” violation — one that is “of very significant regulatory concern,” according to agency guidelines. ”Although no actual consequences occurred … the potential consequences were very significant due to … the willful actions (deliberate misconduct)” of one or more individuals, the much-censored NRC letter states.

It continues: “Willful violations are a particular concern to the NRC because our regulatory framework is based, in part, on the integrity and commitment of licensees, contractors, and employees, to adhere to regulatory requirements.” Other unspecified violations cited in the notice represented a “significant” or “Severity Level III” contravention, for which the NRC assessed a $17,500 civil fine.

The one “very significant” violation — marked by “deliberate aspects” not spelled out in the redacted letter — warranted a $28,000 penalty, the commission said. GE-Hitachi paid a total of $45,500 in NRC civil fines earlier this month, according to the NRC document and information provided by company and agency spokesmen.

One of the justifications cited by the nuclear agency for blocking out more than three dozen passages in the four-page notice is already raising eyebrows among some atomic experts who have read the document. The commission is pointing to a Freedom of Information Act exemption from public release aimed at protecting law enforcement information that “could reasonably be expected to endanger the life or physical safety of any individual.” With the exact nature of the violations remaining secret, the oblique reference to persons vulnerable to potential security risk adds a mysterious twist to the case.

The agency findings stemmed from a January on-site inspection and an in-office inspection the following month, the violation notice states. After an April conference with NRC officials to discuss the violations, the company took several “corrective actions,” including “terminating individuals from the project” and reinforcing a “commitment to integrity,” according to the letter.

This was not the first time the Nuclear Regulatory Commission cited GE-Hitachi for serious infractions in its Global Nuclear Fuels effort. The agency lashed the entity in June 2010 for a significant problem with its “integrated safety analysis methodology,” the May letter states.

Word of the revelations has reached Capitol Hill, where some key Democrats and Republicans have voiced nuclear proliferation concerns associated with the laser-enrichment technology (see GSN, July 30, 2010). Debate lately has revolved around an American Physical Society petition filed last year that calls on the independent Nuclear Regulatory Commission to require license applicants for domestic civil nuclear facilities to evaluate any potential proliferation risks.

The physicists’ group and its supporters have argued that U.S. licensing of the laser enrichment technology might embolden Iran or other suspected nuclear-weapon aspirants to build covert laser facilities that could be more easily hidden from public view than today’s mammoth enrichment plants (see GSN, Jan. 12).

“Members [of Congress] will take a dim view if it is found that NRC and GE have been attempting to sweep a history of multiple serious violations of government regulations under the rug,” one Capitol Hill aide said this week. The congressional staffer and a number of other sources for this article spoke on condition of not being named, citing the sensitivity of the issue.

Nuclear energy and foreign policy experts said they are particularly troubled by news that one or more individuals associated with the Global Laser Enrichment effort knowingly flouted federal security-related regulations. ”There was a previous case in which an employee engaged in willful misconduct at an enrichment facility,” said Francis Slakey, a physics and public policy lecturer at Georgetown University. “His name was A.Q. Khan. We know how that turned out.”

Slakey — a public affairs deputy at the American Physical Society – was referring to the Pakistani scientist who in 2004 confessed to leaking sensitive nuclear technologies to Iran, North Korea and Libya. Khan was released in 2009 after five years of house arrest (see GSN, May 17).

“Laser enrichment technology can be dangerous from a proliferation perspective,” the congressional staffer said. “For individuals of the company entrusted with this technology to be guilty of willful violations, according to the NRC, raises serious questions about the company’s competence to protect this technology.” A GE-Hitachi spokesman based in Wilmington insisted otherwise.

“The U.S. government has been actively involved from the outset to ensure that strict measures are in place to safeguard this technology,” Mike Tetuan, a Global Laser Enrichment representative, said in a written response to questions. “GLE has worked very closely with the responsible government agencies to ensure security.”

McIntyre, the NRC spokesman, said the agency’s handling of the incident shows that the oversight system is working. ”Without addressing the substance of the violation, I can say that this enforcement action demonstrates that the NRC inspects our licensees and when we find violations of our regulations, we act swiftly to correct them,” McIntyre told GSN.

Tetuan credited his company for “uncovering and promptly reporting the events” in question to the Nuclear Regulatory Commission, adding that GE-Hitachi “has taken all necessary corrective action to ensure future compliance.” He also noted the firm last year commissioned an independent analysis that “confirmed that development of the [laser] technology will not result in a risk of proliferation of enrichment technology.”

GE-Hitachi has not released the evaluation by a three-person expert panel, citing a need to protect commercial trade secrets.
Donald Kerr, a former Los Alamos National Laboratory director who led preparation of the seven-page independent assessment, has been slightly less definitive than the company spokesman about the team’s findings. He recently told the New York Times that, in the panel’s view, laser enrichment could not be “easily hidden.”

“My understanding is that the analysis team came to the conclusion that laser enrichment offers a detectable signature for the large-scale facility of the kind that GE-Hitachi aims to build,” Slakey said. “However, it is unclear whether the analysis also considered the possibility that a foreign entity’s illicit laser enrichment facility might be scaled-down and successfully hidden.”

Coming amid lingering worries about the technology’s global proliferation potential, news that the first U.S. commercial program of its kind has been cited for security violations – even as its federal license to begin operations remains pending – could make for heightened unease in Congress.

“If these alleged violations touch upon laser enrichment, a very keen interest is guaranteed among those on the Hill and in the nonproliferation community who are concerned about the proliferation risks of that technology,” a second congressional source said this week.

Slakey, who spearheaded his organization’s petition for mandatory nonproliferation assessments before NRC nuclear-facility licenses are issued, said the Global Laser Enrichment violations raise questions about “integrity” in the company. They also underline why an NRC licensee’s “voluntary proliferation assessments aren’t sufficient,” he said.

The existing NRC licensing system does not require a dedicated review of proliferation concerns. To date, agency officials have maintained that the “net effect” of the overall process discourages the spread of sensitive technologies.

The agency is reviewing the APS petition, which was supported by more than 2,000 nuclear experts, lawmakers and ordinary citizens but opposed by the atomic energy industry’s lobbying arm, the Nuclear Energy Institute. The Nuclear Regulatory Commission is expected to issue a decision on it early next year.