Tag: SEQUESTER MAY SLOW PENTAGON RESPONSE TO WIKILEAKS

SECRECY NEWS – SEQUESTER MAY SLOW PENTAGON RESPONSE TO WIKILEAKS

The across-the-board budget cuts known as sequestration that are expected
to take effect on March 1 could impede the government's ability to respond
to WikiLeaks and to rectify the flaws in information security that it
exposed, a Pentagon official told Congress recently.

Zachary J. Lemnios, the assistant secretary of defense for research and
engineering, was asked by Sen. Rob Portman (R-Ohio) to describe the "most
significant" impacts on cybersecurity that could follow from the
anticipated cuts to the Pentagon's budget.

Mr. Lemnios replied that "cuts under sequestration could hurt efforts to
fight cyber threats, including [...] improving the security of our
classified Federal networks and addressing WikiLeaks."

    http://www.fas.org/irp/congress/2012_hr/fydp-42.pdf

The sequester could also interfere with the Comprehensive National
Cybersecurity Initiative that began under President Bush, he said, and
could hold up plans to "initiat[e] continuous monitoring of unclassified
networks at all Federal agencies."

Mr. Lemnios' response to Sen. Portman's question for the record (which had
not specifically mentioned WikiLeaks) followed a March 2012 Senate Armed
Services Committee hearing on Emerging Threats and Capabilities that was
published in December 2012 (at page 42).

    http://www.fas.org/irp/congress/2012_hr/fydp.pdf

Generally speaking, computer security within the military is a daunting
problem, Mr. Lemnios told the Committee, particularly since "The Department
operates over 15,000 networks and 7 million computing devices across
hundreds of installations in dozens of countries around the globe."

The challenge of cybersecurity cannot be fully described in public, said
Dr. Kaigham J. Gabriel of DARPA. "The complete picture requires a
discussion at the special access level."  But he told the Committee last
year that several basic points can be openly acknowledged:

"Attackers can penetrate our networks:  In just 3 days and at a cost of
only $18,000, the Host-Based Security System" -- the Pentagon's baseline
computer security system -- "was penetrated."

"User authentication is a weak link: 53,000 passwords were provided to
teams at Defcon; within 48 hours, 38,000 were cracked."

"The Defense supply chain is at risk: More than two-thirds of electronics
in U.S. advanced fighter aircraft are fabricated in off-shore foundries."

"Physical systems are at risk: A smartphone hundreds of miles away took
control of a car's drive system through an exploit in a wireless
interface."

"The United States continues to spend on cybersecurity with limited
increase in security: The Federal Government expended billions of dollars
in 2010, but the number of malicious cyber intrusions has increased."

Though it was presumably not intentional, the WikiLeaks project galvanized
government information security programs and accelerated efforts to devise
"insider threat" detection mechanisms, along with intensified surveillance
of classified and unclassified government computer networks.

"New classes of anomaly detection methods have been developed and are
based on aggregating events across time and multiple sources to identify
network and host-based behavior that might be malicious," James S. Peery of
Sandia National Laboratories told the Senate Armed Services Committee at
last year's hearing.  "These approaches and behavioral-based methods have
been successful in finding previously undiscovered malware."

"One drawback of this technology, though, is that it has a very high false
positive rate," he said.

OPEN ACCESS TO SCIENTIFIC RESEARCH ADVANCES

Government-sponsored scientific research published in expensive journals
should become more readily accessible to the public under an initiative
announced by the White House Office of Science and Technology Policy on
Friday.

    http://www.fas.org/sgp/obama/sciaccess.pdf

Federal agencies that fund at least $100 million per year in scientific
research were directed by White House science advisor John Holdren to
develop plans to make the results of such research publicly available free
of charge within a year of original publication.

"The logic behind enhanced public access is plain," Dr. Holdren wrote in
response to a public petition on the White House web site. "We know that
scientific research supported by the Federal Government spurs scientific
breakthroughs and economic advances when research results are made
available to innovators. Policies that mobilize these intellectual assets
for re-use through broader access can accelerate scientific breakthroughs,
increase innovation, and promote economic growth."

But the benefits of open access are not the sole consideration in the new
policy.  "The Administration also recognizes that publishers provide
valuable services, including the coordination of peer review, that are
essential for ensuring the high quality and integrity of many scholarly
publications. It is critical that these services continue to be made
available."

"We wanted to strike the balance between the extraordinary public benefit
of increasing public access to the results of federally-funded scientific
research and the need to ensure that the valuable contributions that the
scientific publishing industry provides are not lost," Dr. Holdren wrote.

The resulting policy mandating free public access within 12 months of
publication is the result of an attempt to balance those competing
interests, and it too is subject to future modification "based on
experience and evidence."

COMMENTS SOUGHT ON OVERSIGHT OF "DUAL USE" BIO RESEARCH

Members of the public are invited to comment on the feasibility and
desirability of various forms of institutional oversight at
federally-funded institutions that perform research involving certain
pathogens or toxins.

"Certain types of research that are conducted for legitimate purposes may
also be utilized for harmful purposes. Such research is called 'dual use
research'," said a Notice filed in the Federal Register Friday by the
Office of Science and Technology Policy.

    http://www.fas.org/sgp/news/2013/02/ostp-dual.html

"Dual use research of concern (DURC) is a smaller subset of dual use
research defined as life sciences research that, based on current
understanding, can be reasonably anticipated to provide knowledge,
information, products, or technologies that could be directly misapplied to
pose a significant threat with broad potential consequences to public
health and safety, agricultural crops and other plants, animals, the
environment, materiel, or national security," the OSTP Notice explained.

The term "dual use research of concern" should not be taken in a
pejorative sense, OSTP said.

"Research that meets the definition of DURC often increases our
understanding of the biology of pathogens and makes critical contributions
to the development of new treatments and diagnostics, improvements in
public health surveillance, and the enhancement of emergency preparedness
and response efforts. Thus, designating research as DURC should not be seen
as a negative categorization, but simply an indication that the research
may warrant additional oversight in order to reduce the risks that the
knowledge, information, products, or technologies generated could be used
in a manner that results in harm. As a general matter, designation of
research as DURC does not mean that the research should not be conducted or
communicated."

In the February 22 Federal Register Notice, OSTP posed a series of
questions concerning potential oversight arrangements for dual use research
of concern and solicited feedback from interested members of the public.

_______________________________________________
Secrecy News is written by Steven Aftergood and published by the
Federation of American Scientists.

The Secrecy News Blog is at:
     http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to
     http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood@fas.org

Secrecy News is archived at:
     http://www.fas.org/sgp/news/secrecy/index.html

Support the FAS Project on Government Secrecy with a donation:
     http://www.fas.org/member/donate_today.html

_______________________
Steven Aftergood
Project on Government Secrecy
Federation of American Scientists
web:    www.fas.org/sgp/index.html
email:  saftergood@fas.org
voice:  (202) 454-4691
twitter: @saftergood