Time for a Four Star Cyber General

Cyber is everywhere in our lives today and it is our greatest strategic weakness.

In 2015, the FBI and Department of Homeland Security determined Chinese sources, likely the Chinese Army, hacked the federal government’s Office of Personnel Management stealing 21.5 million applications for security clearances. Not only were vital statistics like social security number and credit history vacuumed up but, also, family relationships and social networks. Not even such a blatant and dangerous data security breach spurred the government beyond holding a couple of face saving Congressional hearings. —

Wikileaks disclosed information hacked from the CIA that exposed our ability to track terrorists through their cell phones. The result tipped off the terrorists who’ve returned to more primitive but harder to track methods of communication.

Global “ransom ware” attacks on hospitals have done little to prompt even a single Congressional hearing.

Equifax Credit Bureau was so careless with data they collect from all Americans involuntarily that hackers roamed undetected through their huge credit databases for nearly four months stealing the information of nearly half of the American people – using — what appears to be — a specific set of selection criteria. The government’s response: Consumers can sue Equifax.

The Security and Exchange Commission’s EDGAR System was hacked a year ago (August, 2016). It is likely that some person or persons or country unknown had access to the financial reporting data of every publically traded American or multi-national corporation before that information was made public, as required by law. Congress and the American people were not told until the appointment of a new SEC Chairman in September, 2017.

For almost a year, hackers were able to use (or sell)”insider trader information” to trade on specific stocks before the company’s public announcement of earnings. Such trading is a federal crime.

Just last week, the Department of Homeland Security released a list of 21 states where Russians successfully or semi-successfully hacked into state election systems prior to the 2016 Presidential election.

Taken together these are hostile acts against the nation and the people of the United States – as surely as if those bits and bytes were bullets.

In this war of bits, bytes, and the dark web, there is no “frontline” and Congress is not doing its job: Building an army to protect you and I – the American people – from a nefarious global network of economic terrorists.

No American is Safe:

Almost every aspect of daily American life is connected to the World Wide Web.

When you:

  • Apply for a job
  • Apply for a mortgage or rental approval
  • Watch television
  • Shop – online and off
  • Buy groceries at the local grocery store
  • Dial 911 an emergency
  • Catch up with friends
  • Make a medical appointment
  • Pay the basic monthly bills
  • Save for retirement etc.

The details of every transaction are collected by numerous public and private interests – irrespective of your Constitutional right to privacy. Under the best of circumstances, this data is summarized and sold to better “target” you as a customer.

In the hands of a criminal this data can be used to steal your identity. It can be used to blackmail you into – for example — spying against your employer, your neighbors or friends. It might allow a health insurance company illegal access to your genetic profile.

Protect Our National Infrastructure

There is no part of the infrastructure that we all depend on that does not, also, depend on technology:

  • Weather forecasting
  • Water storage and transport
  • Power generation and transport
  • Farming
  • Air travel
  • Rail travel
  • Ocean and river craft
  • Your family car
  • Corner gas station
  • Hospitals
  • Police Stations
  • Jails
  • Military Installations and Military Hardware etc.

It is not classified information that our government, private and public utilities and other quasi-government agencies have acknowledged their vulnerability to cyber attack.

Stop for a moment and think what the consequences would be if, for example, your electric utility provider were held for ransom by a hostile government or non-state-actor. Denied electric power, many activities we take for granted would quickly stop. What would the social consequences be if gasoline pumps stopped pumping, grocery stores couldn’t refrigerate or even checkout your groceries, ATMs could not dispense cash, and credit card transactions could not be verified across a wide section of America.

Every automaker and others including Apple and Google are working on the “inevitable” driverless car — navigation via the Internet. WHAT IF a terrorist or state actor hacked into the driverless car fleet and turned our interstate highways into real-time bumper cars?

CYBER WARFARE IS NOT STAR WARS

Several states have started to regulate autonomous vehicles, remote home security and other technologies that could put Americans at risk. Not so Congress.

Congress is worried about other things: for example, to build or not to build a wall on our southern border.

Daily reports of massive data breaches, repeated theft of Americans personal data by criminals and hostile state actors, over several years, haven’t prompted Congress or the President – past or present – to take the necessary steps to protect every day Americans from this new and potent threat.

Congress and state governments have been repeatedly briefed on the vulnerabilities of our power grid and communication systems to cyber attack. But none of those briefings have moved Congress to debate or legislate additional cyber security measures outside the reactive Homeland Security Department’s Computer Emergency Reaction Term.

It is well past time that Congress acts pro-actively to establish a cabinet level CYBER SECURITY Department to coordinate all military, intelligence, law enforcement and private sector cyber security initiatives.

Every American has a right to expect Congress to take all steps necessary to protect the life, liberty, privacy and security of every citizen.

As much as we expect our military to be one step ahead of our potential enemies – so must our cyber sleuths.

Graphic courtesy of us.123rf.com

A Crucial Balancing Act: DACA and Enhanced Border Security

President Trump has invited an explosion in Congress with his recession of the 2012 Obama Executive Order that protected undocumented aliens who were brought to the United States by their parents when they were still children and before 2007.

There is majority public support for legislation to protect the “DACAs” (Deferred Action [for] Childhood Arrivals).

Three bills have been entered into Congressional hopper – the bi-partisan Senate Dream Act 2017, the House Recognizing America’s Children Act and the House Dream Act.

Nancy Pelosi, embolden by her meeting with President Trump, insists House Democrats will settle for nothing less than their Dream Act – which broadens the categories of eligibility beyond President Obama’s Executive Order and offers Dreamers a direct path to American citizenship.

The two other bills take a more measured approach — offering at first provisional legal status to work, travel, go to school, etc. Only after serving several years of provisional status would “Dreamers” earn a right to apply for permanent residency and eventually citizenship — hardly a “get out of jail free” card.

Initial reaction on Capitol Hill suggests that there is broad support, in Congress, for DACA-fix legislation – limited in scope and purpose.

After sixteen years of bi-partisan failure to pass such a bill what is different this time?

Passing a small, targeted immigration bill will benefit both political parties going into the 2018 mid-term elections.

Politics Makes Strange Bedfellows

Does President Trump think he can trade a DACA law for his often promised southern “border wall”? It’s possible but not realistic.

More realistically — the Republican majority in Congress knows it cannot afford to lose this opportunity to partially rebuild its relationship with Hispanic voters. But the GOP must also be responsive to its own base – which has used its votes repeatedly to demand enhanced border security first and granting legal status second.

Democrats will seek political advantage in the mid-term elections by supporting a “clean DACA law” (effectively an amnesty) that would attract more Hispanic support from the US citizen brothers and sisters of the Dreamers — even at the expense of further erosion of their traditional organized union, blue collar base in the mid-west.

Representatives and senators in the center of both parties have a clear common interest. The majority want a bill they can pass, the President will sign, and that they can defend to their constituents during the 2018 primary and general elections.

Senators as philosophically opposed as Lindsey Graham (R-South Carolina) and Diane Feinstein (D-California) have both acknowledged that only a DACA Fix that includes steps to strengthen our border security meets all three conditions.

Effective Border Security Doesn’t Mean Walls

A wall on our southern border — even if Mexico or Congress was willing to pay for it – will not secure our borders.

Fact is every year since 2007 more than half of the illegal immigrants to the USA have been airport arrival “visa overstays”.

Technology, not concrete, is the solution to our 360 degree land, air, and sea border security problem.

  1. Strengthen E-Verify

The 1986 Immigration Reform Act (aka Simpson Mazzoli) attempted to balance compassion for some two million illegal aliens who had been in the country for many years with stronger border security and enforcement measures.

The 1986 legislation defined as a crime any USA employer hiring/employing a person who could not prove they had the legal right to work (and live) in the United States.

To help employers stay “on the right side of the law”, Congress mandated the development of an electronic verification system – E Verify — every employer would need to use to verify every new employee’s “work authorization status”.

The bureaucracy took a different approach than the law required while subsequent Congresses just looked the other way.

Participation in the E-Verify System is voluntary unless the employer is a federal contractor – or in some states a state contractor. There is only limited enforcement even for federal contractors.

Any other employer can enroll to use the system on a voluntary basis with little risk of being subjected to enforcement action by Homeland Security.

Under current Homeland Security policy, even if a new hire is “non-compliant” – determined not to have work authorization – termination is not required only strongly suggested.

Congress should give Homeland Security twelve months from date of passage of new Border Security legislation to deliver an E-Verify System that is tested, proven and works.

Once tested and proven, the system must be made mandatory for all newly hired workers – every employer, everywhere – with significant civil and criminal penalties for employers that violate it.

Restricting the E-Verify mandate to new hires will protect those working without papers in the USA today – i.e. DACA’s parents – from termination because of status.

No DACAs could move from provisional status to permanent resident status until E-Verify is successively implemented, rolled out nationally and demonstrated to work – including employer enforcement.

  1. Discourage Illegal Entry with Improved Tracking Technology at Every Border

Simultaneously, Customs and Border Security must
improve its ability to electronically track arrivals and departures of tourists and other foreign nationals with temporary (time fenced) visas.

Currently, a photo is taken of every airport arrival and stored with passport information collected prior to and upon arrival.

Today, Homeland Security has no way to track where a “visitor” goes once they cross the border or walk out of the airport. It’s just too easy to blend in and stay – get a job, rent an apartment, or buy a car.

  • Congress should authorize the Attorney General to determine the Constitutionality of attaching a GPS tracking device to all foreign passports in the United States to ensure timely departures.
  1. Eyes in Sky

High tech surveillance is part of 21st century life – at the mall, the airport, the stop light, on the freeway – rendering walls historic artifacts.

Congress needs to increase funding for technology already used by Border Patrol including satellites, in the ground sensors, and drones to patrol remote stretches of both the southern and northern borders.

  • More drone operators, for example, to spot irregular arrivals faster and guide border patrol agents to apprehend them.
  • Ground level sensor technology can be more effective than walls.
  1. A Tamper-proof Internal Identification System

Homeland Security must be given a deadline to negotiate a plan with the states to issue technically sophisticated drivers’ licenses and other internal identification documents.

  • Congress first mandated a tamper-proof “National ID” following 9/11 but it has never been implemented.
  • Adding technical sophistication to our (state issued) internal identity documents will prevent the possibility of unauthorized immigrants using our air travel system – reducing the terrorist threat as well.
    • Some states currently issue Driver’s Licenses to undocumented aliens but those licenses must meet federal guidelines that insure TSA can quickly identify them as not authorized for air travel.

Tamper-proof national identification documents are, also, a defense against the growing national threat from counterfeiting and identity theft.

None of these four steps would deny sanctuary to anyone currently in the United States.

Build Public Confidence for Immigration Reform

If the public saw each step implemented, tracked and succeeding — public confidence in the government’s ability to secure our borders would grow.

Simultaneously, Congress could use the two or three years required to implement and assess the effectiveness of these first border security steps to develop a thoughtful set of next steps to fairly resolve the status of DACA’s parents and other undocumented immigrants.

Securing the border along with resolving the legal status of those who have been living in the shadows of America for many years would
build public confidence in the government’s ability to manage our immigration system.

Public confidence is the necessary pre-requisite to a comprehensive 21st century immigration reform plan.

Graphic courtesy of iconfinder.com

 

ACA Website

ACA Exchange = Shiny New Car Paint But There’s No Engine

The mainstream media is still reporting the Affordable Health Care (ACA) Exchange Website is not working well – when it works at all. Well, they’ve got it wrong. It’s not the website that isn’t working. It’s the very complicated software environment behind the website that’s dysfunctional. The website does not work because a significant portion of that software environment is not yet built or even designed – end to end.

ACA’s Bright Shiny Paint Job

A website is like the shiny bright paint job on a new car on the showroom floor. The paint attracts the buyer’s attention but it doesn’t drive the car.

What propels the shiny paint job down the road is a chassis, to which a body style can be attached, and a motor. The ACA chassis is the software architecture that is supposed to link the user, the government and insurance company systems together – the same way the chassis connects the axles and steering wheel to the driver.

When Ford or GM or BMW or Tesla, for example, build a new car they start with the chassis. Many body styles (and paint colors) can be built on a single chassis. The weight of the chassis and the associated body style determine the size engine that is needed to make the vehicle efficient and easy to drive.

In software the chassis is the systems or environmental architecture. The architecture is the super-superstructure to which each of the individual software modules are attached – for example, prove the identity of the applicant. The architecture also establishes the relationship between individual modules. For example, after establishing identity, the next module determines eligibility for subsidies and/or Medicaid. The software modules are grouped together to meet specific user needs – analogous to the auto body style. The modular relationships determine the type (and complexity) of software needed to make the whole thing work – the engine.

Oops, Engine Not Bolted To Chassis

The ACA Exchange website crashed on launch not because the shiny green user portal didn’t work but because the engine – the software – hadn’t been bolted securely to the chassis and fell off as soon as users “stepped on the gas”. In fact, we now know that the chassis has not yet been fully designed and consequently there really are no engine bolts.

For the past week, daily “cover their own backside” (“CYA”) leaks from both administration and Center for Medicare and Medicaid Services (CMS) officials have brought to light a troubling picture of political expediency, bureaucratic bungling and executive irresponsibility. The self-serving leaks have unveiled the truth.

At least 40 percent of the system has not yet been designed. OMG, beyond the shiny green paint – there isn’t even a complete design of the car – yet and White House officials knew it. The chassis is nothing more than a partial Plaster of Paris model –certainly not sturdy enough for any road test.

In the automobile design process there actually is a Plaster of Paris model of a proposed car. It is used by car manufacturers to secure bids from tool and die makers and other suppliers so that they can determine, at various points in the design process, the costs and challenges associated with the planned vehicle. It’s no different in the procurement of software (purchased systems) or software development.

If the Plaster of Paris model is incomplete, the tool and die maker can only tell the car manufacturer the hourly cost of labor and the cost of a ton of steel, not the wholesale cost of the car tooling. Similarly, in software development if the first task for the vendor will be to define the system, their bid must be limited to an hourly billing rate plus a specific percentage of that rate to cover miscellaneous development expenses.

Until the system has actually been defined, there can be no plan to develop it. No plan means no budget and no budget means no controls. That’s a software contract every vendor dreams of and is every client’s worst and unending nightmare.

ACA is a Shiny Green Edsel

An estimated $600 million dollars has been spent on the ACA Exchange to date. There’s still no end to end system designed or built. Absent strong executive guidance, detailed plan-to-complete and seasoned management, the ACA Exchange is a shiny green Edsel destined for the junk yard of failed government information technology projects. Except this time, it could take a significant part of the US economy along for the ride!!

As tax payers, we must insist that Congress freeze spending on the ACA Exchange, including so-called “fixes” at least until an end-to-end design is complete, new management and oversight team has been put in place, capable external contractors hired and zero-cost-overrun development and rollout milestones established. If you agree – call, write or forward this blog to your representative along with your own comments.

Photo Credit: Joe Raedle/Getty Images

  • It is up to YOU

    Get Involved

    In the coming weeks, Reimagineamerica.org will do what our Presidential Candidates and other politicians are not - throw out some positive and plausible ideas to "right the ship of state".

    Ideas you can ask candidates about during the Fall Campaign.