The Risk Factor

There was an interesting article on cyber warfare in today's New York Times titled, "When Computers Attack," (subscription may be required). It fills in some areas in my earlier post, as well as discusses the testimony of Richard Lawless, deputy undersecretary of defense for Asia about China's cyber warfare capability before the House Armed Services Committee on the 13th of June.

The article also includes a comment by Kevin Poulsen of Wired News about his skepticism of the threat: "“They unleash their deadly viruses and then they land on the beaches and sweep across our country without resistance because we're rebooting our P.C.'s?" Nice question - creates another useful frame of thought.

I don't know how I missed it, but the Humane Society of the United Sates has been extremely successful at getting states, and now it looks like the Federal government, to outlaw Internet hunting via H.R. 2711, the Computer-Assisted Remote Hunting Act.

According to a recent story in the Wall Street Journal (subscription may be required), the Humane Society has been mailing people "an urgent message, underlined and in bold type":

Such horrific cruelty must stop and stop now.

No debate there - except, as the WSJ article points out, no one is actually hunting using the Net, even though the Humane Society's site implies that it is rampant.

Better safe than sorry, I guess.

Sorry to go off the IS&T trail, but the news that a B-52 was flying around with six unauthorized nuclear weapons made me think fondly (or not so fondly) of my time long ago as an Air Force airborne communications, navigation and electronics warfare technician in Strategic Air Command (SAC).

Say what you will about Gen. Curtis LeMay, he insisted upon and made damn sure that high operating standards were developed, instituted, trained to, and maintained in SAC even after he left - and there was hell to pay if you didn't meet those standards. Maintaining positive control over nuclear weapons was an absolute, non-negotiable; working on an alert bird was always a bit tense as there were these ever present military police with loaded weapons around ready (and I think hoping) to take you out if you violated protocol.

The episode shows how easy it is for risk management even when nuclear weapons are involved to become "routine." The Air Force, of course, says this was an isolated incident ("All evidence seems to point to this being an isolated mistake"), however, it should never have happened. This was supposed to be an "impossible event."

LeMay once supposed said, "I have neither the time nor the inclination to differentiate between the incompetent and the merely unfortunate." In this case, no matter how you slice it, the unfortunate was a matter of incompetence.

The Washington Post has a deeply disturbing article on the six wayward nuclear cruise missiles of a few weeks ago. A cascading chain of not followed safety procedures led to the nuclear missiles to be loaded onto a B-52 bomber and flown unnoticed across the country in direct violation of 40 years of national policy.

As I mentioned in my previous post on the subject, it appears that risk management had become routine and therefore incredibly sloppy, even though weapons of mass destruction were involved. If some rightly worried military personnel had not leaked the episode to the Military Times, the whole thing may have never seen the light of day. The US Air Force even thought that the event was not going to cause much of public furor, hence "No press interest anticipated." I think the Air Force Public Affairs Office needs a bit of a reality check if they thought that loose nukes were a non-public interest item.

From a risk management standpoint, what irritates me most is that this was a classic "predictable surprise." The article describes how that the Air Force was warned in 1998 of "diminished attention for even 'the minimum standards' of nuclear weapons' maintenance, support and security;" the Air Force Inspector General found in 2003 found that half of the "nuclear surety" inspections conducted that year resulted in failing grades, the worst performance in probably 50 or more years; and; in 2006, the Air Force eliminated a separate nuclear-operations directorate known informally as the N Staff, which closely tracked the maintenance and security of nuclear weapons in the United States and other NATO countries.

The Air Force claims that the N Staff functions were still being done by other Air Force units, but I doubt that these other units viewed their newly acquired mission as a high priority, given the daily stress of dealing with the wars in Iraq and Afghanistan.

The Associated Press reported that Secretary of Defense Robert Gates has asked for an outside review of the incident by the Defense Science Board be conducted on top of the one being conducted internally by the Air Force. While the outside review is said not to be a reflection on whether the Air Force will conduct an honest review, it is hard to read it as other than a "trust, but verify" decision.

PS - Happy 60th Anniversary to the US Air Force.

Australian pals of mine clued me in on the latest program problems with the Australian Department of Defence's Super Seasprite upgrade program. Begun in 1997, the program was meant to upgrade the electronics and some other bits of 11 of these 1960s-era helicopters (Defence calls them "mature helicopters") over five years for an original cost of AU$745 million; the cost to complete is now estimated to range around AU$1.5 billion. Up until a few weeks ago, the Australian Defence Department said their Super Seasprites would become operational in 2008, but that date has now been slipped to 2011.

Software problems related to the Seasprite's avionics and flight control software have been at the root of many of the delays and cost overruns. The problems have been so severe that last year the helo was grounded because, according to Defence Minister Brendan Nelson, "You could not have 100 per cent confidence in the software program that supports the pilot flying the helicopter to 100 per cent safety."

According to Department of Defence's Portfolio Budget Statement 2007-2008, "The main sustainment risks to the Super Seasprite include the automatic flight control system issue, mission computer shortcomings, and a lack of customer confidence in the platform brought about by the extended flight suspension and ongoing technical issues." Oh, that's all?

The latest schedule slip was due to software testing and integration problems to the helo's mission system software. IT mercy rule, anyone?

I don't recall any other defense program of any nation being delivered 9 years late due mostly to software problems (other than maybe the Strategic Defense Initiative). Anyone have some other candidates?

In response to a $20 million lawsuit stemming from the friendly-fire shoot down in Iraq of a Navy F-18 and the loss of its pilot in 2003 by a Patriot air-defense missile, Raytheon, who builds the Patriot, said in court documents that the Patriot had at the time difficulty distinguishing between friendly and enemy aircraft which the US Army knew all about, the Boston Globe reports.

"The Army was aware that there had been documented instances in which the Patriot System in training, test and/or combat, failed to perform to operational requirements, including specifically its misidentification of friendly vehicles as enemy targets."

However, the Army believed that the benefits of deploying the system were greater than the risks posed.

Both the Army and Raytheon say that improvements to the system have been made, but they won't say whether Patriot can yet distinguish between friendly and enemy aircraft.

There is a long article on the US Army's $200 billion Future Combat System (FCS) in today's Washington Post and its dependence on software. The article points out a few of the "challenges" confronting the program like making a 63.8 million line of code system work, let alone be hacker proof.

One bit of the story caught my eye, however. The supposedly original 2003 estimate by the Army was for FCS to require 33.7 million lines of code; it has now blossomed to a current estimate of 63.8 million lines of code. However, Boeing, the program's lead contractor, claims that the original estimate was for actually 55 million lines of code, implying code growth isn't that bad.

The reason I find this curious is that the 33.7 million lines of code estimate has been around for several years, and appears in Congressional testimony many, many times. That number gave lots of folks pause in 2003, since the Army claimed at the time that it would complete FCS in five and a half-years. Questions were raised then about whether that amount of code could be developed in that time frame, but the ever-confident Army said it could be accomplished.

I have never heard or seen that 55 million lines of code number ever mentioned before this article. If that was the true estimate at proposal time, did the contractor and the Army "forget" to let Congress, the Governmental Accountability Office (GAO), and a whole bunch of other people know the true system size so that they wouldn't ask questions in 2003 like, "Tell me again how you plan to develop and integrate an average of 10 million lines of native and commercial-off-the-shelf software per year over each of the next five years?" "Can you point to any military software-intensive development of 10 million lines of code successfully completed in 5 years?" "Can you prove you are not legally insane?"

As Ricky used to say to Lucy, "Lucy, you got some explaining to do." If not Boeing, then certainly the Army needs to explain where this 55 million lines of code number came from, if it was the originally proposed number, and why it hasn't ever been disclosed before.

I neglected to mention in yesterday's post on Future Combat Systems that the Washington Post story also noted that the, "Boeing's program manager on Future Combat Systems, said, 'The scope and scale of the software job was well understood from the start.' "

From this statement, one would have to assume that the 55 million lines of code in 5.5 years was known at contract let time; the development of that much code in that much time was deemed suitable, acceptable, and feasible, and the Army kept it under wraps because it wasn't (and isn't) believable.

This might go a long way towards explaining another FCS program history anomaly. According to former chief of staff of the Army General Peter Schoomaker, when the contract was let in 2003, the FCS program had only a 28 percent chance of success.

After the FCS program was restructured with phased deliveries and a longer schedule, the probability of success of the program climbed to 70%, according to Schoomaker.

Now, if the estimated software code was really only 34 million in 2003, and the program had a 28% probability of success, it hardly seems likely that nearly doubling the lines of code to 64 million would raise the probability of program success to 70%, even if the program was stretched out a few more years and bits and pieces of it spun off.

Therefore, the evidence points to the Army to have known that it would need 55 million or more lines of software code, but did not want to tell anyone for reasons I outlined yesterday.

On the other hand, if the Army honestly estimated that FCS would need 34 million lines of code in 2003 and the program had a 28% probability of success, how did going to 64 million lines of code increase the program's probability of success by 41%?

The Australian Defence Minister Joel Fitzgibbon decided it was time to invoke the IT mercy rule and announced that he was terminating the ill-fated Super Seasprite avionics upgrade program after 11 years of futility.

The total amount the canceled program will cost Australian taxpayers is estimated to be about AU$1.3 billion, not counting the costs of procuring a new helicopter or the costs/risks associated with Australia's eight ANZAC class frigates not having helicopters providing anti-surface and surveillance capabilities for probably another 5 years.

Nine of the Seasprites have been delivered to the Australian Navy's 805 Squadron based at Nowra, New South Wales, but have been grounded for safety reasons.

Maybe they can be made into nice flower planters in front of the main gate.

The US Government Accountability Office (GAO) recently released its sixth annual assessment on major defense system acquisitions. It states that, "Since 2000, the Department of Defense (DOD) has roughly doubled its planned investment in new systems from $790 billion to $1.6 trillion in 2007, but acquisition outcomes in terms of cost and schedule have not improved. Total acquisition costs for major defense programs in the fiscal year 2007 portfolio have increased 26 percent from first estimates, compared with 6 percent in 2000. Programs have also often failed to deliver capabilities when promised."

One of the reasons the cost increases is software.

"Programs continue to have difficulty managing software development for weapon systems. Roughly half of the programs that provided us data had more than a 25 percent growth in their expected lines of code since starting system development."

The report says that programs like Future Combat Systems (FCS) has seen code increases of 300% while others like the Expeditionary Fighting Vehicle program have experienced major software reliability problems that have contributed to their cost and schedule delays.

Software has been the long pole in the tent on defense acquisitions for the past 30 years, and given DoD's aim of building system of systems, the pole will only get longer.

There has been a lot of press about a "cyber war" being waged between Georgia and Russia in conjunction with the real warfare that has been taking place over the past week between the two countries. Both Georgian and Russian governments are accusing each other of trying to shut down their country's websites and other IT infrastructure systems.

While it is clear that hacking of each country's IT systems has been going on, it is unclear whether it is government inspired or nationalistic hackers. It is going to take some time before the electrons clear and the question is resolved, if it can be.

More interesting, there is a story in the Wall Street Journal today that explored once again the question of whether a massive cyberattack on a country constitutes an act of war. No one seems really sure.

As noted in the story, "The Pentagon doesn't have a policy on whether a cyberattack can be an act of war, said Pentagon spokesman Lt. Col. Eric Butterbaugh, adding, 'it's ultimately the perception of the country under attack as to whether an act of war was committed.' The Pentagon has, however, assigned its [USAF] Strategic Command to head up cyberprotection and cybercounter-attack operations.' "

As far as that second statement, Government Executive reported yesterday that the USAF has temporarily halted its plans to be cyber command central. According to the Air Force, this action was planned all along, although it took many people by surprise, since 1 October was the planned start date of Cyber Command operations.

"The Secretary and Chief of Staff of the Air Force have considered delaying currently planned actions on Air Force Cyber Command to allow ample time for a comprehensive assessment of all AFCYBER requirements and to synchronize the AFCYBER mission with other key Air Force initiatives," an Air Force spokesperson said.

The Government Executive story says more likely the other military services (especially the Navy) felt left out, and wanted to slow the Air Force down before it could solidify its position as lead service in the cyber warfare mission.