Wednesday, May 7, 2008
I almost found religion
Posted by Peter A. Stinson
There's been plenty of activity on the Coast Guard Journal recently. The latest post, a missive from Vice Admiral Robert J. Papp, Jr., is Ancient Mariner SITREP #4 – Visit to Pascagoula and BERTHOLF.
I was hoping for answers.
I want to talk about the cutter first. I remain extremely impressed – she’s going to be a great Coast Guard cutter, and I can’t wait to get out to sea to observe her performance underway. Captain Stadt and his shipmates (and the Navy INSURV board as well) are very impressed with BERTHOLF’s almost effortless speed and maneuvering characteristics. I am confident that improvements in weapons systems, sensors, countermeasures, flight deck characteristics and boat launching and recovery will give BERTHOLF capabilities far superior to previous cutters. Command and control, particularly as it relates to the ship’s command center will be vastly superior to almost every shore-based Coast Guard command center. Her seakeeping ability and spacious topside arrangements and damage control systems will further enhance her capabilities and the safety of her crew.Okay, here's one of the things I see in this Journal entry: Yes, there were and there are various issues with the C4IT suite, but we're not going actually acknowledge that the blogosphere has the story right, or at least mostly right, but we're going to just move forward and not exhume anything in the past. We're going to get it right. It just may take some time.
. . . .
So what is this “preliminary acceptance”? It basically amounts to a period when we take the ship and begin to put her through operational test and evaluation (OT&E). The builder continues to have responsibilities to resolve the many outstanding “punch list” items, while we get a chance to see and confirm the ship’s performance and capabilities. With lessons learned from these trials, the builder will make production improvements and enhancements to follow-on hulls that will enable us to get them out and operational on a shorter timeline (and less expensively) than the lead ship. After the “punch list” discrepancies are resolved, OT&E is completed, the C4ISR systems are fully installed and certified for operation, and contractual responsibilities are met, the Coast Guard will sign for final acceptance. In reality, this is not much different than when I had my house built – even though I moved into the house, the builder had to correct discrepancies for a year before I finally signed off with him contractually.
. . . .
Challenges remain – as they would in any lead ship that pushes for new capabilities and technology. As we preliminarily accept BERTHOLF, the INSURV inspectors and Coast Guard staff have produced a substantial worklist that will be resolved. Most notably, issues still exist with secure communications equipment. BERTHOLF carries a substantial IT backbone to enable her missions that is more complicated than any other cutter. Consequently, this gear has received, is receiving, and will receive closer scrutiny, inspection, and information assurance testing than any other Coast Guard cutter to date. These issues, along with any others that the officers and crew discover during the next year or so, will be resolved. I have testified before Congress that these issues are correctable. I was convinced then, and I remain convinced now that BERTHOLF will be ready to perform all duties when called upon.
Am I close?
Posted on Wednesday, May 07, 2008
Labels: by Peter Stinson, Deepwater
5 comments:
- At Thursday, May 8, 2008 7:05:00 AM EDT Michael DeKort said...
-
My sources tell me that the TEMPEST design problems not only involve the electronic systems but design elements of the ship itself including the SCIF. I am also told the design issues are critical and vast in not only scope but quantity - as they involve some rudimentary TEMPEST design criteria (the GAO confirmed they installed classified and unclassified cables together). The fixes involve the resign of the ship and making physical changes.
I understand that there are first in class issues and that accepting the ship from the contractor with a punch list is standard procedure. However that process was not meant to enable to accepting a product with major flaws. It is also not meant to accept a product "missing" a vast and crucial element like C4ISr communications systems (that one still amazes me. Almost one year late and they aren't installed? How is accepting the boat with major systems missing and untested better than accepting one that has all of the equipment and has major flaws? How do they know there are TEMPEST issues if the equipment isn't installed? if they know that from just looking at the designs on paper or testing what they have - why would they think it's going to get any better?) It is also a process that is not meant to be used to accept a product where the major flaws cannot be fixed or can only be fixed at a substantial cost. In this case potentially hundreds of millions of dollars. The process is also not meant to be used to hide information or to aid in covering up illegal or improper behavior or major safety and security issues that affect our nation as a whole. What happens to NSCs 2-4 which are already under construction? Do their design continue to match the Bertholf? What about the FRCs - will there C4ISR designs continue to leverage those from the NSC and 123s? Remember that illegal and improper waiver by Porter set the stage for all of this. A "waived" failure becomes and accepted design. Due to system of systems contract language and the desire to cover up that situation the parties involved are vested in not changing that design pattern.
And what about leverage? The contractors have demonstrated that they are willing to hide information and not include what should be included in the DD-250s (See the DHS IG report and the topside or external equipment issue). Isn't the CG still owed a pretty substantial refund for the 123s? Why would the CG want to give away their leverage and transfer custody of that ship given all of that - especially if there is a major and very expensive security flaw out there that needs a major redesign and fix? The reason is that the CG is vested in the same cover up as ICGS. They can't get things right now without the truth coming out and them having to answer for it. Notice that the article didn't mention the "Special Commissioning" period they added on top of the events after acceptance and that this additional period could be up to 2 years long. The next thing these guys will do is let some time go by and try to wait out those watching especially the oversight groups and the press. At some point they will either have to change the mission profile of the Bertholf (and maybe some of the other NSCs) so that it cannot use the classified communication systems or they will find a way to ask for a substantial amount of money to fix the problem. Maybe they will site national security reasons to hide the information from the public? - At Thursday, May 8, 2008 4:00:00 PM EDT Anonymous said...
-
I almost got completely sucked into that. Vadm Papp makes a good case for his position, but why not make a good case for complete openess on this issue.
- At Thursday, May 8, 2008 7:58:00 PM EDT Michael DeKort said...
-
From a Defense News article
"Blore took pains to point out that systems testing, grouped under the heading of "information assurance," is continuing on the Bertholf and that, while progress is being made, the work won't be completed for some time."
"The most recent testing was over eight days with two different teams," he said. "We're basically fixing problems on the spot."
The process will take "several months," he said, adding that "no classified systems are going to be operated before the systems are Tempest-certified. "
Why would they sign the DD-250 with there ability to communicate securely - something they have to do to fulfill most of their mission profile - not completely installed or tested? Why isn't this a "starred" item?
So they ran 8 days of double shift TEMPEST testing of a system they said couldn't be completely tested because the equipment had all not been installed yet? What process will take "several months" Testing only? Redesign and retrofitting the ship? Why are they ADDING a 2 year "Special" commissioning period if everything is well in hand?
Doesn't anyone charged with oversight see what is going on here? Not making it a "starred" item means they can take final acceptance later without having the TEMPEST issue as a must fix. This allows them to continue the same pattern (started with the 123s) on the other NSCs and the FRCs which are due to be under contract soon (Who will do the C4ISR? Will they have to use the system of systems design pattern from the Lockheed and the NSC and 123s?) - At Thursday, May 8, 2008 9:08:00 PM EDT Michael DeKort said...
-
A source who wants to remain anonymous just contacted me and told me that the "uninstalled" C4ISR TEMPEST equipment was installed, failed TEMPEST tests and was removed so they could alter their story. I was told a significant amount of equipment was removed weeks ago. I am working to get the person to provide data or to come forward in some manner.
- At Saturday, May 10, 2008 4:10:00 PM EDT Granite Island Group said...
-
http://www.tscm.com/DeepWaterDooDoo/
An Organized Pattern of Malfeasance
This pattern of malfeasance and oversight problem can be explained is the following way.
1) There was never a plan to have these ships pass a TEMPEST inspection in place when the ships where being built, nor considered when the initial contracts and blueprints were drafted.
2) When the ships were built the classified communications systems were installed in a haphazard manner, with little or no regard to industry and/or U.S. government standards.
3) The configuration of the equipment, positioning, shielding, bonding, and grounding did not comply with that required to protect classified information systems.
4) These ships leak secrets, and based on the documents, which I have examined and some of which are attached to this document I, feel that they continue to leak secrets to this day.
5) Just prior to acceptance several of these ships were subjected to a visual and instrumented TEMPEST inspection, and in all cases, the ships failed both the visual and the instrumented inspections.
6) The contractor has not completed the remedial actions required for the ships to pass either a full visual or an instrumented TEMPEST inspection.
7) As such the ships are not allowed to have classified ciphering materials, scramblers, classified software, or classified operating systems on board as adding these systems to the ship would result in the unauthorized disclosure of classified information.
8) The ships have to fully clear both a SERIES of visual inspections during build out, then a simulator inspection (which is often not performed), then an instrumented inspection, and they apply for a interim authority to operate, and with this IATO they can load the ciphers and software that will allow them to pass classified information into the C4ISR systems on-board the ships.
9) But, this assumes that the C4ISR systems themselves have been deemed secure independent from the TEMPEST testing. TEMPEST deals with the hardware side of the problems, but the C4ISR systems must also pass a series of standards that deals with finding backdoors in the computers and evaluating weak points in the software and firmware. There is significant documentation that the systems on board these ships also failed the software security examinations as well as the TEMPEST inspections.
10) Once everything passes the actual authority to operate (ATO) is granted, the C4ISR systems becomes live with classified signals and data, and the next phase of testing can be undertaken.
11) At this point you would normally perform NONSTOP evaluations and search for any HIJACK vulnerabilities (you have to have classified data and all communications systems usable and data seamlessly flowing to do this,) and would then begin the classified testing.
12) Once the government fully takes over the ship, but before it is dispatched on a real-world mission the ship would normally be subjected to a TSCM or Technical Surveillance Measures inspection to ensure that no eavesdropping devices are present. During this TSCM inspection, the TEMPEST inspection would be repeated to include the visual and instrumented inspection that would be far more rigorous then the original TEMPEST inspections.
13) It would be highly desirable for the TSCM team, and the TEMPEST inspectors involved in these final series of inspections to not have any prior involvement in prior Deepwater ships, no links to ICGS, and no links to Lockheed,
