Wednesday, July 30, 2014

Remarks by Assistant Attorney General John P. Carlin on Cyber-Crime at Carnegie Mellon University


Thanks for that kind introduction.   I’m grateful to be with you today to discuss emerging national security threats.

In particular, I’ll discuss cyber threats linked to a diverse range of dangerous cyber actors.   And I’ll tell you what we in the National Security Division, at the Department of Justice, are doing to counter those threats.

I should note at the outset that this week marks a busy time for national security law.   There is a lot going on in the world, all of which we are tracking closely.   But I’m going to focus today on the threats associated with national security cyber issues.

Just last week, the 9/11 Commission published its reflections on the tenth anniversary of the Commission’s original report.   And it specifically pointed to the growing significance of cyber threats to our Government and private sector.

In its report, the Commission noted that: “We are at September 10th levels in terms of cyber preparedness.”  They added that “American companies’ most-sensitive patented technologies and intellectual property, U.S. universities’ research and development, and the nation’s defense capabilities and critical infrastructure, are all under cyber attack.”

I could not agree more.

As the Commission concluded, “One lesson of the 9/11 story is that, as a nation, Americans did not awaken to the gravity of the terrorist threat until it was too late.   History may be repeating itself in the cyber realm.”

I’m particularly glad to talk about these important issues here in Pittsburgh.   In a way, this brings me back to earlier days of my cybersecurity work.

I began my career as a prosecutor handling a wide range of crimes, but I have spent nearly a decade focusing on cyber issues – including as the National Coordinator of the Justice Department’s Computer Hacking and Intellectual Property, or “CHIP,” program.

Then, I had the honor of joining FBI Director Mueller as he led a critical shift.   Even back then, he understood just how significant cyber threats would soon become.

Soon after arriving I was asked to prepare a speech on the FBI’s role in tackling national security cyber threats.   We saw this as an important opportunity to underscore how serious the national security cyber threat was—at a time when not many people were talking about it.

It was his first major FBI speech on the national security cyber threat.   Much of what the Director said that day remains true today.   We warned of the particular dangers lurking in the intersection between cyber and terrorism.

But we also emphasized that terrorists are not the only ones seeking to harm us online—there are other dangerous actors out there, including nation-states.   We pointed to the growing use of botnets as a way to attack networks, infect computers, and inject spyware.

We talked about the dangers of cyber espionage, including economic espionage.   And we explained that the FBI was mobilizing to address these threats by collaborating with partners across the Federal Government and in the private sector.

That speech, a significant moment in the FBI’s cyber history, was delivered just a few hours east of here, at Penn State.   Not just because of the balmy November weather it’s known for.  But rather, as explained then, because “[m]uch of our collaboration begins in Pittsburgh—at the FBI’s Cyber Fusion Center.”

The Director said to think of that fusion center as a hub, with spokes emanating out to federal agencies, software companies, Internet service providers, merchants, and members of the financial sector.

That model was right then and it is right now.

The fusion center, and Pittsburgh generally, is the center of so much of our cybersecurity collaboration, which is critical to our efforts to disrupt cyber threats.

That is why a key theme from our time near Pittsburgh nearly seven years ago was collaboration.   Back then we talked about the cooperation underway as part of Operation Bot Roast.

Through that project, the Justice Department, the FBI, the CERT Coordination Center at Carnegie Mellon, and private companies were working to identify infected computers and shut down bot-herders.

Also on that trip, we visited the National Cyber-Forensics and Training Alliance, right here in Pittsburgh.   Today I came full circle.   Now I am delivering a speech about cyber in Pittsburgh.   And I spent this morning with the current FBI Director, Jim Comey, visiting NCFTA again.

I could scarcely have guessed back in 2007 that by today the NCFTA would have aided in successful prosecutions of more than 300 cyber criminals worldwide.   Or that it would be specifically called out by the recent 9/11 Commission Report, as “a promising example of the type of cross-sector collaboration that will be needed to combat this threat.”

Returning to Pittsburgh, I am struck by just how much progress we have made in seven short years.   But there is more that must be done.   Our recognition of the magnitude of the cyber threat has grown over that same time.

Director Comey recently said, as the torch was passed, that Director Mueller told him he believed cyber issues would come to dominate Director Comey’s tenure just as counterterrorism had dominated his.   Director Comey has continued to express FBI’s steadfast commitment to tackling cyber threats.

Just this morning as the FBI Director and I toured the NCFTA, he reiterated what he has said before, “John Dillinger couldn’t do a thousand robberies in the same day in all 50 states in his pajamas halfway around the world.   That’s the challenge we now face with the Internet.”

So the threat is real, it is here, and it is not going away.  But today, seven years later, our ability to detect, disrupt and deter has also improved.

Our most recent successes can be traced to the visionaries who predicted the threat years ago and laid the foundation to meet the challenge.

Take as just one example, another Pittsburgh story.   A historic indictment that came right out of the Western District of Pennsylvania.

Earlier this summer, we announced unprecedented charges against five members of the Chinese military for computer hacking, economic espionage, and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products industries.

What these charges allege is stealing from America’s heartland, literally and figuratively.

The charges allege that cyber thieves grabbed the hard work of companies right here in Pennsylvania.   And they allege that the thieves targeted key American economic sectors, like metals and energy.

This is the true face of cyber economic espionage and of those it targets.   This type of theft hurts American competitiveness by stealing what we work so hard for.

These charges against uniformed members of the Chinese military were the first of their kind.   Some said they could not be brought.   But this indictment alleges, with particularity, specific actions on specific days by specific actors to use their computers to steal valuable information from across our economy.

It alleges that while the men and women of our businesses spent their work-days innovating, creating, and developing strategies to compete in the global marketplace, these members of Unit 61398 spent their work days in Shanghai stealing the fruits of our labor.

It alleges that they stole information particularly beneficial to Chinese companies, and took communications that would provide competitors with key insight into the strategy and vulnerabilities of the victims.

We should not and will not stand idly by, tacitly giving permission to anyone to steal from us.   We will hold accountable those who steal—no matter who they are, where they are, or whether they steal in person or through the Internet.

Because cyber crime affects us all, including those here in Pennsylvania who have suffered at the hands of cyber thieves.

While cases like the one brought here in Pittsburgh are extremely challenging, we proved that they are possible.   The criminal justice system is a critical component of our nation’s cyber security strategy.

At the Justice Department, we follow the facts and evidence where they lead.   Sometimes, the facts and evidence lead us to a lone hacker in the United States, or a sophisticated organized crime syndicate in Russia.   And sometimes, they lead us to a uniformed member of the Chinese military.

Other times, as we recently saw, they may lead us to a foreign businessman alleged to have conspired to hack in and steal information from Boeing and other defense contractors.

Information that included more than six hundred thousand data files of sensitive information related to U.S. military aircraft and other defense matters.

And yet other times, they may lead to other types of criminals, like those investigated and prosecuted by DOJ’s Criminal Division for spyware, botnets, and similar conduct.

But, no matter where they lead, there can be no free passes because the stakes are too high.   The list of threats out there is significant and it is expanding.

We have all seen the harms inflicted by state actors and criminals, and we have responded.   But we know they are not the only ones interested in cyber activity.

Terrorists are also using cyberspace to further their goals.   They are using it to communicate and plan.   They are using it for propaganda and recruitment.   And they are intent on getting to the point where they can conduct cyber attacks themselves.

That last category is a relatively new one.   But we know that terrorists are looking to launch cyber attacks.   They have that intent now.

Over the past few years, we have seen al-Qaeda issue calls for cyberattacks against networks such as the electric grid, comparing vulnerabilities in the United States’ critical cyber networks to the vulnerabilities in the country’s aviation system before 9/11.

If successful, terrorists could use cyber attacks to bring about economic or physical damage, or even, in extreme cases, serious injury or death.

These are serious threats.   To disrupt them, we take an all-tools approach, deeply rooted in our Division’s history.

While the Pittsburgh case was the first of its kind in some ways, it was not the first charges we have brought against individuals who steal from Americans to benefit state-owned enterprises.

As just one example, in March, we successfully obtained a significant conviction against Walter Liew for economic espionage.

What Liew stole was something Americans see and use daily.   Something that does not have a national security implication.   Something that simply brings a profit.

Liew stole the formula for the color white from Dupont and passed it to a large Chinese state-owned company.   Just this month, he was brought to justice -- sentenced to 180 months’ incarceration and ordered to pay restitution of about half a million dollars.

Our success in the cyber arena builds upon a solid foundation.   But its roots go back even farther, and extend well beyond the economic espionage context.

NSD was created in response to the grave threat of terrorism.

After the devastating attacks of September 11, it became clear that the Justice Department needed to reorganize to tackle terrorism and national security threats more effectively.

We needed a single Division to integrate the work of prosecutors and law enforcement officials with intelligence attorneys and the Intelligence Community.

So, in 2006, Congress created the Department’s first new litigating division in almost half a century: NSD.

NSD works closely with partners throughout the government to ensure we leverage all available tools to combat the terrorism threat.   And we’ve proven, in that context, that the criminal justice system is a vital part of our nation’s counterterrorism strategy.

Just this spring, Abu Hamza al-Masri was convicted by a jury in New York on eleven counts.   He was involved in an attack in Yemen in December 1998 that resulted in the deaths of four hostages.

And he provided material support to terrorists, including al Qaeda and the Taliban.

In March, Sulaiman Abu Ghaith was convicted of conspiring to kill Americans and other terrorism charges.   Abu Ghaith was the son-in-law of Usama bin Laden and a senior member of al Qaeda.   He was the face and voice of al Qaeda in the days and weeks after the 9/11 attacks.

In both of these cases, it took more than a decade; but, as a result of our integrated approach to combating terrorism, we brought these men to justice.

These cases are the two most recent in a long line of successful terrorism prosecutions.

At NSD, we took the lessons we learned from counterterrorism and applied them to our work on national security cyber threats.   In the face of escalating threats, we recognized the need to reorganize.   To integrate.

When I was chief of staff for Director Mueller, the FBI undertook a transformation to meet the growing cyber threat—a transformation built around the type of collaboration, coordination, and cooperation that the Director discussed in his speech right here in Pennsylvania.   In 2011, NSD did the same.

In late fall of 2011, ten years after 9/11, we established a review group to evaluate NSD’s existing work on national security threats and chart out a plan for the future.

Six months later, that team issued recommendations that shaped what NSD’s national security cyber program looks like today.

Most significantly, in 2012, we created and trained the National Security Cyber Specialists’ Network to focus on combating cyber threats to the national security.

This Network—known as NSCS—includes prosecutors from every U.S. Attorney’s Office around the country, along with experts from the Department’s Computer Crime and Intellectual Property Section (or “CCIPS”) and attorneys from across all parts of NSD.

Adopting the successful counterterrorism model, we now have prosecutors nationwide routinely meeting with the FBI to review intelligence and investigative files.

The creation of the NSCS Network was motivated by a desire to increase the Department’s contribution to U.S. cybersecurity efforts through criminal investigation and prosecution.

By December 2012, we made public predictions that with the establishment of the NSCS—by empowering more than a hundred prosecutors in the field working with the FBI on these cases—one would be brought.

And, in May, we made good on that promise.   It is this new, integrated approach that made the Pittsburgh case possible.

As part of the creation of the NSCS, we brought prosecutors from around the country—Wisconsin, New York, and Georgia—to help NSD build this case.

We partnered with colleagues across the government, like U.S. Attorney David Hickton here in the Western District of Pennsylvania, where entities were repeatedly hit.   And we worked with offices across the FBI—from California, to Oregon, to Oklahoma, and back in D.C.

Our team thought creatively.   They worked collaboratively.   They explored all available options for stopping this activity.

That’s how we were able to indict five members of the Third Department of the People’s Liberation Army.   And now these men stand accused of cyber intrusions targeting a range of U.S. industries.

But we recognize that charges are just one tool – albeit a very effective one – in our toolbox.   We are committed to working with our colleagues throughout the government to ensure we bring all tools to bear to disrupt cyber threats – both criminal and national security.

A great example is yet another Pittsburgh story.   Back in June, our colleagues in the Criminal Division, the Western District of Pennsylvania, and the Bureau undertook an operation that disrupted the GameOver Zeus botnet.

This criminal threat was significant – losses attributable to the botnet were estimated to be more than $100 million.   But disruption involved more than just criminal charges – it also involved civil court orders, significant information sharing, and seizures of servers in many foreign countries.

This is just one example.   In the national security context, we look to the viability of sanctions, designations, diplomatic options, and other enforcement mechanisms.   Through collaboration and creative thinking, our toolset continues to grow.

But we at NSD recognize that stopping attacks before they ever take place is the ultimate goal.   That we will succeed when there are no more criminal charges to bring.

To that end, we also worked hard to improve cyber defenses, both in Government and with the private sector.   We’ve emphasized precisely the type of collaboration that Director Mueller discussed here in Pennsylvania seven years ago.

Through the FBI’s InfraGard, the FBI works closely with companies that have been the victims of hackers.

That program, which has grown to more than 25,000 active members, continues to bring together individuals in law enforcement, government, the private sector, and academia to talk about how to protect our critical infrastructure.

Likewise, the Department of Homeland Security, the Department of Energy, and other departments and agencies routinely work closely with companies to protect critical infrastructure.

We at the Justice Department heard from such companies.  And we are taking steps to respond to the concerns of the private sector.

In April, we teamed up with the Federal Trade Commission to issue a policy statement making it clear that antitrust law is not and should not be a bar to legitimate cyber security information sharing.

And in May, the Justice Department issued a white paper, which clarifies that the Stored Communications Act doesn’t ordinarily restrict network operators from sharing certain data with the Government to guard information.

This guidance will help the private sector collaborate more freely to protect itself.

All of this is just a start.   Going forward, we need legislation to facilitate greater information sharing between the private sector and the government.

In conclusion, we’ve come a long way in seven years.

In Pennsylvania seven years ago, we warned that “[c]yber criminals and terrorists seek to harm our economy, our infrastructure, and our way of life.”   That was true then; and it’s even more true now.

We noted that “[o]ur capabilities are strong, but they rely on key partnerships with other federal agencies, law enforcement, private industry, academia, and citizens alike.”   That was true then; and it’s even more true now.

Finally, the Director of the FBI issued an imperative: “we must continue to work closely with all of you—members of the privacy sector and the academic community.”

I’m here today with a new FBI Director to reaffirm that call.   Because it was true then; and, as the 9/11 Commission’s recent report makes clear, it’s even more true now.

Through charges like the ones announced in the Pittsburgh case, we at the Justice Department continue to protect Americans from being victimized through cyberspace as they were here in Pittsburgh.   We need your support.   Talk with us; share with us; work with us.   Build trust.

Together, we can ensure that, here in America’s heartland and throughout this country, the hard work of Americans doesn’t fall prey to cyber criminals.   Together, we can stay connected, and also stay safe.

Thank you for your attention.   I look forward to your questions.

Tuesday, July 29, 2014

'Team Patrick-Cape' launches GSSAP mission

by 45th Space Wing
Public Affairs


7/29/2014 - CAPE CANAVERAL AIR FORCE STATION, Fla.  -- The 45th Space Wing supported a successful United Launch Alliance Delta IV vehicle carrying the AFSPC 4 mission for the United States Air Force at 7:28 p.m. July 28. The payloads include two satellites for the Geosynchronous Space Situational Awareness Program (GSSAP).

The rocket, which flew in the Medium+ (4,2) configuration with two solid rocket boosters, roared to life from Launch Complex 37 here.

The 45th Space Wing's team of military personnel, government civilians, and contractors provided launch support to the ULA mission, including weather forecasts, launch and range operations, security, safety, and public affairs.

GSSAP satellites will be a space-based capability operating in the near-geosynchronous orbit regime supporting U.S. Strategic Command space surveillance operations as a dedicated Space Surveillance Network (SSN) sensor.

"What a thrill for 'Team Patrick-Cape' to play a significant role in the launch of this vitally important mission, and we are so very proud to do so," said Brig. Gen. Nina Armagno, 45th Space Wing commander, who also served as the Launch Decision Authority for the mission.

"The 45th Space Wing also thanks members of the 50th Space Wing, United Launch Alliance, the Space and Missile Systems Center, Boeing and all our other mission partners who made this launch successful," she said.

GSSAP satellites will support Joint Functional Component Command for Space (JFCC SPACE) tasking to collect space situational awareness data allowing for more accurate tracking and characterization of man-made orbiting objects. It will have a clear, unobstructed and distinct vantage point for viewing resident space objects orbiting earth in a near-geosynchronous orbit
without the disruption of weather or atmosphere that can limit ground-based systems.

Data from GSSAP will uniquely contribute to timely and accurate orbital predictions, enhancing our knowledge of the geosynchronous orbit environment, and further enabling space flight safety to include satellite collision avoidance.

GSSAP satellites will communicate information through the world-wide Air Force Satellite Control Network (AFSCN) ground stations, then to Schriever Air Force Base, Colorado, where satellite operators of the1st Space Operations Squadron (1 SOPS), 50th Space Wing, will oversee day-to-day command and control operations.

Summer camp teaches science, technology, engineering, and mathematics

by Michael Golembesky
21st Space Wing Public Affairs staff writer


7/28/2014 - PETERSON AIR FORCE BASE, Colo. -- It is one thing to teach someone about how air flow over the wing of an aircraft creates lift, but it is another thing to take them out of the classroom and let them put their hands on the wing of a real fighter jet.

This is the teaching technique behind the Challenger Learning Center of Colorado summer camp hosted at the Edward J. Peterson Air and Space Museum located in Peterson AFB's historic district. Three one-week long summer camp events took students from separate age groups outside of the routine educational environment--transporting them to a world where learning is fun and working together as a team is fundamental.

Campers used critical thinking in the areas of applied science, technology, engineering and mathematics. The Peterson Air and Space Museum provided a unique and motivational setting that evoked inner creativity and stimulated a thirst for learning.

"Our focus at Challenger is to get kids interested in STEM--science, technology, engineering, and mathematics--our partnership with Peterson AFB started a few years back with the hosting of the 'STEM Rocks' event which is done every August and consists of all STEM focused activities for kids of all ages; our summer camp is an extension of that partnership we have with the base," said Ron Bush, Challenger Learning Center of Colorado education director and coordinator.

This was the first year Challenger held a summer camp at Peterson and with great success; three separate age group-centric camps were held with modified lesson plans to keep the campers engaged and excited about learning.

"The camp theme is aerospace innovations, where we look at all aspects of aviation history and we use that to relate it to STEM," said Bush. "We had three different camps this summer, one for younger children, middle age kids and another just for teenagers. We kept the same theme and technique for teaching but tailored the material learned to the appropriate age group."

With a theme like aerospace innovations and real aircraft on display yards away, it's really not difficult to create an event that was both fun and educational for all who attended the camp.

"We start with the basics, like, forces of flight, understanding the control surfaces of an aircraft, and we looked at aviation history and how things changed and developed, like navigation systems and how we ended up with using GPS in aviation today," said Bush. "The great thing about having the camp at the Peterson Air and Space Museum is not only can we teach the students about the components of an aircraft, but take them right outside to the exhibits and show them on a real aircraft. That's just not something you can do at other facilities."

The children and teens who attended the camps were shown that learning about science, technology, engineering and mathematics doesn't have to be boring and dull; in fact, it can be creative, exciting and fun.

"Because it's fun--it's a great way to look at STEM; I have been a teacher for more than 13-years and aviation is such an interesting topic that it is easy to incorporate the ideas of science and math into hands-on activities," said Bush. "The kids are busy for the entire week, building and flying things; testing and creating things which all have to do with math and science related education. They loved it."

Partnership is critical to making opportunities like this happen, the pulling together of resources, knowledge and experience has made this "test run" summer camp session a success and provided a positive outlook for more camps to be organized for next summer for Team Pete youths to take advantage of.

"We have had such a good relationship with Jeffery Nash and Gail Whalen here at the space museum, this is such a great space to host a camp and I would love to see it expand because this is such a wonderful facility and really lends itself to better educatings kids and teens about STEM," said Bush.

To learn more about the Challenger Learning Center of Colorado, visit http://www.clccs.org/ or contact Ron Bush at rbush@clccs.org.

Sunday, July 27, 2014

SPAWAR Inspires Girls to Explore STEM Careers



By Holly Quick, Space and Naval Warfare Systems Center Atlantic Public Affairs

CHARLESTON, S.C. (NNS) -- Space and Naval Warfare Systems Center Atlantic (SSC Atlantic) partnered with the College of Charleston and Trident Technical College to get girls excited about Science, Technology, Engineering and Mathematics (STEM) at a Girls Day Out Summer Camp July 25-26.

More than 60 Charleston-area students participated in the two-day event, which included a technology expo, interactive computer science and cybersecurity activities, business etiquette training, a tour of the College of Charleston campus, and meetings with college admissions.

The Honorable LaDoris Harris, U.S. Department of Energy, Director of the Office of Economic Impact and Diversity, kicked off day two of the camp with her inspirational keynote speech.

"You are amazing," Harris said to the girls. "It's important for you to know that as we take our journey - dreaming big makes it happen."

Students said their favorite part of the event was the technology expo, which included hands-on activities and science experiments with representatives from six colleges and nine local businesses. Students spent 8-10 minutes at each booth participating in interactive technology activities over a two-hour period.

While the girls participated in the expo, parents learned about admissions requirements from colleges and universities and the importance of taking the proper courses in middle school and high school to prepare for STEM majors in college.

"This event is a wonderful opportunity for the girls," said Barbara Grigsby, high school teacher and grandmother of two students who participated in the camp. "I especially liked the cybersecurity activity because children today really don't realize the impact that social networking has on their future."

Throughout the year, SSC Atlantic deploys volunteers from its technical workforce to serve as role models, mentors, content experts, competition judges and other roles that show students the value of a STEM career.

"We devote ourselves to increasing the interest in, and participation of women and young ladies - and other under-represented groups - in STEM fields," said SSC Atlantic Commanding Officer Capt. Amy Burin. "Our outreach program engages students directly with STEM subjects through robotics tournaments, cybersecurity competitions, building remotely operated underwater vehicles in the SeaPerch program, learning through video games, mentoring in schools, judging science fairs and IT Shadow Days."

Female engineers from SSC Atlantic and local industry partners shared their backgrounds, explained their work, and encouraged the girls to think about STEM careers.

"I have the great honor and privilege of leading some of the most prominent computer scientists, electrical engineers and other STEM professionals in the Navy - and the world - today," said Burin. "The solutions we provide save warfighter lives."

SSC Atlantic's Executive Officer Cmdr. Marcia Ziemba participated on a Women In STEM panel with other female professionals in the STEM field.

"As you get into your curriculum in the computer science field, learn to understand the foundation of the technology," said Ziemba. "Learning to defend and secure your networks is absolutely critical. Focus on understanding how to use the technology in a safe and secure way so your information can remain secure."

A Girls Day Out Summer Camp was held simultaneously at Old Dominion University in Norfolk, Virginia July 26. Students toured the campus and participated in activities including a cyber awareness challenge, tower engineering design exercise, and bungee jump model.

Thursday, July 24, 2014

DoD, Partners Share Mapping Technology for Disaster Relief



By Cheryl Pellerin
DoD News, Defense Media Activity

WASHINGTON, July 24, 2014 – The Defense Department is using geospatial, or mapping, technology in a tool that will soon be available to assist countries and organizations dealing with the deadly consequences of hurricanes, earthquakes and other disasters and humanitarian crises, experts from DoD and U.S. Southern Command said in a recent DoD News interview.

The open-source software is called GeoSHAPE, which stands for geospatial tool for security, humanitarian assistance and partnership engagement, Elmer L. Roman said.

Roman is oversight executive for efforts that include building partnerships and serves in the Office of the Secretary of Defense for Acquisition, Technology and Logistics, or AT&L.

"This tool is basically used to build capacity to help support humanitarian assistance and disaster relief situations, as well as enabling organizations and governments to enhance the security of their people and citizens," he explained. "That's what 'SHAPE' in the name GeoSHAPE stands for."

When it's ready for use worldwide, the GeoSHAPE software will be accessible in two ways: through an Internet portal using an application called DisasterAWARE hosted by the Pacific Disaster Center, or PDC, in Hawaii, and downloadable software openly available on the Internet.

The PDC has been managed since 2006 by the University of Hawaii under a cooperative agreement with the Office of the Undersecretary of Defense for Policy. The center's program office provides humanitarian assistance and disaster relief operations and defense support to civil authorities.

GeoSHAPE integrates data from multiple sources and displays it in a dynamic Internet-based map to provide situational awareness and help decision-making.

GeoSHAPE software shows, for instance, the location and availability of hospitals, helicopter landing zones, food, water and medical supplies, the condition of roads and bridges, the deployment of rescue personnel to affected areas, and other key elements that are plotted in a map that authorized users can see from anywhere in the world.

The mobile application Arbiter, part of the GeoSHAPE capability, lets users capture data and photos in the field.

Organizations can use these tools to collaboratively create a dynamic picture of available resources and the extent of damage. This can be available in near real time when connectivity is present or synchronized as soon as a connection is established.

"GeoSHAPE is really about improving our mapping capabilities [with] maps of situations,” said Juan Hurtado, Southcom science advisor. “You're not only going to have a location, you're going to have a time that's uniquely associated with it."

A paper map is static, he noted. “But if you have a disaster you can say, ‘At 3 o’clock in this location, this is the situation.’ At 5 o’clock, you update the map based on the situation as it changes. That's what this map is -- so you can improve the response to a disaster."

The need for GeoSHAPE technology and the capability became apparent during the multi-organizational response to the magnitude 7.0 earthquake and tsunami surges in the Port-au-Prince, Haiti, region in January 2010.

Humanitarian assistance and disaster relief operations personnel reported gaps in ways to create and share geographic data on critical aspects of emergency response. At the time, government and nongovernmental organizations had no common, unclassified geospatial information exchange tool for coordinating relief efforts.

To fill the technology gap, DoD led a geospatial effort called the Rapid Open Geospatial User-Driven Enterprise, or ROGUE, joint capability technology demonstration, approved in 2012. JCTDs are DoD programs that quickly and cost effectively introduce new or modified technologies to address critical military needs.

"In 2012, OSD AT&L, in coordination with U.S. Southern Command and the U.S. Army Geospatial Center, started the effort to enable these multiple organizations to be able to share unclassified information across the Internet, especially geospatial information," Roman said.

Other organizations involved in the program are the U.S. Army Engineer Research and Development Center, the State Department's Humanitarian Information Unit, the Pacific Disaster Center and LMN Solutions, an information technology company.

By June 2014, the GeoSHAPE open-architecture mapping software was ready to be demonstrated in Honduras by representatives of Southcom's Science, Technology and Experimentation Division, the Honduran Permanent Contingency Commission or COPECO, Joint Task Force-Bravo or JTF-B, the U.S. Embassy Honduras, and other governmental and nongovernmental organizations.

From June 9 to June 13, the software was tested during a simulated response to a hurricane. According to a Southcom news release, Honduras provided a realistic setting for assessing the software's utility during a complex humanitarian assistance and disaster relief operation.

In addition to GeoSHAPE, Hurtado said, over the two years of development the team had developed or assessed other technologies that could be used for disaster response.

"For this demonstration event in Honduras," he added, "under [Roman's] leadership, … we brought together other things to see if those independently developed systems for disaster response could be integrated with GeoSHAPE and see if they made a difference."

Hurtado said they tested how GeoSHAPE and the other technologies improved disaster response. Here are the technologies they tested:

-- A portable unmanned aerial system with an on-board camera that allows for overhead visual assessments of damage, sponsored by DoD's Rapid Reaction Technology Office;

-- A wireless mesh network to provide Internet access to remote or disconnected areas;

-- A medical application developed in conjunction with U.S. Army Telemedicine and Advanced Technology Research Center, or TATRC, for speech translation system that allows doctors and patients to better communicate when language is a barrier;

-- The All Partners Access Network, or APAN, collaboration portal that provides a place for organizations to coordinate events across geographic barriers, among other technology tools.

In the testing, Hurtado said, "it came out that you can make decisions a lot faster, because the information comes so quickly that the analysts at the emergency operations center would quickly see how the situation was developing on the ground."

There was a point at which the analysts had so much data it was almost as though the situation was really happening and not a simulation, he added.

"With GeoSHAPE, Hurtado added, they can see immediately and can make decisions right there on the ground," he said.

For the past 12 or more years, Roman said, "we -- particularly Southcom, U.S. Africa Command, U.S. Pacific Command and other geographic commands -- have been engaged with our partners to deal with crises around the world."

One of the challenges that always arises, he said, is being able to fill gaps that occur when it comes to sharing information in a consistent and timely manner among multiple organizations that seek to help in disasters.

"In the past when we've started talking about joint interoperability, it was only within the Department of Defense,” Roman said. “But now imagine trying to do the same, having interoperability not only in the U.S. government interagency but also among international relief organizations and partner nations."

It was clear that a tool was needed to allow the sharing of geographic data on critical aspects of an emergency response across government and nongovernmental organizations, he added.

"Basically, we configured this tool so everybody can use it to collaborate and share information through a capability that is available at no cost, with no license fees to users, and readily available to other nations and governments,” Roman said.

Tuesday, July 22, 2014

AF satellites to contribute to space neighborhood watch

by Air Force News Service

7/22/2014 - WASHINGTON -- The Air Force plans to launch two operational satellites and one experimental satellite into near-geosynchronous Earth orbit July 23.

According to Secretary of the Air Force Deborah Lee James, "these operational and experimental systems will enhance the nation's ability to monitor and assess events regarding our military and commercial systems. In essence, they will create a space neighborhood watch capability."

The two operational satellites are part of the Air Force's Geosynchronous Space Situational Awareness Program, or GSSAP.

The GSSAP satellites will provide U.S. Strategic Command with space situational awareness data allowing for more accurate tracking and characterization of man-made orbiting objects.

The satellites will drift a safe distance away from the geosynchronous equatorial orbit, or GEO, belt while surveilling the area to further enable spaceflight safety.

As space becomes increasingly congested, contested and competitive, it is imperative to protect the systems in space on which the world depends.

Air Force Space Command commander, Gen. William Shelton said, "we support the peaceful use of space for all countries but we believe it is necessary to increase our ability to detect and attribute any threatening or disruptive actions."

The experimental satellite program, known as Automated Navigation and Guidance Experiment for Local Space, or ANGELS, is led by the Air Force Research Laboratory's Space Vehicles Directorate headquartered at Kirtland Air Force Base, New Mexico.

This science and technology satellite will conduct safe research activities around the upper stage of its Delta IV launch vehicle.

ANGELS will test new space situational awareness techniques and technologies while performing safe, automated spacecraft operations to support and enhance future U.S. missions.

AFRL commander Maj. Gen. Thomas Masiello said, "the experiments conducted with ANGELS will allow the United States to safely operate future space situational awareness satellites in a more efficient, effective and autonomous manner."

Although the two GSSAP spacecraft and the AFRL ANGELS experimental spacecraft will launch on the same United Launch Alliance Delta IV booster out of Cape Canaveral, Florida, the missions and objectives are distinctly different.

As the Air Force continues to develop cutting-edge and essential space programs, James said "this launch is a remarkable accomplishment in the Air Force development of technologies to ensure the safe and responsible use of space."

Monday, July 21, 2014

Vulnerabilities in LZO and LZ4 compression libraries



Original release date: July 21, 2014

Recently disclosed vulnerabilities in the LZO and LZ4 compression libraries could allow remote code execution under certain circumstances. While these libraries are used by a large number of platforms and applications, not all programs may be vulnerable to exploitation.

US-CERT recommends that all developers who either implement or import the LZO or LZ4 libraries into their software check for susceptibility to CVE-2014-4608, CVE-2014-4715, and CVE-2014-4611.

Users and administrators should apply software security updates as they become available.