Daily Archives: May 11, 2017

Russian “information operations troops” (“cyber troops”)

Posted on by

Image result for Minister of Defense Sergei Shoigu Image result for russian cyber army

Russian ‘Cyber Troops’: A Weapon of Aggression

Eurasia Daily Monitor: Speaking to the Russian parliament (Duma) last February, Russian Minister of Defense Sergei Shoigu announced the creation of “information operations troops” (“cyber troops”) within the Armed Forces. He emphasized that state “propaganda should be smart, accurate and effective” and that that these new formations “will be much more efficient than the ‘counter-propaganda’ department that operated during the Soviet period” (TASS, February 22). It is dubious, however, that the responsibilities of “cyber troops” will be reduced solely to “propaganda.” Rather, it seems that this unit is to become the main tool of Russia’s offensive cyber operations as a part of “information warfare.” The official history of the Russian cyber troops goes back to 2012, when Dmitry Rogozin (at the time heading the Russian Foundation for Advanced Research Projects in the Defense Industry) addressed the issue publicly for the first time. In 2013, an anonymous source confided that formations of this kind had been established under the umbrella of the Russian Armed Forces (RBC, February 22), but at the time there was no solid evidence available.

Then, in April 2015, the official state news agency TASS reported that a unit of Russian “information operations forces” were deployed to the territory of the Crimean Peninsula (TASS, April 17, 2015). Nonetheless, in the meantime, the Russian side continued to deny the existence of cyber troops. For instance, in January 2017, the first deputy director of the Russian Duma Defense Committee, Alexander Sherin, claimed that “Russia does not have such formations.” Similar statements were made by top-ranking Russian officials related to security and mass communications, such as Viktor Ozerov and Alexey Volin (Interfax, January 16). This silence was interrupted only by Defense Minister Shoigu’s official announcement in February.   Commenting on the main tasks of the cyber troops, Franz Klintsevych, a high-ranking member of the Russian Federation Council (upper house of parliament), identified the disclosure of subversive activities by foreign intelligence services in electronic, paper and TV media outlets. He suggested that the cyber troops would deal with such hacker attacks as their main responsibility. But this assessment fails to fully reflect the true essence and tasks of the new unit. According to Yaakov Kedmi—who used to head Nativ, the former Israeli intelligence service charged with facilitating the immigration of Jews from the Soviet Bloc—“cyber troops” exist in “all serious armies” and are subordinated to their respective defense ministries. Their main tasks are “propagandist” (propaganda and counter-propaganda) and “operational” (activities designed to distract the adversary by providing false information). Yet, he also highlighted that so-called “political propaganda” falls outside the range of responsibilities for such formations (Kommersant, February 22).

Another revealing bit of information on the secretive cyber troops can be found in research conducted by Zecurion Analytics, a Russian software company established in 2001. According to a report the firm published several months ago, Russia may be placed in the top five countries with the “most powerful” cyber troop units, in terms of the number of personnel employed (which Zecurion Analytics estimates at approximately 1,000) and financial expenditures (around $300 million per annum). The company’s head, Vladimir Ylianov, has stated that the main tasks of Russian “cyber troops” include espionage, cyber attacks, and informational warfare (Kommersant, January 1). This assessment, however, also may underestimate the real capabilities of these cyber forces. Thanks to introduction of so-called “research units,” Russian cyber defense is inseparable from the Armed Forces and its resources, which exponentially increases its offensive potential (see EDM, November 30, 2016).

A somewhat different opinion was expressed by pro-Kremlin cyber security specialist Igor Panarin. He hopes that the creation of the cyber troops will allow Russia to overcome its inferiority in the cyber domain compared to other countries, like the United States, and beef up its offensive capabilities. According to the expert, the 2008 Russian-Georgian War in fact demonstrated that Russian failed to act efficiently when it came to offense, and it instead relied on “defense and containment” in its cyber operations. Panarin suggested that unlike the Department of Information and Mass Communication, which was created under the umbrella of the Ministry of Defense in 2016 and tasked with defensive activities, the cyber troops—which could and should act in concert with the Federal Security Service (FSB) and the Foreign Intelligence Service (SVR)—will be specifically charged with conducting offensive operations in the “cyber sphere” (kiber prostranstvo) (Militarynews.ru, February 22). If accurate, this demonstrates Russia’s continuing development of offensive cyber capabilities and a delineation between “cyber” and “information” operations.

Related reading: 3 of 4 Zero-Days Microsoft Patched Yesterday Were Used by Russian Cyberspies

Panarin also outlined a number of supplementary steps Russia needs to take, which included the following elements (Vz.ru, February 28, 2017):

1. The establishment of a State Council (that is to include various governmental structures, public diplomacy organizations, media sources, representatives of business, political parties and non-governmental organizations) tasked with issues related to “information confrontation” (informatsionnoye protivoborstvo—understood as a struggle in the information sphere with the broad aim of achieving information dominance over one’s opponent);

2. The establishment of a position of a “Presidential Advisor” on information operations, tasked with the coordination of informational-analytical units connected with the “cyber troops,” the Ministry of Defense, FSB, Federal Protective Service (FSO), SVR and other key ministries;

3. The creation of a media holding—based on existing media resources of Russian TV Channel One, All-Russia State Television and Radio Broadcasting Company (VGTRK), RT and others—subordinated to the Ministry of Foreign Affairs of the Russian Federation. It is imperative to copy the US experience while implementing this initiative, Panarin alleged; and finally

4. The formation of separate centers of information operations pertaining to the FSB, FSO and SVR.   Panarin’s suggested program should be seen as an extremely ambitious and far-reaching strategy, fully complying with the steps and activities already conducted by the Russian side in the domain of cyber security and information operations. Within this development of the country’s cyber capabilities, the Russian cyber troops should be seen mainly as an offensive operations force, and not as a defensive mechanism.

–Sergey Sukhankin

For reference, here is the testimony before 

 THE SELECT COMMITTEE ON INTELLIGENCE DISINFORMATION A PRIMER IN RUSSIAN ACTIVE MEASURES AND INFLUENCE CAMPAIGNS

 

Who Can be Fired at the VA for Cause? No One

Posted on by

Bipartisan Senate Group Unveils New Bill to Speed Up VA Firing, Bonus Recoupment

The new bill comes just days after a federal appeals court ruled Congress’ previous attempt at hastening VA’s disciplinary process — through the 2014 Veterans Access, Choice and Accountability Act — was unconstitutional. The measure stripped Senior Executive Service employees of their right to a second-level appeal before the Merit Systems Protection Board’s presidentially-appointed, Senate-confirmed panel. VA had already stopped using the new authority after its constitutionality was questioned in court and the Obama administration declined to defend it.

The senators have been working on their new bill for weeks, but they said the court ruling reinforced the need for reform. “This legislation would improve on the law we enacted in 2014,” Rubio said.

The bill would allow the department’s secretary to fire, suspend or demote an employee with only 15 days notice. Affected workers would then have seven days to issue a response before a final decision is made. Any employee facing removal, suspension of at least 14 days or a demotion would have 10 days to appeal the action to the Merit Systems Protection Board. MSPB would then have 180 days to issue a decision, a much longer period than the 45-day timeline set up in the House bill. Employees would maintain the right to appeal an MSPB decision to federal court.

Employees covered by a collective bargaining agreement would also maintain the right to appeal a negative personnel action through the grievance process, though it would have to be resolved within 21 days. Read more here.

Image result for Veterans admin

Meanwhile, there is that blasted union problem at the VA:

An estimated 346 employees in the Department of Veterans Affairs do no actual work for taxpayers. Instead, they spend all of their time doing work on behalf of their union while drawing a federal salary, a practice known as “official time.”

That’s according to a report by the nonpartisan Government Accountability Office. But exactly what those VA workers are doing and why so many are doing it is not clear. The VA doesn’t track that, and the GAO report offers no clue.

Rep. Jody Arrington, R-Texas, a member of the House Veterans’ Affairs Committee, thinks the number on 100 percent official time may be much higher. He also notes that the 346 workers don’t include those who spend most, not all, of their time doing union work.

“The lack of accountability at the VA when it comes to monitoring official time suggests it might be worse,” said Arrington, who has introduced legislation that would require the department to track the use of official time, among other reforms.

Pointing to the waiting list scandals at the department, Arrington said the official time situation is reflective of the “broken culture at the heart of the VA” and adds, “I haven’t heard one good, acceptable reason why the practice has continued.”

The VA was not eager to discuss the matter with the Washington Examiner. After several days of inquiries, it responded with the following statement: “VA believes that the appropriate use of official time can be beneficial and in the public interest as stated in the Federal Service Labor-Relations Statute, which governs how executive branch agencies treat official time. VA takes the position that labor and management have a shared responsibility to ensure that official time is authorized and used appropriately. VA practices are in compliance with the Federal Service Labor-Relations Statute.”

Official time is allowed under the 1978 Civil Service Reform Act. The idea behind it is to ensure that a federal employee who is also a union official won’t be penalized for being away from work if he or she is negotiating a contract or addressing a worker grievance, for example. It is essentially a trade-off for the limitations put on federal unions, such as prohibitions on striking.

At least 700 federal workers do nothing but work on official time, according to the GAO and data obtained from various Freedom of Information Act requests. The VA uses official time far more than any other agency.

“Employees spent approximately 1,057,00 hours on official time for union representation activities … In addition, the data show that 346 employees spent 100 percent of their time on official time,” the GAO found in a January report.

It is possible that even those figures are conservative. The GAO said the said the VA’s poor monitoring meant the data was “inconsistent and not reliable.”

The GAO didn’t know what the employees are doing with all of that time. “We just didn’t get into that in that particular study,” said Cindy Barnes, the GAO’s director of education, workforce and income security issues and author of the report.

Part of the explanation is that the VA is one of the largest federal agencies with 373,000 workers, making it second only to the Pentagon in the sheer size of its workforce. About 250,000 VA workers are covered by collective bargaining agreements, according to the GAO, citing 2012 data. Arrington puts the covered figure at 285,000.

By comparison, the Department of Homeland Security has 240,000 workers and the Department of Commerce has just under 44,000 workers. But those departments get by with proportionately far fewer people working exclusively on official time. DHS has 39, while Commerce has just four.

Another factor is that the VA’s workforce is represented by no less than five unions: The American Federation of Government Employees, the National Association of Government Employees, National Nurses United, the National Federation of Federal Employees and the Service Employees International Union.

National Nurses United representative Irma Westmoreland was the only union official willing to talk about the practice with the Washington Examiner. She is one of five nurses union members who work exclusively on union time at the VA. The union has another nine who spent 80 percent of their time at the VA on official time, she said.

Westmoreland said her work was necessary because nurses can’t simply stop taking care of a patient to do something like address a worker grievance. People such as her do the union work and make it possible for the other nurses to focus on providing care.

“I have to travel across the country working with 23 VA facilities in four time zones,” she said. “The management teams want somebody at 100 percent official time so they don’t have to pull somebody out of care.”

But not everyone at the VA is involved in care. So what are the other 341 exclusive official time workers doing? Westmoreland had no insight.

“I don’t know how the other people do it,” she said.

American Federation of Government Employees President J. David Cox told Arrington’s subcommittee in February that official time involved activities such as “designing and delivering joint training of employees on work-related subjects and introduction of new programs and work methods that are initiated by the agency or by the union.”

He added that “in no way did the [February GAO] report suggest that the use of official time presents problems for the department.” The report sought only to quantify the amount of time used.

Arrington argues that the practice has to change if the VA is ever to be truly reformed. He has sponsored the Veterans, Employees and Taxpayer Protection Act, which would require the VA to track the use of official time. It also would prohibit employees involved with direct patient care from spending more than a quarter of their work hours on union activities and bar any VA employee from spending more than half of their time on official time.

The legislation would effectively put VA employees under right-to-work protection. The VA would be prohibited from agreeing to union contracts that force workers to join or otherwise support a union as a condition of employment.

Westmoreland said she has no trouble with better tracking the use of official time but warns against putting any limitations on its use.

“It makes it very difficult if you cannot have set official time,” she said.

Trump’s EO on Voter Fraud Commission

Posted on by

Read the text here. The ‘voting rights’ division at the Justice Department may just have an issue with this, but the commission should happen along with a technology fix going into the future. We cannot forget that DHS contacted several states prior to the voting season last Fall concerning registration databases and voting machines. Some states cooperated while others frankly did not only not trust government intrusion but DHS.

Image result for voter fraud

Trump signs executive order launching voter fraud commission

President Trump signed an executive order on Thursday to launch a commission to review alleged voter fraud, a White House official confirmed to Fox News, after months of claiming voter fraud in the 2016 presidential election.

The order, titled “Presidential Commission on Election Integrity,” would establish a bipartisan commission, chaired by Vice President Mike Pence, to review alleged voter fraud and suppression. Kansas Secretary of State Kris Kobach, who has investigated voter fraud in Kansas, will serve as vice chair.

“The commission will also include individuals with knowledge and experience in election management and voter integrity,” White House Deputy Press Secretary Sarah Huckabee-Sanders said on Thursday at the White House daily press briefing. “The commission will review policies and practices that enhance or undermine confidence in elections and identify system vulnerabilities.”

Huckabee-Sanders announced five members to the commission on Thursday: Indiana Secretary of State Connie Lawson (R), New Hampshire Secretary of State Bill Gardner (D), Maine Secretary of State Matthew Dunlap (D), Christie McCormick, commissioner of the election assistance commission, and former Ohio Secretary of State Ken Blackwell(R).

The White House said the commission will review practices that affect the integrity of federal elections–spanning improper registrations, improper voting, fraudulent registrations, fraudulent voting and voting suppression.

“We expect the report to be complete by 2018,” Huckabee-Sanders said. “The experts will follow the facts where they lead–we’ll share updates as we have them.”

Trump originally vowed to create such a commission in January. Days after his inauguration, Trump took to Twitter calling for a “major investigation into VOTER FRAUD,” saying that depending on the results of the investigation, “we will strengthen up voting procedures!” He cited “illegal” voters and “those registered to vote who are dead (and many for a long time)” which he claimed cost him the popular vote, which Hillary Clinton won by 3 million votes.

But on Thursday, Senate Minority Leader Charles Schumer, D-N.Y., slammed the commission.

“Putting an extremist like Mr. Kobach at the helm of this commission is akin to putting an arsonist in charge of the fire department,” Schumer said. “President Trump has decided to waste taxpayer dollars chasing a unicorn and perpetuating the dangerous myth that widespread voter fraud exists.”

Voting experts and many lawmakers have said they haven’t seen anything to suggest that millions of people voted illegally, including House Oversight Committee Chairman Jason Chaffetz. The Utah Republican said his committee won’t be investigating voter fraud.

In a lunch meeting with senators in February, Trump said that he and former Republican Sen. Kelly Ayotte would have won in New Hampshire if not for voters bused in from out of state. New Hampshire officials have said there was no evidence of major voter fraud in the state.

In a February interview with Bill O’Reilly, Trump said the main issue of voter fraud was registration, and vowed to look at the situation “very, very carefully.”

“When you look at the registration and you see dead people that have voted, when you see people that are registered in two states, that have voted in two states, when you see other things, when you see illegals, people that are not citizens and they are on registration roles,” Trump said. “We can be babies, but you take a look at registration, you have illegals, you have dead people, you have this, it’s a really bad situation, it’s really bad.”

The decision to revisit the voter fraud issue comes during a tumultuous week, after Trump on Tuesday fired FBI Director James Comey. The administration cited Comey’s handling of the Clinton email probe, but Democrats also question what role his bureau investigation into Russian meddling in the 2016 race played.

In a House Intelligence Committee hearing on Russian election tampering in March, voter fraud became a topic of questioning — Committee Chairman Devin Nunes, R-Calif., asked Comey if the FBI had any evidence that votes were changed in states like Pennsylvania, North Carolina, Florida, and Ohio, to which Comey answered “No.”

After winning the election, Trump singled out several states and claimed fraud in their voting system, but officials in those states insisted that his claims were unfounded.

No Cyber Policy, Doctrine, Protection, Result of Senate Hearing

Posted on by

President Trump signed another executive order today. This one is on cyber security and protecting infrastructure. Read it here.

Image result for trump signs executive order BusinessInsider

No one wants to participate in the hard debate regarding cyber, where it is noted to be the highest threat for the homeland. At least the Trump White House is taking note, yet this executive order may not be enough or engage the private sector. It is gratifying however that some inside and outside experts are in fact having talks on an international basis with cyber experts. That is always a good thing.

At issue on this topic is the path forward and the estimated costs. Cyber is a battlespace where it should be noted it could cost what conventional military operations costs against adversaries and could take as long if not forever. All government infrastructure is dated, unprotected and there are no measures to correct in a priority ranking.

The other item of note, there is no legal or case law condition where the cyber attackers are prosecuted. Exactly why did Sony not sue North Korea? If there is no consequence, even ceremoniously, then expect more hacks. Of note, to sue and or sanction North Korea, China would have to be included, as the internet connectivity to North Korea is provided by China and further, China trained the hackers in North Korea….sheesh right?

Politico reports: The directive is Trump’s first major action on cyber policy and sets the stage for the administration’s efforts to secure porous federal networks that have been repeatedly infiltrated by digital pranksters, cyber thieves and government-backed hackers from China and Russia.

“The trend is going in the wrong direction in cyberspace, and it’s time to stop that trend and reverse it on behalf of the American people,” White House Homeland Security Adviser Tom Bossert told reporters during a Thursday afternoon briefing.

Cyber specialists say the order breaks little new ground but is vastly improved over early drafts, which omitted input from key government policy specialists. The final version, cyber watchers say, essentially reaffirms the gradually emerging cyber policy path of the past two administrations.

As part of the executive order’s IT upgrade initiative, administration officials will study the feasibility of transitioning to shared IT services and networks across the government. An estimated 80 percent of the $80 billion federal IT budget goes toward taking care of aging systems.

Senior Trump adviser Jared Kushner’s Office of American Innovation will play a significant role in the federal IT modernization effort, multiple people tracking the efforts have told POLITICO. Earlier this month, Trump signed an executive order creating the American Technology Council, with Kushner as director, to help coordinate that effort. More here.

*** Personally, it must be mentioned there is a problem with this operating out of the White House and certainly out of Jared Kushner’s office, he is way too tasked to be effective. Other professionals in the cyber realm agree, the matter of a ‘net’ command and operations that collaborate with the private sector should be it’s own command and separated from NSA.

There was a significant hearing today on The Hill while the FBI hearing was going on. Those on the witness panel included James Clapper, Jim Stavridis and Michael Hayden. The Senate Armed Services Committee hosted this session and it included high rate discussions including why there is no cyber doctrine, why there are no offensive measures and what the highest cyber threats are for the homeland.

Proposed Legislation on Citizen Feedback on Govt Services

Posted on by

So, do you think your voice regarding the federal government goes unheard? Actually it is heard and it is scored. At issue is whether any substantial corrections are made. This proposed legislation may help and it is a step at least in the right direction.

Most of us don’t bother to even voice or register complaints. Perhaps we should rethink that. Who even knew in the first place there was a tally operation on public comments and it is referred to as ‘customer service’? Hah…

Problem is there is not an agency does not have issues….okay then, let the games begin…read on.

Primer: OMB belongs to the White House:

The Office of Management and Budget (OMB) serves the President of the United States in overseeing the implementation of his vision across the Executive Branch. Specifically, OMB’s mission is to assist the President in meeting his policy, budget, management and regulatory objectives and to fulfill the agency’s statutory responsibilities.

OMB carries out its mission through five critical processes that are essential to the President’s ability to plan and implement his priorities across the Executive Branch:

  1. Budget development and execution.
  2. Management, including oversight of agency performance, human capital, Federal procurement, financial management, and information technology.
  3. Regulatory policy, including coordination and review of all significant Federal regulations by executive agencies.
  4. Legislative clearance and coordination.
  5. Executive Orders and Presidential Memoranda.

*** Image result for omb

Congress could be poised to take on the federal government’s customer service problems.

Sens. James Lankford, R-Okla., and Claire McCaskill, D-Mo., Wednesday introduced the Federal Agency Customer Experience Act, bipartisan legislation that would simplify the process agencies go through to gather public feedback about their customer service.

The bill would roll back requirements that force agencies to go through lengthy approval processes to gather voluntary feedback from citizens and customers, and further creates both legislative and executive oversight mechanisms to oversee how agencies deliver services.

“The bill also directs agencies to post the results to their websites and requires them to use the feedback they receive to improve government services,” Lankford said in a statement. “We must do more to increase federal customer service and remove unnecessary requirements that make basic services tedious and overly bureaucratic.”

The legislation mandates agency heads—or designated officials—collect voluntary feedback from customers “with respect to services of or transactions” made by the agency.

Feedback would be gathered across all channels based on both standardized questions created in tandem by the leaders of the Office of Management and Budget director and the General Services Administration, and agency-specific questions developed by senior officials. Those questions would revolve around customer satisfaction, such as the professionalism and timeliness of federal action and potentially other metrics.

Agencies would be required to submit customer service reports based on the feedback they collect to OMB and to post it on their websites. In addition, the legislation would create a centralized website that links to all agencies’ customer service reports.

“Most people think interacting with the federal government is unpleasant—but at the same time we’re making it difficult for agencies to ask the public how they can improve—it makes no sense,” McCaskill said. “This law will allow the federal government to better identify specific customer service issues and start to implement changes to make the government work better for the American people.”

Congress, too, would get regular updates on how agencies perform with regards to customer service.

The bill would require the U.S. comptroller general to deliver scorecard reports “assessing the quality of services provided to the public” of agencies to the Senate.

Fixing the government’s customer services woes—the government routinely ranks below industry—could unite Republicans and Democrats in much the same way the government’s IT issues have. The Obama administration elevated customer service as a major issue, yet agency progress was minimal.

Max Stier, CEO of the government-focused nonprofit Partnership for Public Service, said the Federal Agency Customer Experience Act will help agencies improve their service delivery.

“The important legislation introduced today by Sens. Lankford and McCaskill will allow agencies to continue to improve by helping them better understand the concerns of the public, continue to improve in the delivery of services and increase citizen satisfaction,” he said in a statement.