Tag Archives: Yuan Gu

Pentagon looking at 3-D technology to revolutionize national defense

WASHINGTON – Last November, the Department of Defense unveiled its Defense Innovation Initiative. A core component of the initiative is the formation of a new Long-Range Research and Development Planning Program that will purportedly target several technology areas, including how to use 3-D printing to revolutionize national defense.

Already, 3-D printing is capable of producing artificial limbs, guns and even cars. But what is limiting its wide-range use in military?

“Just because a new technology can provide a service, like printing new things, doesn’t mean it necessarily should provide us service,” said Brennan Hogan, program manager of LMI Research Institute, a private corporation that provides management consulting, research and analysis to governments.

A lot of concerns should be taken into account before massively applying this technology. For example, what’s the implication of applying it? How to ensure the quality? How to test different parts of a machine? How big the testing scale should be? And where to test — lab or market?

“Next two or three years would be additive manufacturing. And so the democratization of the ability of manufacturing,” said Jim Joyce, manufacturing strategy and operation specialist leader of Deloitte. “The breaking of the tyranny of the scale of capital machine or people who are manufacturing will be the basis of the profound revolution.”

“We do have the taxpayer in mind, but there seems to be a struggle between those of the current leadership on the Hill and their understanding of what the industrial bases is trying to do,” Hogan said.

The government’s procurement system provides lots of protections to taxpayers, but when it comes to additive manufacturing – which basically is able to reach all aspects of people’s life – some of the requirements don’t actually meet the needs of what things are being proposed.

“The potential for revolutionary advancement is absolutely there. Where we are, though, is that we have an acquisition system that is ill-suited to deal with that,” said James Kenyon, director of advanced programs and technology at Pratt & Whitney. “Why? Because these things cost taxpayers’ money.”

The current stage of additive manufacturing is still evolutionary as DoD is working on determining which hardware out of the hundreds of thousands should be replicated using this new technology instead of using them to do something logistically different.

However, we’ve already seen many 3-D printing use in military. The naval dental school has been printing bridges for people in their mouths for almost 30 years. The customization of an individual’s physiology and the lack of infection makes it a perfect alternative for traditional artificial teeth. It is also used in modification of weapons so that they are more customized for individuals, rather than mass produced. Another typical example for its military use is its rapid equipping ability. Whenever troops need something that they didn’t have at the moment, they can just print it out in a short time.

“The revolution comes by when you can certify the results of additive manufacturing,” Joyce said. “We should break the logistic pressure by unleash the technology in various ways.”

Seeking better government cybersecurity, before and after the OPM data breach

WASHINGTON – After personnel data held by the Office of Personnel Management was compromised by hackers, the dispute over the improvement and possible reform of federal government’s cybersecurity system has become heated.

The OPM data breach resulted from a compromise of a highly privileged user’s credential, which also gave them access to the data center of the Department of Interior. Although no data was stolen from within DOI’s system, it triggered a large concern about the department’s computer network protection system.

According to the Federal Information Security Management Act, each deferral agency should develop, document and implement an agency-wide program to provide information security. But in reality, many federal agencies are using information protection services provided by other departments, such as DOI. The reason behind it is for economy purposes, according to Sylvia Burns, chief information officer of DOI. “You can gain economy from the scale. So it’s less expensive and more efficient for a customer to consume services from a provider like that.”

In 2005, OPM first became a customer of DOI’s data hosting service. DOI offers its IT infrastructure and host information, ensures the connection between DOI and OPM, and encrypts the connection between the two agencies.

“Shared service is a concept of creating a more robust, centralized point of service around specific activities,” Burns said, explaining the origin of this concept. According to Burns, a 2001 data breach in DOI resulted in disconnecting five DOI bureaus from the Internet for about six and half years. For the fear of being disconnected again, all the bureaus and offices in the department created separate protections for themselves. In that state, cooperation became hard because they were trying to protect themselves from being associated with trust data. In 2008, DOI reconnected those organizations back to Internet, and it turned out that they had difficulty just doing day-to-day work because of the security controls. That’s when the department began to create the segmented system.

Although this time’s data breach was not a result of technical failure, DOI hasn’t seriously treated the 3,000 critical vulnerabilities in its hundreds of publicly accessible computers that were identified by the Office of Inspector General. But viewing this issue from a broader perspective, OPM fell into a trap of an outdated model of cybersecurity system, which we call “line of sight governance.” This is a belief that I can walk down a corridor to where everybody is working and then I have the control of the security surrounding them. In the era of Internet when everyone is connected with the outside world, it’s just impossible to ensure their security by believing that internal system is absolutely secure.

The new model, called the BeyondCorp initiative, assumes that the internal network is as dangerous as the Internet. Using authentication, authorization and encryption, trust is moved from the network level to the device level. For example, Google staff are required to use a security key when connecting their computers to the Internet. When the security key is plugged into the USB portal, it automatically generates a one-time password. With this one-time password and the staff’s own username and password, the Internet is accessible.

“It’s relatively easy to get online in the company, but it can be very hard to access to the internal system when you are at home because a VPN is needed. And not everyone can get it unless you are at certain rank,” said Jiasong Sun, a Google employee. Some companies including Coca-Cola Co., Verizon Communications Inc. and Mazda Motor Corp. are taking a similar approach.

Several questions about DOI’s role in the breach remain unanswered, including whether or not other agencies may have been compromised, how many breaches took place at DOI and whether or not the attackers are still in the system. But this two factor authentication system is a possible solution that the DOI is considering to take after the data breach.

Rep. Will Hurd (R—TX) urges federal agencies and their CIOs to review past IG reports and address the vulnerabilities that have been identified. “We know what needs to be done, we just need to do it,” Hurd said.

Opportunity for tech companies after OPM data breach

WASHINGTON – In the wake of the huge data breach at the Office of Personnel Management, tech companies are in a competition to provide cheaper, more reliable cybersecurity service to the federal government.

The Defense Leadership Forum, an organization specializing in defense issues, sponsored a summit Tuesday offering details and insights related to landing contracts with the Department of Defense.

Sylvia Burns, chief information officer of the Interior Department, which provides cybersecurity service to OPM and other federal agencies, said that centralizing data protection service – the model in place when the OPM data breach occurred in April – is affordable and efficient, but has a big downside. When the OPM data was compromised, the hacker also had access to the data center at Department of Interior.

As a consequence, the Defense Department wants tech companies, including small businesses, to propose cheaper, yet still reliable ways of protecting the Pentagon’s vast storehouse of sensitive information. The government still needs a competitive environment for cost reduction purposes, said Kenneth Bible, deputy chief information officer of the United States Marine Corps.

Shawn McCarthy, research director of International Data Corp., a company that provides advisory services on information technology, said the Defense Department’s information technology budget has actually decreased by 12 percent since 2006. That budget includes hardware and software development and IT service. But money spend on IT service – data hosting, data encryption and the like – has seen a significant increase, compared to the other two areas, McCarthy said.

The reason behind that is the emergence of the so-called 3rd platform era, which has cloud as its core. In the coming 3rd platform era, hackers may be able to reach trillions of IP-addressable devices, monitors, and sensors of billions of users through new applications. That’s why government is paying more attention to cybercrime.

It is going to be a big business opportunity for tech companies when the Pentagon’s budget on cloud service reaches to $21.1 billion next year. In order to have a win-win relationship with the government, “IT vendors need to keep a close eye on price points while government is becoming increasingly sophisticated when it comes to comparing price and functionality,” McCarthy said.