Clips August 25, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips August 25, 2003

ARTICLES

Bush taps NTIA deputy to take over as chief 
Forecasters focus on better weather models 
Information technology permeates Defense appropriations bills 
Hackers Steal 13,000 Credit Card Numbers 
Fugitive Texas Democrats Helped by Web Drive 
Japan moves ahead with national ID system
U.S. demands biometric passports; world may not be ready
*******************************
Government Computer News
Bush taps NTIA deputy to take over as chief 

By Wilson P. Dizard III 
GCN Staff

President Bush has nominated Michael D. Gallagher as the next administrator of the National Telecommunications and Information Administration. 

Gallagher is the deputy assistant secretary for NTIA now and is a former deputy chief of staff and counselor to the Commerce secretary for policy. As assistant secretary of Commerce for communications and information, he would ascend to NTIA?s top post. 

?I believe Mike?s vast experience in telecommunications policy will serve the department well, and I look forward to working with him on such critical issues as the deployment of broadband and management of our nation?s airwaves,? Commerce secretary Donald Evans said in a statement. 

If the Senate confirms him, Gallagher would succeed former NTIA chief Nancy Victory, who stepped down from the post earlier this month.
*******************************
Government Computer News
08/25/03
Forecasters focus on better weather models 
By Patricia Daukantas 

Four agencies and a federally funded research center have signed an agreement to develop a system to create weather forecasts with a higher degree of precision than current models can. 

It may take a decade to prepare the new Weather Research and Forecasting (WRF) system to generate the forecasts that make the evening news, said Steve Lord, director of the Environmental Modeling Center at the National Centers for Environmental Prediction (NCEP). Scientists, however, will be able to use WRF within a few years for meteorological research. 

To build the system, NCEP?s parent agency, the National Oceanic and Atmospheric Administration, is joining with the Air Force, Federal Aviation Administration, the National Center for Atmospheric Research in Boulder, Colo. and the Navy. 

The Navy has a substantial weather forecasting effort at its Fleet Numerical Meteorology and Oceanography Center in Monterey, Calif., and the Air Force Weather Agency generates predictions for military aviators out of Offutt Air Force Base in Nebraska. 

The team of agencies has been developing WRF for a couple of years now, and the cooperative agreement formalizes the effort, Lord said. 

WRF is a computer model capable of showing weather patterns with a horizontal resolution of 1 to 10 kilometers, compared with the 5 to 12 kilometers typical of existing operational models. Meteorologists have been pursuing greater detail in forecasting models to improve warnings of small-scale but destructive events such as tornadoes and thunderstorms. 

After extensive testing, WRF eventually will replace the mesoscale models that NCEP now uses to generate the nation?s daily weather forecasts.
*******************************
Government Executive
August 22, 2003 
Information technology permeates Defense appropriations bills 
By William New, National Journal's Technology Daily 

The Defense Department appropriations bills passed by Congress are peppered with references to information technology programs. 


Defense appropriations eclipse all other agencies in the federal government. The White House requested $372 billion overall; the House provided $369 billion, the Senate $386.6 billion. 


The House offered $27.6 billion for information technology, undercutting the White House request of $27.9 billion by some $321 million. The committee said it "remains concerned about the continued growth in information technology programs, particularly the growth in operation and maintenance accounts." 


The committee said that during the past two years the IT budget has increased over 15 percent in the operation and maintenance accounts. The committee said it fully supports the department's "transformation" of its systems and methodologies, but said it "continues to believe that the Department of Defense must be more effective in eliminating unneeded legacy [pre-existing] systems and consolidating the large number of disparate networks that are currently being maintained." 


This led to reductions of $100 million for Navy and Air Force, and $60 million for Army and department-wide. 


Programs in the IT category of the budget include Army programs in online technology training and distance learning. It also includes a study on how Internet and wireless technology are transforming military life, and an Army Web-based portal initiative. 


Another significant IT appropriation is the Future Combat System, which the House would give $1.7 billion. That program is a family of advanced, networked systems that are air and ground-based and will work as a single entity instead of a collection of disparate systems. 


Also, the Air Force requested $439 million for an advanced wideband system, but the House cut that to $289 million. The system is envisioned as using satellite laser communications and Internet protocols to provide a "significant leap" in communications bandwidth for the military, intelligence community and NASA, the committee said. 


But the committee said it fears the "extremely aggressive [advanced wideband system] acquisition schedule could ultimately become a rush to failure." The committee said it is "further concerned" that certain activities will occur "prior to a firm understanding of detailed user requirements, a problem significantly exacerbated by the number and variety of users that must be satisfied with this system." 


The House Appropriations Committee instructed the undersecretary of Defense for acquisition, logistics and technology to provide a report within 120 days of enactment of the law on the steps the department has taken to ensure that "lead systems integrator" contracting mechanisms have adequate safeguards. The notion is that lead contractors must ensure sensitive information is protected as they subcontract portions of the contract. The report must include a review of how the department intends to ensure adequate firewalls exist between the parent company and the subcontractors. 


The Senate would cut the Defense Information Systems Agency funding request of $1.1 billion to $1 billion. 


The Senate also includes $7 million for a Defense biometrics program. The Appropriations Committee encouraged the Homeland Security Department to establish a biometrics office to coordinate their biometrics efforts with Defense. 
*******************************
Washington Post
Hackers Steal 13,000 Credit Card Numbers 
Navy Says No Fraud Has Been Noticed 

By Anitha Reddy
Saturday, August 23, 2003; Page E01 

The Navy has canceled 13,000 credit cards used for government expenses after discovering that hackers had downloaded card numbers and billing records, Defense Department officials said.

Citibank, the card issuer, has found no unusual activity in the card accounts since the hacking began in July and no fraud related to the incident had been reported as of Thursday, according to a Defense Department official.

Officials and investigative teams from the Navy and Department of Defense are still trying to figure out what vulnerabilities the hackers exploited and how to prevent such attacks in the future.

"You'd think that the military would have some of the best systems in place," said Doug Howard, vice president of strategy and product development for Counterpane Internet Security Inc. "But often you'll find that the administrative networks are segmented from the core of the Department of Defense and that maybe they don't provide as much as security as some of the core networks."

Citibank finished mailing new cards Wednesday to replace the 13,000 that were compromised, said Glenn Flood, a Defense Department spokesman. More than half of the new cards have already been activated.

To reduce the chance of any unauthorized charges being made, the Navy is also beginning a gradual replacement of 9,000 other cards in the program that do not appear to have been compromised. Most of the cards have a $2,500 spending limit.

Federal Computer News reported the hacker attack and cancellation of the cards on Thursday.

The Navy discovered the breach on July 30, when a logistics center at Wright-Patterson Air Force Base in Dayton, Ohio, detected an unusual amount of traffic on one of its servers, a Defense Department official said.

The heightened activity included invoices from Citibank credit cards in the Navy's purchase card program, which managers use to order routine office supplies, such as telephones, copy paper or catered meals.

Hackers began probing the site as early as July 10, investigators determined, but they did not begin downloading the invoices, which contained card numbers, until July 24.

Two groups from the Defense Department, a criminal investigative unit and a team from the department's accounting division are studying how the attack was launched.

Howard, the security expert, noted that while banks often scramble credit card numbers for electronic transmission, the numbers often reside in a plainly readable form on a customer's network.

The Navy has been reviewing emergency purchase requests on a case-by-case basis while the cards are suspended, according to a statement from the Defense Department's purchase card management office.

The Navy, the Defense Department's inspector general, the Defense Department's Purchase Card Program Management Office, and other agencies are meeting to review the cause of the intrusion and study how to prevent such security failures in the future, a Defense official said.
*******************************
Washington Post
Fugitive Texas Democrats Helped by Web Drive 
Reuters
Saturday, August 23, 2003; 3:36 PM 
By Jon Herskovitz

DALLAS (Reuters) - The grass-roots Internet group MoveOn.org said on Saturday it expected to raise $1 million to support 11 Texas Democratic senators who fled to New Mexico over a redistricting fight.

The liberal, Web-based group, which has helped raise millions of dollars for Democratic presidential hopeful Howard Dean, launched the campaign earlier this week that will produce television ads and radio spots to criticize a White House-backed plan to redraw Texas congressional districts.

The redistricting would add about five to seven Republican seats in the U.S. House of Representatives, adding to a narrow Republican majority.

"This is the single biggest fund-raising campaign we have done on a single issue," said Zack Exley, organizing director for MoveOn.

As of early Saturday, the group had received about $850,000, with the average contribution about $30, he said. The campaign started after one of the 11 senators posted a letter on the site on Tuesday.

The Democrats fled to Albuquerque in neighboring New Mexico about a month ago to break a quorum in the state senate and stop a proposal to redraw the state's congressional districts. Republicans control the Texas Legislature for first time in 130 years.

Texas' congressional maps were redrawn in 2001 by a panel of federal judges when the legislature could not agree on a plan. Most states usually redraw maps once every 10 years when U.S. Census figures on population have been tabulated.

Leticia Van de Putte, the leader of the 11 fugitive Democrats, was pleased by the Internet campaign.

"We never imagined there would be such an overwhelming amount of support from across the country coming our way in such a short time," she said. 
*******************************
USA Today
Japan moves ahead with national ID system

TOKYO (AP)  A national computerized ID system that was criticized for its big-brother overtones when launched last year became fully operational Monday, assigning each of Japan's 126 million citizens an 11-digit number. The online database to which the numbers are linked contains every citizen's name, address, birthdate and sex. 
The database is the centerpiece of a government initiative to speed administrative procedures such as filing change-of-address forms and applying for passports. 

Three local governments  two subdivisions of Tokyo and a small town north of the capital  continued to boycott the system Monday, and a citizens' group reportedly planned to seek a court injunction to block operations. 

But the upgrade of the Juki Net system appeared to run smoother than its launch last August, when it was plagued by bugs and sparked protests calling it a threat to individual privacy. At that time six local governments refused to participate. 

Several finally decided to connect after Japan's Parliament passed a long-debated law in May to protect personal information from abuse by bureaucrats. 

The data stored in the system after it went online last August was initially used internally by the government. Beginning Monday, local governments began issuing Juki Net ID cards allowing citizens to take advantage of various administrative shortcuts. 

Some Japanese initially chafed at the idea of being assigned a number, and others complained that it smacked of the kind of surveillance carried out by Japan's pre-World War II authoritarian government. 

Home Affairs Minister Toranosuke Katayama blamed most of the early resistance on misunderstanding. 

"It's questionable to me whether detractors of the system really understand the point," Katayama said in a weekend television appearance. "It means more convenience for citizens and a more efficient bureaucracy."
*******************************
USA Today
U.S. demands biometric passports; world may not be ready
August 24, 2003

NEW YORK (AP)  Biometric technology that scans faces, fingerprints or other physical characteristics to confirm people's identities is about to get its biggest, most public test: at U.S. border checkpoints. 

Yet significant questions loom about whether the U.S. and foreign governments can meet an Oct. 26, 2004, deadline set by Congress for upgrading passports and visas to include biometrics. 

"This is the mother of all projects  there's no question about it," said Joseph Atick, chief of Identix, a maker of biometric systems. 

With fingerprint and face scanners due to be in place at air and sea ports by the end of this year and biometric visas and passports beginning to get into the hands of travelers next year, U.S. officials hope to keep the wrong people out while letting the right people in without delay. 

Biometric visas and passports, certainly, will be harder to fake. The challenge will be to equip the millions who will need the new documents in order to enter the United States, and to upgrade computer systems at border crossings. 

These are complicated endeavors, and will cost billions. 

"We're doing it at a time when money is not exactly overflowing," said Bernard Bailey, head of face-recognition biometrics maker Viisage. "That kind of slows things down." 

Biometric systems reduce patterns in a person's fingerprints, irises, faces, voices or other characteristics to mathematical algorithms that can be stored on a chip or machine-readable strip. 

When arriving travelers put their fingers into biometric scanners or stand in front of face-recognition cameras, a computer will check whether the patterns it detects match the ones the subjects gave when they were first scanned. The system also will check whether visitors appear on watch lists of suspected terrorists or immigration violators. 

The technology has been used for years to secure sensitive corporate and government facilities, and to help state motor-vehicle departments keep people from getting multiple licenses. Mexico maintains 60 million face-recognition files to prevent people from registering to vote more than once. 

After Sept. 11, 2001, interest surged in biometrics as a security tool. Last year, Congress mandated that biometrics be added to a new automated entry and exit system for travelers known as U.S.-VISIT. And it set several deadlines. 

The Department of Homeland Security expects to begin taking fingerprints and digital pictures of incoming travelers at air and sea ports in January. The biometric identifiers will be added to the bevy of data the government maintains about international travelers. 

Biometric scans at land borders with Mexico and Canada  which handle 80% of America's 440 million annual immigration inspections  are due to begin in 2005. All points of entry should have the technology by the end of that year, said Homeland Security spokeswoman Kimberly Weissman. 

But perhaps the most daunting deadline is Oct. 26, 2004. All foreigners with visas or passports issued after that date will have to carry biometric identifiers in those documents if they want to enter the United States. 

That could complicate life for the 210 U.S. embassies and consulates around the world, which will have to add a biometrics-enabled chip or strip to visas they give to people coming to the country. 

As of now, 37% of visa applicants have their visas processed by mail if they meet certain criteria. 

But unless other arrangements are made, all applicants will have to go to their nearest embassy or consulate to have their fingerprints scanned or their facial image captured by a biometrics-enabled camera, potentially swamping already taxed offices. 

Such complexities are partly why the General Accounting Office, the investigative arm of Congress, estimated last year that adding biometrics to visas would cost $1.4 billion to $2.9 billion initially, then $700 million to $1.5 billion annually. 

State Department spokesman Stuart Patt acknowledged that biometric visas will present logistical challenges. But he said the department has learned well from its experience dispensing 6 million visa cards with fingerprint biometrics, made by Drexler Technology, to Mexicans since 1998. 

A report prepared this year for the White House's Office of Science and Technology Policy was less upbeat. 

Without "substantial reductions in visa applications," forcing everyone to apply in person "may compromise staff safety" and present hardships for travelers, said the report, written by the International Biometrics Group, a consulting firm. 

The deadline could also vex many of the 27 countries whose citizens don't need visas to travel to the United States. The U.S. rule means those nations, which are primarily in Europe, must add biometrics to passports they issue after Oct. 26, 2004  or their citizens will start having to get visas. 

Those countries can use whatever kind of biometrics they want, but at a minimum, facial recognition should be included. That decision was made in May by the International Civil Aviation Organization, a Montreal-based United Nations agency that sets travel standards. 

But adding the technology to passports is no easy feat. The ICAO has not set detailed technical specifications. It is also likely that the United States itself will not be done upgrading its own new passports by Oct. 26, 2004, Patt said. 

At least one country in the U.S. visa waiver program, Australia, has already experimented with biometrics and expects to have no problem meeting the U.S. deadline. 

However, other nations report far less progress. 

Agnes Von Der Muhll, a spokeswoman in the French Embassy in Washington, said the October 2004 deadline presents "a challenge." 

"It's not so much time to proceed," she said. "We will try our best to meet the deadline." 

German officials in Washington and Berlin said it was their understanding that no final decisions had been reached on biometrics by the United States or the International Civil Aviation Organization. 

"There's a lot of confusion," said Trevor Prout, marketing director for the International Biometric Group, which plans a conference on the subject in London in September. "No one is entirely clear on what is supposed to happen and which things are carved into stone or which things are apt to change or slide." 

Some people familiar with the situation say U.S. officials might try to work out special agreements with countries that can't comply in time. 

"The diplomacy challenge is enormous," said Dennis Carlton, director of Washington operations for the International Biometric Group. 

For example, Britain does not plan to add face-recognition chips to passports until mid-2005. Until those passports are in use, British citizens will need visas to visit the United States if their passports were issued after Oct. 26, 2004. 

Consequently, British officials are discussing several options with American representatives, including "extending the deadline," according to a spokesman for the Home Office in London who spoke on customary condition of anonymity. 

Indeed, a report written in January by the departments of State and Justice and the National Institute of Standards and Technology predicted that Congress will have to push back its biometric deadlines by at least one year because of the "size and intricacy of what needs to be implemented." 

More information on US-VISIT is available online at http://www.dhs.gov/dhspublic/display?content=736.
*******************************