Federal Allies Institute Board Members Join Treasury Panel on Small Business

December 16, 2016

screenshot-4764

Federal Allies Institute Board Members David T. Boddie, Founder & Executive Director and Gabriel Fulton, Chairman of the Board and CEO Sintel Group Inc. participate at US Treasury Department Panel hosted by Jose Arrieta, Director OSDBU and moderated by Brian Watson of Treasury OSDBU. https://lnkd.in/dgvQY9a

 


200th Anniversary U.S. Senate Foreign Relations Committee

December 6, 2016

December 10, 1816
Senate Creates Permanent Committees

Photo of Foreign Relations Committee in Session

For its first quarter-century, the Senate tried to operate without permanent legislative committees.  From 1789 until December 1816, the Senate relied on three-to-five-member temporary—or “select”—committees to sift and refine legislative proposals.  A late eighteenth-century guidebook to “how a bill becomes a law” would have explained the process in three steps.  First, the full Senate met to discuss the broad objectives of a proposed bill.  Next, members elected a temporary committee to convert the general ideas expressed during that floor discussion into specific bill text.  The senator who received the most votes automatically became chairman.  This system ensured that committees would consist only of those who basically supported the proposed legislation and that activist members would have more committee assignments than those who were less engaged in the legislative process.  In the third step, after the committee sent its recommendations to the full Senate, it went out of existence.

In 1806, concerned over the increasing amounts of time consumed in electing dozens of temporary committees each session, the Senate began to send new legislation to previously appointed select committees that had dealt with similar topics.  Soon, the Senate also began dividing the president’s annual State of the Union message into sections by subject matter and referring each section to a different select committee.

The emergency conditions of the War of 1812 accelerated the transition from temporary to permanent committees by highlighting the importance of legislative continuity and expertise.  In December 1815, at the start of a new Congress and with the war ended, the Senate appointed the usual select committees to consider the president’s annual message, but, when those panels completed that task, the presiding officer assigned them bills on related subjects, thereby keeping them in operation.  During that session, however, the Senate also appointed nearly 100 additional temporary committees.  Once again the upper house was spending excessive amounts of time voting on committee members.

On December 10, 1816, the Senate took the final step and formally converted 11 major select panels into permanent “standing” committees.  This action ensured that those committees, each with five members, would be available not only to handle immediate legislative proposals, but also to deal with ongoing problems and to provide oversight of executive branch operations.

(Photo:  Members of the Foreign Relations Committee meet, ca. 1970. Senate Historical Office)

Reference Items:

U.S. Congress. Senate. The Senate, 1789-1989, Vol. 2, by Robert C. Byrd. 100th Cong., 1st sess., 1991. S. Doc.100-20.


When U.S. Small Business Administration Office of Advocacy was a Start-Up

June 28, 2016

IMG_3708 (4)

At the 40th Anniversary Symposium for SBA’s Office of Advocacy, June 22, 2016 in Washington, D.C., former Chief Counsels reminisce. Still, 40 years after the creation of the Office of Advocacy and other legislation was passed, the Office of Advocacy still needs more influence to enforce required small business review panels at many federal agencies that regularly ignore the well-being of small businesses across America. See SBA Advocacy Part One and Two.

Part One

Part Two

For more information, contact FederalAllies.org.


Kingdomware Technologies v. US

June 16, 2016

Screenshot (231)Kingdomware Technologies v US LaTonya Barton.png

A Very Important Ruling: Kingdomware Technologies v. US

By David T. Boddie

The Supreme Court ruling is very strong for Veterans 8 to 0.  The Rule of Two preference for Veterans is fine with the Court and the unanimous vote is hard to argue with.  And it’s not going to change anytime soon.  The Rule of Two is a mandatory requirement for the Veterans Administration.

This small business won its case.  It mattered that Kingdomware Technologies won its case. It’s a validation of the entire concept that Veteran-Owned Small Businesses deserve the preference that The U.S. Congress enacted into law.  It wasn’t thrown out, nobody challenged it and said you guys don’t deserve it, nobody said it’s unconstitutional or anything like that.  Its fine with the Supremes.

How many other small businesses would go to the trouble?

After four years in pursuit of the ruling, a lot of help and pro bono, the heroic efforts of Kingdomware Technologies paid off.

Who else is going to challenge to their right of a preference after this court ruling?


The Intelligence Science and Technology Partnership

May 19, 2016

Leveraging the national security science & technology enterprise to meet IC needs.

In-STeP is a program managed by the Office of the Director of National Intelligence Director of Science and Technology.

Strong, if often quiet, partnerships between the U.S. private and public-sectors remain the cornerstone of ensuring an overwhelming intelligence advantage for our nation’s decision makers and warfighters.  In-STeP is designed to empower the IC science and technology (S&T) enterprise and its partners to properly inform investment decisions by ensuring additional synergy in intelligence-related research efforts.

In-STeP Vision:

To better align public and private sector S&T efforts in support of intelligence needs.

In-STeP Mission:

Enable senior IC leadership to effectively manage risk by anticipating mission needs, informing stakeholders of S&T- related developments, shaping S&T investments and efforts, strengthening integration, and leveraging partners and resources outside of the National Intelligence Program to solve problems of interest.

Adoption and implementation of In-STeP will remain critical for aligning the IC S&T enterprise and partners’ pursuits with future intelligence and broader national security needs.

In-STeP One-on-One Meetings:

In-STeP One-on-One Meetings provide the opportunity to present your S&T projects to IC stakeholders.  To be successful, technical presentations should be focused on how proprietary S&T efforts align to the IC S&T Needs contained in the FY2015-2019 IC S&T Investment Landscape, and provide detailed and practical presentation materials.  After the meeting, materials may be provided to a closed, proprietary-cleared, government stakeholder group.

In-STeP One-on-One Meetings can be scheduled via S&TInvestment@dni.gov or S&TInvestment@dni.ic.gov (JWICS).

Unclassified Website: http://dni.gov/in-step    R-Space: https://rspace.dodiis.ic.gov (JWICS)

The In-STeP team is available to address questions about the meetings and schedule the presentation date.  To ensure broad IC participation, contact the In-STeP team at least one month in advance of the desired presentation date.

In-STeP and the One-on-One meetings provide the rational, traceable, and defensible foundation for aligning the IC S&T enterprise and partners’ activities against IC Needs.  Furthering this mission are the DS&T’s Intelligence Ventures in Exploratory Science and Technology (In-VEST) and Intelligence Formulation of Risk Management (In-FoRM) activities.

In-VEST: Provides the DNI with substantiated research investment guidance to resolve In-STeP-identified challenges.

In-FoRM: Leverages In-STeP-derived solutions to inform acquisition decisions and further integrate and align the IC.

IC S&T INTELLIGENCE COMMUNITY SCIENCE & TECHNOLOGY

IC S&T Investment Landscape

  1. Collects the S&T Needs of the National Intelligence Managers, the combatant commands, and other IC stakeholders.
  2. Provides an auditable, rational structure linking S&T investments to customer Needs.
  3. Creates a common basis for leveraging government, industry, and academic efforts.

IC S&T Investment Landscape- Partner Responses

  1. Provides a high-level matching of public- and private-sector partners’ existing programs to the IC-wide Needs captured in the Landscape.
  2. Provides IC developers with unprecedented insight into the commercial solution marketplace.
  3. Offers a resource for industry and government S&T planning as well as procurement and acquisition insight.

IC S&T Strategic Plan

  1. The charter document guiding the IC’s S&T activities.
  2. Advances the IC’s ability to manage risk across the National Intelligence Program.
  3. Incorporates insights from the Landscape Needs-driven, industry-led, S&T roadmap activites.

 


Cyber Security: No Pain, No Gain

July 15, 2015

By Hans Holmer

Senior Cyber Strategist, Technical Counterintelligence Center

INTELLIGENT DECISIONS

Leaders of companies frequently find themselves at a loss for how to lead in the cyber arena.  Typically, from the C-Suite point of view,  “cyber” appears to be a technology problem rather than a people problem–and the technology moves way too quickly for us ordinary mortals to keep up.  Too often the “people aspect” of cyber security is overlooked and, yet, it is one of the most critical areas, where leaders can do their company and their employees the most good.  In fact, cyber security is like exercise: No pain, no gain.

For example, the traveling executive is likely to be the senior leader who travels the world carrying electronic devices that hold crucial company intellectual property and proprietary data.  He or she is also too busy to deal with painful security requirements that interfere with work and their computer has just the sort of data that are of critical value to the business… and to competitors or even foreign governments.  It doesn’t take a genius to know that a number of countries are gaining access to US intellectual proprietary and patented information by cyber means.  As of mid-2014, Bloomberg estimates that more than $445 billion worth of intellectual capital was lost this way. (http://www.bloomberg.com/news/articles/2014-06-09/cybercrime-remains-growth-industry-with-445-billion-lost )

So how can companies protect their traveling executives and lead their business in cyber security?  By demonstrating that cyber security is business resiliency. That data protection is important enough to put above the pain of “not doing things the way you’ve always done them.”  By proving that you are willing to accept pain to secure their data when traveling. All the data show that changing our behavior is the key to stopping breaches, hacks, and data loss.

  • Take the time to install every security update and patch. Almost all intrusions depend on software vulnerabilities for which patches have been issued but not installed.  Computers that connect inside and outside the corporate network are particularly at risk because users rarely are willing to let the update process detract from work demands.  So if traveling senior executives demonstrate how protecting their computer is critical to the business and demand that their computers maintain the highest levels of security, this alone would be a major step forward in corporate cyber leadership.
  • Use a designated computer for foreign travel. This reduces the amount of intellectual property within the computer and, in turn, reduces the chances that the computer can introduce malware when returned to the corporate network. It also prevents the disclosure of corporate log-in credentials overseas.
  • Keep computer, phones, and other devices in your sight at all times.  Sure, it can be painful.  But not as painful as the loss of intellectual property, competitive advantage, and lost business.

When corporate leadership demonstrates that cyber security is important and that useful countermeasures are worth the pain, it sets the priorities for the rest of the organization.  By taking the lead in secure technology use while traveling abroad, senior leadership can set the tone for the entire corporation and enjoy increased cyber security practices.  In the process of learning to use  technology securely, everybody benefits.  It’s a win for leadership and for cyber security.  Not only does it demonstrate that mitigating risks while traveling is important, but also that protecting company data on the corporate network is important.  The same countermeasures that secure a travel computer will secure a corporate network. Doing one but not the other is nothing more than a waste of time.  Cyber security is very much an all-or-nothing kind of problem; it’s “data ecology.” The entire network as well as all the employees need to actively participate.  And it starts at the top.

 

Hans Holmer works in the Technical Counterintelligence Center of Intelligent Decisions.  He can be reached at hholmer@intelligent.net or 703.599.4735.

Hans is a retired CIA officer with about 20 years in cyber, 26 years in intelligence  and over 40 years in computers and similar technologies.


Cyber: Lightning or potholes?

May 8, 2015

By Hans Holmer

When you read about big breaches of corporate data, the breaches are generally described as the computer equivalent of “lightning,”  something so fearsome and unstoppable that only the government and draconian laws could prevent those breaches.

To the cyber practitioner, the more apt analogy for breaches is potholes.  Like potholes, vulnerabilities in software and hardware are ubiquitous, not that hard to fix, and new ones are discovered all the time.  The sheer scales of devices that need to be patched and the number of patches and updates that need to be deployed is daunting but the actual installation of a patch is not complex.  This is important because almost all breaches depend on unpatched computers to succeed.  The lightning strikes, more properly called 0-days, are extremely rare.

The key to keeping a street pothole-free is first to know what streets you are responsible for and what kinds of road surface they use.  The same is true of computer networks.  You need to know all the devices and software on your network – PCs, printers, servers, routers, scanners, etc.  Any devices and software that are not yours present a threat unless moved to a separate network.  When you know your network you can patch it – all of it.

Once you know the roads you are responsible for, you can determine whether the road surfaces are appropriate for the traffic that uses them.   You’ve noticed that highways have different surfaces than neighborhood roads.  In IT network terms, you need to ensure that users and processes have credentials that are appropriate for the kind of work they do so that no users or processes have more access than they need.  Only a small percentage of users should have administrative privileges, and those privileges should be allocated for particular purposes.

When it comes to detecting potholes, system administrators have an easier time than city managers.  Most modern operating systems benefit from monthly patch-cycles.  If you have computers that no longer receive patches, such as 13-year old Windows XP operating system, it might be time to repave that road.  It is no surprise that breaches are ubiquitous given that 17% of computers still run Windows XP one year after Microsoft stopped issuing patches and it is hard to blame those vulnerabilities on hackers.  By the way, the most common Windows operating system, with 58% of the total market, is Windows 7 which was released in 2009.  It is now on “extended support” until 2020.  There is a strong argument for re-paving the road before it becomes one giant pothole.

You already know that most urban streets have more potholes than are good for your car.  In a nutshell, this is because inadequate resources are devoted to maintaining the streets and nobody wants to block the street while repaving it.  The same is true of computer networks.  The damage done to vehicles is not borne by the city and the cost of a network breach is similarly unpredictable, unlike the cost of securing the network.  In both cases, high known costs outweigh uncertain, but almost certainly orders of magnitude higher, future costs.

If you had to track the pothole repair metrics, you’d track the number of streets that are completely patched.  You can do the same for networks.  If you compile the percentage of PCs that are fully patched plus the percentages of all other devices which are fully patched, that would create an indicator of the security of a network.  Given that the vast majority of breaches exploit these fundamental vulnerabilities, it is an adequate proxy for the security of the network.

Once you have reached a state where your average security is predictably high, it is time to bring in experts who can help you defeat the lightning strikes.  It is well known that 0-days seek your most valuable items, in whatever form it takes, be it intellectual property, customer specifics or money.  By implementing expert countermeasures focused on protecting your critical data and processes, you can reach that rare state of having neither potholes nor lightning in your network.

 

Hans Holmer works in the Technical Counterintelligence Center of Intelligent Decisions.  He can be reached at hholmer@intelligent.net or 703.599.4735.

Hans is a retired CIA officer with about 20 years in cyber, 26 years in intelligence  and over 40 years in computers and similar technologies.