Dr. Hamre's Statement on Info Sys Before the Senate Armed Services Committee
Statement Before The Senate Armed Services Committee Information Systems: Y2K & Frequency Spectrum Reallocation
"The greatest threat to America today is not Iraq, Iran, North Korea, terrorism, or weapons of mass destruction. It is the potential that we will become too complacent during this time of peace." General Henry Shelton, Chairman of the Joint Chiefs of Staff
Thank you Mr. Chairman and members of the Committee. I am honored to be here. I am pleased to have the opportunity to provide the Department of Defense perspective on the threats and challenges confronting our information systems in the future. Today I would like to speak to you about three issues that are very important to our ability to achieve and sustain information superiority for our armed forces: the so-called "Y2K" problem, information assurance and the potential sale of segments of the frequency spectrum.
RELIANCE ON INFORMATION TECHNOLOGY
Worldwide, an estimated 15 billion microchips - most of which contain timing devices -- are embedded in appliances and machines ranging from clock radios to ATMs. A new automobile today rolls onto the highway with at least 100 microchips. Microchips are embedded in thermostats, leak detectors, underground storage tank monitors, boilers, lighting systems, generators, elevators, alarms, smoke detectors, sprinklers, sewage systems, security systems and automatic locks, and all of the common office equipment, including the coffee maker.
The failure of an embedded microchip in a discrete, localized computer or machine, such as a wristwatch or the air-conditioning system in a building, can be merely inconvenient. However, failure of a microchip in a critical, large, or dangerous piece of machinery -- loss of air pressure in an F-15 or a submerged submarine -- can be devastating and even life-threatening.
Virtually every week we see more and more examples of how failure in digital technology can have unanticipated and widespread repercussions. Failure in a networked computer system that is a hub or link in other computer or telecommunications systems can be catastrophic. Each one of these accidents is a warning about our the extent of our reliance on information technology and the vulnerability it has created. Several incidents have vividly illustrated the extent of this problem for us:
Just a few weeks ago, the computer system in a communications satellite more than 22,000 miles above the state of Kansas malfunctioned, and the satellite began tumbling out of control. That malfunction disrupted the satellite's ability to communicate with its customers and set off a cascade of communications failures of a magnitude never seen before. Indeed, it ranks as the worst outage in the history of satellite communications.
By conservative estimates, more than 35 million people lost the use of their pagers, including everyone from school children and repairmen to doctors, nurses, and other emergency personnel. Transplant recipients could not be notified when organs became available. Members of a bomb squad in New Jersey could not be paged to respond to an emergency call. Motorists nationwide could not use their credit cards to pay for gas at the pump. Television and radio broadcasts were broken off. Several Fortune 500 companies and news wires had their business operations impaired.
On December 31, 1996, New Zealand Aluminum Smelters' process control program had a leap year failure in its Julian calendar. When the program failed to recognize "366" as a valid date, the system shut down all smelting pot lines. Without computers to regulate the temperatures inside the pot cells, five over-heated and melted down.
Unum Corporation, an insurance company, suffered system failure because the program was written to add five years to the date of last transaction. In 1995, the program interpreted a designation of the year 2000 on a file as the year 1900, automatically canceled thousands of policies, and then deleted the files from the database.
Phillips Petroleum Company engineers ran a Y2K simulated test of its systems aboard an oil platform in the North Sea. One of the safety systems to detect hydrogen sulfide, a deadly gas, was not compliant and shut down.
Chrysler Corporation conducted an actual test of an assembly plant last year. Many of their "mission critical" systems worked, but they also had some surprises. The time clocks didn't work, and the security system shut down, and nobody could get out of the building.
THE Y2K PROBLEM IN DOD
One of the biggest vulnerabilities of our nation's information infrastructure is the so-called Year 2000, or "Y2K," problem described in several of the examples above. The Y2K problem results from the inability of computer systems at the year 2000 to interpret the century correctly from a recorded or calculated date having only two digits to indicate the year. The Y2K problem is an especially large, complex and insidious threat for the Department of Defense -- an organization with roughly the population of metropolitan Washington D.C.; the complexity of a small nation; resources to sustain a global reach; and an information infrastructure that relies heavily on old, legacy computer systems. The Y2K problem is particularly critical because of the DoD's dependence on computers and information technology for its military advantage. Moreover, DoD's national security role requires that extra precautions in allowing access to systems containing classified data and private sector programmers capable of working on the Y2K problem must be screened.
The Department of Defense has more than 25,000 computer systems, of which 11 percent (or 2,803 systems) are, mission critical. These computer systems are not simply weapons systems, the category best prepared to meet the Year 2000, but command and control systems; satellite systems; the Global Positioning System; highly specialized inventory management and transportation management systems; medical equipment; and important universal systems for payment and personnel records. DoD also operates a multitude of military bases, which are much like small towns, where the infrastructure is also vulnerable to Year 2000 problems. Power grid, heating systems, air filtration , automatic locking devices, chronometers on ships and airplanes, and any timed device, contain embedded chips that may not be Y2K compliant. The problem will also extend to all forms of commercial communication and mass transportation systems (traffic lights, trains, subways, and elevators), which will affect our men and women in uniform.
Overall DoD Strategy
The Department of Defense's goal in its Y2K efforts is to have, on January 1, 2000, a mission-capable force that is able to execute the National Military Strategy, unaffected by date-related failure of its computer systems. Consequently, DoD has established a management strategy for its Year 2000 initiatives that combines centralized policy and oversight with decentralized execution in five phases - awareness, assessment, renovation, validation, and implementation (defined by GAO and OMB in numerous reports). All military departments and defense agencies, and all individual program tracking, use these phases to track progress on Y2K compliance.
Mr. Chairman, I would like to take a few minutes to outline how we have structured DoD operations to execute this management strategy. We believe the Y2K problem warrants the attention and leadership of a CEO not just a CIO, and we have organized Y2K efforts in the DoD to ensure enterprise-wide leadership, so that we can do our job as well on January 1, 2000, as we do today. I would like to sketch briefly some of the leadership positions and organizations:
Department of Defense Chief Information Officer. The senior civilian official of the Office of the Assistant Secretary of Defense for Command, Control, Communications, and Intelligence is the DoD CIO. The CIO has Department-wide responsibility for the Y2K problem. The DoD CIO sets Y2K policy, coordinates the efforts of the Services and Defense Agencies, and monitorsY2K progress on behalf of the Secretary of Defense.
Special Assistant for Year 2000 to lead the DoD Year 2000 Oversight and Contingency Planning Office. Both the GAO and the recent Defense Science Board Task Force report recommended assignment of a strong central leader. A Special Assistant for Y2K has been designated by the CIO to lead the Y2K effort in DoD. The Special Assistant reports directly to the CIO and heads a Contingency Office that handles all multi-Component Y2K actions, such as developing DoD Y2K policy, management plans, consolidated reporting, interface assessments, contingency planning guidance and oversight, and testing oversight.
DoD Y2K Steering Committee. As Deputy Secretary of Defense, I chair the DoD Y2K Steering Committee which reviews the progress of DoD's Components toward full Y2K compliance at monthly meetings, provides guidance, and makes decisions not already resolved at a lower level. The Committee serves as a forum for sharing information, eliminating overlaps, resolving cross-functional issues and seizing opportunities to accelerate system Y2K fixes. Key representatives from all major DoD Components serve on the Steering Committee.
Each DoD Component Head is responsible for assuring all software and systems correctly process dates. The Military Department's and Defense Agencies' CIOs are assigned the responsibility for monitoring the progress and ensuring their mission critical systems are Y2K compliant before January 1, 2000, and for reporting status of their systems each quarter to the DoD CIO. Overall tracking is done through a central database.
The DoD CIO co-chairs Y2K Interface Assessment Workshops to ensure information systems and processes that exchange data among DoD functions or with non-DoD government entities will be Y2K compliant prior to January 1, 2000. Assessment workshops are conducted for each DoD functional area to identify common systems, action plans, and review implementation progress in each respective area. In addition to the DoD Components, the assessment workshops include representatives of other Federal Agencies and DoD Allies and Partners.
Report and Evaluation
DoD's strategy relies upon all DoD Components to provide information on Y2K progress and lessons learned. The positions, offices, and workshops established at the leadership level by DoD will help reinforce and improve the reporting of information to Congress, OMB, and other areas of the federal government.
For example, DoD is establishing a Y2K database on mission-critical systems to expedite Y2K reporting. Each Component will also establish a Y2K database to provide detailed information on Y2K progress. Finally, special data calls obtain additional information from each Component when required to meet the needs of DoD's senior leadership, OMB and Congress.
Programmatic Oversight and Coordination
Through oversight and coordination, the Department will address enterprise analysis, identification of opportunities for improvement, lessons learned, candidate metrics and performance measures, organizational interfaces and resource tracking for Y2K efforts. One of the primary areas of progress in programmatic coordination has been in the acceleration of DoD's interface assessment workshops, so that every functional area will have three assessments by the end of FY 1998.
Test and Contingency Planning
My primary focus will be the progress of Test and Contingency Planning in FY 1999 and beyond. This effort will develop schema for Y2K tests, introduce best commercial practices, define testing strategies, and perform continuity planning for weapons systems and for the "business functions" of the military (supply, transportation, finance).
The DoD CIO, in addition, places special emphasis on contingency planning and testing, the primary areas of emphasis of Y2K efforts in calendar year 1999. As systems approach the anticipated date for all fixes (December 1998), contingency plans for both mission critical and non-mission critical systems will mature as well. Mission critical systems receive the highest priority in contingency planning.
DoD's contingency planning will come to the fore as the results of testing beyond the system level takes place. DoD's operational tempo and complexity of interactions among systems require that testing take place across DoD functions and throughout an entire theater. DoD is establishing plans for including Y2K testing as part of special functional area tests and CINC training exercises in CY 1999. These should result in refining of contingency planning on departmental, functional, and theater levels.
An area of concern to DoD is the availability of the hardware needed to make fixes for Y2K compliance. DoD has identified its need for these devices, such as communications routers, servers, and hubs, and has acquisition actions underway for them. However, there is no assurance that industry can meet the demand for these items which are crucial to maintaining an effective communications network for command and control, emergency response, and day-to-day DoD operations.
Testing From Three Perspectives
DoD is using three approaches to test its computer systems. Systems-centric testing addresses individual systems. Functional-centric tests assure Y2K compliant systems interface and function effectively by supporting DoD functional activities (accounting and finance, etc.). Mission-centric tests assure end-to-end performance of systems and interfaces to maintain the mission effectiveness of U.S. forces.
System level testing is conducted by each Service, Agency, and Field Activity, under the oversight of a designated Y2K focal point or program office and is intended to ensure that individual systems are Y2K compliant and can perform as originally designed.
Functional testing will be based on test strategies and data collection resulting from the Y2K Interface Assessment Workshops. This includes an appropriate combination of interoperability and laboratory testing across Components, Departments, NATO and Allies. Exemplary among collaborative efforts is the systematic and comprehensive process that the nuclear community is implementing to assess mission readiness for the Nuclear C3I System of Systems. The process builds on end-to-end "single string" testing that initially demonstrates interoperability from sensor to shooter (i.e., sensors, receivers, C2, forces, platforms, and weapons). Virtual and physical test methods will be needed to complete end-to-end testing as dictated by factors such as time, risk, cost, and resource availability. The single string approach facilitates fault isolation while maintaining readiness of proven primary missions.
End-to-end, mission-level testing will be used to demonstrate DoD's operational readiness in a Y2K scenario. Mission level operational assessments can be achieved by augmenting existing Joint and CINC exercises to include Y2K functional and operational objectives. This testing requires that the joint community define specific Y2K objectives that address primary end-to-end operational capabilities, continuity of operations planning and risk areas. Adhering to DoD Y2K checklists and recommended test strategies will provide evidence of progress and leadership commitment throughout the process.
Testing of the Global Positioning System
As an illustration, the Air Force Global Positioning System (GPS) has three main segments/components which will be affected by the Y2K date change: the Space Segment (satellite and support systems), the Control Segment (ground control systems), and receivers.
The Air Force has analyzed satellite and satellite support systems, evaluated ground control systems, tested DoD GPS receivers, identified cost and schedules for corrective actions. The GPS Space Segment is ready for the year 2000. All GPS satellites are Y2K-compliant. However, some satellite support systems are not Y2K-compliant, but are scheduled for repair or replacement by December 1998.
GPS's Control Segment consists mostly of legacy systems, which are not Y2K compliant. However, a system-wide assessment of the problem has been completed and all corrective actions will be implemented by December 31, 1998.
All GPS Joint Program Office (JPO)-procured receivers are Y2K and EOW compliant. For non-JPO-procured receivers, test plans and procedures have been established so manufacturers and users can determine how their receivers behave on January 1, 2000.
Continuity of Operations
DoD Components are applying extraordinary efforts to meet the technical challenges associated with Y2K compliance. Despite these efforts, however, there is no guarantee all DoD systems will be free of risk by the immovable deadline of January 1, 2000. Systems whose risks have been mitigated through renovation and testing could fail, and the failure of one system could disrupt many others.
There are two areas of risk that must be considered in planning for Year 2000 disruptions: (1) known or suspected sources of disruption, and (2) unanticipated disruptions. DoD systems with Y2K vulnerabilities were identified in the Assessment Phase of the of the five-phase Y2K management process DoD adopted for mitigating risks of system failures. The Department has assessed virtually all of our systems and identified Y2K issues for corrective action. Renovation of systems is in process, and schedules have been developed for testing each system. Resources are identified and available for accomplishing these actions.
To further diminish possible adverse impacts on the readiness of the Department of Defense to conduct its mission on January 1, 2000, contingency planning is critical. These plans address failure of the system, disruptions at interfaces, receipt of corrupt data, and failure of utilities and infrastructure. Specific workarounds and actions to accomplish the system functions will be addressed, including providing manual processes to replace systems that rely on information technology.
Existing contingency plans, business continuity plans, or disaster recovery plans at the system, Component, and Department levels provide courses of actions in response to fire, flood, terrorist attack, and other general risk scenarios. The intent of Y2K contingency planning is to ensure continuity of operations through a period of technical difficulty. The Department's Year 2000 Oversight and Contingency Planning Office is participating in working groups at all levels to interject Year 2000 threats such as infrastructure failures into existing contingency plans. Developing alternative courses of action now that can be implemented should failures occur assures the Department maximum readiness under adverse circumstances.
Contingency plans for each DoD Component will include a prioritized list of systems and major actions taken to minimize Y2K disruptions to the core missions of the Component. At the Department level, continuity of operations plans will be reviewed and Y2K scenarios will be incorporated.
The DoD Inspector General (DoDIG), in conjunction with the audit entities for each of the Military Departments and Defense Agencies, assists in the independent Y2K validation process. The DoDIG's efforts are crucial to verification of Y2K actions. The short time frame for Y2K fixes requires further innovation in oversight processes that have already been streamlined by acquisition reform.
Other Evidence of Progress
DoD is placing increased emphasis on Y2K compliance, all the way to the level of the Secretary of Defense. DoD views Y2K compliance as an operations and readiness issue. The Department is addressing the findings and recommendations of the various assessments made on its Y2K program by the GAO and the DoDIG. DoD has established a well-supported Executive office and reinforced the criticality of the Y2K Program as a top priority focus. DoD's Y2K oversight activities will:
Apply an enterprise view that links Y2K vision and strategy to requirements, execution, and contingency planning,
Identify opportunities to enhance Component remediation, testing, and validation activities, and
Compile and disseminate lessons learned, promote collaboration among Components, and promote best use of resources.
Y2K Allied Interfaces
The U.S. has been aggressively pursuing solutions to the Y2K problem in "Mission Critical" systems. Mission Critical systems are systems whose loss will result in loss of a core capability. An important piece of the Y2K problem is assessing the interfaces between systems. DoD recognizes the importance of these interfaces, not only within the DOD, but system interfaces with other branches of the Federal Government, with State government and private industry, and with allied partners.
The first Allied Interface Workshop was held on February 18, 1998, with the member nations of the Combined Communications Electronics Board (Australia, Canada, New Zealand, United Kingdom and the U.S.)
The UK presented their strategy within the Ministry of Defense (MOD). Many similarities between the UK and U.S. were noted in the MOD's aggressive plan.
The UK provided a listing of those systems believed to have interfaces with U.S. systems. The U.S. is working on a similar list.
Among the topics discussed at the most recent (May 1998) NATO C3 Board was Y2K. Awareness among the community is heightened and fixes to the problem underway.
Representatives at the first Allied Interface workshop agreed to form an executive level steering committee with a senior representative from each nation. There will also be a working level group formed to ensure that progress is being made in this area. Additional interface workshops are being planned. The regional CINCs will sponsor these workshops with close cooperation from the US Embassy Security Assistance Officers. The success of a program as critical and as pervasive as solving the Y2K problem requires the support of the Executive Branch of the government. DoD is working closely with other agencies in the Federal government and seeks to establish similar ties to Allied defense ministries for critical defense systems which are jointly operated.
While our allies are aware of the Y2K problem, there is concern that the level of attention is not as great as it is in the U.S. For example, some of the energy devoted to solving the Y2K problem in Europe has been diverted to addressing the changes introduced by the transition to Euro monetary system.
Bottom Line on Y2K
DoD has recognized and attacked the Year 2000 problem as a threat to the core of our military superiority. The superior ability of the United States warfighters to obtain, process, analyze, and convey information is our most powerful weapon on the battlefield. It is a cornerstone of our military strategy captured in Joint Vision 2010. Our superiority in information technology enables the United States to carry out a two MRC scenario with significantly reduced endstrength.
To date the Department estimates it has expended over $1.9B - out-of-hide -- to fix Y2K problems in its information systems. As a result, $1.9B worth of improvements to existing systems -- as well as the addition of critical new capabilities and development of new systems -- have been deferred. The Department will continue to defer modernization and development efforts as necessary to fix the Y2K problem.
The leaders in the Department respect the complexity and pervasiveness of the issue, and recognize that the Y2K challenge requires:.
Our best leadership to motivate, educate, facilitate and interface with the myriad of other Federal, State, civilian industry, Allied and international organizations upon which we mutually depend.
Support, recognition, and incentives both for successful program managers and for the information technology workers who are doing the hard work. The software engineers, in and out of uniform, who must slog through millions of lines of code to repair our systems, are an important defense resource, and there is no time to replace or train more.
Meticulous prioritization and focus on the most important systems. We must work together to ensure that our most important and complex systems are repaired first, and provide contingencies for minor systems. Contingencies don't necessarily need to be elegant; they just need to work. Similarly, several contingencies are less elegant but very workable options.
Ruthless stewardship of our most constrained resource -time. Time is critical. We can't slow it down. We cannot change the deadline. The Department of Defense is like a large ship entering a harbor. Our job is to turn the ship and bring it safely to the dock, not to rearrange the deck chairs.
DoD has made great progress in addressing the Year 2000 challenge, and will continue to make this one of its highest priorities as we ensure national security before, on, and after the Year 2000. I encourage you to resist the temptation to draft legislation on the Y2K issue, it is not a problem that can be legislated away or solved by levying new requirements on DoD or its program managers. Instead, I respectfully request that the Department be given the flexibility to manage this problem in the manner described above.
INFORMATION ASSURANCE -- A THREAT TO OPERATIONAL READINESS
Essential Information Assurance Services
Establishing trust in a highly distributed, network-centric computing environment is a fundamental issue today for the Department and its Defense Information Infrastructure (DII). Trust is the major issue for any organization conducting more of its operations in such an environment. At the heart of the issue are five essential information assurance (IA) services that are critical for ensuring trust in our systems: availability, integrity, authentication, confidentiality, and non-repudiation.
These IA services assure the readiness, reliability, and continuity of the DII and the information systems that are a part of it. They also protect functions against exploitation, degradation, and denial of service while providing the means for the rapid reconstitution and re-establishment of mission-essential elements of the DII. The importance of IA is increasing as technology moves toward integrated networks that support both classified and unclassified information, and as DoD increases its reliance on commercial off-the-shelf products and connections to public networks.
Defense-wide Information Assurance Program (DIAP)
Critical to achieving the objectives of these IA services is the implementation of a Department-wide program management framework. This January the Department established a Defense-wide Information Assurance Program (DIAP), which will provide the common management framework and central oversight necessary to ensure the protection and reliability of the DII. Part of the DIAP strategy is to change the culture that views IA as a primarily technical issue to one that understands IA is an operational readiness issue. We need to shift the current view that information assurance / systems security concerns form secondary considerations to core readiness issues. Everyone -- from the highest senior levels of management to the soldiers and office workers -- must understand each is a stakeholder in the vitality and security of our information systems, how their individual actions can affect mission success or failure, and what they can do to assure network security.
A Shared Risk Environment
Availability and integrity -- and in some cases the confidentiality -- of information become critical to the operational readiness of our forces. If this capability can be denied or exploited, the advantage smart weapons provide can be adversely affected. Today, operational readiness relies increasingly on information systems and technology. Therefore, we must be much more concerned with assuring the integrity of our systems and networks, especially as we interconnect more of our systems.
In the past, the Department relied upon "stovepiped" systems, local area networks, and limited numbers of users -- therefore, limited access -- to protect information. Today, the Department is developing information infrastructures that support DoD systems and networks, including connections to networks such as the Internet. As the Department's Services and Agencies interconnect more of their networks, we are creating a shared risk environment. In a shared risk environment, the security posture of the interconnected systems is only as great as the system with the weakest assurance posture -- in effect, the weakest link in the chain. Given these risks and the fact that weakness in any portion of the DII is a threat to the operational readiness of all Components, the Department is moving aggressively to ensure the continuous availability, integrity, authentication, confidentiality, and non-repudiation of its information and the protection of its information infrastructure. Growing numbers of authorized users in a shared risk environment exacerbate a problem shared by government and industry: a malicious insider who really is authorized access to networks.
No single solution can solve these issues. Rather, a variety of layered defensive mechanisms and practices needs to be put in place to provide that kind of information assurance on an end-to-end basis. Within the Department, we have been developing what we call a "defense-in-depth" strategy. This strategy includes the development and implementation of new tools, technologies, and initiatives across the Department. I would like to share with you some of our efforts.
Public Key Infrastructure (PKI)
The Department established policies for creating a public key infrastructure (PKI) which will support identification and authentication functions through the use of digital signatures. The Defense Information Systems Administration (DISA) and the National Security Agency (NSA) are developing and implementing a PKI for the Department that provides both high assurance services for national security information protection, as well as medium assurance services for business and military operations. A pilot effort for the medium assurance element is currently underway and is based on commercial technology and software cryptography to support business re-engineering activities.
One activity using the PKI is the Defense Travel System, which is adopting the use of digital electronic signatures for travel. Digital signatures will allow travelers to receive electronic authorization prior to a trip and permit them to sign their vouchers after the trip. These electronic "John Hancocks" create a secure and legal association between the travel and voucher information. The Defense Travel System is a practical approach for digital signature certificates, including commercial infrastructures and services, which could eventually be used in Department-wide electronic commerce efforts.
We will also deploy those same pilot services within a command and control environment, the Global Command and Control System in particular, to begin providing community-of-interest separation capabilities, as well as data integrity capabilities beyond what is currently available on those type of networks. Department-wide implementation of a PKI capability will facilitate secure electronic commerce and allow controlled access to DoD information and resources. We are also looking at the medium assurance solutions emerging in the commercial marketplace. Many of these commercial solutions are based upon PKI and public key technology and may be viable solutions for the Department.
Secret and Below Interoperability (SABI)
Last year the Department started a Secret and Below Interoperability initiative that allows for the flow of information between secret and sensitive-but-unclassified networks while maintaining the integrity of both networks and minimizing the risk of classified information disclosure.
Intrusion Detection and Monitoring
I would like to highlight DoD initiatives that support intrusion detection and reaction. NSA and DISA are beginning to provide customers with tools to assess the robustness and readiness posture of systems and networks. Through the "hardening" of system components, DISA has taken steps to ensure network availability and to defeat denial-of-service attacks. DISA is procuring and installing network intrusion detection hardware and software, firewalls, and encryption hardware and software that provide improved network security.
Reaction and Recovery
The Department has in place efforts to respond to detected intrusions and attacks. DISA's Global Operations Security Center is providing around-the-clock protection, detection, and reaction capabilities in securing the DII against both network intrusion and virus, or malicious code, attacks. The Components' Computer Emergency Response Teams (CERTs), NSA's Information Protect Cell at the National Security Operations Center, and DISA's Automated Systems Security Incident Support Team (ASSIST) also provide critical reaction and recovery capabilities for attacks against the DII. The Department recently programmed additional resources for the Services to operate their CERTs around-the-clock.
NSA is also establishing a Network Incident Analysis Cell (NIAC) to perform post network intrusion, forensic-style analyses. It will carry out comprehensive and systematic analyses of security incident data received from incident response centers. The objective is to establish a capability to provide incident trends, including forensic services, such as identifying electronic fingerprints, signatures, attack profiles, and attack scenarios. These analyses and incident trends will lead to the development of applied countermeasures, improved front-end filtering for intrusion detection, and support for indications and warnings of impending attack. In particular, these in-depth analyses will support efforts to design and develop pre-emptive defensive tools.
Readiness Assessments and Red Teaming
DoD is also increasing the use of readiness assessments and red teaming efforts to measure the operational readiness of our information systems, networks, and infrastructures. Readiness assessment activities include on-line surveys, assessments, and security evaluations. For example, the results from DISA's Vulnerability Analysis and Assistance Program (VAAP) provide customers with an assessment of their operational security posture and assist them in closing security holes before an incident occurs. The Department is also developing a standardized "red team" methodology and management process for use Department-wide. This methodology will address DII systems and networks as well as private sector products and services used by the Department. This approach to red teaming will be used during joint operations as a way to evaluate operational readiness postures of DoD Services and Agencies.
FREQUENCY SPECTRUM - A DIFFERENT THREAT
Mr. Chairman, I would like to turn for the balance of this statement to the issue of allocation of the electromagnetic spectrum, its importance to military operations and national security, and the potential negative impact reallocation of this vital resource could have on the Department of Defense. I will also discuss how the DoD's experience and expertise in using the electromagnetic spectrum can point the way towards utilization and management approaches that would ensure adequate spectrum access for both the private and public sectors.
Military Use of Spectrum
The Department of Defense has efforts underway across the globe, including but extending well beyond the continental United States. These diverse and far-flung activities share at least two common features: first, they are being accomplished in defense of our nation and its citizens; second, they cannot be accomplished without use of the electromagnetic spectrum.
The military faces unique challenges in its spectrum operations. Military communications-electronics systems perform a wide variety of functions, many of which must be performed simultaneously on comparatively small platforms, or by units in close proximity to one another. Military aircraft must not only perform voice communications, radio-navigation, and radar surveillance operations, they must also be capable of sustaining multiple radar tracks of hostile forces, launching and controlling weapons, providing data communications to other units, jamming hostile sensors and performing counter-countermeasures when necessary. Successfully performing all of these functions on a small platform, in the face of active attempts by hostile forces to jam and disrupt their operations, requires various control measures that include the need for sufficient parts of the electromagnetic spectrum. Eroding spectrum access and thus, limiting the tuning capability of military systems, increases system vulnerability to hostile attack and self-induced interference.
Transforming Our Military
Technologically superior equipment has been critical to our past combat successes. It will also be critical to the future success of our military. Advances in technologies, such as anti-stealth and portable mine detection radar, integrated aircraft avionics, and secure, high capacity communications, will require greater spectrum access rather than less.
Our future force will be an integrated "system of systems" that aims to give our forces total battlespace awareness, as well as the capability to maneuver and engage the enemy at the times and places of our choosing throughout the entire battlespace. With a full picture of the battlespace, advanced weapons and agile organizations, US forces will be able to attack enemy weak points throughout the depth and breadth of the battlefield -- summed up by the phrase dominant maneuver. They will also have precision engagement -- the ability to precisely deliver the desired effects at the right time and place on any target. They will be supported by focused logistics -- the ability to deliver the right supplies at the right time and place on the battlefield. And they will have full dimension protection -- multiple layers of protection against a full range of threats, from ballistic missiles to germ warfare, giving them greater freedom of action in all phases of combat.
What these four capabilities mean is that our forces will deploy lighter. They will need fewer weapons platforms and fewer munitions. They will be able to direct both lethal and nonlethal fire to the right targets. There will be less collateral damage, less friendly fire and fewer US and allied casualties. US forces will be able to descend on the scene early in a conflict, take the initiative away from a numerically superior foe - by disrupting the flow of information required for decisions -- and end the battle quickly on our terms.
The Loss of Electromagnetic Spectrum
At the heart of this vision is the ability to collect, process, and disseminate a steady flow of information to US forces throughout the battlespace, while denying the enemy ability to gain and use battle-relevant information. Information superiority will require improved command, control communications, intelligence, surveillance and reconnaissance. However, our military, like much of our modern society, simply cannot function without adequate access to the electromagnetic spectrum. The expanded capabilities we foresee for our armed forces in the next century require assured access to the electromagnetic spectrum.
What does loss of spectrum access mean to our nation's military capability? Essentially, the impact of diminished spectrum access is a reduction in the effectiveness and overall capability of the Department of Defense. Losing spectrum access is like losing any other resource, it costs us both in current capability and future opportunity both directly and, through the reallocation of dollars to mitigate the damage, indirectly as well. Less spectrum access yields an increased expenditure of time, funds, and other resources to develop, test, and field alternative capabilities or work-arounds that in many cases will be less effective than the capabilities they replace. Less spectrum access yields a degradation of military readiness while alternative capabilities are developed and compensatory training requirements are generated.
Each "work around" is one more thing our young people must learn and remember, perhaps while under fire. Each time we are forced to "adjust" training in the United States away from operational norms to accommodate domestic spectrum constraints, our training realism and hence training effectiveness suffers. Thus loss of spectrum access potentially forces us to expend other resources to compensate, expenditures that do not advance our capabilities.
We in the Department of Defense and our colleagues in the intelligence community fully understand the ever-increasing utility and value of the electromagnetic spectrum, and the need to make the most efficient use of that spectrum. The DoD's needs are increasing too. Our tasks for the nation have become more challenging since the end of the Cold War for we are being called upon to do more things, more often, and in more places than ever before.
Allocation & Reallocation of Spectrum
Many of the technology advantages our military employs rely heavily on access to specific portions of the electromagnetic spectrum. One of the most heavily used portions is below 3 GHz, where over ninety percent of DoD's permanent frequency assignments are registered. While access to this spectrum is becoming increasingly constrained, requirements continue to increase. Of the 235 MHz reallocated under the Omnibus Budget Reconciliation Act of 1993 (OBRA-93), 135 MHz was below 3 GHz and all of it was used by the DoD.
Title III of the Balanced Budget Act of 1997 (BBA-97) directs the identification for reallocation of another 20 MHz of Federal spectrum below 3 GHz. In response to this legislation, the National Telecommunications and Information Administration (NTIA) identified several bands for reallocation. The DoD, as primary user of these bands, will experience major cost impacts and impairments to critical missions as a result of this reallocation.
Impacts of Reallocation
It is important to note that analysis of the cost and operational impact for this recent reallocation has been on the fast track since the law's inception. BBA-97 was signed into law on August 5, 1997 and it required identification of frequencies that could be reallocated in a report to the Congress within six months. In contrast, the report to Congress on OBRA-93 was submitted after 18 months of analysis and negotiation. The DoD data presented in the NTIA Spectrum Allocation Report of February 1998 was, preliminary at best. With the help of NTIA and OMB we continued to refine our cost estimates and documented them in a report to OMB. I will provide a copy of the report to you for your information.
Providing accurate impact information is extremely difficult, especially in a short period of time. The analysis must consider the current missions and functions performed in each band, the primary systems in each band, their estimated operational lifetimes, the cost of reengineering or replacing the systems, other systems that may be affected, estimated indirect costs for items such as training, and the nature and severity of anticipated operational impacts. Even then unknown factors such as what commercial systems will operate in the vacated band in the future can change the estimate.
The DoD's greatest concerns are the operational impacts that would result from reallocating portions of the spectrum. Therefore, there are factors in addition to cost that must be considered.
We use certain frequency bands because they are the frequencies that work best for the purpose at hand -- in some cases, they may be the only workable frequencies. The physics of radio wave propagation is not something we can change.
Since DoD operations are conducted worldwide, some DoD use of the spectrum is bound by international agreements.
Relocation of systems is not trivial because each piece of equipment interacts with many others. Relocation and adjustment can have a domino effect. Changes in any single part of the system can force changes in other parts of the integrated military system.
Changing the operating frequency of a piece of equipment is a re-engineering effort; replacing perfectly effective equipment just to effect a frequency change can be costly. This is particularly difficult in an era of declining budgets.
Lastly, the parts of the spectrum we move to often is less optimal for the functions concerned than the spectrum we leave if it works for us at all. Hence, not only do we spend more, we get less.
The severity of these impacts is discussed in the report to OMB in the context of a National defense posture that will remain unchanged for the foreseeable future. This posture requires that our forces receive adequate training and be prepared for short notice deployment to regional hotspots throughout the world. Likewise, there is a continuing requirement for noncombat operations worldwide as the military continues to participate in a broad range of deterrent, conflict prevention, and peacekeeping activities. No medium other than the electromagnetic spectrum can support the DoD's attendant mobility and flexibility requirements. Critical missions and operations that would be affected by the reallocation of the 20 MHz under the Balanced Budget Act of 1997 include NORAD's Warning and Aerospace Control mission to provide surveillance and control of North American airspace, air launched missile control and precision strike test and training operations, and aeronautical telemetry operations supporting flight testing of aircraft, spacecraft, and missiles at major military test ranges and facilities.
Estimates to date of the cost impact of the reallocation of this 20 MHz are anticipated to be in the range of $436M at the low end to $2.5B at the high end. In the report to OMB we have also identified the uncertainties and expected conditions that will strongly influence the ultimate cost. Also, these estimates do not include the cost impacts of all classified systems. This is still being assessed. An estimated low cost / high cost approach was employed to accommodate the complexities and technical, policy, and doctrinal uncertainties associated with constraining the operation of systems supporting functions such as continental air defense, tactical radio relay, missile telecommand and guidance, and aeronautical flight-testing.
The Way Ahead
We do not want to preclude new technology but ways must be found to accommodate new commercial uses without jeopardizing military operations and national security. We, in the Department, are striving to more efficiently and effectively manage this resource. I have added additional resources to my staff and have created an office in the Defense Information Systems Agency to do just that.
The need to review spectrum usage, to clearly articulate requirements and identify opportunities for sharing, does not fall upon the DoD and other Federal users alone, but also upon commercial users of the spectrum in the United States. Spectrum sharing is a way to satisfy the growing demands, both private and government, for this finite and critically important resource. We know this can be done because the Department of Defense does it daily. Our definition of sharing is using technology and coordination to enable disparate users to exploit the same parts of the spectrum, i.e., multiple users of the same frequencies whose individual uses are technically compatible, and multiple re-use of the same frequencies through physical separation of users.
We develop and implement technical spectrum sharing criteria among the Army, Navy, Air Force and Marine Corps. For some time there has not been enough spectrum to give each individual system or individual user the luxury of their "own" unshared frequency bands. We carefully examine the functions to be performed. We separate the high-powered or highly-critical spectrum uses from other uses to prevent interference. We "co-locate" compatible uses. We engineer our systems to operate compatibly with other uses in the same or nearby bands. We also employ "dynamic management" to maximize frequency reuse to meet our extensive requirements.
Our ability to meet emerging military and intelligence data transfer requirements, which are expected to exceed multi-gigabits of information, demands effective spectrum utilization on our part. Outside of the DoD in contrast, "sharing" often means highly inefficient band segmentation in which individual users are provided their own piece of the spectrum, often with additional valuable spectrum squandered as unused "guard bands."
I am concerned that the Department of Defense is viewed as the principal source of available spectrum, despite our growing needs, for meeting the growing needs of the private sector. Instead of a national review of all spectrum use, to assure a balanced and efficient approach to spectrum sharing and assignments, there has been a persistent, one-sided erosion of government spectrum and the apparent adoption of an implicit policy that concentrates on government spectrum as the default source to satisfy new private sector needs. To ensure that our military capability is not eroded, before any further government spectrum is reallocated, target bands must be carefully reviewed. Careful consideration of the impacts on cost, military and intelligence operations, and ultimately national security must be a priority. Therefore, we have requested an 18 months delay in any further reallocation of government spectrum so that we can fully assess the cost and operational impacts on spectrum currently used.
The DoD is also expending resources to identify its spectrum needs for the future. This is a formidable task, however, since it includes not only a determination of future operational scenarios and the information capacity they will require, but also an informed estimate of the types and extent of future technology development. Completing such a complex task will require time, as will migrating to any future system technologies. The Defense Department requires adequate spectrum access to support National Defense missions in the interim. Numerous factors, including the physics of propagation, the density of current spectrum users, and concern regarding possible future reallocations, make it extremely difficult for the DoD to gain access to alternative spectrum. Measures that would help mitigate the impacts of spectrum reallocations and ensure adequate spectrum availability include institution of a moratorium on the reallocation of government spectrum until our assessment is complete, mandated identification of and guaranteed access to alternative spectrum for displaced users, reimbursement of the costs incurred to migrate from one spectrum band to another, and the implementation and enforcement of equipment (transmitter and receiver) standards for all spectrum users.
I thank the committee for their efforts to require reimbursement for cost impacts due to spectrum reallocation. I solicit your support in the other measures to further minimize the cost and operational impact to the Department. Additionally, a national spectrum strategy should be developed to ensure balanced consideration between economic and national security requirements.
Once again, thank you for your support.