I don’t know if it would Hurt my Career but a Little Caution never Hurt Anyone When Talking About Coast Guard
Submitted on 2009/11/13 at 9:28pmMichael,
Here’s the problem, you are taking real mistakes from the 123’s and extrapolating them to the NSC’s. I was outside of the program during the entire 123 project and only walked into the aftermath. The first I ever heard of the issue was actually from you on You Tube. In my opinion there are two reasons why the 123 debacle happened:
1) NO CG cutter had ever gone through instrumented TEMPEST testing. In fact, to date the only cutters in service that have gone through anything other than visual testing are the NSC’s. This can be best illustrated by the fact the the SPEC for the NSC had no mention of TEMPEST requirements (written by ICGS).
2) During the beginning of the NSC program and throughout the entire 123 conversion, the CG really had no say in the program and there was a really big fear with interfering with NG/LM. Hell look at where the CG is now, Reject the cutters, fire the contractor, and sue them and they have the gaul to sue the CG.The TEMPEST issues really came to light a bit too late for BERTHOLF. For the first year more than 30 server racks were replaced on the ship to actually pass TEMPEST and miles of cable were replaced. Now look at WAESCHE, its a non issue now.
Now WRT the SCIF, I have no desire to go down the road of why it was an ECP instead of part of the original contract but when you include the its entire install time and all associated testing, the RFO period for BERTHOLF (first in class) is shorter than the period for the DDG’s that are more than 60 hulls deep in the class.
I’m never going to change your mind on some of these issues. I would suggest you file a FOIA request for the instrumented TEMPEST report and do the same following the instrumented tests for the SCIF. Unfortunately you are never going to be able to see anything on how well the SCIF works due to its high level classification. Please keep in mind though that SPAWAR is the contractor for the install and not LM.
I’d recommend you provide some background on this trial because while it sounds interesting, I don’t think most readers have much background.
To respond to the question on why I comment anonymously all I can say is there is no benefit for me to give my name. I don’t know if it would hurt my career but a little caution never hurt anyone. I have no illusions about the faults of senior leadership now and in the past. You also won’t find me saying anything positive on modernization. I’m at a supported unit and all I can say is that the support suck before and it sucks no more or less now. I’m also not very surprised because senior leadership loves to tell the field that they will provide you some % of the solution and leave the rest for us to figure out. So I don’t buy the company line, I simply report what I’m seeing and living on a daily basis.
Thank you for the response
1) Never had an instrumented test before? That should mean the secret communications systems they had been using for decades was not and is not deemed safe to use and is at risk of compromise to this day? Did they have CTTA sign off on that? Can you provide information proving that to Sam Boyd the attorney running the FCA case? Shouldn’t all of the Coast Guard ships using crypto and communicating on secret systems now be shut down?
You are incorrect about TEMPEST not being in the NSC spec. It was clearly in the 123 spec and I have emails from the C4ISR office in the CG stating it was clearly a requirement. The 123 has a subset of systems the NSC has – especially comms. Also TEMPEST requirements come with the plethora of classified data and voice systems requirements that are clearly in the spec. If you have these systems you have derive the TEMPEST requirements. And the 123 spec is a flow down from the master surface asset ship and C4ISR specs. As such something that is in the 123 spec should be in the NSC spec – because each of those ships C4ISR specs come from the master surface asset spec.
Examples – From C00 Asset Performance Spec (All Surface Assets)
SRSX-31] The IDS Assets shall be developed in accordance with MIL-STD-232A RED/BLACK Engineering Installation Guidelines for TEMPEST protection. Also, use NACSEM 5201, (C) TEMPEST Guidelines for Equipment/Systems Design Standard (U,) for guidance.
[SRSX-33] The IDS Assets shall be compliant with National Security Telecommunications and Information Systems Security TEMPEST/2-95, RED/BLACK Installation Guidance.
[Comm-305] The encryption type shall be KY-100 or ANDVT, or equivalent, for HF and HF-ALE voice transmissions.
[C2-622] The C2 system shall provide a message processing capability up to a classification level of SECRET.
I and James Atkinson asked for the FOIA docs a long time ago and even offered to pay. Our requests have been repeatedly rejected. They will not send the TEMPEST report data or even the NSC contracts and billing records. (Though they did send the 123 sets of all of that). If there is no issue why not send us that stuff? Why send the 123 set and not the NSC? I will tell you why. When they did that Atkinson crossed all the data and discovered the illegal Porter waivers and that he wasn’t a cleared CTTA. Where’s the transparency and confidence they are doing it right? (We will handle getting this data in discovery now.)
It’s not that my mind can’t be changed. I just need to see proof. The pattern of behavior to this day demonstrates that request is prudent. Refer to the FOIA response above and the fact that the SCIF is not done as examples of why that is.(Your response that there are no TEMPEST requirements for the NSC is problematic. It doesn’t help me believe you or take your word)
As for more info on the trial. What do you want to know? All of the trial docs are public record. Find someone who can access PACER.