Archive for the 'Navy' Category
Please join us for a May Day show on – no shock here – 1 May 2016 at 5pm EDT for Midrats Episode 330: “Terrorists on the Ocean” with CAPT Bob Hein, USN:
When does the Long War go feet wet?
Given the track record of the preceding couple of decades, it was expected shortly after the start of this phase of the war after 911, that terrorists would take the war to sea. There was an incident now and then, but the threat never really played out to the extent we thought early on.
Recent events point to the possibility that this may be changing, in perhaps ways not originally thought.
What is the threat? Where is it coming from, and how do you deter and defeat it?
Our guest for the full hour to discuss will be CAPT Bob Hein, USN. We will use his latest article with CIMSEC, Terrorists on the Ocean: Sea Monsters in the 21st Century, as a starting out point for discussion.
Captain Hein is a career surface warfare officer. Over the last 28 years, he has served on seven ships around the globe and has had the privilege of commanding two of them: the USS Gettysburg (CG 64), and the USS Nitze (DDG 94),
He completed two tours as a requirements officer on the Navy staff for combatant modernization and for future logistics capabilities. He also served as the current operations officer for U.S. Fleet Forces Command. Additional tours include as an action officer on the Joint Staff, Joint Operations Directorate, and as Chief of Staff to the NATO Mediterranean Fleet.
He is currently the Branch Head for Strategy on the OPNAV Staff (N513) Captain Hein graduated from the U.S. Naval Academy with a bachelor’s in physical science. He also holds a master’s in national security affairs and strategic studies from the Naval War College, is a graduate of the Joint Forces Staff College, and a former Navy Fellow at the Brookings Institution. He is also the proud father of two Surface Warfare Officers; it’s a family business..
In a recent essay, “An Acquisition System to Enable American Seapower,” Navy Captain Mark Vandroff and retired Navy Commander Bryan McGrath argue that “radical changes to the acquisition system are required” in order to save American seapower. Their example of a program that would have benefited from such changes—the USS Gerald R. Ford (CVN-78)—does not, unfortunately, prove their point. Even if their changes had been in place in 2002, the decisions that led to the cost and schedule problems that have bedeviled CVN-78 could still have occurred.
Background: The Subsystems of Defense Acquisition
Before describing their proposed reforms, Vandroff and McGrath briefly outline the existing acquisition system. It has, they point out, three loosely coupled subsystems. The first is the Joint Capabilities Integration Development System (JCIDS), managed by the Joint Staff. This process exists to provide hardware and software designers and builders with the requirements that will, when they are satisfied, give the fighting forces the systems they need. The second is the acquisition process defined and supervised by the office of the Under Secretary of Defense for Acquisition, Technology, and Logistics. This detailed process is designed to reduce the technical risk that exists as part of any complex acquisition process. The third subsystem is the Planning, Programming, Budget, and Execution (PPBE) process. PPBE is how the major components of the Defense Department allocate the fiscal and human resources of the Department based on analyses of military needs and cost/benefit calculations. The purpose of PPBE is to produce programs and budgets that are fiscally efficient and militarily effective.
As Vandroff and McGrath point out, the three subsystems of the overall acquisition system apply processes that “move along largely independently, and exist in differing decision-making contexts.” For example, the JCIDS process is supposed to anticipate those joint capabilities that will be needed in the future. By contrast, the acquisition process as defined in the Department of Defense 5000 series directives and instructions moves along at the pace allowed by technical developments, rigorous subsystem and system testing, and production. The speed of the process will vary from system to system. PPBE progresses as the calendar progresses; it moves at the same speed annually regardless of how any particular acquisition program is progressing.
The Negative Consequences of Having Three Subsystems
As Vandroff and McGrath note, different officials are responsible for the administration of each of the three acquisition subsystems. Captain Vandroff, who serves as the program manager for the Navy’s DDG-51 class ships, is acutely aware of what this means; there are often too many hands on the tiller, and they may push in opposite directions. As he points out in an essay published in the October 2015 issue of the U.S. Naval Institute Proceedings, there is therefore an inevitable “tension (and sometimes friction)” between or among all those officials whose organizations have a stake in the system. Making this tension more likely is the way that formal government regulations separate the technical management of programs from the development and administration of their contracts.
The result is often confusion. As Captain Vandroff notes, a “ship or aircraft can be mindbogglingly complex, and a single technical issue could require consulting half a dozen or more specialists to ensure a resolution does not cause unintended consequences.” Making matters worse is that existing procedures err in vesting too many officials “outside the direct chain of command” with the authority and opportunity to “alter or override” acquisition decisions made by program managers. This undermines the authority of program managers and disrupts their management of development and production.
Overcoming the Negative Consequences: Recommendations
Can this almost inevitable confusion be overcome? Is there a way for managers of a major program to achieve the system’s cost, schedule and performance goals when officials not in the chain of command confuse their legitimate need for information with the power to intervene in acquisition management? Captain Vandroff drew on his own extensive experience to say that “the most important thing [a major program manager] can build throughout his or her career is relationships,” especially any relationship that can “convince a stakeholder with limited accountability for program success to support a program like his or her very job depended on it.” Recommendation Number One is therefore that only officers and civilians with this sort of leadership ability should be given charge of major acquisition programs.
Yet the right form of leadership needs to be complemented by good systems engineering. Consequently, Vandroff and McGrath’s Recommendation Number Two is to keep acquisition program direction in a service chain of command where it is more likely that the responsible managers will have the experience and technical training necessary to guide the program to success. The service secretary will be better able to select the skilled managers, give them the authority they need, and coordinate the various technical reviews called for in the contract.
The authors make a very important point—that though the service secretary should have ultimate control over major acquisition programs, there will be officials outside the services who will need to have information about programs so that they can comment on how those programs are being managed. These officials will demand “oversight.” But Vandroff and McGrath say that legitimate “oversight” has been confused with “control.” As they say, “Oversight is the ability of an official or organization to be fully informed on an activity and have the opportunity to provide meaningful feedback to all the accountable decision-makers. Oversight does not mean an organization gets to make a decision, it means it gets to express an opinion.” The distinction between oversight (offering an opinion) and accountability (making decisions that stick and then being responsible for those decisions) leads Vandroff and McGrath to their proposal to invest the military service secretaries with the responsibility and authority for acquisition.
Restoring Service Acquisition Authority
Acquisition reform for a generation has focused on centralizing the management of major programs in the office of the Under Secretary of Acquisition, Technology and Logistics. Vandroff and McGrath reject this focus: “At the start of development of a new system . . . and at the start of production . . . the service secretary would approve the program requirements and test and evaluation plan generated by the service chief, the acquisition strategy generated by the service acquisition executive, and the budget generated by the service comptroller.” Concurrently, the following Defense Department organizations would have oversight (offering an opinion) of the service secretary’s decisions: the Joint Staff, the Office of Cost Assessment and Program Evaluation in the Office of the Secretary of Defense (OSD), and the Director of Operational Test and Evaluation in OSD. In each case, their evaluations would be sent to the service secretary, the Secretary of Defense, and the national defense committees of Congress. What would this process produce? The answer is a “fully accountable official [a military service secretary] for program performance.”
Vandroff and McGrath also want Congress to “create a new defense appropriation specifically for system development,” through which, once approved, a program could be fully funded for “the next 3-5 years, with the exact duration of appropriation dependent on the system in question . . .” A new Assistant Comptroller General for Defense Acquisition in the Government Accountability Office (GAO) would assist the national defense committees by reviewing the documentation provided by program managers and by the oversight organizations (the Joint Staff, the Office of Cost Assessment and Program Evaluation, and the Director of Operational Test and Evaluation). This new official would be “a former flag or general officer, or member of the Senior Executive Service, who had served as either [sic] a major program manager, direct reporting program manager, or program executive officer,” and the staff supporting this Assistant Comptroller “would be made up of former . . . program managers or deputy program managers for major defense programs.” This office within GAO would support the national defense committees in Congress by conducting “a program review every time a service made a request for procurement funds for a program.”
Support for Reform? The Case of CVN-78
Vandroff and McGrath cite the case of the Ford class aircraft carriers to support their claim that their proposed acquisition reform is needed. They argue that the Ford (CVN-78) acquisition program would not have experienced major cost and schedule problems if former Secretary of Defense Donald Rumsfeld and his staff had left the initial acquisition plan of the CVN-78 program office alone. As current Assistant Secretary of the Navy for Research, Development, and Acquisition (ASN[RD&A]) Sean Stackley testified to the members of the Senate Armed Services Committee in October 2015, the initial June 2000 acquisition strategy for CVN-78 and its successor (CVN-79) was cautious and evolutionary. The new class of carriers would be developed in stages, from CVN-77 through CVN-79. New and revolutionary technologies, such as the dual-band radar and the electromagnetic aircraft launch system (EMALS), would be proven before they were designed into CVN-78. Other new technologies would not be incorporated into the new carrier class until CVN-79.
This deliberate, risk-reduction approach was superseded in 2002 when Secretary Rumsfeld directed the Navy to reassess it. The Navy then chose to advance the timetable for the installation of new technologies, placing what were considered to be systems of high technological risk into CVN-78. That plan was approved in December 2002 in a program decision memorandum (PDM) signed by the Deputy Secretary of Defense. The plan was affirmed in the April 2004 operational requirements document (ORD) for the Ford class carriers, and an acquisition decision memorandum (ADM) that same month approved low-rate initial production of the first three ships of the class. The step up from CVN-77 to CVN-78 was dramatically increased; the risks to the program increased accordingly.
The basic subsystems of CVN-78 had not been well defined when the program passed that major technical and fiscal review in April 2004. Given the perturbations made in the program by officials at a level above that of the Secretary of the Navy, the review process could not be thorough. As ASN(RD&A) Stackley explained to the Senate Armed Services Committee, the CVN-78 program office therefore had to cope with the responsibility of directing a shipbuilding effort where a number of the “developmental systems introduced on CVN 78” were not technically mature. Stackley told the senators that “In 2006, the Navy identified 10 of these new systems . . . as critical technologies which posed the highest ship integration risk.” An extensive series of tests of these systems identified “design deficiencies,” and once the problems had been pinpointed they had to be overcome, and overcoming them resulted “in delays and cost growth to certain systems and equipments.” In plain terms, pulling all the systems together was a knotty and very time-consuming task. The complexity of the task, and the amount of time it took to complete it, ran up the estimated bill and knocked the schedule off its tracks.
The case of CVN-78 illustrates the strength and the weakness of the acquisition reform proposals put forward by Captain Mark Vandroff and Bryan McGrath. If the Secretary of the Navy had been in legal charge of the CVN-78 program, then the Office of the Secretary of Defense might not have altered the Navy’s acquisition strategy. But can we be sure of that? The program was so expensive, so complex, and yet so promising that there were a number of influential “stakeholders,” and it would have been difficult for them to resist encouraging a jump to a new carrier concept in one leap. How could a service secretary constrain enough of them to retain ultimate control of the program?
This is what Senator Jack Reed (D-RI) was getting at in the October 2015 hearing when he said, “changing acquisition rules will not alone prevent the kinds of problems we have seen on this aircraft carrier program.” He’s right. If an acquisition program is expensive enough, or controversial, then it will attract a wide range of “partisan participants,” including members of Congress, industry lobbyists, labor leaders, military officials, and a host of others. That means you can’t isolate the acquisition process from the worst effects of partisan politics or from the urge by senior officials to get some system before political support for it weakens. The high cost of major systems today, coupled with the years and years it often takes to field them, opens up the acquisition process to interference and continuing controversy. The response of Congress and the Office of the Secretary of Defense has been to try to use laws and regulations to squeeze partisan and political activity out of the acquisition process. The persistence of such activity, however, means that it can’t be shut out.
Vandroff and McGrath are correct to argue that there are changes in the acquisition process that can make it faster and more efficient. However, as far as major systems are concerned, the ability of higher authorities (including Congress) to intervene in the mandated process will not go away. That intervention harmed the CVN-78 program. My point is that critics of the acquisition process such as Vandroff and McGrath are mistaken if they want the Secretary of the Navy to have the kind of control over the process that the captain of a ship has when at sea. As even a cursory look at the history of Navy acquisition will show you, no secretary will get it.
 Vandroff and McGrath, “An Acquisition System to Enable American Seapower,” p. 5.
 Vandroff, “Confessions of a Major Program Manager,” p. 51.
 Vandroff and McGrath, “An Acquisition System to Enable American Seapower,” p. 5.
 Ibid., p. 6.
 Ibid., pp. 6-7.
 Ibid., pp. 8-9.
 Ibid., p. 9.
 Ibid., p. 10.
 Sean J. Stackley, ASN(RD&A), “Statement” [.pdf] before the Senate Armed Services Committee on Procurement, Acquisition, Testing and Oversight of the Navy’s Gerald R. Ford Class Aircraft Carrier Program,” Oct. 1, 2015, p. 3. For a more detailed chronology of decisions affecting the CVN-78 program, see “Navy Ford (CVN-78) Class Aircraft Carrier Program: Background and Issues for Congress,” by Ronald O’Rourke, Congressional Research Service, Dec. 17, 2015. Also see the Selected Acquisition Report (SAR) for the CVN 78 Class, Dec. 31, 2011.
 Senator Jack Reed (D-RI), “Opening Statement,” [.pdf] to receive testimony on procurement, acquisition, testing, and oversight of the Navy’s Gerald R. Ford-class aircraft carrier program, Senate Armed Services Committee, Oct. 1, 2015, p. 2.
 Ibid., p. 9.
 Senator Reed, “Opening Statement,” p. 2.
Today’s cyber world is getting more complex. For those charged with ensuring information systems remain secure the question remains – how can we be certain we are taking the right actions when we continually hear of systems penetrated, information stolen, and resources plundered due to nefarious cyber actors? Is our confidence in our cybersecurity efforts based on reality or something else? In Thinking, Fast and Slow, Nobel prize winner Professor Daniel Kahneman explores the manner in which we think. To ensure cybersecurity efforts will be successful, we must first understand how we think, and how the way we think impacts our ability to bring about real cybersecurity improvements.
Thinking, Fast and Slow Concepts
In his book, Professor Kahneman addresses the two ways we think. Thinking Fast, identified as System 1, is how we quickly and easily put limited information together to tell a coherent story. Thinking fast is hardwired into our DNA. It’s what gives us our gut feeling which will keep us safe in some instances. Thinking Fast is what we are doing when we breeze quickly through new articles, like this one, looking for information that is familiar, instead of trying to figure out if the concept really applies to us.
Thinking Slow, identified as System 2, takes serious mental effort. Thinking slow enables us to be factual, challenging accepted beliefs with all available evidence. Thinking slow is what gives us self-control, like not indulging in too much chocolate. Thinking slow takes real effort, which is why it is difficult to do all the time, or when we are fatigued. Thinking slow is what is necessary to grasp new concepts.
The unfortunate reality is we are all “lazy thinkers.” We rely on fast thinking for the large majority of activities in our lives. In many instances that is perfectly acceptable. In familiar situations, where we have a lot of experience, thinking fast usually works fine. However, in unfamiliar areas, thinking slow is what is needed in order to succeed. The complex and challenging world of cybersecurity is just such an area where it is critical to understand how our thinking could mean the difference between success and failure.
Two concepts brought forth in the book are critical in identifying where fast thinking can lead us astray. Those concepts are What You See Is All There Is and Cognitive Ease.
What You See Is All There Is (WYSIATI).
“System 1 (fast thinking) is radically insensitive to both the quality and the quantity of the information that gives rise to impressions and intuitions.” When we are thinking fast we tell ourselves a story that supports a specific belief. In creating this story, we grab whatever information will support a belief and don’t consider anything that may refute it. We are content with What You See Is All There Is (WYSIATI). Our ignorance of other evidence, which may be of greater quality, allows us to remain in bliss. “Contrary to the rules of philosophers of science, who advise testing hypotheses by trying to refute them, people (and scientists, quite often) seek data that are likely to be compatible with the beliefs they currently hold.” WYSIATI is fast thinking, and in the world of cybersecurity, this fast thinking can result in having faith in actions that do little to improve cybersecurity. Unfortunately, WYSIATI has a fast thinking partner in crime that also conspires to keep us ignorant. That partner is Cognitive Ease.
Cognitive Ease is simply how easy it is to retrieve a thought from memory. Something we have heard or thought on many occasions will be retrieved more easily from memory. The easier it is to retrieve something from memory gives greater confidence that the belief is true, although the reality may be the exact opposite. For example, you could be performing a certain “best practice,” like patching software or upgrading operating systems. Labeling something a “best practice” can make you think this practice has been shown through data and analysis to result in significant improvements. However, if the initial conditions are different than those considered when developing the “best practice,” this “best practice” may only result in wasted resources. Regardless of the reality, the more you recall the “best practice” from memory, along with the story that you are performing it to improve cybersecurity, the greater your confidence will be that the best practice will improve cybersecurity. WYSIATI and Cognitive Ease are truly super villains. The super hero with an “S” on its chest that can save the day is Slow Thinking.
Slow Thinking to the Rescue
Slow thinking is what is necessary to end storytelling and discover the truth. Slow thinking is about reframing the problem in order to find information that can challenge existing beliefs. As slow thinking uncovers new and better information, Cognitive Ease will remind you of your confidence in prior beliefs. Your gut will be telling you that no additional information is necessary (WYSIATI). Slow thinking is what will give you the self-control to fairly assess the new information you have discovered.
Fortunately, the Department of Defense has leaders who encourage slow thinking. The Department of Defense Cybersecurity Culture and Compliance Initiative (DC3I) was signed in September 2015 by Secretary Carter and General Dempsey. The DC3I is based on “five operational excellence principles – Integrity, Level of Knowledge, Procedural Compliance, Formality and Backup, and a Questioning Attitude.” Similarly, in his Principles of Better Buying Power, Secretary Kendall instructs us that, “Critical thinking is necessary for success,” and we should “have the courage to challenge bad policy.” These three DOD leaders are asking us to think slowly. This article will examine three separate areas; Cybersecurity Training, Our Cyber Adversaries, and The Certification and Accreditation Process, to illustrate how slow thinking can lead to improved cybersecurity.
In order to utilize slow thinking to improve cybersecurity, we must first be able to recognize where we are thinking fast. Cybersecurity training is an area that can clearly illustrate the difference between fast and slow thinking.
A typical approach to training on cybersecurity is to track the percentage of people trained in a particular cybersecurity area. As the percentage of people trained goes up, then the cybersecurity readiness of the workforce is assumed to be improving. This is a perfect illustration of WYSIATI. Limited information has been put together to tell a coherent story. In order to determine if the story is fact or fiction, slow thinking must be used to actively look for information that can confirm or deny the assertion that training is improving cyber readiness.
Unfortunately, there are a number of potential flaws to the assertion that training is improving cyber readiness. The training could be incorrect or inadequate. The training may not actually provide the workforce with skills required to improve cybersecurity. The workforce may not take the training seriously and not actually learn what is covered by the training. In some cases, knowing what to do isn’t enough to ensure the correct actions are taken. In the area of spear phishing, which is still the most common way malicious software enters information systems, a person must first be able to recognize a spear phishing attempt before they can take the appropriate actions. Even if spear phishing training provides a number of examples of spear phishing attempts, when people are tired, or in a rush, or possibly just don’t believe they will get spear phished, the chances of them taking the correct actions are not good.
Now, compare training on spear phishing to actively spear phishing your employees. If your employees know they will be spear phished, and held accountable for their performance, then they will be more on the lookout for suspicious emails, whether they are actual or training spear phishing attempts. By actively testing your employees with quality spear phishing attempts, you will compile real data on how the workforce is responding to this threat, and be able to provide additional training for those who aren’t. Training on spear phishing is like reading a book on running. Actively spear phishing employees would be like timing your employees for a run around a track. One is a Fast Thinking story. The other is Slow Thinking reality. Unfortunately, as illustrated by Professor Kahneman’s book, our default response in most situations is fast thinking. This can be especially true in circumstances where we have a problem that we are desperate to solve. We look for information that supports our success, and fail to look for, or disregard, information that would tell us we aren’t improving.
Outside Secretary Kendall’s door is a sign that states, “In God We Trust; All Others Must Bring Data.” One of his Better Buying Principles is “Data should drive policy.” In this circumstance, the data that we seek isn’t the simple, fast thinking question of how many people have been trained; it is the more difficult, slow thinking question: are our cybersecurity training efforts improving cybersecurity readiness? Only through slow thinking will we obtain meaningful data to drive policy and our cybersecurity efforts.
Our Cyber Adversaries
The SONY attack, the OPM breach, the Target theft, Edward Snowden, Private Manning – all involve information destroyed and stolen, resulting in the loss of millions of dollars. The cyber threat is certainly real, as the incidents above all attest. Unfortunately, the above incidents, and the press coverage that brings these threats repeatedly to mind, can lead to the perception that any system can be exploited by our adversaries at any time. As we learned previously, thoughts that are repeatedly brought to mind are more easily remembered, which Professor Kahneman describes as Cognitive Ease. In the world of cybersecurity, Cognitive Ease can make us quite confident that every single system can easily be exploited by any random hacker. With limited time and resources to address every system, it is critical to gain a clear understanding of how vulnerable systems are, and the impacts that can result if systems are exploited. If we attribute capabilities to adversaries that they don’t have, or install unnecessary protections in systems that aren’t at risk, we not only waste resources, but we continue to remain ignorant of the actual threat to our systems. Let’s see if we can do some slow thinking on the challenges faced by our cyber adversaries.
Eliminating the Fog of War
Cybersecurity firms often demonstrate the damage that could be done to information systems if hackers got control of them. What needs to be recognized is that the people performing these demonstrations have full access to system documentation, the system itself, and can run tests repeatedly until they get a desired effect. These demonstrations are a perfect example of WYSIATI. The people performing these demonstrations would have you believe (and often believe themselves) that If these demonstrations can be done then surely our cyber adversaries can do the same thing. The problem with demonstrations like these is that they eliminate the Fog of War, the uncertainty that is pervasive in almost every aspect of warfare. For our adversaries the challenge is much greater. System software and hardware configurations are constantly changing, so even if adversaries have system documentation, that information often very perishable. How will our adversaries know if that configuration is still in the Fleet? How will they locate a system that has that specific configuration so that they can test to see if their cyber-attack will work? How will they conduct the test in a manner that won’t tip off their adversary (us) about a potential vulnerability? How will they gain the necessary access to test out the attack? If they are able to locate the system, and attempt to perform their attack, how will they get the necessary feedback to understand why a test may have failed? These cybersecurity demonstrations show what is possible – with perfect knowledge, perfect access, and perfect conditions. What they don’t address is what is probable. Every step in the enemy kill chain is assumed to be perfect, which can then, of course, generate extremely significant consequences. Under those conditions, tremendous damage can be caused in non-cyber areas as well. For instance, any of our fighter planes would cause an amazing amount of damage if it was crashed into a carrier by an insider threat pilot. While everyone would admit that is certainly possible, we all recognize that the probability of that occurring is extremely low so we don’t waste valuable resources trying to create technical systems that could stop a rogue pilot from crashing their plane. In order to obtain value from our cybersecurity efforts we must understand all the challenges our adversaries must overcome. We must not focus on what is possible and then try to fix every associated vulnerability. We must use slow thinking and improve our understanding of what is probable in order to best utilize limited resources.
The Certification and Accreditation Process
The Department of the Navy spends a lot of time and effort on certifying and accrediting information systems to ensure information systems have a certain level of cybersecurity. The WYSIATI approach to certification and accreditation is simply that by using this process, and tracking the correction of system vulnerabilities, then information systems will become more secure in terms of cybersecurity. Systems that are certified and accredited are better off in terms of cybersecurity than systems that aren’t.
Once again we have a fast thinking coherent story that seems to makes sense. Let’s now willingly look for information that can compete with this story. In his book, Professor Kahneman describes an approach to enable Slow Thinking called a Pre-Mortem. The Pre-Mortem is an intellectual exercise done prior to committing to a major initiative that challenges people to think about how the initiative might fail or make things worse.
A pre-mortem for the certification and accreditation process might predict that the process could fail by taking such a long time that it significantly delays the implementation of cybersecurity capabilities. The pre-mortem could predict that due to unclear requirements and untrained personnel the certification and accreditation process might generate very little improvement in cybersecurity, wasting precious resources on something that is primarily a paperwork drill. In this situation, since the C&A process has been in place for a number of years, we can look for indications that support these predictions.
Little value for the effort.
The Naval Surface Warfare Center (NSWC) at Dahlgren, Virginia is just one of the Navy’s centers for innovation. In 1920, only 17 years after the Wright Brothers flew at Kitty Hawk, engineers at Dahlgren launched the first remote control airplane. The plane crashed, but the boldness of such an effort, so soon after the first manned flight, is striking. Innovation remains a constant pursuit by the men and women who serve at Dahlgren NSWC today.
Recently, four of Dahlgren’s engineers, with combined experience of more than 100 years, noted their concern with the certification and accreditation (C&A) process. Over the course of 18 months they examined the resources and time required to get 43 information systems processed through the C&A process. These packages took 33,000 hours of work for a cost of $3.5M, and in the end all of the information system packages were certified. Yet all that administrative work only generated one minor technical issue that needed to be corrected. $3.5 Million worth of time and effort generated almost no changes to the systems in question, and took talented engineers away from the process of innovation, research, and development which our country needs them to be doing.
Forgetting the Commander in Situ
The “Commander in Situ”, which stands for the Commander in the Situation, is a military term that recognizes it is the Commander actually on scene, or in the situation, that has the best understanding of what is going on and what needs to be done. This principle has been evoked over the years after horrible mistakes have been made by those far from the scene who tried to order what must be done with imperfect knowledge of the situation. “Commander in Situ” is all about decentralized control, leaving control to those with the best information.
Unfortunately the C&A process is a very slow, centralized process that pushes information system packages through to one approving authority. What should be recognized is that the farther the approval chain gets away from the system requiring certification, the less knowledge and understanding decision makers have regarding the system in question. In many cases, the people who make the final decisions for approval don’t have any technical expertise on the systems they are approving. System experts have to educate those who give final approval of their system. In cases such as this, decisions that could be made, literally, in minutes by the local experts, have taken over a year to run through the certification and accreditation process. The lack of local authority for cybersecurity matters is quite stunning. For example, the Dahlgren Naval Surface Warfare Center is one of the few organizations in the United States that has the authority to handle the Anthrax virus. Dahlgren can also handle and detonate ordnance up to 10,000 pound bombs. Yet if engineers at Dahlgren want to connect a new microscope to a standalone laptop, that requires a process that can take over six months and requires routing paperwork through four other organizations to gain the necessary permission.
The Illusion of Authority to Operate
When an information system successfully completes the certification and accreditation process it is provided an Authority to Operate (ATO). The ATO authorizes a particular information system for operations, normally for a period of three years. So at two years and 364 days from the date the ATO is provided the system is still good, yet two days later these systems are no longer acceptable for operation. In some instances, when a system is deemed to be at higher risk, an Interim ATO is granted for a period of six months or less. How the length of the time periods of the ATOs are linked to reality is not clear. These information systems are being treated like cartons of milk with expiration dates. While we know the science behind why milk goes bad, there is no science behind why an information system should have an ATO of three years, two years, or six months. This is just a story we have been telling ourselves.
Disregarding Design Thinking
The movie The Imitation Game details the story of the United Kingdom’s efforts to solve the Enigma machine – the encrypting machine the Germans used during WWII to send messages. The movie pits Professor Alan Turing against a group of mathematicians and code breakers. Each day, the mathematicians and code breakers scribbled furiously on paper in order to try to break the code, and each day they failed. Professor Turing was an early practitioner of design thinking. He realized he needed to design a solution that would be a good match for the problem at hand. Professor Turing eventually solved the Enigma machine by creating a machine to do it. Unfortunately, like the mathematicians and code breakers in The Imitation Game, our certification and accreditation process is a slow, centralized, and bureaucratic solution, which is unfit for the very fast, decentralized problem of cybersecurity.
The examples and concerns I have brought forth above are not intended to blame or criticize, but instead to engage in the type of critical thinking that DoD leadership has encouraged us to do. In our efforts to address current cyber challenges we are all on the same team. The examples above are meant to illustrate the concepts of fast and slow thinking in order to best address these significant cyber issues. A fast thinking response to these concerns would be to dismiss them or dispute them. A slow thinking approach would be to willingly investigate them and try to confirm them. New processes should be developed for those concerns that are confirmed.
High Velocity Learning
Recognizing that we must respond to a changing global environment, in January 2016 the Navy issued A Design for Maintaining Maritime Superiority. In the document four lines of effort are established, one of which is to “Achieve High Velocity Learning at Every Level.” The objective of this effort is to “Apply the best concepts, techniques and technologies to accelerate learning as individuals, teams and organizations.” Our Chief of Naval Operations, Admiral John Richardson, has made it clear that the US Navy will be a learning organization. But to accelerate our learning we must first understand how we think. In the end, we should recognize that what we need to effectively address our cyber challenges, as well as achieve high velocity learning, is slow thinking.
The above views are solely my own and have not been endorsed by the Navy. All quotes are from Thinking, Fast and Slow by Daniel Kahneman, a tremendous book that I highly recommend.
If you have not already, before you go further in this post, I highly recommend that you read the recent and important article by Admiral William H. McRaven, USN (Ret), A warrior’s career sacrificed for politics.
Seriously, click the link, read, and then come back.
Now that you’re back, I suspect that at first blush many of you had a similar reaction that I did; a rush of agreement and relief that a senior officer has come to the defense of a colleague who, as many of us have seen with our own friends and colleagues, was caught in the Kafkaesque IG process.
As most who have been around for awhile have their own stories about good people who were caught in a vindictive and unaccountable witch hunt of a system, it is easy to slide in to a position of agreement and sympathy for McRaven’s line of thinking. It is, after all, a heartfelt and reasoned argument. I am in full alignment with McRaven, but there is a blindingly incomplete sense of proportion and outrage that by now I hope is sinking in.
If not, wait for that first flush to exhaust itself in your system. Take a deep breath. Let your head and blood clear, then think about the article and its central argument anew.
There we have McRaven, standing athwart RDML Losey’s crumpled body bravely pointing a finger at the hulking civilian politicians in the distance who have done wrong for crass, self-serving political gain … but … wait. Something seems a bit, well, off.
That is when it hits you. Like Bender says, “No dad, what about you?”
This isn’t personal, there is much more than that. Both officers are great Americans and great leaders – but that is not the story. They are good stand-ins for a larger issue, so let’s dive in to it with that understanding.
As much of an injustice that seems to have visited Losey’s service, at this point I’m not sure I see why his case, now, should be such a big deal to anyone else. Priority. Proportion. Perspective.
Not that I don’t care, I do, but like seeing a broken window on a derelict building, I don’t see how it is a shocking eyesore in the context of a full view of the general neglect upon the whole facade. As McRaven the General Officer/Flag Officer (GOFO) points his finger at civilian politicians, what about the other three pointing back at him, and as a representative of his peer group, his entire cohort of leaders?
As with the many instances I have covered at my homeblog over the years, we have a habit of abandoning leaders to the ravages of spiteful “hotline” callers and rogue IG investigations. To be charged is to be convicted. Not willing to blow their “#1” on someone who is tainted, one or two FITREP cycles pass and innocent or guilty – it does not matter; professionally you are done.
All it takes is a call. An email. One unsubstantiated claim. One unbalanced subordinate. One grievance. One ISIC scared of the shadow of a potential cloud covering them as well as the accused.
Welcome to the party.
From McRaven’s article, does this sound familiar?
…over the past decade I have seen a disturbing trend in how politicians abuse and denigrate military leadership, particularly the officer corps, to advance their political agendas. Although this is certainly not a new phenomenon, it seems to be growing in intensity. My concern is that if this trend of disrespect to the military continues it will undermine the strength of the officer corps to the point where good men and women will forgo service — or worse the ones serving will be reluctant to make hard decision for fear their actions, however justified, will be used against them in the political arena.
And it is clear in this case that certain members of Congress didn’t care about Losey’s innocence. Nor did they seem to care that he has sacrificed more for this country than most members on Capitol Hill — or that the emotional strain of this investigation was devastating to his family. It is clear that all these lawmakers cared about was political leverage.
The case of Brian Losey is a miscarriage of justice. But the greater concern for America is the continued attack on leadership in the military.
During my past several years in uniform, I watched in disbelief how lawmakers treated the chairman, the service chiefs, the combatant commanders and other senior officers during Congressional testimony. These officers were men of incredible integrity, and yet some lawmakers showed no respect for their decades of service. I saw the DOD Inspector General’s Office frequently act as judge and jury, apparently accountable to no one, dismissing the recommendations of the services and ruining officer’s careers. I watched time and again how political correctness and pressure from Capitol Hill undermined command authority and good order and discipline.
Although we in the military understand the absolute necessity to serve and respect our civilian leaders — and every good leader understands and appreciates the value of anonymous complaints to ferret out bad leadership — we also need civilians to understand that a strong military, particularly an all-volunteer one, needs the support of our civilian leaders, not the constant refrain of disrespect that seems so common in today’s political narrative.
Let me rewrite that for you.
…over the past decade I have seen a disturbing trend in how GOFO abuse and denigrate military leadership, particularly those in Field Grade Command, to advance their political agendas. Although this is certainly not a new phenomenon, it seems to be growing in intensity. My concern is that if this trend of disrespect to those in Command continues it will undermine the strength of the officer corps to the point where good men and women will forgo service — or worse the ones serving will be reluctant to make hard decision for fear their actions, however justified, will be used against them in the political arena.
And it is clear in this case that certain GOFO don’t care about innocence or guilt. Nor did they seem to care that leaders in Command sacrificed more for their country than many GOFO — or that the emotional strain of this investigation was devastating to their family. It is clear that all these GOFO cared about was political leverage.
The case of innocent Commanders caught in a drawn out and expanded IG, there is a miscarriage of justice. But the greater concern for America is the continued attack on leadership in the military.
During my past several years in uniform, I watched in disbelief how GOFO treated the those in Major Command at Sea, sea-going Commander Command, Shore Command and even Senior NCOs during and after any IG. These leaders were men and women of incredible integrity, and yet some GOFO showed no respect for their decades of service. I saw the DOD Inspector General’s Office frequently act as judge and jury, apparently accountable to no one, dismissing the recommendations of the chain of command and ruining officers’ careers. I watched time and again how political correctness and pressure from Capitol Hill and more senior GOFO undermined command authority and good order and discipline.
Although we in the military understand the absolute necessity to serve and respect our senior uniformed and civilian leaders — and every good leader understands and appreciates the value of anonymous complaints to ferret out bad leadership — we also need senior uniformed and civilian leadership to understand that a strong military, particularly an all-volunteer one, needs the support of our senior uniformed and civilian leaders, not the constant refrain of disrespect that seems so common in today’s political narrative.
Look at that one more time.
I watched time and again how political correctness and pressure from Capitol Hill undermined command authority and good order and discipline.
Where was McRaven, Losey, and their GOFO peers as good leaders were destroyed? Where were they when the accused were shunned like lepers while under investigation, and then punished for things unrelated to the initial complaints but dug up in the course of ambitious and broad reaching investigations that few would survive? Where were the articles to support them, to call attention to their scourging?
So, why are we to be concerned in April of 2016 about a GOFO being sacrificed at the alter of “political agendas” when more junior personnel have been fed to the politically correct Vaal for years with nary a peep? The disconnect is gobsmacking.
Again, welcome to the party, Shipmate.
We know where you’ve been, we’ve been right there with you. I was a JO when McRaven and his Year Group +/- were senior LT and LCDR. I know what they did and how they comported themselves, I was right there watching them. I know they saw what I saw post-Tailhook. I know they watched throughout their career so many sacrificed so more senior people could be, “shocked, shocked I say,” at what was said to be normal behavior, but, after a good sniff of smelling salts, was actually unheard of.
Where were all those First Flag Officer in the Chain of Command and up the chain further who swore when younger that when they were senior leaders, they would not be part of watching innocent junior leaders flayed alive like we saw after Tailhook?
Unfair to McRaven? Perhaps, as this is not his fault. After all, he has been at the tip of the spear fighting a decade and a half long war most of the time, but he brought up the subject. I do applaud Admiral McRaven for rising in defense of Losey – a great leader and great officer. This may help bring more attention to the IG system, but Losey is not the posterchild to rally a movement behind. What Losey is, however, is just a datapoint in a long, sad, and shameful series of datapoints.
We have a broken IG system and parallel bodies that have their tentacles throughout our system, not just at the GOFO-Congress interface. It has created, and is encouraged by, a culture riven with fear of being denounced by a power hungry IG cadre running around like some diluted and slightly pathetic version of the French Terror and the Chinese Red Guards.
I would offer, if GOFO desire not to be a victim, that they start standing up to the menace that they are presently allowing to consume CDR and CAPT and more junior personnel in positions of authority. Take care of them first, then ask mercy for yourself. By the example of how you treat others, you show how you would wish to be treated. Fix our side of the house, then we can concern ourselves with the elected representatives of the American people.
The first step in fixing this cultural problem must begin with the action of GOFO down the chain. Until that takes place, do not expect any groundswell from the masses as that same culture you enable consumes one of your own … again.
Admiral McRaven, in case you and your peers don’t know it; this is your circus. These are your monkeys.
UPDATE: I would also recommend that you read CDR J. Michael Dahm’s article from the April Proceedings, Innocent Until Investigated. Must be a USNI Member to get the article online.
Due to circumstances beyond his control, Mr. Roggio had to postpone his visit with Midrats. He will appear at a later date. In lieu of his appearance, CDR Salamander and Eagle1 held a “free for all” discussion of current events.
You can find our “Spring Time Free-for-All” here.
We regret any inconvenience.
The world keeps waking up from history – in this case a quarter century nap it seems.
During the Cold War, the maritime choke points between Greenland, Iceland, and the UK were key to the defense of Europe. This “GIUK gap” represented the line that Soviet naval forces had to cross in order to reach the Atlantic and stop U.S. forces heading across the sea to reinforce America’s European allies. It was also the area that the Soviet Union’s submarine-based nuclear forces would have to pass as they deployed for their nuclear strike missions. In response, the United States and its northern NATO allies spent considerable time, money, and effort on bolstering anti-submarine warfare capabilities and intelligence, surveillance, and reconnaissance in the region. Maritime patrol aircraft from the UK, Norway, and the U.S.(Navy P-3s, flying from Keflavik) covered the area from above, while nuclear and conventional submarines lurked below the surface. The choke points were also monitored by an advanced network of underwater sensors installed to detect and track Soviet submarines.
But after the Cold War ended, the GIUK gap disappeared from NATO’s maritime mind. U.S. forces left Iceland in 2006, and the UK, facing budget pressures, retired its fleet of maritime patrol aircraft fleet in 2010. (The Netherlands did the same in 2003.) Anti-submarine warfare and the North Atlantic were hardly priorities for an Alliance embroiled in peacekeeping, counter-insurgency, and fighting pirates in far-flung Bosnia, Afghanistan, and the Horn of Africa.
That appears to have come to an end;
Russia’s growing sub-surface capabilities are coupled with an apparent political will to use them. Its recently revised maritime strategy emphasizes operations in the Arctic, along with the need for Russian maritime forces to have access to the broader Atlantic Ocean. And that access will have to be, just as during the Cold War, through the GIUK gap.
Now the United States is pivoting back to the region; witness the Obama administration’s recent announcement that it intends to spend part of the proposed 2017 European Reassurance Initiative budget on upgrading facilities at Keflavik.
And the U.S. is not alone. Britain recently announced that it will seek to rebuild its maritime patrol aircraft fleet, probably by buying P-8s from Boeing. Norway is also considering its options for the future of its maritime patrol aircraft, and is also looking to buy a new class of submarines. Norway also recently upgraded its signal intelligence ship with new U.S. sensors, and the ship is primarily intended for operations in the vast maritime spaces of the High North.
Of course, history has been busy while everyone else was distracted. Time for a little catch-up.
The UK is without an indigenous maritime patrol aircraft capability following a decision in 2010 to axe its fleet of Nimrod aircraft for budgetary reasons. However, that has widely been viewed as a mistake, and November’s Strategic Defense and Security Review (SDSR) included a decision to procure nine P-8 aircraft to reinstate that capability.
Those planes will not be operational until 2019, at a time when the increasing presence of Russian nuclear submarines in the North Atlantic has spooked some in London.
Several possible sightings of Russian boats in the approaches to the Royal Navy’s nuclear submarine base at Faslane, Scotland, have resulted in US and other NATO allies drafting in maritime patrol aircraft to mount a search for the vessels.
British crews have been training on US Navy P-8’s and other maritime aircraft following the Nimrod program cancellation.
The program, known as Seedcorn, is aimed at maintaining British anti-submarine and anti-surface warfare skills. As many as British 20 crew have at any one time been embedded with the USN on P-8 operations.
Dunne also confirmed that the United Kingdom still plans to operate US weapons on its P-8 fleet when the planes first come online, before potentially transitioning to British weapons in the future, the nation’s head of military procurement has confirmed.
The equipment on the UK P-8s will “initially” be the same as the US Navy operates, Dunne said. “On the P-8, we are looking at essentially an off the shelf, [foreign military sales] purchase. It’s a [commercial off-the-shelf] capability. We are looking at acquihiring the same suite of capability as the US Navy operate.
“There may be some communications stuff that we need to introduce but as far as the capability is concerned it’s coming sort of as is, fully formed,” he added.
Asked if there was a timetable for when UK equipment might end up on the P-8, Dunne simply said “no.”
That is a nation in a hurry. They slow-rolled this to the point they cannot even defend the approaches to their strategic deterrence in their territorial waters.
Imagine having to call Australia and France to help us look for Russian submarines off Seattle and Kings Bay. Yep.
As the West returns to ASW, it will be at a smaller scale. Things are a bit different now. Russia, while something to contend with, is not the Soviet Union. She is also not the supine Russia of 20 years ago.
Unlike the height of the Cold War, she does not need to get her SSBNs to their designated “Yankee Box” in the middle Atlantic. They can deter from the pier if they need to. They no longer have the Red Banner Fleet, they have assets that if they want to show the flag, they need to get out of the North Sea. To get out of the North Sea, they have to make it through the GIUK Gap. If the Most Dangerous COA takes place and they find themselves in a war – they must threaten shipping and NATO warships in the Atlantic. NATO must prevent that. That is the driver.
They have more than legacy Soviet systems. The Russians are building some impressive modern kit, but in smaller numbers – as are we.
NATO’s military does not have the capacity to do ASW like it used to, so we are lucky. ASW is a numbers game, and you have to have enough hunters to match the game. The days of the Norwegians and other folks getting cracks at them before Bear Island, then you had all sorts of SSK and SSNs from European NATO nations that could create issues, not to mention the flightlines full of USA, CAN, GBR, NOR, NLD and other nations Maritime Patrol aircraft that had regular almost daily real world ASW experience – throw in USNS and USN/NATO RW and surface forces too … and on a good day we were all over them, and that was before the Soviets even got through The Gap.
If the Russians want to come out to play again, then we will have to join them. How much? Hard to tell, but we don’t want to be where the British have found themselves.
So, it is time to return to old stomping grounds and to break the adhesions of intermittent real world ASW prosecutions.
Now, how to fund it? FRA, NLD, DEU – I’m looking to you. NOR and GBR look to be stepping up. ESP, POR, and ITA, we’ll bother you next if the Russians insist on coming through the STROG to bother everyone through the Malta escarpment.
From “Pacific Pivots” to “Offshore Balancing” to “Leading from Behind,” as a culture, the national security chatterati and professionals have been grasping for a good “Ref. A” that looked like anything close to strategic thought – even if in reality some of them are only rough operational concept outlines.
As such, heads turned when CNO Richardson announced last week,
Adm. John Richardson, the current CNO, is seeking to accelerate learning and information processing and reportedly has decided the eight months each group takes to study a problem and generate a report is too long. On March 30, he directed retired Vice Adm. Phil Wisecup, the current SSG head, to stand down the group after the current team completes its work.
As a backgrounder,
The CNO Strategic Studies Group (SSG) at the US Naval War College in Newport, Rhode Island, has been working on particular CNO-directed topics since 1981. The group, according to the Navy, is tasked only by and reports directly to the CNO.Organized each year with about 18 to 22 members, many of whom are considered bound for flag rank, the SSG is thought of as a concept demonstration team, often taking on topics that could have great potential but are not being pursued in other Navy organizations. Study topics have included the integration of rail guns into operational concepts, the convergence of cyber power and sea power, and the development of synthetic fuels.
With a name like “Strategic Studies Group” and such a pedigree, one would think in a time of flux that would not be a body that the CNO would want to get rid of. Give all the squid ink about “speed” a pass and look a bit deeper on why we would do such a thing.
Why would the CNO decide it was no longer value added? I think the answer is a simple one; the product.
Such an organization produces a poor product for one of two broad reasons, neither are comfortable to talk about in the open.
1) The Process: this is what the CNO mentions as “speed.” Process is also the easiest thing to fix. Why was this not looked at in detail first? Too hard? Really not. That is what leads me to the next reason.
2) The People: if the people in the Flag holding pen are really our best and brightest, what was it about the SSG that produced such ossified thought to the point it was negative help? What does that say about either how we direct the energies of our talent, or the talent we are selecting? Those are uncomfortable and hard questions that make enemies, but they are ones that have to be asked.
This is not a process issue. Nuclear trained Admirals can fix process. The smart money is on a people problem, and that should worry us all.
As one highly respected professional told me,
SSG has been slowly descending into irrelevance, a holding pond for a bunch of post major command guys to give them a veneer of being smart guys, but the products have become increasingly vanilla. Sort of a wasted exercise where the CNO sends a really tough and important question up to Newport and nine months later the answer … comes out the other end (and sucked). I have given up reading their final reports a few years ago, a waste of time, but still three guys were selected for flag out of there in the past few years.
Why are our best and brightest producing inferior produce, and being rewarded for it? That too is a question we should want an answer to.
A military that faces budget constraints must make choices. The US military is no exception. Is it more important that we fund a large force that can build relationships and spread out over every potential conflict zone? Or should we instead invest in capabilities that will make our individual units more lethal and survivable? In other words, do we build a lot of the assets we know how to build, or do we instead develop better assets that we can build in the future? Secretary of Defense Carter has referred to this debate in terms of posture vs presence (advanced future-forces vs large current-forces).
The fundamental question of this debate is whether war is more likely now or in the future. If we knew we had 50 years until a large conventional conflict, most would advocate investing in capability. That would allow us to build more effective forces for when we needed them. On the other hand, if we knew we only had 1 year, it would not be prudent to divert current readiness in favor of capabilities that wouldn’t be available in time.
The United States’ modern defense establishment has faced one real peer-competitor: the USSR. They posed a threat that was felt viscerally by the populace and the military that defended them. If there was ever a challenge that dictated a large number of ready forces, it was the Cold War. New technologies always had to be researched, but they would be useless if the operational forces couldn’t win a war that day.
When we look at a graph of US defense research spending as a percentage of total defense spending, this pattern is clear. Time periods where the blue line is below the red are when research spending was lower than the historical average.
Data from SIPRI and AAAS
From the early-60s to the mid-80s, when the Soviet threat was large and immediate, research took a back seat to presence. Regular military spending outpaced research spending by a greater than normal amount. Then, America woke up in the 90s to a peerless world. Presence took a back seat to capability. The US military had breathing space to begin to think about the future. It used that breathing space to fund the technologies that would power a networked military that has yet to be seriously challenged in conventional warfare in the post-Cold War era.
In the 21st century, China has replaced the Soviet Union as the threat that focuses defense planners. So how does China compare as an adversary? Do we have the time we need to focus on capability, or should we go all-in on our currently operational forces?
Without going into direct capabilities, a fairly reasonable way to compare threats is to look at top-line military budgets. How did our spending compare to the Soviets’ and how does our spending compare to China’s? Let’s first look at the Cold War.
Data from SIPRI and CIA
From 1966 to 1989, the United States was able to muster enough defense spending to approximately match that of the Soviet Union. There were long stretches where the US lagged the Soviets, but it was always fairly close. The rest of NATO seems to have consistenly spent somewhere between 50% and 60% of the Soviet’s budget. Combined, NATO and the US spent 20-80% more than the USSR.
Data from SIPRI and CIA
Looking at these graphs, you see what looks like a close struggle, but one where the US and NATO are clearly superior. That was not at all the perception in the 60s or 70s, though. The nightly news in that era was gloomy. And the Soviet military really did pose a legitimate threat to an American-led world order. We talk today about China holding US aircraft carriers at risk. The Soviet Union held every city in America at risk. It was a global challenger as much as it sought regional hegemony. So the US strategy was to prioritize the readiness of the forces that it had. Not to prioritize the forces it wished it had.
And in the end, it is hard to argue that this was the wrong strategy. Afterall, the world is not a nuclear wasteland and America has enjoyed lone superpower status for the last 25 years. So if this is the threat picture that warrants “presence” oriented spending, what is a threat picture that warrants the opposite? This:
Data from SIPRI
It is not terribly close. During the Cold War, the US and the USSR spent similar amounts on defense. The United States outspends China three times over, today. Additionally, China’s neighbors currently spend an amount equal to China’s defense outlays, not the 60% deficit that NATO could muster on its best days.
The trajectory of China’s spending is clearly up, while the United States’ trajectory is clearly down. But America presently enjoys a vast lead. And China’s neighbors are increasing defense spending, as well (albiet at a lower rate). Taking these factors into account, it seems as though the United States has a long time before it must worry about China challenging global order. China may be building “facts on the ground” that will be beneficial once it is a mature power (by flouting international law in the South China Sea), but it is not currently a serious challenger to the United States.
While the US and NATO once spent a combined 120% of the Soviet’s budget, the US and its Asian allies currently spend 384% of China’s budget.
Data from SIPRI
If every trend stays exactly as it currently is (and that is already not realistic since China recently announced a reduction in military spending growth), it will take a decade before China poses a threat similar to that of the USSR.
China cannot currently contest our dominance in Asia in the way that the Soviets contested our dominance in Europe. During the Cold War, America waited to prioritize current-force spending until the Soviet’s military budget was about 80% of the American budget. China’s is currently at 35% of America’s.
If American strategy requires that its chief adversary be able to plausibly challenge its dominance in a region before it prioritizes current-forces over future ones, it’s clear that now is not the time for a buildup. With a minimum of 10 years before a new Cold War, and more realistically 20 or 30 years, the US military would be remiss to not fund future capabilities while it can.
The question then is relegated to one of magnitude. How much should the United States prioritize research? Let’s first look at where our current military budget is in comparison to where it’s been.
Data from SIPRI
Defense spending has averaged 6.1% of GDP since 1949. It currently rests at around 3.5% of GDP. As you can see in the above graph, defense spending was high up until the end of the Cold War, shrunk greatly in the 90s, and then rose again during the wars in Iraq and Afghanistan. With those wars now over, our budget is in a new trough.
Data from SIPRI
Total defense spending as a percentage of GDP has only been lower for a brief time in the late 90s/early aughts. There is room to increase it if needed. And if there is to be an increase, it should go toward modernizing the force.
Research and development as a percentage of GDP lies at around .4%. The long-run average is .55%, but the R&D boom of the late 80s reached .7%.
Data from SIPRI and AAAS
The late-80s investment in R&D produced the advanced military that was able to decimate Saddam’s Soviet-style military. It was sufficient to produce a force capable of decisive victory. Similar levels of investment will be required to produce similar margins of victory. What would it take to get spending back to similar levels?
It would require 70% more research spending, but would only increase the total defense budget to 3.8% of GDP from 3.5%. Which is far below the 6.1% long-run average. By reducing our current-force size in areas unlikely to contribute in a large, conventional conflict (the least likely scenario, but easily the most damaging), we could likely keep our overall budget similar to its current levels.
China is a threat to an American-led global order in the long-run. It will eventually be able to credibly challenge our core interests in the world. It, however, does not currently warrant the same defense structure than did the USSR. We still have time to ensure our forces are capable enough to win the wars of the future. And in their current structure, they would likely prevail in any surprise conflict that comes sooner. We shouldn’t restore our military to its Cold War size. We should worry about how we can build the military of the future.
The plot unfolds around the creation of the credit default swap market that “shorted” the collateralized debt obligation (CDO) bubble, precipitating the housing crisis and global financial collapse of 2007. The book describes a private financial and government regulatory system so blind to its own vulnerabilities that it trundles towards failure of epic proportions.
Lewis points to three key enablers of this collapse:
1) A system so large and convoluted that no one truly understands it
2) Individuals who act in self-interested stovepipes to protect their specific aspect of the system
3) Lack of adequate, appropriate oversight
The global financial collapse of 2007 resulted in trillions of dollars of lost savings, pensions, and home value. It affected the lives of millions and has fundamentally altered the way Americans interface with their economy.
There is another system in our nation that shares similar characteristics. The military acquisition system is the elephant present in every room in Washington, DC; its success or failure affects every dollar we spend and every man, woman, and child in America. If the housing bubble affected the lives and livelihoods of millions, we can only surmise the deleterious effects that the acquisitions bubble could have on global security.
We must fundamentally examine the acquisitions bubble and how we can avoid it, before it is too late.
Shorting the System
In The Big Short, Lewis tells the stories of the individuals who predicted the housing collapse and “shorted,” or bet against, the market. These were men and women who profited off the bad business practices of banks and hedge fund managers.
When considering the military acquisitions system, it is our current and potential adversaries who are betting against us. Those who “short” the system include both small-scale organizations who employ inexpensive, low-tech methods to sabotage our forces, and large nation-states who are engaged in a broader game of geopolitical Risk with the United States.
As mentioned earlier, those who leveraged the housing bubble operated with three key enablers at hand. These are the same characteristics that our adversaries will continue to use as they leverage our military acquisitions system against us:
1. A system so large and convoluted that no one truly understands it.
DoD has an entire college–“Defense Acquisition University”–that includes both physical and online classes on the subject of military acquisition, technology, and logistics. Its website estimates the total number of individuals it services each year in the acquisition system at more than 150,000, a figure that represents but a fraction of the whole.
Tens of thousands of men and women, both in uniform and out, work on the subject in the National Capital Region alone. These folks work in small cubicles with water coolers and locked doors. The DoD budget that they each have a small hand in preparing heads to Congress at more than 500 pages each year.
No one–especially not this author–could accurately describe each stakeholder or step of the military acquisitions, technology, and logistics process. Unfortunately, this means that no single person could point out its inefficiencies or effectively propose improvements.
2. Individuals who act in self-interested stovepipes to protect their specific aspect of the system
The men and women wearing the cloth of our nation, far from our shores, are our nation’s true heroes. They work hard in conditions and at tasks that would make the rest of the world blanche.
But decisions are not made on the front lines, in the cockpit, or on the bridge. They are made in office buildings with air conditioning and snappy internet connections. They are made by both military staffers and civilian bureaucrats.
Too often, these offices succumb to what you might call “9 to 5 syndrome.” Many are of the mind that the job they were hired for has definite conditions, and they will work no longer than is necessary to meet only the minimum requirements. Any further issues that arise outside of these hours or requirements are “not my problem.”
Likewise are those that see a problem–incorrect information being passed up the chain, an erroneous analysis, unjustified assumptions–and do nothing. Why? “It isn’t my job.” “I wouldn’t know who to talk to about that.” “I don’t want to make any waves.” People fear for their employment, their financial stability, and their perceived reputation in the workplace more than they fear incrementally adding to the entropy of the system.
These aren’t necessarily behaviors that you could discern from a workplace survey. It is much easier to hide behind the anonymity of the computer screen, ignore our real problems, and react with dismay when the wheels start to fall off the bus.
3. Lack of adequate, appropriate oversight
Beltway Insiders refer to the “Iron Triangle” as the relationship between Congress, the military, and industry. Through the lens of the acquisition bubble, however, let’s take a closer look at each corner of this shape:
-A Congress with an approval rating hovering near 10%, in an environment hostile to incumbents and financially costly to challengers
-A military with a joint staff that each of the services scoff at, with the term “joint” or the color “purple” disparaged, handling oversight of the acquisitions process
-Industry beholden to investors who are looking for profit and short-term gain
This is a reality that has existed for decades. A system that should be designed for mutualism, where the actions of one benefit the other, has instead manifested as parasitic, where each actor seems to be negatively impacted by the actions of the other.
Each of the stakeholders in the Iron Triangle is responsible for the oversight and proper regulation of the military acquisition system. But in an environment where Congressmen are more apt to pass a funding bill that includes jobs and money for their individual districts; where industry advances projects that further their bottom line the most; and where the DoD serves up an amalgamation of individual service plans rather than a comprehensive strategy, oversight and regulation are fundamentally broken.
Now, more than ever, we should remember the words of a former president: “Our problems are man-made; therefore, they can be solved by man.” We must get beyond all of this; we must eliminate our excuses. The health of our Republic and the continued success of our men and women in uniform depends on it.
No Easy Way
The slow devolution of our acquisition system is the result of an unchanging bureaucracy that is grinding to a halt in the Information Age. As the pace of the world quickens around us, our system is growing more and more inefficient. At times, it is both too easily taken advantage of and not easy enough to engage; it is both too deliberative and not deliberative enough. Yet we continue to lurch towards multi-billion dollar platforms and continued inefficient policies, unable to stop this carnival ride we are on.
Hindsight has a way of making things look more obvious than they appeared at the time. Perhaps the system is helped in some way by the notorious bean counters and turf protectors that seem to stove-pipe problems and sabotage solutions. Perhaps the American acquisition machine will continue to slog on, unabated. But as we come upon our fourth post-Cold War decade, it is alarming that our systems and processes are becoming increasingly Soviet.
One of the most obvious solutions is to foster strategic thought, understanding, and literacy in military and civilian agents of DoD at a much younger age. Mark strategic aptitude early and enable groups of these hard workers to actually influence policy and lead change within government. There are plenty of outstanding strategic leaders across DoD, but we can do much more to enable our strategic enterprise as a true meritocracy, rather than a “tenure-ocracy.”
There are already cohorts fulfilling these roles in their own personal capacities, such as the Defense Entrepreneurs Forum and similar service-based groups of junior officers, enlisted, and civilians. We should further these groups to include true coalitions of service, Congressional, and industry staffers and leaders who can come together to solve problems instead of going through the motions of decorum and paying lip service to real issues. But to date, both Congress and service leadership has reacted with scorn to these possibilities, seeming to validate problem #2 on our list above.
At the end of the day, no matter how many bits of data or inches of type-block this article takes up, there is no silver bullet solution to the military acquisitions bubble. There isn’t a 5-point plan or a CONOPS capable of the kind of course correction needed.
There is simply this:
If we got every stakeholder and decision-maker, from the lowest ranking uniformed service member to the highest ranking civilian and industry leaders, into one room at one time–with a Congress and President ready to vote and sign whatever came from such a meeting immediately into law–could we task them to build a system around answers to one question:
“What would you do differently if you knew you couldn’t be fired and you couldn’t fail?”
And how do we get them there? How do we press the “reset” button on doing the right things?
Time is of the essence: before the acquisitions bubble pops, and we are left with a tragic sequel to The Big Short.
“It is not the most intellectual of the species that survives; it is not the strongest that survives; but the species that survives is the one that is able to adapt and to adjust best to the changing environment in which it finds itself.”
— Attributed to Charles Darwin.
The Rate of Change
We live in exponential times. Does anyone still own an old-fashioned, original iPhone? New products hardly hit the street before they are superseded by something newer and better. Technology seems to change daily, before our eyes. In fact, the rate of technological change is increasing, as the internet, computing power, and insatiable market demand combine to throw the research aperture wide open. In the language of the calculus, a positive second derivative means, simply, that change is accelerating. The long-term success of future defense programs will depend more than ever before on their ability to adapt continuously to this change, rather than our ability to produce exquisite point solutions.
Cutting-edge technology, once the property of governments, and especially defense departments, is now driven increasingly by market demand. Defense requirements are no longer driving the technology train. In fact, in many cases, they are not even a major passenger. A look at National Science Foundation data showing U.S. research & development (R&D) funding by source for the 45-year span between 1963 and 2008 shows that, in the 1960s, government funding dominated R&D as we developed Cold War weapons and chose to go to the moon. In such an environment, the research establishment is responsive to government needs, so integration is relatively straightforward and technology tends to flow from government development to civilian application. Radar, for example, was adapted for microwave cooking, and the Global Positioning System (GPS) changed almost everything we do. By the early 2000s, however, funding roles between industry and government had reversed. This is a good news story for a free-market economy. However, it presents a very different challenge for those who build and maintain complex defense systems, as the military is forced to become the agile adapter.
Build with Change in Mind
In a rapidly changing environment, the long-term viability of programs will depend largely on our ability to infuse evolving technologies in stride, affordably. The image at left shows the Ticonderoga-class cruiser ex-Valley Forge (CG-50) being sunk as a target after just 17½ years in service. This $1B Aegis cruiser was a technological marvel in her day, but she was not built with change in mind. Because it was too costly to backfit the open MK41 Vertical Launch System into the first five ships of her class, they were all decommissioned early—an expensive lesson in adaptability. The U.S. Navy’s Aegis cruisers and destroyers are magnificent machines, but it’s worth noting that many of the missions they perform today, including land attack and ballistic missile defense, were not on the chalkboard when they were designed in the 1970s to protect carrier battle groups from Soviet airborne saturation attacks.
We need to build systems, especially those concentrated on complex, multi-mission warships, for existing threats as well as those yet to emerge. Combat systems need to be open, modular, and flexible enough to evolve, incorporate the all-but-certain march to autonomy and machine teaming, and keep up with advances in computing and communications that are beyond military developmental control. In fact, current trends suggest the commercial-military gap will widen. Alphabet/Google, for example, consistently reinvests approximately 30% of every dollar of sales back into R&D and capital expenses (CapEX), compared with just 2% – 3.5% for top defense contractors.
Affordability, Autonomy, and the Third Offset
It has been said the United States is losing its technological edge, but technology isn’t the primary obstacle. While research in many other countries certainly is improving, the pace of innovation, invention and technology development in the United States is breathtaking, and shows no signs of slowing down. The United States still produces many of the world’s most impactful and exciting technologies; however, integrating them into our defense systems and tactics is hard and getting harder.
A close look at the Navy’s and Air Force’s investment dollars (R&D plus Procurement) compared with force structure, measured in ships and aircraft, shows that in the past, as budgets inevitably cycled up and down, force structure tended to follow. When budgets declined, services financed downturns by reducing force structure and harvesting manpower dollars. When budgets increased, generally, we bought new or improved force structure. This pattern changed in 2003. For the first time, as budgets increased significantly, force structure continued to decline, even as service chiefs maintained they did not have enough assets to satisfy demand. Now, as we again face decreased defense budgets, there is no force structure to mortgage, and the implications for unit cost point to a future we can’t afford on the current trajectory. As with the first two “offset” strategies, the recently released Third Offset is driven by affordability, and an economic need to increase capability without increasing expensive capital assets.
There are only two top-level metrics in defense procurement: capability and cost. Every new program seeks to increase capability, reduce cost, or both. Yet, while capability across all services certainly has increased by many measures, so has cost, while quantities continue to shrink. New technologies like autonomy can help increase capability, but only if they can be integrated continuously, affordably, and in stride. The modular mission package approach pioneered by the Littoral Combat Ship program, with its innovative use of networked, unmanned systems, was an important step in the right direction.
With years of effort and millions of dollars invested to start each new Program of Record, it’s no wonder the services are reluctant to change programs, or take risk and add cost by infusing new technologies. Our acquisition workforce is professional and dedicated, but they are measured on their ability to deliver programs based on “cost, schedule and performance,” and programmatic rudders don’t swing easily. How then, can we expect emerging technologies, like autonomy, to develop into a potent element of our force structure, and provide the affordable leap in capability envisioned by Secretary Work’s Third Offset strategy?
Despite general acceptance of unmanned aerial vehicles (UAVs) for airborne Intelligence, Surveillance and Reconnaissance (ISR) as well as airborne tanking missions, our current approach to most autonomous systems has been focused on one experiment at a time. The Navy’s X-47B demonstrated that UAVs could operate safely from an aircraft carrier, and even refuel in flight. There were valuable lessons learned but, after $2B, the program has essentially reached a dead end.
Now is the time to develop a future force architecture that will guide an orderly migration to a mix of autonomous and manned systems across all domains and, more importantly, provide the underpinnings for reprogamming funds to make it happen. The Analysis of Alternatives for the Navy’s BAMS/P8 Maritime Patrol Aircraft program informed just this kind of tradeoff, producing an optimized, combined purchase of manned and unmanned aircraft. New unmanned systems like DARPA’s autonomous “ACTUV” surface vessel, and a family of future underwater vehicles, including the Large Diameter Unmanned Underwater Vehicle, can increase fleet numbers and total capability in the same way. By increasing capacity, they can also help distribute sensors and firepower.
Consistent with the Third Offset strategy, networked, autonomous systems will perform important missions in places larger manned ships can’t, or needn’t, go. Like Garry Kasparov’s centaur chess model, they’ll fit into an overall fleet architecture in ways that optimize the whole man-machine team. As autonomous systems become increasingly capable in the future, they will share burdens and shoulder more and more of the warfighting load, while open architecture and modularity will help us pace evolving technology without the need to build new ship classes from scratch.
The “relevance horizon” for combat capabilities has always been a moving target. This is nothing new, but the pace of technology change is increasing, and is driven by forces that are beyond government control. Future Defense programs must be built with change in mind, to adapt to emerging technologies that evolve faster than today’s acquisition cycle.
As long as we continue to approach autonomous systems in isolation, they will be slow to realize their full potential. Now is the time, within the new Force Structure Assessment, to look 10 to 25 years into the future and devise a comprehensive fleet architecture, based on rigorous analysis and modeling, that optimizes the mix between manned and unmanned programs envisioned in the Third Offset strategy, and helps compensate for declining force structure numbers. Like the first two offset strategies, the Third Offset is driven by economic necessity.
Finally, many of the world’s brightest minds are still right here in the United States, producing the world’s best technologies. Our challenge is to keep those technologies flowing into the hands of our warfighters.
 Personal communication, James McAleese, McAleese & Associates, 29 January 2016.