Risky Business–Tomahawk Style

The Arleigh Burke-class guided-missile destroyer USS Ross fires a tomahawk land attack missile while conducting naval operations in the Mediterranean Sea, April 7, 2017. Navy photo by Petty Officer 3rd Class Robert S. Price

 

 

 

 


I just published an OpEd piece in American Military News after looking at the FY 2019 DoD Budget again.  I can’t believe we aren’t asking for more Tomahawk Land Attack Missiles.  The Reason? We are going to build a new Land Attack Missile by 2028…..that’s around 10 years folks!  Any bets on a 2028 delivery?     Anyone?     Bueller?   Anyone?    Anyway, I think the piece says it all, so I invite you to read it.  Here’s the link to the article…..Closing the Tomahawk Line is Risky Business.

[Non-DoD Source] Sigh…ber Part 2

What’s up with that kooky title?  Well that’s how all your email coming from outside the “dot mil” domain appears to those inside…As if they are somehow more secure?  I guess this is an attempt to highlight emails coming from us pogues outside the secure boundaries of DoD email and to alert those on the inside that there is danger in communicating outside the domain….non-dodPersonally, I would like all their outgoing email to be marked [DoD Source] so I can choose not to read some of the mountains of stuff that comes out from them…Like the DoD media reports that give us a detailed “Readout of SecDef meeting with the Dali Lama” and the like (See the News section of this web site).  I don’t think I have ever finished one of those “Readouts”, because frankly, there’s nothing of substance in them.  Does anyone outside the Pentagon really care?(and I’m pretty sure only a very select few inside do)   That’s a candidate for [DoD Source] marking so I can avoid it.  And yet, some GS-15 is probably making a lot of money producing them.  There’s also the de rigueur morning DoD press reports of the wildly successful strikes against ISIL targets conducted by our forces overnight.  Yet another candidate to be marked [DoD Source].  I guess I have just become overwhelmed by all the happy talk to the point that I just don’t have confidence that everything I read is really “true.”

Now hold on there you DoD buckaroos!!!!!  I’m not saying that what you put out is not “True”, but I think we can all agree that words can be put together is a way that while they are true, they may not be “truthful.”  I put on an occasional seminar on Ethical Decision Making and in that class I discuss some points concerning “truth.”  truth2  Perhaps the most famous seeker of a definition of truth was Pontius Pilate when he asked, “What is truth?” He didn’t get an answer to his question then and the answer to his question has been  debated for centuries.  In my previous article , Sigh-ber, I touched upon the wisdom of always being completely truthful so I won’t jump into that morass again.  But is always just telling happy truth, and ignoring some of the bad news, being completely truthful?  I think not.  I recall during one session on the Hill when I was asked if we had fully funded the ship maintenance requirement I replied, “Yes Sir.  We have fully funded the ship maintenance line to 75% of the requirement!”  True enough!  Anyway, I digress.

I am somehow offended that DoD chooses to mark my email as [Non-DoD Source].  I suppose I should be grateful that they deign to open my “insecure” emails.  Given the thousands of emails folks receive in the Pentagon, my guess is that they will all become desensitized to that phrase and will ignore it.   But……if someone ever clicks on a [Non-DoD Source] email and causes some sort of bot or bug or worm or virus to be introduced into that bastion of security, the “dot mil” domain, the Cyber-police will descend upon them for ignoring the [Non DoD Source] warning.  I am sure the cyber-Dons within DoD are correct when they believe that this sort of thing can’t happen from within the “dot mil” domain….But somehow I still see echos of Bradley Mannings, Ed Snowdens and a lot of others who had inside access, that could care less about [Non DoD Source], because they were a [DoD Source]!

PS.  My N8 former self can help but wonder how much it cost to mark all non DoD email as [Non DoD Source].

FoundationAnchorLogo  Please help our wounded Sailors and Coast Guardsmen by attending a performance of “A Christmas Carol”, presented by the Little Theater of Alexandria on the evening of December 16th by clicking here.

 

 

Sigh–ber

It’s been a while since I opined on matters I know little about…so I thought I would continue that tradition by putting out a few thoughts about all things cyber.  No doubt you have all heard about cyber-xxxxx until you are becoming immune to the cries of “Danger Will Robinson.”

RobotAnd that is a real problem because cyber crime, cyber snooping, cyber intrusion, cyber war, and all manner of other things is perhaps the most significant challenge to the well-being of the good ole US of A in this century, IMHO.  I’ve attended a series of meetings and had a couple of events in my personal life that have caused me to think a lot about this problem.  But they way, I don’t claim ownership of any of these ideas.  I have heard them in a variety of places from a variety of people.  I just wrote them down in one place.

Nothing chafes me more than getting my credit card rejected, and then finding out that my credit card company has detected the unauthorized use of my card and I must get a new one.   That’s when I realize just what a poor job I have done in protecting myself….I even have a spreadsheet now with all the web sites that I have to visit to update my credit card number.  It has web addresses, user names, account numbers and passwords all laid out so I can spend about two hours on line changing them all…..Am I the only one with this problem??? I’ve started trying to put everything on line through PayPal, but who’s to say that won’t be hacked next?

Think about all the bad things that have happened due to cyber crime in the last year or so…..Target gets hacked, the Joint Staff email system is fried, the Pentagon Food Court is penetrated, the OPM debacle.  SF86-doodyBTW I just got my ( less than timely) letter last week from OPM informing me that all the information on my  SF86’s was compromised….that’s efficiency for you!!! (No wonder they got hacked if the timeliness of their notification is any indication of their expertise) How long has it been since we all knew about the OPM fandango???? And yet…..no one has gone to jail on the criminal side and no one has been fired or disciplined ….for any of those things.  And I’ve got to say that in the case of OPM, it seems to me the cure is worse than the disease….Let me get this straight…..I get free monitoring for a couple of years and all I have to do is enter in all the personal information they couldn’t keep secure anyway…They want me to enter driver’s license number, bank account numbers, credit card numbers….What kind of idiot do they think I am?  They gooned it up once……and most likely will goon it up again…There’s no way I’m putting all that info into anything that has anything to do with OPM or the US Government, for that matter…( Isn’t the lowest bidder providing most of the government’s security packages?). They should just ask the Chinese or the Russians for my info, since they apparently already have it………but I digress.

As I have been thinking about cyber security and listening to the experts over the past few months, it has dawned on me that this is a problem like no other we have ever encountered.  And that means it’s going to require some very innovative and unconventional thinking to fix it (and thus the perfect reason why DoD shouldn’t be in charge).  Moreover, this problem is much too serious to be given to the techies to manage.  This is far too important to keep in the IT closets of government and corporate America.  Management and leadership must know this stuff cold and be intimately involved every day, in every way.  Why do I say that? Here are a few unique aspects to the problem:

  • Everyone is an operator.  Except for a few holdouts from America’s Greatest Generation, virtually everyone is slammin’ away at a keyboard or tip-tapping on a touch screen or talking to Siri(for those who are unable to get anyone else to talk to them).  You don’t need a license, or any training, or have any awareness of just how badly you can screw things up to “operate” on the Internet.  You all know people who shouldn’t be allowed on the Internet….the people who actually reply to the email from Mr. H. J. Spankle, Esq. from South Africa telling them that their long-lost cousin has left them a fortune. Or the ones who hit the “reply” button on the email from their bank telling them to update their user name and password……And yet they are all out there spending hours on-line, causing who knows how much damage.  Their vote counts just as much as yours, by the way.   This is why cyber experts will tell you that in most breaches, it’s not technology, but people at the root cause.
  • There are no boundaries. There are no borders to control, no time zones, no hours of operation, no holidays, no boundaries of any type on the Internet.  As a result, it’s not clear where jurisdictions begin and end.  I suppose you could say that firewalls are a type of boundary, but even the best of firewalls eventually get penetrated.  I was recently visiting NAS North Island in San Diego and went to the Mother of all Starbucks, located next to the carrier pier.  I tried to use my smartphone app to pay for coffee, but was told they weren’t allowed to use that feature on the base because of the possibility that using the Starbucks Pay App might cause a cyber-intrusion in the base network…Huh?  If that’s the case on NAS North Island, why isn’t that the case at any Starbuck’s.  They don’t even use the Navy network and yet the Navy is worried about intrusion.  Can that be true?  Do the folks making those decisions really know what they are doing???  I hope so, but it doesn’t make sense to me. This type of mentality reminds me of the old saying in Naval Aviation, ” If safety was paramount, we would never fly!”
  • No one is in control. This relates to the no boundaries problem. Since there are no boundaries, it’s not clear who is in charge.   Of course, there are several organizations that may exercise some moderate influence,  like the Internet Corporation for Assigned Names and Numbers (ICANN) or maybe some of the companies maintaining Authoritative Name Servers (the keeper of the “phonebook” for domains like .com, .net, .org, etc)  Until about 1999, a company known as Network Solutions,Inc. did this function, but now several entities claim this responsibility, along with organizations for domains like .biz and .edu.  The United Nations has been monkeying around with Internet Governance as well, claiming that they don’t want the US in charge (BS IMHO) but in the end there is no single “belly button” in charge.
  • There in no difference between military, government and civilian operations. Everyone is in the same boat.  This becomes a real problem after a hacking event when trying to attribute the attack to someone or something.  Was it a hostile act by an opposing military power or was it a criminal act by some organized crime actor, or was it a terrorist act by a radical group, or was it just a random act of boredom by a “hackivist”  wasting time between Minecraft games?  Who knows?  It all looks the same.  This is a fundamental problem in determining what type of response is appropriate for any given attack.  I have no doubt the US has the capability to “smoke check” every single computer in North Korea….or even turn my own laptop into a time bomb fueled by a “Phaser Overload” in my lithium battery pack, but to what end? Is it our responsibility to be the “Net Police”? Is it DoD, DHS, FBI, FCC, Radio Shack???? I just don’t know (and apparently neither does any of our leadership).
  • All share in the risk.  Just look at the Target incident.  Even though I might have been a completely hygienic internet user with impeccable security habits, all I needed to do was buy a lightbulb from Target using a credit card and BINGO….I’m hacked!!  And think about the problem of someone else using your computer for whatever reason…all they need to do is click on one spam message and you are hacked.  In fact, it takes just one ne’er-do-well on your vastly secure network to plug in one thumb drive, and you are hacked.  You are at risk, even if you chose not to play the game.  This has huge implications.  BTW,  do you all have the new credit cards with the chip that is supposed to enhance security?  You know, the one that doesn’t work in any of the credit card readers?????? As far as I can tell it’s still swipe, swipe, swipe your personal information away!!!!!!
  • Cyber-Health is nonexistent in the masses. Probably an overstatement, but the point is that even very well educated folks are constantly falling prey to all sorts of scams, phishing schemes and electronic theft.  Think about the little device that criminal stick to the ATM card slot that copies all your ATM card info. Or what about the scanners that can cue your smart phone to dump its address book (now we need metal card holders to prevent intrusion, a la the new Pentagon Badge Holders?).  So my contention is that the vast majority of internet “operators” pay about as much attention to cyber-hygiene as they do about the dangers of texting and driving…..Once again, it only takes one to spoil the whole barrel and there are plenty of rotten apples running around out there.

So there are just a few reasons why cyber-related problems are unlike any we have tackled before.  No great revelations here and sadly no solutions.  But I contend that to get to the solution, we must first understand the problem we are fixing. I don’t think we are anywhere near understanding the extent, nature or consequences of living in a world where everything is connected.  To my way of thinking, we have too much of a good thing and that can be bad thing.  I am reminded of a discussion I once had with a prospective bridegroom when I was a marriage mentor.  We were talking about the special relationship between married couples….no secrets, everything open and above board…Then I remembered that sometimes openness and honesty may not always be the best policy when it comes to marriage….I made that mistake early on in our marriage…..I recall coming home just weeks into our wedded life and passing on the blueberry pie the lovely Mrs. Crenshaw has spent many hours preparing (after attending classes all day).  “Just so you know, I don’t like blueberry pie,” I said.  Some four-two years later I regret that moment of honesty every day!!!!!!!!!!blueberry

 

 

Where is, repeat, where is Task Force Thirty Four?

That WW II message was sent by Admiral Nimitz to Admiral Halsey in support of Admiral Thomas C. Kinkaid, Commander of landing forces seizing the island of Leyte in the Pacific.  Admiral Halsey had fallen for the Japanesse ruse, diverting most of his carriers and battleships 200px-Nimitz_and_Halsey_1943supporting the invasion to chase the Japanese decoy Northern Force, leaving Admiral Kincaid’s forces in the lurch.  Famously, however, when the message was delivered to Halsey, the phrase “the world wonders” was added by mistake.  Halsey took it to be an insult,  creating bad blood between the two. There are some pretty funny accounts about “Bull” Halsey blowing his top when he read the message. Here is the actual message:

msg3

I just returned from the annual American Society of Military Comptrollers (ASMC) Professional Development Institute (PDI) in New Orleans.  It was an outstanding opportunity to learn about the state of the art in the DoD budget and accounting.  Well done to Executive Director Al Runnels and his staff!!!  This year I reckon there was north of 2000 folks from throughout the DoD Financial Management profession….Army, Air Force, Office of the Secretary of Defense, Defense Agencies and even the US Coast Guard.  Leadership and rank-and-file throughout DoD, from the Honorable Mike McCord, the Undersecretary of Defense (Comptroller) on down, gathered to consult, confer and otherwise hobnob with their fellow budget wizards.  In fact, I dare say that most of the senior Financial Management leadership from the services and defense agencies was there. There was only one thing missing: the Navy.

Yep, that’s right. The Navy chose not to participate.  Given that every other service, defense agency, and the OSD staff decided it was important to send their people, I can only assume that either the Navy thought that its people (personnel in DoD speak) didn’t need the training offered at the PDI or that despite the need for training, barring their attendance was the safer or smarter move.  So the Navy and USMC financial managers sat on the sidelines while the remainder of their counterparts in DoD heard for Mr. McCord; the Honorable Jamie Morin, Director of CAPE; Mark Reger, the Deputy Comptroller of the United States and numerous other senior officials. They attended required FM certification training, attended workshops, participated in a whole day of service-specific training and  conducted community service projects. In the interest of accuracy, there were a handful of Navy folks there, but only if they were actually presenting a workshop or receiving a national-level award.

Why did the Navy choose not to participate?  Well, it is true that in recent years “conventions” and other large-scale events have come under scrutiny because of some very bad decisions made by some not-so-good leaders.   But checks and balances were put into place to ensure legitimacy and need before approving such meetings.  All organizations in DoD went through the same process of evaluation.   The PDI was not given “blanket approval” by DoD and thus the leadership in each organization had to make the call on whether or not to send its people to this valuable training.  Obviously, Navy leadership uniquely decided this PDI was not in accordance with applicable rules and regulations and thus elected not to send its people.  Now those of you who are not familiar with the world of financial management might wonder why a PDI is needed. Here’s the scoop:

Most DoD financial managers are required to receive about 40 hours of continuing professional education annually.  Those who have achieved the coveted Certified Defense Financial Manager (your humble author among them) are required to take 40 hours annually to retain their certification.  In addition, the DoD recently introduced a financial certification program aimed at increasing the professionalism of the FM workforce.  It’s a tiered program with each level requiring specific courses delivered by qualified personnel.  Once a certain level of qualification is reached,  there is a continuing education requirement similar to those above.  The highly specialized training required for the various certification levels is offered at the PDI, along with a variety of accredited courses that count toward annual training requirement.  I’m not quite sure how many hours it would be possible to knock out at the  PDI, but it’s somewhere in the neighborhood of 20.  That’s half the annual requirement!

To make sure people actually attend the training, they are individually scanned in and out of training sessions and only given credit if they attend the entire session.  Each day begins at 07:00AM with breakfast and training sessions go on throughout the day until 4:40 PM.  Believe me, that’s a long day and I have yet to figure out a way to “beat the system” so I have to sit through the classes all day to get credit.  It’s not exactly a cake walk.  You can be sure people are actually getting the training.

Enough of that.  And now for the gorilla in the room:  Yes, it’s in New Orleans, but there’s no escaping the fact that PDI attendees are sequestered (I just had to use that word) for a good nine hours a day….No zooming up and down Bourbon Street, no clowns wandering around, no $26 cupcakes…it’s all business during extended working hours.  (This shouldn’t be surprising since it’s basically run by accountants, for accountants).  By the way, what’s the difference between an introverted accountant and an extroverted accountant?  The extroverted accountant looks at your shoes when he talks to you….Badda-Booom!

So I mentioned earlier that maybe the reason the Navy leaders chose not to send Navy and Marine Corps people to this training is that they don’t need it.   Well, you would be wrong if you made that assumption. I attended a session where the current numbers of people certified by service was presented and the Navy was just a sliver in the pie chart while all other services were big, fat pie slices just like your grandmother would serve.  So the Navy needs the training above all and they are obviously not getting it elsewhere.  In fact, given the workload of Financial Managers these days, it is really hard to find the time to take on-line courses.  Oh sure, there are on-line courses….and they are good for filling some portion of the requirement, but no matter what you say, nothing beats real-time, classroom training to allow for substantial interchange between students and instructors.  Would you rather have your dentist fulfill his annual professional training staring at the PC at home while drinking a martini or attending a gathering of dental professionals with an opportunity to talk to pioneers of the latest in the dental art and exchange views and techniques with his/her peers? When he/she says “Good thing I saw how to put in this implant on You Tube”, how would you feel??  or how about this:  “Oh yeah…..since you have to put in a 10 hour day at the office, just do that training in your spare time”……Right! Here’s an idea:  Why not do your training the next time we furlough you?  What’s the big deal?  We have posted classroom material in all the heads…..do some training while you do your business!!!  It’s all about being efficient!” Seriously folks, I do remember aircraft checklists being posted above the urinals and on the backs of the stall doors in the squadron head in order to make use of “spare time”!!!

cv67_022
Hey, Where did everybody go?

I know I don’t have the right to criticize and I apparently don’t have all the facts, so I recommend the reader of this tome (It’s longer than I wanted) consider these thoughts to be from an unqualified, uninformed source.  And if you were the decision maker, please don’t get all spun up.  The decision was yours to make and I respect your decision.  I just hope your staff did you the courtesy of making sure you had all the facts before you decided.  (You only know what they want you to know.)  I am confident that the Navy leadership can give you a much better reason for why they stayed away.  That not withstanding,  I  hope the Navy decides to participate next year so they can be a part of the team.  I know I was embarrassed that so few from my beloved Navy were there.   And just because the rest of the Services, OSD, Coast Guard, and Defense Agencies took just a little risk and sent their people to PDI,  doesn’t mean the Navy had to send its people to PDI(sigh, I can see my Mother saying that right now).  Maybe they didn’t have the money to send their people (even though everyone else did).  Maybe it wasn’t that important.   Maybe there was another budget drill going on.  Maybe they elected to spend the money on local training for the hundreds (if not thousands) of Navy FMers around the world.  I just don’t know.  But this I do know: when next year’s PDI rolls around I sure hope we don’t have to again ask, “Where is TASK FORCE THIRTY FOUR the FM world wonders?”

The Name Game

Those of you who have read some of my previous musings know that I have a bee in my bonnet about Pentagon “Double Speak.”  You know… the overly complicated buzzwords and phrases for simple things.  Here’s a link to one of my articles that has some examples. A few of my favorites include:

  • New Presence Paradigm: Overseas Bases
  • Hybrid Contingencies: Kludges
  • Proxy Groups: Terrorists
  • Dynamic Environment: The Real World
  • Asymmetric Approaches: More with less
  • Rebalance Tooth-to-Tail: Cut contractors
  • Win Decisively: Win
  • Rebalance: Cut
  • “Opportunity, Growth, and Security” Initiative: Slush Fund
  • Innovation:  Not in DoD dictionary
  • Multi-lateral Security Architecture: Treaty
  • Force Planning Construct: Size
  • Efficiencies: Negative Budget Wedges

As I was reading the news this morning, I found this article on the name change of the “Air Sea Battle” concept in DoD Buzz.  So forget about Air-Sea Battle and let me introduce you to Joint Concept for Access and Maneuver in the Global Commons! True to form, the Joint Staff has managed to take a relatively simple name and complicate it to the point of non understanding. Of course what would  a new concept be without its accompanying acronym, JAM-GC?  I suppose the pronunciation will be JAM-Jic or something like that.   I can here the conversation in the Pentagon Food Court now, “What are you working on now?”….”Oh, I’m now the JAM-Jic lead and believe you me there’s lots of jamming and jickin to be done now that this Air-Sea thing has vaporized.”

So, I was never a fan of the Air-Sea Battle thing.  IMHO, it was just a budget ploy by the Air Force ( and a somewhat reluctant Navy) to show relevance in an era where it’s relevance was waning.  It’s not the first time the Air Force, after becoming alarmed by increasing dependence on  and relevance of naval forces, began to seek ways to move into Navy mission territory.   This always puzzled me, because in my mind it’s always be a air-sea-land battle.  Especially as the perceived budget pressures have forced all the Services to cut force structure.  In any serious and protracted campaign, the Navy needs  Air Force tanking and command and control capabilities.  And the Air Force relies on the assets from the Navy with little or no support requirements to beef up the Joint Force.  It was never clear to me why Air Force and Navy needed to invent a “new concept”  for something that has always existed….except for the issue of the Joint Strike Fighter.  This $160 Billion over-budget, 7 year-late program is costing the King’s treasure and consuming all other aspects of the budgets of both services. Why not influence operational concepts as well?  The story line?  Air Force and Navy are inextricably linked by the Air-Sea Battle Concept and we must have the JSF to make it work.  To the Hawks on the Hill, this can be a very compelling argument.  One wonders what was going through the minds of the Army folks while they watched this little menage a deux develop.

Well, I guess the Army dusted things up enough to cause a name change, albeit no less threatening to their budget.  As they say in the Patriot’s locker room, “All’s fair in love and war!” So to appease the Army, it appears we now have a new concept.  And the name is a doozy…..Joint Concept for Access and Maneuver in the Global Commons.  320px-Shipping_routes_red_blackAccess is there to appease the Air Force and Navy, while Maneuver is there to keep the Army below the horizon of the doctrinal landscape.

I have to comment that the new name doesn’t do much for me…..especially the Global Commons piece.  To this dinosaur, Global Commons is just a hoity-toity  pretentious way for the Pentagon illuminati to show how deep their thoughts are.  What is/are the Global Commons?  Here’s what Wikipedia says:

a term typically used to describe international, supranational, and global resource domains in which common-pool resources are found. Global commons include the earth’s shared natural resources, such as the deep oceans, the atmosphere, outer space and the Northern and Southern polar regions, the Antarctic in particular. Cyberspace may also meet the definition of a global commons.

I am assuming that in the context of the Pentagon’s understanding, global commons to us unenlightened means “the places we want to be, that others don’t want us to be.”  My suggestion for the name of the concept would be the “Enter, Conquer,Stay, Operate” Concept, ECSO  or EkSo.  It’s sooooo much nicer than Jam-Jic, Don’t you think?

Anyway, as we face serious and deadly threats from everywhere and everything, Syria, Afghanistan, ISIS/L,Budgets, cyber, meteorites, ebola, global warming, etc., it’s good to know we still have thinkers working on US access and maneuver in the Global Commons.

One for the Price of Three!

Only in the DoD acquisition world would this sound like a good deal!  But before we cast too many arrows at the acquisition community, I must admit the idea is mine.  I developed this idea over the course of years of working in the Bizarro World of DoD ship financing.   You remember Bizarro? Bizarro It’s the world where everything is backwards….the name of the bizarro world planet is Htrae (so clever!) and the world is square.  As I recall, it was featured occasionally in Superman comics in the 1960’s. One of the mottos in Bizarro World was ” Us do opposite of all earthly things.”  Bizarro bonds were a hot item on Htrae because they were “guaranteed to lose money.”  So I don’t think it’s a huge stretch to make the analogy here.

As I learned during my time as Chief Resources and Requirements Officer for the Navy, the normal things you learned about economics don’t necessarily hold true when it comes to buying ships.  My initial experience was during my first year on the job.  We were working on balancing the budget and were about $400 Million off.  The staff proposed that we slide the purchase of a ship we were buying for the Army called the LMSR (contrary to popular belief, the Army moves primarily by sea, not air).  The price tag was about $400 Million and the staff had determined that we could stand to slide it a year.  “Sounds good to me!” I answered, happy at the prospect of putting a bow on the $130 Billion Navy budget and delivering it to OSD just in time for Thanksgiving.  By the way, that’s how you make sure that you don’t get rejected right away…..Submit something just prior to a big holiday so no one is around to grade your work.  This rule works in a variety of scenarios:

  • DoD generally drops significant RFPs just before holidays to force contractors to work feverishly at the expense of their families to get the proposal complete by some arbitrary deadline (which generally gets extended anyway).
  • The Congress always passes bills at the eleventh hour before big holidays, in hopes that the particulars will escape the media.  What’s more interesting? The details of the CR passed the day before Thanksgiving or the press conference where the President pardons the turkey?  Or maybe the 3 minute spot on the evening news which shows the neighbor’s Christmas lights display of 100,000 watts, synchronized to “All About That Bass.” I vote for the turkey pardon and the light show!!!!!(and sadly, so do most)
  • Controversial changes to Federal Register seem to always drop the day before a holiday in hopes that no one will notice.
  • My favorite, RFP’s released with 5 days to respond…(a favorite way to make sure the desired contractor wins)

Anyway, I’m sure you have your own sea story that would make mine look minor.  But back to the LMSR caper……

USNS Bob HopeA few days after the decision was made, the staff came back and noted that since we slid the ship a year, it’s going to cost more…..I don’t remember how much, but it was around $100 Million or so.  “Really?” I commented.  ‘Oh, yes,” came the reply, ” money will cost more the next year, we have shipyard loading issues that we will have to pay for, the cost of steel is going up, blah, blah blah.”  So I began to understand that the economics of shipbuilding were different.  I formulated The Shipbuilding Entropy Rule: “Nothing ever costs less.  NO matter what you do, it will always cost more.”  You buy less, they cost more.  You cancel the buy, you still have to pay the overhead.  You remove capability, it costs more to redo drawings.  Its all very counter-intuitive.  This became very clear to me during the following year’s budget build when the staff came back and said “We made a mistake.  We have to move the LMSR back to the original purchase year.”  “Fine,” I replied, “No harm, no foul.”  Sensing it wasn’t “Fine“, based on the furtive glances between the staffers (an admiral sees a lot of those looks in the Pentagon) I asked “What’s wrong?”  Turns out, if we moved the ship back into the original purchase year, it added another $100 Million to the cost!  Whadakknow?  We essentially did nothing and paid $200 Million not to do it!  That, my friends, is Bizarro accounting!

Anyway I could go on and on about this, but I want to get to the reason I chose the title of this article, One for the Price of Three.

The DDG-1000 (AKA CG(X), Arsenal Ship, Zumwalt Destroyer, DD21, DD(X), etc) was originally intended to have a buy of around 32 ships or so.  USS ZumwaltThey became so expensive and the requirements bounced around so much, we began advertising it as a fire support ship vital to the survival of the Marines during amphibious assaults.  As such, we only needed about 10-12, just enough to support the number of amphibious ready groups (ARGS) we had at the time.  The Marines were happy about that, even though they preferred to have 2 per ARG.  I even went over to the Hill with my Marine counterpart extolling the virtues of the DDG-21 as the perfect fire support ship for the Marines.  But once the Marines realized that the cost of the ship was so high that it would probably limit the amount of other stuff they could buy, they dropped it like a hot potato…..they would much rather have the 360 V-22’s than 24 DD(X)’s.  So in the space of about a month we changed our tune from”vital” to “not so vital.”  Now that they are $3 Billion a copy, we are only building 3 of them and I’m not sure there’s a real requirement out there.  As my Grandmother said when she got her first taste of champagne in one of those dinky champagne flutes at my son’s baptism, “That’s not enough to wet my whistle.”  So it is with DDG-1000 IMHO.  The real requirement as far as I can tell is to have something for Bath Iron Works to build ( they will build all three) so they can stay in business in order to address industrial base concerns.  Hence the title of the article.

I propose instead of spending $9 Billion for 3 ships we don’t need, why not pay the shipyard to build it, take it apart and then build it again?  It keeps them busy. The Navy doesn’t have to shoulder the Operations and Maintenance costs necessary to support a ship class of 3 ships, and we don’t have rustle up the personnel and training facilities which must be specially developed on this one-of-a-kind weapons systems.  Heck, we will save money by doing that!  Of course, this idea only works on Bizarro World.

That, by the way, is how Bizarro JosBanks works too.  You pick out one suit and pay for three!

What a world, what a world!

 

Plugging the DFAS Dam

I saw a reprint of an article done by Reuters the other day entitled “Special Report: The Pentagon’s doctored ledgers conceal epic waste” and even though it’s almost a year old, I think it still applies.  DFAS Leak height= In just a few days, all the big accounting firms that do business with DoD will be submitting proposals to conduct audits of the the Army, Navy and Air Force Statements of Budgetary Activity (SBA)……that’s a high level balance sheet that has little applicability to the actual management of anything.  Experience in auditing the Marine Corps proved that trying to do anything else was futile.  One just has to read the Reuters article on “Plugs” to see just how daunting a task auditing any of the services really is.  Inventing phantom ledger entries or “plugs” to explain away imbalances in the “goes-intas” and the “goes-outtas” is apparently the norm at the Defense Finance and Accounting Service.  What’s a little disturbing about this whole audit thing, is that many of these sins will go unexamined because they do not necessarily impact the SBA. See my article “DoD Audit:  Is the cure worse than the disease?” for the details about just what the SBA is all about.

In fairness, I think the article’s title is misleading in that I doubt if the motivation behind plugging in numbers is a desire to conceal waste, but rather it’s the normal way of balancing the books in order to satisfy the Treasury Department.  The real motivation is to keep the heat off oneself ……does that sound familiar?  Think about recent VA scandal…..I doubt if the real motivation was to  make sure deserving veterans didn’t get appointments, but it was done to keep the front office happy.  Never mind that the green eye shades at Treasury are apparently more interested in balancing the numbers as opposed to the reliability of the numbers used to balance (a la VA!).  It’s been going on for years, so that’s a good indication that nobody cares.  Unlike the VA however, the DFAS guys were caught and still nobody cares!

But we do care these days about getting the DoD auditable.  And the Pentagon’s efforts to get to auditability have been extensive and expensive, with some modest results.  Take a look at the USMC……their SBA has passed audit scrutiny for two years running now.  Some months ago I wrote an article on the USMC audit, “Hall of Heroes and Auditors“, which is worth reviewing for context for what follows.

I support the efforts of DoD to get auditable, but only in so far as those efforts are done for the right reasons….not to keep the front office happy, but to make sure DoD is properly accounting for dollars….When they say “We don’t have money for pay raises”, or “Retiree health care is costing us too much,” or “We have to furlough employees,” are they using data from the system that “plugs” in nonexistent dollars to satisfy the front office?  Who knows if the numbers they are quoting are accurate, given the evidence that the numbers are inherently inaccurate!  My point is DoD audits are only interesting science projects for green eyeshades if we are only auditing things that don’t matter.  SBA audits are interesting, but not compelling. We must follow on and audit all the other aspects of DoD financial accounting and property, plant and equipment inventories. That’s the plan (I think), but after DoD has spent collectively over $200 Million just to get to SBA audit, will they have the fortitude to go further into the things that really matter? Will Congress let them? Will the operational pressures in an very unstable, terrorist filled world trump mundane administrative exercises like audits? Roulette height=Stay tuned, but I think with sequestration about to raise its head once again, the President under pressure to mount military responses to multiple spots around the globe, and political stalemate in the Congress, betting on continued funding for DoD audits is at best like wagering on red or black at the roulette wheel at Trump Towers in Atlantic City (ooppppsss, it’s out of business, so how about The Nugget in Las Vegas?).

So don’t get too worked up and break out the champagne  if it turns out the the service SBA’s pass audit ( they are likely to do so because of the limited scope and usefulness).  Instead remember:

  1. It’s only the SBA, a very limited look into DoD finances.
  2. No one uses the SBA to manage anything.
  3. It only looks at one year…Past sins are ignored.
  4. DFAS is still using plugs to balance the books.
  5. It may be done by the cheapest bidder (As a stockholder, would you want the firm you have your life savings in to use the cheapest auditor?).
  6. Because all the audits are being done at the same time, chances are all the firms will be battling for manpower and may not be hiring the most competent auditors (assuming they hire auditors).  We may even have to open up an auditor refugee camp to handle the influx of auditors to the Beltway.

So to sum it all up, I wholeheartedly support ensuring the DoD manages it funds effectively, efficiently and accurately.  I’m not sure an audit of the SBA does any of those things. Victory is not a clean opinion on the SBA, it’s a clean opinion on the whole enchilada.

PS: Please do not reverse the order of this article’s title, no matter how applicable it may seem 😉

 

 

A-10 and Reality

I just reread the summary of the 2015 National Defense Authorization Act (NDAA) passed by the House on a vote of 385-98.  At the end of the day, it appears that the House was not interested in agreeing with many of the cost cutting proposals that DoD had hoped for.  Base Realignment and Closure (BRAC) is not an option (see Bric-a-BRAC) , and it looks like the Air Force can keep it’s A-10’s for now.  When all is totaled up, the bill accounts for just a shade over $600 Billion in spending.  That number is a far cry from what the sequestration number would have been, thanks to the BiPartisan Budget Agreement, but 2016 will be another story.  A-10s The Senate also affirmed its desire to keep the A-10s in the inventory in its version of the NDAA.

I happen to agree with the Air Force that it is time for the A-10 to go.  It’s expensive to maintain and operate and doesn’t really have a place in the 21st Century battlefield.  It pains me to say that, because it was a good airplane for the mission, tank killing and Close Air Support. Intruder in the Spagetti My airplane was also the victim of affordability cuts and the entire fleet was scrapped right after it had undergone an expensive and extensive rehabilitation effort.  I’m talking about the A-6 Intruder, retired in 1997.  No one came to its rescue unlike the A-10.  I’m not quite sure why the A-6 retirement didn’t kick up more dust back then except to say that times were tough, money was tight, and everyone recognized the an airplane like the A-6 was vulnerable at low levels against the threat and that with weapons improvements we just didn’t need an airplane that could carry twenty-two 500 pound Mk-82 bombs.  What’s the point?  With Tomahawks and Joint Stand Off Weapons there was just no need for the A-6.  The same is true for the A-10, in my opinion. With today’s technology, the threat environment where the A-10 would be operating would not be survivable.  The assumption is that in order to use the A-10, we would have to have Air Supremacy (meaning no enemy airplane flying) and completely neutralized the hand-held SAM threat on the ground.  That’s a tall order!

In today’s world with armed drones…..oooopppps….i meant to say Remotely Piloted Aircraft, there’s just no need to put aircrew at risk.  Add to that the expense in maintaining the A-10 and it’s just not worth it……at least not to the Air Force.  It IS apparently worth it to members on the Hill who have A-10’s flying in their districts, and the hundreds of airmen required to be in each squadron to maintain the A-10. Sometimes it’s hard to admit you are flying a dinosaur that just doesn’t have a home in the 21st Century.

 

 

Acquisition: Practitioners vs. Pontificators

DoD Acquisition Process

The DoD Process Simplified

I ran across an article from the National Defense Industrial Association (NDIA) the other day by Sandra Erwin on Congressional frustration on how the Pentagon buys things.  Not being satisfied with the progress being made by the DoD Acquisition guru’s, Congress has decided that more legislation is needed to fix things (Really? Congress is going to fix something?).  The Congress has asked nine of the industry associations around the Beltway to provide comments on how to make it better, with inputs due in July.  I belong to several of those and I’m glad the Congress is asking for industry input, although I hope they remember that asking the people who make money as a result of inefficiencies is just one side of the argument. I think significant progress has been made since then Under Secretary of Defense for Acquisition, Technology and Acquisition (USD(AT&L)) Ash Carter launched his “Better Buying Power Initiative” in September of 2010. In his memo to acquisition professionals he provided a roadmap to improving acquisition within DoD.  He focused on five areas of interest:

  1. Target Affordability and Control Cost Growth
  2. Incentivize Productivity and Innovation in Industry
  3. Promote Real Competition
  4. Improve Tradecraft in Services Acquisition
  5. Reduce Non-Productive Processes and Bureaucracy

Details of this can be found at this link if you are interested.  All these are worthy goals, and they have made a difference.  A recent GAO report found that some progress was being made, but that cost and schedule growth remain significant; 39 percent of fiscal 2012 programs have had unit cost growth of 25 percent or more. The amount of money in the DoD acquisition pipeline is staggering;  86 major defense acquisition programs  estimated to cost a total of $1.6 trillion according to GAO. If you have any questions about a specific program click here.

Besides the modest, if not marginal, improvements in acquisitions, some not so nice things happened as well.  As is often the case in large bureaucracies, what the big guys at the top are saying and what the little guys in the field are hearing frequently don’t jive.  That was the case with the Better Buying Power Initiative.

Dr. Carter said “Increase the use of Fixed Price Incentive Fee contract type where appropriate…”, but the dudes in the field heard “More Fixed Price contracts, less Cost Plus Fixed Fee and Time and Materials contracts.”  Contracting officers were suddenly burdened with having to provide extensive justification for any non-Fixed Price contract.  Since they were busy enough, the Contracting Officers would rather just go with the flow and issue fixed price contracts, even though the work was not appropriate for them.  The words “where appropriate” were overlooked.  In the end, it wound up costing more money.  Here’s why.  When a contractor agrees to a fixed price contract, the contractor is assuming all of the risk.  Suppose the job was improperly scoped by the Government, or suppose a software glitch pops up that takes time (and money) to fix.  All those unexpected expenses are absorbed by the contractor.  Consequently, Fixed Price contracts tend to be more expensive in order to cover the risk.  This was certainly the case in my former life when a long-time client came to me and said, “The Boss says we have to do a Fixed Price contract” this year and it can only be for one year at a time.  This was not what the customer wanted, but the customer was at the mercy of the acquisition folks.  The work we were doing at the time was rather unpredictable and my team was never quite sure from day-to-day what they may be tasked with next.  In order to be responsive, it was a Time and Materials (T&M) contract, which allowed us to flex to the client’s requirements.  But with a fixed price contract, I was not able to flex without a contract modification (and that takes time and money).  I told the client that if we were going to do a fixed price contract, I would have to increase the price and that I would not be as flexible in doing new work.  That fell on deaf ears because it was going to be such a hassle to justify anything other than a fixed price contract.

Here’s another example.  Dr. Carter says “Promote Real Competition”, but the  folks in the field heard, “Use Lowest Price, Technically Acceptable (LPTA)” evaluation criteria for source selection.”  This caused all kinds of price wars in the community and the Government was feeling smug about how much money they were saving, but…………Turns out many Requests for Proposals were poorly written with vague and overly broad technical requirements, so that just about any old company with the resources to put together a proposal could win the contract.  And they bid ridiculously low rates, so in the end they were unable to deliver and customers began to fall back to other contact vehicles to get the work done, or just didn’t do the work.  I think it’s a little too early to actually get to the real statistics about how many customers are really satisfied with the results of LPTA winning vendors but the Congress should find out before attempting to come up with more legislation.

The current USD(AT&L), Frank Kendall,  issued an update to the original Better Buying Power, known around town as Better Buying Power 2.0.  In it Mr. Kendall says:

  1. Achieve Affordable Programs
  2. Control Costs Throughout the Product Lifecycle
  3. Incentivize Productivity & Innovation in Industry and Government
  4. Eliminate Unproductive Processes and Bureaucracy
  5. Promote Effective Competition
  6. Improve Tradecraft in Acquisition of Services
  7. Improve the Professionalism of the Total Acquisition Workforce

The result has been a much greater focus on costs of acquiring the systems and a recognition that perhaps the LPTA pendulum was swinging just a little too far over.  As in the original BBP, those in the field had some different interpretations about expectations from the top.  One of the initiatives within the Incentivize Productivity goals was to “Align profitability more tightly with Department goals.”  This translated into government auditors deciding they need to closely scrutinize contractors books to ensure vendor were not making “excessive profits,” even on fixed price work.  I just don’t think that’s in the government’s lane. If they are so concerned about profit margins, then why not issue Cost Plus Fixed Fee contracts where the Government essentially controls corporate profits?   Thus,  despite all their good, it seems to me a few fundamental flaws in the acquisition system have not been addressed in BBP or BBP 2.0:

  • There is still a lack of coordination and cooperation between those who generate requirements, those who pay to satisfy the requirements and those who buy the stuff with the money they are given.
  • There is still a disconnect between contracting officers and the customers for whom they buy products and services.
  • There is still a disconnect between what the leadership in the Pentagon says and what the people in the field do.
  • The uncertainties of funding from year to year drive programs to their most expensive procurement options.
  • Certain key programs get a “pass” from all the rhetoric about performance, affordability and life-cycle costs, overshadowing all of the progress made to reform acquisition. The top 10 acquisition programs still account for 65% of all the acquisitions according to the GAO.  The Joint Strike Fighter is 25% of all DoD acquisition alone!

So in the end, I doubt very much if legislation will fix the problem.  Four feet of  stacked up Federal Acquisition Regulations and Defense Federal Acquisition Regulations are not going to be much affected by another thousand pages or so of legislation.  Check out the recent testimony of Dr. Paul Francis, the Managing Director of Acquisitions and Sourcing Management at GAO.  He has some very practical steps on how to improve the process. In addition to those steps, I would like to see DoD actually evaluate each program on its own merit, not on investment levels or political support or not simply press on with a poor program because they managed (mismanaged is probably the better word here) to get into a position where there is no alternative.  It would also be nice if the people who are actually charged with executing the acquisition system at lower levels could have a say in how to make things better.  There’s too much Top Down and not enough Bottom Up built into the process in my humble opinion.  What if we asked the practitioners to come up with a series of reforms instead of the pontificators?

 

Risky Business

After getting wrapped around the axle yesterday on the tried and true budget method of “Salami Slicing” I never got around to opining on risk, so here goes!  During much of my early career, risk didn’t enter into my decision making process, at least not consciously.  Of course, flying from aircraft carriers is all about risk and how to manage it, but risk management is already baked in.  The “powers that be” know that if you have a certain number of practice landings, maintain technical currency in your aircraft and fly regularly, the risk of an accident is minimized.  Over the years I’ve seen the Navy’s thinking about risk mature.  The time was, when one went on deployment, you could expect to lose a couple of airplanes and several aviators in a typical 6-7 month cruise.  Because of a focus on managing risk, the loss of a single aircraft or crew member is a rarity.  (keep that thought in mind).  On a personal level,  as one moves up the leadership ladder, the onus for managing risk shifts from the institution to the individual leader.  My opinion is that one of the reasons people become effective leaders is that they concentrate on minimizing risk to the people and equipment under their command, not on minimizing personal risk to their themselves (careers). Of course, there’s always a healthy tension between accomplishing the mission and minimizing the risks associated with it.  Safety is paramount!!! But if safety were really paramount, we would never fly, because it’s a dangerous business!  That’s where leaders earn their pay—making the trade off between risk and reward.  In the Navy, it’s interesting to see how the various warfare communities manage risks.  In the Surface Navy,  the decisions on risk rest principally with the Commanding Officer.  The CO does this by being intimately involved in planning and executing the training, day-to-day operations and mission execution of the ship.  The CO has the Officer of the Deck and his Tactical Action Officer to do the minute-by-minute execution, but the CO is always available for problems as they arrive.  An aviation CO has to worry about many of the same things at the surface CO, but must depend on his crews to exercise judgment when hundreds of miles away for the ship. Hopefully the aviation CO has instilled a good sense of risk management in the aircrews when they have to make risk decisions without his/her advice.

The point of my little blurb is to highlight that operationally, commanders do a great job of managing mission accomplishment and risk so that mission is maximized and risk is mitigated, minimized or eliminated.  Fast forward to the Pentagon.  Now those commanders who were so good at minimizing operational risk must deal with a new risk, budget execution risk, or said another way, “What are the chances that this program will be successful, given the level of funding?”  I was one of those commanders.  As an operational commander, I insisted on making sure all risks associated with a mission had been considered and mitigated…….no less than about 98% chance of safe success was tolerated.  But when it came to taking risks associated with the Navy budget, I was far more tolerant.  For instance, “What’s the chance that an LCS will only cost $220 Million?”, I would ask the Program Manager.  When the answer came back,”About 20%”, I would say, “OK.  Guess we will have to go with that.”  Why was my risk tolerance so much greater as a budgeteer?  Most likely it was because most of the decisions affected events far in the future and I would not be around when programs matured.  That attitude was reinforced by the excessive optimism that always goes with budget building.  This notion of budgetary risk is not new nor mine.

Former CNO Vern Clark once asked me as the N81 (Navy’s Ops Research group) if we could characterize the risk built into the budget and it was a very hard thing to do.  I don’t remember all the details but as I recall we came up with several categories of risk:

  1. Institutional Risk.  The degree of support by leadership of a particular program.
  2. Execution Risk.  The degree to which a program was underfunded
  3. Political Risk.  The degree to which this program was supported by the Administration or Congress
  4. Financial Risk.  The degree to which the assumed efficiencies built into the budget were achieved
  5. Economic Risk.  the degree to which the economy would support the Five Year Defense Plan

Some of these risks were subjective and others data-based.  The aggregation of them would give the CNO an idea of how much risk was being carried by a particular program.  Financial risk was the most interesting of the four.  It turned out we discovered that we had assumed away tens of Billions of dollars in efficiencies, but never went back to see if we achieved the saving associated with the efficiencies.  In a sense, it didn’t matter because once we take the money, it is never put back.  I’ll end up by saying the FY15 budget on the Hill now has a fair chunk of “Efficiencies” in it.  Will they be achieved?  What exactly is being done to put these efficiencies in place?  How will you know if the efficiencies were achieved and what will you do if they are not? Are these efficiencies or wedges (unexplained cuts)? These are the questions the Hill should be asking the risk-takers in the Pentagon.