Thursday, January 29, 2015

The "New" Retirement Scheme

The military's 20-year retirement plan, with benefits payable immediately after two decades of honorable service, may soon be a thing of the past.

A DoD panel which has been studying pay and compensation issues is expected to release its final report tomorrow.  One of its major recommendations is a shift away from the current system to a new program, similar to civilian 401k retirement plans. If approved by Congress (and the President) the revamped military retirement plan would provide employer contributions from the start of a service member's career.  There would be a variety of investment options; the troops could contribute as well and those leaving the military before the 20-year point could take their retirement savings with them.

But for career service members, there is a big catch under the new proposal.  Instead of collecting their first check upon retirement in their late 30s or early 40s, they would have to wait to age 60.  In other words, thanks for all those years of long duty days, deployments, and separation from family; we'll keep sending you account statements for another 20 years, until you finally become eligible to receive those retirement benefits.

Andrew Tilghman of Air Force Times has published a detailed summary of the plan, which has been under development for more than a year.  Officially, Pentagon officials have expressed concern that the military's "antiquated" retirement system is no longer competitive with the private sector, since most service members receive no benefits for their years of service.  At the other end of the spectrum, the few who stay in for 20 years--or longer--receive very generous benefits, and collect a retirement check decades after they retire from active duty.

But that flies in the face of simple logic: if the armed services' retirement program is so outdated, why have the services been able to meet their recruiting quotas for more than 40 years, under the all-volunteer system?  Every soldier, sailor, airman, Marine and coastie who've signed on since 1974 knew that retirement benefits were reserved for those who served for at least 20 years.  They also understood that those who left before that point would receive nothing, unless they were discharged for medical or service-related conditions.

Indeed, the 20-year retirement plan has actually been a tremendous tool retaining our best and brightest officers and NCOs.   As our colleague George Smiley noted four years ago, the promise of instant retirement kept many military members in uniform, with the knowledge host they could receive benefits at a relatively young age and embark on a second career.

As for those benefits, the typical military member doesn't retire as a Feneral or Colonelith an annual check at or above the six- figure level.  In fact, the average armed forces retiree leaves the military as an E-6, with a monthly retirement check of less than $2,000, before deductions.  When you subtract taxes and allotments for such items as the Survivor Benefit Plan (which provides an annuity for the spouses of military retirees), the monthly pension of an Air Force Technical Sergeant; an Army or Marine Corps Staff Sergeant or Petty Officer First Class (Navy or Coast Guard) is about $1,600.  In most places, that lavish pension might pay your mortgage, and if you're lucky, the power bill.

Another factor worth considering:  military pensions aren't necessarily the budget buster that some describe.  Last year, DoD spent about $16 billion on pension benefits for military retirees, with additional expenditures for healthcare, commissary and BX privileges (which also benefit the active-duty population).  Incidentally, that total includes payments to current retirees and funds set aside for future pensions.

Thanks to pay increases over the past thirty years (and cost-of-living increases), the average military pension is larger than in the past.  But those costs should not overwhelm the system.  First, the ranks of military retirees will actually decline over the next 20 years, as pension-eligible service members service members from the World War II, Korea, and Vietnam eras reach the end of their lives.  Younger retirees will receive their benefits for many years to come, but in smaller numbers, thanks to the near-continuous down-sizing of our military over the past 40 years.

So why the fuss over military pensions?  Because those payments are part of her Pentagon's Bill for personnel costs which includes such big-ticket items as pay and bonuses for active-duty personnel and medical expenses for everyone with a military ID card.  Cutting benefits for those now in service not only impacts readiness, it is also a sure ticket to political oblivion.  Members of Congress are more willing to take a risk with retirees, since many states--and individual districts--have relatively few retired military members.

At this point, the odds of the new plan being approved are probably slim, at best.  But reform of the retirement system has been a persistent discussion topic during the Obama years, and the movement will certainly continue if Hillary Clinton becomes President.  But Republicans aren't necessarily opposed to the idea, either.  Former Defense Secretary Robert Gates, who served in three GOP administrations, complained often about rising personnel costs and helped initiate discussions about reforming retirement benefits.

In the end, it's a matter of dollars and sense.  As a spokesman for the Retired Officers Association observed, her Pentagon has run the numbers and figures it can save a lot of money by changing the retirement system.  There will be a tradeoff, in terms of retention and readiness, but current leadership is willing to take the risk.  Who needs career officers and NCOs when you lead from behind.










Friday, January 23, 2015

The Right Cut

Kudos to Michael Bay for doing the right thing.

The Hollywood producer and director announced yesterday that he will delete footage of a 1994 B-52 crash from an upcoming film from his production company.

Images of the deadly accident at Fairchild AFB, Washington appear briefly in Project Almanac, a time-travel adventure scheduled for release on 30 January.  Originally, representatives from Paramount (which will distribute the picture) said the sequence was based on a 2009 incident in Tokyo.  But when Bay reviewed the final cut of the film, he discovered that first-time director Dean Israelite had used video of the Fairchild disaster, inserting a vehicle in the foreground to create a slightly different scene.

"I let film directors make their movies at Platinum Dunes [Bay's production company] and give them tremendous responsibilities," Bay said in a statement released to the Times. "Well, unfortunately a very bad choice was made to use a real crash instead of creating a VFX [visual effects] shot, without realizing the impact it could have on the families.

"I want to also extend my deepest apology to the families, and also to the U.S. Air Force," Bay said.  

Relatives of two crew members who died in the crash expressed shock and outrage when footage of the incident appeared in the Project Almanac trailer, which was posted on-line.  Lt Col Mark McGeehan and Col Robert Wolff were among those killed when a B-52 piloted by Lt Col Arthur "Bud" Holland" stalled and slammed into the ground while preparing for an air show at Fairchild almost 21 years ago.

Members of Col Wolff's family told Air Force Times they accepted the film maker's apology.

Wolff's daughter, Whitney Wolff Thompson, said in an email that she accepted Bay's apology.

"Mr. Bay, thank you from the bottom of my heart for your apology and your quick response to this," Thompson wrote. "I appreciate your willingness to admit that this was indeed a real plane crash, and that a mistake was made in choosing to use it."

Sarah Wolff, Wolff's daughter-in-law, also accepted Bay's apology and said she is glad he has asked the shot be cut.
"That is all we were requesting," Wolff said. "I appreciate his swift response and will hope that Paramount offers a similar apology."

Wolff was Vice Commander of the 92nd Bomb Wing at Fairchild at the time of the crash.  He was assigned as an "observer" on the flight, which was a rehearsal for the final B-52 demonstration at the base.  The 92nd was converting to a KC-135 unit and all Buffs--except for the crash aircraft--had already departed Fairchild.  The flight was supposed to be Wolff's "fini" flight, as he prepared for retirement.  Members of his family watched in horror as Holland banked the aircraft far in excess of allowable limits, causing the eight-engine bomber to stall and crash. 

The video clip threatened to re-open a dark chapter in USAF flight safety, since the Fairchild accident was entirely preventable.  As we noted back in 2007, Lt Col Holland had a long history of exceeding safety limits for the B-52, and courted disaster on many occasions.   When other crew members complained about Holland's antics, Lt Col McGeehan, commander of the B-52 squadron at Fairchild, took another pilot and navigator off the air show flight, putting himself in the right seat and assigning his operations officer, Lt Col Ken Huston, as the radar-navigator.  Col Wolff rounded out the crew.  

A subsequent Air Force investigation revealed that McGeehan was the only command-level officer who questioned Holland's safety violations and requested that he be sanctioned.  McGeehan's request fell on deaf ears; Lt Col Holland, the Chief of Standardization and Evaluation for the 92nd, remained on the schedule, setting the stage for the disaster that followed.  By some estimates, Holland attempted a 90-degree turn around the base control tower, far beyond what the giant bomber could perform.    

Mr. Bay certainly made the correct call in removing that brief video snippet.  There was no need for family members and veterans of the 92nd to relive that terrible event--an event that could have avoided if wing leadership had followed Lt Col McGeehan's counsel and kept Holland out of the cockpit.     

             

      

Monday, January 19, 2015

Traced to Pyongyang

When Sony Pictures was hacked late last year, there was considerable speculation as to the groups--or nation--that was responsible for the cyber-attack.

After the FBI became involved, the agency quickly announced that North Korea was behind the hack, citing the use of malware associated with previous cyber-strikes conducted by Pyongyang.  But other security experts disagreed, claiming the "evidence" offered by the FBI was skimpy, at best, and suggested that "hacktivist" groups might be responsible.

We took a slightly different approach, noting that the bureau had access to information unavailable to other experts.

Fact is, the FBI maintains a close working relationship with NSA on cyber-security issues and can draw upon that agency's vast expertise in that field.   In fact, some members of the FBI's cyber division are stationed at NSA HQ at Fort Meade, MD, to facilitate liaision efforts between the organizations.  It's a safe bet the FBI's "North  Korea"  analysis was based, at least in part, on data provided by NSA, and so far, the feds have said virtually nothing about the role of the SIGINT agency in the Sony investigation. If the assessment is based on NSA data, it would add more credence to the North Korean angle.

In fact, the NSA has active partnerships with a number of tech firms, allowing it to probe for potential weaknesses and monitor activity from various hacker groups, including those sponsored by nation-states.  Author Shane Harris recently detailed the extent of these relationships in his book @War: the Rise of the Military-Internet Complex: 

The NSA helps the companies find weaknesses in their products. But it also pays the companies not to fix some of them. Those weak spots give the agency an entry point for spying or attacking foreign governments that install the products in their intelligence agencies, their militaries, and their critical infrastructure. Microsoft, for instance, shares zero day vulnerabilities in its products with the NSA before releasing a public alert or a software patch, according to the company and U.S. officials. Cisco, one of the world’s top network equipment makers, leaves backdoors in its routers so they can be monitored by U.S. agencies, according to a cyber security professional who trains NSA employees in defensive techniques. And McAfee, the Internet security company, provides the NSA, the CIA, and the FBI with network traffic flows, analysis of malware, and information about hacking trends.

Companies that promise to disclose holes in their products only to the spy agencies are paid for their silence, say experts and officials who are familiar with the arrangements. To an extent, these openings for government surveillance are required by law. Telecommunications companies in particular must build their equipment in such a way that it can be tapped by a law enforcement agency presenting a court order, like for a wiretap. But when the NSA is gathering intelligence abroad, it is not bound by the same laws. Indeed, the surveillance it conducts via backdoors and secret flaws in hardware and software would be illegal in most of the countries where it occurs.  


Today's edition of The New York Times offered additional insights into the NSA's cyber-capabilities, disclosing that the spy agency first penetrated North Korea's on-line networks as early as 2010:  

Spurred by growing concern about North Korea’s maturing capabilities, the American spy agency drilled into the Chinese networks that connect North Korea to the outside world, picked through connections in Malaysia favored by North Korean hackers and penetrated directly into the North with the help of South Korea and other American allies, according to former United States and foreign officials, computer experts later briefed on the operations and a newly disclosed N.S.A. document.


A classified security agency program expanded into an ambitious effort, officials said, to place malware that could track the internal workings of many of the computers and networks used by the North’s hackers, a force that South Korea’s military recently said numbers roughly 6,000 people. Most are commanded by the country’s main intelligence service, called the Reconnaissance General Bureau, and Bureau 121, its secretive hacking unit, with a large outpost in China.

Of course, these new revelations beg a rather important question: given NSA's detailed knowledge of North Korean neworks and hacking capabilities, why wasn't more done to blunt or even defeat the DPRK threat?  Actually, there are two major reasons.  First, the U.S. government is still trying to figure out the level of protection that NSA can offer to commercial IT infrastructure.  And beyond that, NSA is acutely aware that intervention not only reveals details of its defensive capabilities, it also compromises a valuable intelligence source.

It's no consolation to Sony, but if the company had been a public utility or in the financial sector, it would have likely received great assistance, and at an earlier juncture in the attack.  But as we've learned in recent weeks, attacks on non-critical targets can also create havoc.  Accordingly, the nation must decide how much help it needs from organizations like the NSA and what it is willing to give up in the name of cyber defense.


  

         

Saturday, January 17, 2015

Death by Hawg

Earlier this month, various media outlets (including the Washington Post) noted that fighting in Iraq was drawing closer to U.S. advisers in that country.

Of course, that depends on how you define the terms "close" and "fighting."  While ground advisers officially aren't involved in combat, A-10 pilots from the Indiana Air National Guard (ANG) are carrying the battle to ISIS on a daily basis.  At our Twitter account (@NateHale) we noted this development two weeks ago, and just yesterday, there was another reminder that Americans are in combat against terrorists in Iraq (and quite possibly), Syria as well.  From DefenseWorld.net:

Airstrikes carried out by the US on ISIS positions using the A-10 Warthog aircraft killed and wounded a number of terrorists near the village of Sultan Abdullah near Moshul in Iraq at dawn yesterday, Iraqi News reported.

Quoting an unnamed source who witnessed the action, the report said that the aircraft carried out four airstrikes sparking panic in the ranks of ISIS after flying close to the ground.

“Elements of the terrorist organization retaliated with 4 Strela missiles and but that did not cause the aircraft any damage, prompting the remaining elements to leave the bodies of their dead and carry the wounded to escape towards the Shirqat district (120 km north of Tikrit), the report said.

And that's exactly the kind of reaction we should strive for; after all, it's tough to plot your next bombing or mass slaughter of innocent civilians while the GAU-8 is working its magic. 

Once upon a time, the Air Force had large A-10 wings at places like Myrtle Beach AFB, SC; England AFB, LA, and RAF Bentwaters, UK.  The fact that all three of those installations were closed years ago speaks volumes about what has happened to the "Hawg" since its triumph in the first Gulf War, where it destroyed hundreds of Iraqi tanks, armored vehicles and other equipment, with minimal losses.  

Unfortunately, the A-10 has long been the jet that the "Air Force loves to hate," not sexy or stealthy enough for the fighter jock community that still dominates the service.  But the Hawg persists, largely because the bright boys and girls on the Air Staff haven't found anything that can adequately replace it.  Current plans call for the remaining A-10s to be eventually replaced by the F-35 stealth fighter.  

But the Lightning II has several drawbacks in the CAS role.  First, it is not as rugged as the A-10, and its ability to absorb battle damage--and live to fly another day--is unknown.  Secondly, the F-35 does not have an internally-mounted cannon that is capable of destroying armored targets.  Eventually, the jet will be equipped with a center-line mounted 25mm gun pod, but it won't carry nearly the rounds--or the punch--of the GAU-8.  And did we mention that when you hang stuff on the F-35's external pylons, the jet's radar signature increases?  So much for stealth.

Interestingly, the A-10's latest encounter with terrorists was witnessed by "reliable sources," which begs another observation.  As we've noted before, the Hawg is most effective when working with ground controllers, making us wonder if the personnel who watched ISIS flee from the battlefield were U.S. special forces, who are qualified to direct air strikes against enemy targets.  

Admittedly, the currently conflict in Iraq presents a much different target set than the first Gulf War, but it makes you wonder: how much more effective would our "campaign" be with more A-10s in the air?  The Hawg's forte is working in concert with friendlies on the ground, obliterating anything that might pose a threat.  We currently have only 12 A-10s in the region (all assigned to the Indiana ANG); that's equivalent to half of one active duty squadron that deployed from Myrtle Beach almost 25 years ago.  Who knows? Send a few more squadrons and pair them with surveillance drones and SF teams on the ground.  We're guessing that ISIS would decided to hunker down during the day--making it more easy to locate and target them.  And, if they decide to venture forth at night, there's always Spooky.  

But for many missions, the A-10 remains the perfect choice.  Besides, there is a certain delicious irony at the thought of hard-core jihadis being dispatched by an aircraft nicknamed for a wild pig.    

     

 


 

   

Wednesday, January 07, 2015

Great Moments in American Journalism (Cowardice Edition)

Cartoonists around the world are reacting to the horrific terrorist attack on the Paris office of Charlie Hebdo, the French satirical weekly that dared to lampoon Islam (among other subjects).  For that high crime, ten members of the staff--and two unarmed French police officers--paid with their lives.

Over at National Review, Brendan Bordelon has a collection of cartoons in response to the slaughter.  As far as we can tell, only two are from American political cartoonists, Gary Varvel of the Indianapolis Star and Ann Telnaes of the Washington Post.  We'll assume others are being drawn and will appear in print and on-line in the coming hours.

But, sadly enough, the very moment which should unite everyone in defending the right of free expression has also brought displays of stunning cowardice.  Consider this photo that ran in the New York Daily News:



http://www.jihadwatch.org/wp-content/uploads/2015/01/Charlie-Hebdo-pixelated.png   

You'll note that paper editors carefully pixelated images of a previous Charlie Hebdo cover that poked fun at Islam.  For that edition, published in 2011, the office of the French weekly were fire-bombed.  Mr. Charbonnier, the editor holding the "offensive" cover was among those killed today.  Asked about previous threats against him and the publication, Charbonnier said he would rather "live on his feet than die on his knees."

But not the folks at the Daily News; to avoid offending Muslim readers, editors obscured the offending cartoon.  Would they have done the same thing if the paper ridiculed Christianity, Judiaism, or any other religion?  The answer, quite obviously, is "no."  Only Islamic sensibilities influence editorial decisions at most American media outlets.  As Robert Spencer noted at Jihad Watch, American journalists are deluding themselves if they believe such policies would prevent similar attacks here at home:

Do these fools at the Daily News think that they will be spared? Do they think that if they adopt Sharia blasphemy laws forbidding mockery or criticism of Muhammad, that they will avoid the jihad onslaught? And if they adopt Sharia restrictions on freedom of expression of their own accord, does it even matter if they are spared?

The free press is dying of a self-inflicted wound. Now is the time for every newspaper in the world to republish Charlie Hebdo’s cartoons of Muhammad, in solidarity with the jihad murder victims and as a show of defiance — a signal that we will protect free speech and free societies.

But this will not happen. Instead, watch for more pusillanimity, more temporizing, more denial that this had anything to do with Islam, and more calls for “respect” for “religious sensibilities” — i.e., the placement of Islam in a protected category, above criticism.

And sadly, the Daily News is not alone.  Fox News, MSNBC and CNN won't show the Charlie Hebdo cartoons, either.  To be fair, Fox briefly showed one of the images on its morning show before pulling the cartoons; CNN followed the brave lead of the Daily News in cropping out the "offensive" images and NBC News said its "standards" prevent the airing of cartoons or headlines that might be considered offensive.

What cowards.  More than one million Americans have died in defense of a constitution that guarantees freedom of the press and how does the present-day media repay that sacrifice?  By cowering in fear of savages who only believe in slavery, oppression and death for anyone who opposes their belief system.

Some things are worth dying for, including the First Amendment.  But you wouldn't know that from today's recreant display by the titans of American media.  The same group of spoiled hacks who race to collect the annual avalanche of journalism "awards" are afraid that Islamic fanatics will show up at their door to "avenge the prophet," so they hide behind "standards" that only apply to certain groups.  The infamous artwork "Piss Christ" was perfectly acceptable, because Christians don't come knocking with AK-47s and a hit list.  But Islam is off limits.  

Sad, utterly predictable and totally pathetic.

One final thought; this little blog generates about 25,000 page views a month.  That's not even a digital ripple compared to the traffic generated by websites of The New York Times, CNN, Fox News and the broadcast networks.  But we are willing to show one of the last cartoons published by Charlie Hebdo, because unlike our colleagues in the MSM, we believe freedom of expression is a sacred right.  If we're not willing to stand for that principle now, we should all be prepared to die on our knees.   

We encourage all bloggers--and everyone in social media--to stand with the brave men and women of a little French magazine--even if the media barons and their feckless minions won't.

muslimcharliehebdo 
"One hundred lashes if you don't die laughing"


Update//8 January/9:00 EST// Several publications, including the Washington Free Beacon and the Washington Post have published some of the "offensive" cartoons, in a show of solidarity with Charlie Hebdo, and to better explain the story.  

But not The New York Times; back in 1999, the paper expressed support for full "artistic freedom" when a Brooklyn museum opted to show Andres Serano's vulgar "Piss Christ."  More than a decade later, they criticized the film "Innocence of Muslims" for "damaging the interests of the United States" and its core principle of respecting all faiths.  Officially, the NYT says its "standards" prevent the publication of offensive images, or more correctly, images which offend particular groups who might show up at your newsroom and start shooting.

And if that's not bad enough, an editor at London's Financial Times actually blamed the victims, suggesting that his counterparts at Charlie Hebdo were "being stupid" by publishing the cartoons.  

An attack by Muslim terrorists against a French newspaper won't kill freedom of the press, but political correctness by media gate-keepers almost certainly will.    
***
Similar thoughts from Mark Hemingway at the Weekly Standard.  He sums it up nicely by describing our media as cowards.  Sadly, we can't disagree.     



       

                           
                

Monday, January 05, 2015

Video of the Day

What happens when an aircraft warning light does out on a broadcasting tower?  FAA and FCC regulations mandate that it must be replaced as soon as possible.

KDLT-TV, the NBC affiliate in Sioux Falls, South Dakota, recently lost the warning light at the very top of its tower, which stands 1500' above the surrounding terrain.  The replacement job fell to a climber named Kevin Schmidt.

This video, shot by a drone from Prairie Aerial Photography, records his climb to the top.  Kudos to Mr. Schmidt, and to Joseph and Todd Thoren of Prairie Aerial, who put the video together.

H/T: Ric Peterson at All Things Aero.     

Wednesday, December 31, 2014

Rethinking "The Hack"

Barely 11 days ago, the FBI announced they had identified the chief culprit behind the hack of Sony Pictures, which delayed the release of a major holiday film, and exposed damaging e-mails and financial information that embarrassed the corporation and top executives.

According to the bureau's cyber experts, North Korea was behind the hack, apparently in retaliation for Sony's planned release of "The Interview" a comedy about a talk show host (and his producer) hired by the CIA to kill DPRK dictator, Kim Jong-un.  Needless to say, the hermit kingdom didn't find that premise very amusing, so they (allegedly) launched a major cyber strike on Sony, revealing everything from the social security numbers of studio employees, to gossip-filled e-mails between executives and top producers which confirmed that many of Hollywood's elites are nothing more than hypocrites.

While that revelation was hardly surprising, the Sony hack represented the most serious cyber attack (to date) against a major corporation and it even became a free speech issue when the studio--temporarily--threatened to pull the picture.  Since then, "The Interview" has been shown in limited release, at independent movie theaters and on-line.

But security experts have long expressed doubt that Pyongyang was entirely responsible for the hack, citing a lack of conclusive evidence.  And that theory has gained steam in recent days, with various security firms claiming that the attack was, at least partially, an "inside job."  From the Hollywood Reporter:

Despite the FBI declaring that North Korea was behind the devastating cyberattack on Sony Pictures Entertainment, security experts continue to believe that the hack was an inside job, reports The Security Ledger. 

Security firm Norse claims it has evidence that shows the Sony hack was perpetrated by six individuals, including two based in the U.S., one in Canada, one in Singapore and one in Thailand. Norse senior vp Kurt Stammberger told the Ledger, a security industry news website, that among the six was one former Sony Pictures employee, a 10-year veteran of the company with a very technical background who was laid off in May following restructuring.

The Ledger writes: “Researchers from the company followed that individual online, noting angry posts she made on social media about the layoffs and Sony. Through access to IRC (Internet Relay Chat) forums and other sites, they were also able to capture communications with other individuals affiliated with underground hacking and hacktivist groups in Europe and Asia.”

While the analysis from Norse is not considered conclusive, the company's findings were shared with the FBI earlier this week, and they are consistent with those of other experts.  Almost a month ago, senior officials at AlienVault and Exabeam (among others) postulated that an insider was involved, noting that hackers knew the hardcoded names of Sony network servers, along with the credentials/usernames and passwords needed to access the system.  

So far, the FBI is sticking by its publicly-stated theory.  And there may be a good reason for that, namely the fact that the bureau has access to information beyond the reach of security companies in the private sector.  Fact is, the FBI maintains a close working relationship with NSA on cyber-security issues and can draw upon that agency's vast expertise in that field.   In fact, some members of the FBI's cyber division are stationed at NSA HQ at Fort Meade, MD, to facilitate liaision efforts between the organizations.  It's a safe bet the FBI's "North  Korea"  analysis was based, at least in part, on data provided by NSA, and so far, the feds have said virtually nothing about the role of the SIGINT agency in the Sony investigation. If the assessment is based on NSA data, it would add more credence to the North Korean angle.

In fact, a better question might be why NSA hasn't established a partnership with Sony and other American entertainment companies, given their prominence in the global market.  Shane Harris provided new details on these alliances in his recently-published book @War: the Rise of the Military-Internet Complex (H/T: Tech Dirt):

The NSA helps the companies find weaknesses in their products. But it also pays the companies not to fix some of them. Those weak spots give the agency an entry point for spying or attacking foreign governments that install the products in their intelligence agencies, their militaries, and their critical infrastructure. Microsoft, for instance, shares zero day vulnerabilities in its products with the NSA before releasing a public alert or a software patch, according to the company and U.S. officials. Cisco, one of the world’s top network equipment makers, leaves backdoors in its routers so they can be monitored by U.S. agencies, according to a cyber security professional who trains NSA employees in defensive techniques. And McAfee, the Internet security company, provides the NSA, the CIA, and the FBI with network traffic flows, analysis of malware, and information about hacking trends.

Companies that promise to disclose holes in their products only to the spy agencies are paid for their silence, say experts and officials who are familiar with the arrangements. To an extent, these openings for government surveillance are required by law. Telecommunications companies in particular must build their equipment in such a way that it can be tapped by a law enforcement agency presenting a court order, like for a wiretap. But when the NSA is gathering intelligence abroad, it is not bound by the same laws. Indeed, the surveillance it conducts via backdoors and secret flaws in hardware and software would be illegal in most of the countries where it occurs. 


According to Mr. Harris, a number of companies have been invited to form partnerships with NSA, including tech firms, on-line security providers, and organizations that fall within the 16 categories of "critical infrastructure" that are allowed to have alliances with the agency.  Communications companies form one category of infrastructure, but it doesn't appear that entertainment firms fall under that heading, although "theme parks and casinos" are also defied as critical infrastructure elements.  

With the Sony hack, the categories of companies that can partner with NSA may be expanded once again.  Under current rules, there isn't much the agency can do.  In recent testimony before Congress, the NSA Director, Admiral Michael Rogers, said his organization can "watch" an attack develop and follow its targeting of specific companies and networks, but the agency cannot contact an affected firm on its own, unless it falls under a critical infrastructure category, and a formal agreement is in place. 

In his book. Mr. Harris notes that NSA offers classified briefings and "limited-duration" security clearances to executives from tech firms.  The presentations are aimed at "scaring" the companies into partnerships with NSA, based on threat information provided by the spy agency.  According to individuals familiar with the program, NSA has little difficulty convincing companies to work with them, since many of the presentations offer information beyond the reach of most security firms.  

That's why the North Korean connection cannot be completely ruled out in the Sony case, and it's the likely reason the FBI hasn't retracted its original assessment.  There may be information--beyond the limited forensic data offered so far--that puts Pyongyang in league with the hackers.  Of course, that assumes the feds have their facts straight and that isn't always the case.  According to Business Insider, an FBI bulletin on the threat of future attacks was based (in part) on fake posts and messages created by a prankster. 

Unfortunately, such errors don't inspire much confidence in the federal guardians of our on-line infrastructure.  Neither do new reports about NSA analysts using the agency's vast collection resources to spy on current and former lovers and spouses.  It's hard to do you job when you're trying to trace the phone calls, e-mails and text messages of an ex-wife or current girlfriend or boyfriend.