October 2015

IDA Research Staff participate vigorously in various professional activities – both within their disciplines and ancillary to them – including publishing in the open literature. Highlights of IDA research activity from October 2015 follow.

Securing America’s Future

Securing America’s Future: Realizing the Potential of the DOE National LaboratoriesThe final report (Securing America’s Future: Realizing the Potential of the DOE National Laboratories) of the Commission to Review the Effectiveness of the National Energy Laboratories was presented to the Energy and Water Development Subcommittee of the Senate Appropriations Committee on October 28. STPI’s Susannah Howieson and STD’s Mark Taylor led IDA’s research team to support the Commission’s research efforts over the past 16 months.





IDA Aboard USS John C. Stennis

IDA Researchers onboard the USS John C. Stennis Fifteen IDA Researchers loaded on USS John C. Stennis the morning on October 23 for a first-hand look at life aboard an aircraft carrier. The IDA participants walked aboard the aircraft carrier while it was docked at Naval Air Station North Island in San Diego, and rode the ship out to sea. They observed flight operations, remained overnight to observe night time flight operations, and flew back to the base the next day, aboard a Navy C-2 Greyhound, experiencing a catapult launch off of the ship. STD's Phil Koehn stated this was one of the best things he has done since joining IDA.




IDA President Testifies in Front of House Committee

Dr. David S.C. Chu testifying before the Full House Armed Services Committee on Shortening the Defense Acquisition CycleIDA President, Dr. David S.C. Chu, testified (video footage or a transcript are available) before the Full House Armed Services Committee on Shortening the Defense Acquisition Cycle. Dr. Chu acknowledged that cycle time in defense acquisition is not a new issue but that current data do not suggest an overall trend toward longer cycle times. Dr. Chu offered the committee several suggestions to improve the acquisition process of large military systems, adopting a better-informed view of what’s technically possible, keyed to mission needs, strategically allowing for adaptation of systems as circumstances change.




Program Vulnerability Found by IDA

Network Time Protocol (NTP) softwareITSD's Doug Birdwell found a vulnerability in the Network Time Protocol (NTP) software widely used across the Internet. What’s especially interesting is the way he found it: he used a “network extension” he created for the fuzzing tool called American Fuzzy Lop (AFL).

IDA reported the vulnerability to the NTP developers; it has been fixed in the latest version of ntp (ntp-4.2.8p4) released on Wednesday, October 21, 2015. The security patch was delayed because one organization (Meinberg) needed “time to get firmware out to their millions of customer who could be impacted by this patch.” Although IDA understood the rationale for the delay, it shows how important it is to find and fix vulnerabilities ahead of time in software like this.

This work was funded by the Department of Homeland Security Hybrid Open Systems Technology (HOST) project. The HOST project in general involves using open source software (OSS) approaches to improve security. In this case, IDA extended an OSS tool to help find vulnerabilities in a widely used OSS program.

For those who need to track down the details, The list of all vulnerabilities fixed in this version of NTP is here:

The one we reported is bug 2922 aka CVE-2015-7855, decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (IDA). More details are here:

DIRI Indonesia

SFRD’s Pat Goodman presenting to DIRI-Indonesia.The Defense Institution Reform Initiative (DIRI) program completed the sixth of eight 2015 visits to Jakarta to improve defense management capability and capacity within the Kemhan (Indonesian Ministry of Defense ), MABES TNI (Indonesian military HQ) and the TNI-Services under the Kemhan-DIRI 2015 Action Plan. SFRD’s Pat Goodman is IDA’s team lead for DIRI-Indonesia. SFRD’s Wade Hinkle and CARD’s Charles Fletcher co-lead the DIRI project. SFRD’s Bill Mahoney and CARD’s Shaun McGee and Alex Gallo round out the Indonesia team.

DIRI continues to enjoy strong support from Kemhan leadership confirmed this visit during a meeting with MG Yoedhi, the Director General (DirGen) of Strahan (the Defense Strategy Directorate within Kemhan), his deputy, and five key staff from other Strahan divisions and Kemhan directorates.

The DirGen reiterated Kemhan support to continuing cooperation with DIRI, restated the importance of implementing international best practices (IBP) to improve Indonesian defense planning, and directed his staff to finish detailed planning with DIRI for the 2016 Kemhan-DIRI Action Plan. The DirGen, DIRI, and ODC Defense Management Branch Chief agreed to meet again in late October 2015 to review the 2015 Action Plan results, and approve the 2016 Action Plan in preparation for final signing of the plan in December 2015.

New Book by IDA Researcher

Storming the City: U.S. Military Performance in Urban Warfare from World War II to Vietnam book coverA revised version of JAWD’s Alec Wahlman’s dissertation has recently been published by the University of North Texas Press. Storming the City: U.S. Military Performance in Urban Warfare from World War II to Vietnam evaluates four U.S. urban battle case studies – Aachen 1944, Manila 1945, Seoul 1950, and Hue 1968 – through a lens of capabilities while also assessing the evolution of U.S. doctrine for urban warfare. The book is on order in the IDA Library.





Dr. Mussington Participates in Cyber Workshop

Cybered Future and Conflict/Governance Implications PanelITSD Assistant Director David Mussington participated in a two-day “Cybered Futures and Conflict/Governance Implications” workshop on September 21 and 22 at the Naval War College in Newport, RI. Sponsored by the U.S. Naval War College’s (NWC) Center for Cyber Conflict Studies and Brown University’s Watson Institute, the meeting was designed to introduce future cyber environments to U.S. Navy planners and NWC subject matter experts. Dr. Mussington was one of a select list of attendees who offered insights on critical infrastructure cybersecurity policy and strategy in the economy and national security contexts.

During the workshop, participants articulated futures where cyberspace competition had come to dominate international relations in an atmosphere of competition between the United States and foreign peer competitors. The task was, in the context of three scenarios set 20 years in the future, to identify nearer-term policy choices and decisions that could make the future world more tractable for US interests in the military, economic, and diplomatic spheres.