Slashdot Mirror
YouTube Used for Whistleblowing
fightmaster writes "A Lockheed Martin engineer with concerns about the safety and security flaws in a fleet of refurbished Coast Guard patrol boats turned to YouTube in order to publicize concerns he felt were being ignored by his employer and the government. From the article: 'The 41-year-old Lockheed Martin engineer had complained to his bosses. He had told his story to government investigators. He had called congressmen. But when no one seemed to be stepping up to correct what he saw as critical security flaws in a fleet of refurbished Coast Guard patrol boats, De Kort did just about the only thing left he could think of to get action: He made a video and posted it on YouTube.com.'"
It took me long enough to find this but here's the actual youtube video.
Does this sig remind you of Agatha Christie?
Thank You slashdot editors for providing a link to the video in question.
It actually took me three tries to find it, entitled: "Homeland Security - Coast Guard Issues"
May this post be indexed by spiders, and archived for all to see as my Internet epitaph.
If you RFTA you'll find that he was fired a few days after the video appeared on YouTube and that Lockheed Martin claims that he was fired for financial reasons (he was transfered off the project on the ship even earlier when his complaints were first voiced). His claims have subjective merit but the politics dealing with him seem a little too convenient.
While his employers probably will administratively punish and / or fire him
Yeah, interesting thing about the Federal Whistleblower Act is that it only protects Federal employees.
Contractors to the Federal Government are NOT protected.
"It may be very hard for you to believe that our government and the largest defense contractor in the world [are] capable of such alarming incompetence and can make ethical compromises as glaring as what I am going to describe."
No. Not even close. I think it's quite obvious that they're capable of such alarming incompetence. Consider: Katrina. WMD/Iraq. 9/11. Diebold. No-bid contracts. Overbilling.
There's really not much more that needs to be said.
There were going to be 49 of these at the time. Going all over the world. They stopped at 8 because the hulls were so badly rusted that they decided not to continue. Plus boats like this get deployed all of the world when needed. Additionally this is a System of Systems effort. Since this was the first platform it means these designs will be pushed to other assets to keep implementations similiar. They did 8 boats like this on purpose - planning on 49. My guess is they intend to continue to do this for commonality reasons as well as to not get caught (change would draw attention.
Or maybe. . .just maybe. LM and the CG realize comming clean would be extremely damaging. the DHS IG has already told me there preliminary look has validated my concerns. $24 billion is at stake - do you think they will come clean after doing this on 8 or more boats without be forced?
By the way - I am the one who did the video
If you dont meet TEMPEST standards, there is a high chance someone can intercept 'unencrypted' information either within the 'encrypted' information or on its own, or simply 'sense' it on a power line to the building. (also look up Van Eck phreaking)
There are a few considerations to help ensure the system will pass a TEMPEST test:
- Proper physical separation of Red and Black.
- Suitable filtering of power supplies.
- Propper shielding (parent got that one)
- Propper termination of shielding into correct EMI Backshells
- Correct assembly and termination of backshells
- More about what I've said Here [PDF]
Basically if you skimp on any of these to save a few dollars (and it aint cheap), the bad guys can intercept your communications (COMINT), which means your likely to get your ass handed to you on a plate...
PS: All of what Ii've said above is unclass and is in the public domain....
Exactly! Right from the Code of Ethics of a Professional Engineer? Here's a link.
Notice, the first fundamental canon is: Hold paramount the safety, health, and welfare of the public.
The third is: Issue public statements only in an objective and truthful manner.
If we go down to the specific Rules of Practice:
If engineers' judgment is overruled under circumstances that endanger life or property, they shall notify their employer or client and such other authority as may be appropriate. This is what he was worried about. However, the "normal" people to inform were ignoring him and he didn't know any other way to get this information to the people who would be affected - not only the Coast Guard personnel, but the public that will be sharing the waters with them, and the People of the United States who are the ultimate client.
Engineers shall not reveal facts, data, or information without the prior consent of the client or employer except as authorized or required by law or this Code. As a Person of the United States, he has my consent. As do all other Engineers who have concerns. Also, the previous rule requires him to do this.
Engineers shall not aid or abet the unlawful practice of engineering by a person or firm. Which he did not. Sorry he lost his position. Hopefully something good will come around for him.
Now, I hope he gets a lot of money for speaking engagements at different Engineering conferences. He chose the difficult road, but proved he is an Engineer. If Ethics were easy, we wouldn't need to write them all down in Codes of Ethics.
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
BTW,
Tempest was not only a secret Government study, it is also an acronym: Telecommunications Electronics Material Protected from Emanating Spurious Transmissions.
Cheers...
-- Posted from my parent's basement
Ah, another new poster discovers that Slashdot's "HTML formatted" doesn't add <br>s. You want "Plain Old Text" which, strangely enough, allows normal HTML formatting but keeps your paragraphs.:)
You also might want to mention that you're the person who posted the video as well, for those who don't bother comparing your username to the video poster's user name.
But anyway, with the paragraphs readded:
You are in a maze of twisty little relative jumps, all alike.
I am a Program Manager for a large defense contractor. I have no first hand knowledge about the specific program and concerns described in the video. However, I can provide some insight into how and why the Coast Guard and a contractor might ethically and responsibly act in the ways described in the video.
First, most defense contracts of the type described are so called "Cost Plus" contracts. That means that the Government and the contractor share the financial risk of executing the program. The government agrees to reimburse the contractor for whatever the actuals costs of executing the program are plus a pre-negotiated profit. The government retains complete control over the contract, regularly audits the contractor's financial data to establish the actual costs, and reserves the right to modify or cancel the contract at any time.
The DoD also has standard military specifications (mil-specs), and the -40 to +140 deg. temperature range cited in the video sound like a standard mil-spec to me. Now, if you are the government and I tell you the cost of refitting ships with FLIR that operates at -40, you might decide you don't really want that feature and grant a waver on the mil-spec. Why would you do that ? Well, you might know that the ship's engines won't work at that temperature either because the fuel oil will be too viscus. Why go to added expense for one component if another critical component won't work anyway ?
The government is in complete control. When the government insists on over-specifying systems, you get the notorious $1000 hammer. The classic example was a spec that required every component of an aircraft be able to survive 72 instantaneous Gs (a very hard landing). Do you have any idea how expensive coffee pots that can survive that many Gs are ? Guess what, you paid for them. The smarter decision would be to replace a $13 coffee pot after every such "crash". I assure you that the coffee pot is a lot cheaper than the pilot's back surgery.
Similarly, blind spots in camera coverage can be inexpensively corrected, and the Coast Guard may have elected to pay a low cost small business supplier to correct the problem instead of paying a large defense contractor's rates. Again, the government has control over all of these decisions.
Finally, if the cabling passes the TEMPEST tests, then it passes. It is entirely possible that the hull of the ship makes a very effective Faraday cage, and additional shielding on the cables is a wasted expense. Again, the government may actually be saving you money.
I don't know if the accusations have merit or not. I just wanted to point out that everything accused might be true and still be both ethical and down right sensible.
I agree with both you and the parent, so here is a brief summary for Generation Net:
1) Not enough security cameras
2) Bad (unshielded) communications cables
3) Equipment won't survive the extreme temperatures
4) No one cares, billions of dollars and national security at risk.
But, some of us really do prefer reading (and apparently, transcribing), and since google couldn't find me a transcript, here's one I made while waiting for my WoW trial to download, heh.
---
Before I begin, I want to tell you that making videos like this is not something I do as a profession, so please bear with the crudeness of the effort, and my reading from a prepared statement.
What I'm going to tell you is going to seem preposterous and unbelievable, and may be very hard for you to believe that our government and the largest defense contract in the world is capable of such alarming incompetence, and can make ethical compromises as glaring as what I'm going to describe. Having said that, I assure you that everything I'm stating here is accurate. I have resorted to creating this video because I've exhausted every avenue I can think of, and in spite of the negative effects it has had or will have on me and my family, I feel very strongly that I need to take this step in order to resolve these issues.
The purpose of this video is to ask for your assistance in helping me resolve several serious safety and security issues relating to homeland security. Specifically, the U.S. Coast Guard.
Several years ago, I was Lockheed Martin's C4ISR system engineering lead for the 123 project on the Deepwater program. The purpose of this effort was to upgrade the Coast Guard's fleet of 110-foot patrol boats, to not only lengthen their servicable life, but to add space onto the rear of the boat to accomodate the Zodiac rescue boat, and to install modern command, control, communication, computer information, and surveillance systems on these boats to prepare them for a post-9/11 world.
My responsibilities on this effort were to ensure the designs we created fulfilled requirements, and to complete the installation and delivery of the first boat. During my tenure on this project, several critical safety and security problems arose.
These issues included:
-The camera surveillance system.
We had a requirement to provide a camera surveillance system for the boats. The purpose of the system was to permit the Coast Guard to monitor these boats while in a Coast Guard port, without having to have a watch-stander on board. The main purpose of the system is to ensure that no one can access or board the boats without being seen.
The implementation that Lockheed Martin proposed, and that was finally accepted by the Coast Guard, left two extremely large blind spots leading directly to the pilot house, or the bridge, of the ship. These blind spots are over 10 feet wide on the deck, and extend to hundreds of feet wide at the horizon. I have an engineering rendering of the blind spots. [holds up image depicting blind spots] Here is the forward part of the boat, and the covered zones are here in the lighter color. As you can see here, and here, there are two very large blind spots leading all the way to the horizon that the crew cannot see, and they lead right up and into the bridge.
While this problem could have been easily remedied by simply providing another camera to fill the blind spots, Lockheed Martin and the U.S. Coast Guard decided to deliver these boats without the extra camera. This situation leaves the boats and the crew in a position where someone could access the boat without beeing seen. While it is possible to augment the cameras with a watch stander, that situation puts the Coast Guard in the exact position they originally tried to avoid, with the additional expense of a system that does not meet their needs.
The next issue:
-Environmental survivability of the equipment.
Just prior to the installation of the systems on the ship, we were fina
We had a whistleblower where I work a few years back. He claimed some sort of technical problem in one of our products.
The problem was, and I was in a position to know, he was absolutely, completely wrong. But he kept up and kept up like it was a mental illness or something.
So I tend not to automatically side with the so called whistleblowers until I have better info.
To simplify things further:
- If passing through unshielde cables, internal ship comunications, commands and sensor data can be read from a distance using a proper (directional) antena, a good low noise amp, an analog to digital converter (ADC), a notebook and some software.
This might not be an issue if the patrol boat is facing a couple of guys with AK-47s in a rubber boat, but it can be an issue if facing another nation's navy or a drug baron (both of which having the means and the smarts to take advantage of such a vulnerability).
Tempest attacks are only a "tin-foil crowd" thing when we're talking about non-descript individuals shielding their computer screens against "being read from a distance" even if such individuals are highly unlikely to be under surveilance by an organization with the right means and know-how.
It's way more likelly that the right persons (or should i say the wrong persons) are interested in intercepting internal communications of ships used in war or for security purposes (even if they are hardly aircraft carriers) than in reading the porn and unix commands of a non-descript geek with a little too much paranoia.
Or putting things another way, the higher the value of a target, the more likelly it is that complicated, expensive and/or specialized techniques are used against it.
I am told LM informed the CG and they took the boats. i get your point. I belive LM had a responsibility to not provide such a poor solution and not put their customer in that psotion. Basically I belive LM said take them or we burn more schedule and money. And you can go tell your superiors you did not take the boats and are responsible for more delays and budget over runs. LM - if it followed it's ethical practices - should never have suggested any of that be accepted. Again - everything was EASILY avoidable. Additionally we would have used less $ and time because we wouldn't have churn over bad decisions.