The Complex

DOD panel: Silly rules are causing airmen to handle nuclear bombs with forklifts

This is interesting. An April 2013 report by the Defense Science Board says that arcane safety procedures are actually making some aspects of the way the Air Force handles its nuclear weapons more dangerous.

Perhaps the best example is that nuclear weapons maintainers aren't allowed to use the hoists designed to lift B-61 nuclear bombs onto Weapons Maintenance Trucks because "the end of the bolt [securing the hoist to the truck] is flush with the outer surface of the nut while technical data require that two threads show beyond the surface of the nut," reads the report. While this condition has existed since the trucks were introduced 22-years ago and has resulted in no problems, the Air Force recently barred units from using the hoists due to their failure to meet technical safety specifications. The result?

"An awkward process entailing the use of a forkliftt to move the weapon into the truck and the manhandling of the 200-pound tail section," states the report. The document goes on to describe the workaround as a procedure "that by any informed judgment, impose[s] far greater safety risk than that presented by the deficiency in the bolt length."

Apparently, new bolts are supposed to be on their way and a whole new truck is expected to enter service around 2015.

The report goes on to cite a number of smaller examples where the service's adoption of a "zero defect" mentality for adhering to the rules and regulations for all things associated with its nuclear weapons combined with old equipment is harming the service's ability to perform what it says is one of its most important missions. It goes on to slam the Air Force's Personnel Reliability Program (PRP) -- aimed at ensuring that airmen involved in nuclear-related activities are top quality -- as overly bureaucratic and adhering to guidelines so strict the report describes them as "ludicrous."

"At one base, the PRP inspectors from [Air Force Global Strike Comand] declared it a major finding that the dimensions of the red status identification stickers [that identify a persons medical status] were 1.5 inches rather than the prescribed 2 inches," reads the report. "One medical group commander, referring to the bureaucratic excesses stated: ‘administrative paperwork and chasing regulations are the focus of PRP rather than serving the airmen on PRP to ensure they are ready to perform their jobs'."

In something that sounds like it's straight out of Catch-22, the PRP requires airmen who need to go off base for a routine dental visit to have their status allowing them to work on nukes temporarily revoked because some medical flaw could, in theory, be discovered during this visit that would disqualify them from working in the service's so-called nuclear enterprise.

For example, an off-base dental appointment to have an annual examination or a routine filling requires suspension until the individual proves upon return that there was no cause. While the system declares there is no stigma with suspension, the individual must physically visit the medical facility upon return (at a specified time in some wings) and cannot perform his work until this administrative process is accomplished. Individuals who care a great deal about their work team know that there is no cause for suspension and feel they are forced to let their team down for no reason. It can take three to five days to return to work when the eventual determination is that there was no cause for concern. This also requires the time and attention of medical technicians, doctors, and certifying officials.

We can't make that stuff up.

"Much of the risk assessment conducted across the Air Force nuclear enterprise has little to do with performance, safety, and security risk to accomplishing the missions," reads a memo from the board's chairman, Paul Kaminski, which accompanies the report." Decisions to avoid very small technical risk result in far greater risk to personnel to perform essential nuclear related-tasks."

The report is one of several published over the last few years aimed at assessing the Air Force's progress in revamping its nuclear weapons-related activities. A 2007 incident where nuclear-tipped cruises missiles were mistakenly flown across the country and left missing and unguarded for more than a day and a 2008 incident where Air Force nuclear triggers were mistakenly shipped to Taiwan led to the firings of then Air Force Secretary Michael Wynne and former Air Force Chief of Staff Gen. T. Michael Moseley and the creation of a new command, Global Strike Command to oversee the service's fleets of ICBMs and nuclear bombers.

Retired Air Force Gen. Larry Welch, now chair of DOD's Permanent Task Force on Nuclear Weapons Surety, notes that the Air Force has "implemented extraordinary measures" that have been largely successful in restoring the "high standards of professionalism and discipline" to the nuclear enterprise.  

Still, the service needs to, "provide faster and broader material evidence that the mission is indeed treated as Job 1 (or even as first priority behind the demands of ongoing combat operations)" reads a memo by Welch that accompanies the report. This can by accomplished by refurbishing dilapidated facilities, purchasing basic new materials (such as maintenance trucks described above) and by developing more intelligent ways to enforce performance standards, states the report.

Wikimedia Commons

National Security

The other cybersecurity bills the House passed this week

CISPA isn't the only piece of cyber-security legislation that passed the House this week.

The Federal Information Security Management Act of 2013 updates the 2002 version of the federal IT security law, known as FISMA, by requiring government agencies to constantly monitor their computer networks for threats

Right now, FISMA requires government agencies to perform only yearly evaluations of cyber-threats and vulnerabilities. Yours truly can't tell you how many times I've heard cybersecurity experts say the current version of FISMA does nothing to stop fast-paced cyber threats; it's merely an exercise in checking off boxes.

As a statement released this week by Rep. Jim Langevin, co-chair of the Congressional Cyber Caucus says, "While the annual reports currently mandated under FISMA are supposed to give government executives overall insight into security management of their networks, this does not provide the minute-by-minute view into network security that is needed.

"It's just an out of date and slow process for examining security of government networks," a House staffer told Killer Apps. The new version of FISMA would mandate "continuous monitoring of networks and provide regular threat assessments."

Here's an excerpt from the Library of Congress' official summary of FISMA 2013, explaining the change in the reporting procedures:

Directs senior agency officials, with a frequency sufficient to support risk-based security decisions, to: (1) test and evaluate information security controls and techniques, and (2) conduct threat assessments by monitoring information systems and identifying potential system vulnerabilities. (Current law requires only periodic testing and evaluation.)

Directs agencies to collaborate with OMB [the Office of Management and Budget] and appropriate public and private sector security operations centers on security incidents that extend beyond the control of an agency. Requires that security incidents be reported, through an automated and continuous monitoring capability, when possible, to the federal information security incident center, appropriate security operations centers, and agency Inspector General.

The House also passed the Cybersecurity Enhancement Act which requires the National Science Foundation, the National Institute of Standards and Technology, and "other key federal agencies" to develop a strategic plan for federal cybersecurity research and development work, with a focus on securing industrial-control systems and developing advanced protections for personal information online. (Remember, the Stuxnet virus that destroyed thousands of Iranian uranium-enrichment centrifuges targeted the machines' industrial-control computers.)

The second bill also calls for the establishment of a "Scholarship for Service" program meant to cultivate a highly-skilled government cybersecurity workforce, and it requires the president to send a report to Congress on the government's current and future cybersecurity workforce needs.

Getty Images