Deepwater churns around unencrypted data

According to the central figures into the government's investigation of Deepwater, faulty radio encryption systems remain a threat to the nation's classified intelligence intranet

The most sensitive and highly classified data communicated over the nation's internal computer networks remains at risk for exposure, according to key witnesses in the government's investigation into the United States Coast Guard's Deepwater procurement program.

According to Michael DeKort, a former lead systems engineer at Lockheed Martin who has become the primary whistleblower in the Deepwater case, and James Atkinson, an electronic intelligence expert hired by Congress to look into security issues with communications equipment purchased as part of the program, radios that have insufficient encryption in place to protect classified government information remain in use by the Coast Guard today.

Congressional hearings into potential collusion and fraud carried out as part of Deepwater have already resulted in an ongoing Department of Justice investigation into the $24 billion procurement project.

And while the eight 123-foot Coast Guard cutters whose cracked hulls led to the initial discovery of problems in the Deepwater program remain in dry dock, other ships built under the project, including the flagship 418-foot National Security Cutter (NSC) currently being tested at sea, are still using the radios in question, the witnesses said.

At the heart of the problem are radios supplied by Integrated Coast Guard Systems (ICGS), a joint venture between massive contractors Lockheed Martin and Northrup Grumman, which was to retrofit all 49 of the Coast Guard's 110-foot cutters and extend them to 123 feet, and build an additional 91 new vessels under Deepwater.

The systems installed in the 123-foot ships, supplied to ICGS by Rockwell Collins, failed the Coast Guard's signal encryption tests as well as reviews carried out by the Navy, according to the two men, who are both experts in the field of communications and radio transmission security.

Yet, both military arms allowed the radios to be installed and have yet to ban the so-called C4ISR (command, control, communications, computers, intelligence, surveillance, and reconnaissance) systems in question, despite the experts' testimony before the Congressional Committee on Transportation and Infrastructure in mid-April, the witnesses claim.

Based on shortcomings in the encryption technologies used in the C4ISR systems being installed under Deepwater, anyone smart enough to look for radio transmissions emitted by the ships using the equipment could essentially gain access to the military's SIPRNet (Secret Internet Protocol Router Network), the men have testified.

Officials with the Navy and Coast Guard did not reply to calls seeking official comment on the matter, nor did media representatives with ICGS, Lockheed, and Northrup.

SIPRNet is used to communicate classified intelligence by not only the military, but also the Drug Enforcement Agency (DEA), Federal Bureau of Investigations (FBI), and National security Administration (NSA), among others.

Based on the problems, namely the communications systems' failure to meet the requirements of established government security emissions tests, the ships carrying the radios are not only vulnerable to eavesdropping, but may also transmit the unencrypted data over vast distances, DeKort said.

The whistleblower held a position as a Navy communications electronics technician for six years, and worked as a communications engineer in the State Department for two years, before going to work for Lockheed and being assigned to lead systems installation on the 123-foot Coast Guard ships.

"We were making it easy for people around the globe to intercept our government's classified intranet; not only is there the ability for eavesdropping, but because there is so much signal leakage onboard these boats, they transmit clear data outward as well," DeKort said. "Someone half-way around the world could be intercepting the externally transmitted data via satellite, or catching high-frequency radio signals when those types of transmissions travel longer distances at night."

The Coast Guard has already publicly touted the use of the retrofitted ships built under Deepwater in overseas operations, including efforts to repatriate Cuban immigrants to their homeland in 2006.

In addition to transmitting data via the systems, DeKort said that it is plausible that someone could use the intercepted information to work out some of the government's cryptographic codes by studying the radio emissions.

"Not only can you clearly hear what the systems are hearing because it is transmitted in the clear on the ships, but if you know how to listen to the signals in the right way, you could potentially figure out how our cryptographic systems work and break the codes," DeKort said.

Atkinson, the president of president of Granite Island Group, Gloucester, Mass., and a former government intelligence officer, was hired by Congress to investigate the Deepwater radio problems and report his findings on Capitol Hill.

On April 18, the expert told the Committee on Transportation and Infrastructure that he believes that both the Navy and Coast Guard were aware of the encryption problems, yet suppressed the failed "telecommunications electronics material protected from emanating spurious transmissions" (TEMPEST) test results.

An expert in technical surveillance counter measures (TSCM), Atkinson found that the Coast Guard cutters outfitted under Deepwater used radios whose encryption specifications fell far short of expected standards.

The expert also maintains that the Coast Guard and Navy knew that the systems had failed certification tests, yet chose to ignore the results and suppress them.

Rather than halt the program to fix the issues, Atkinson also claims to have found evidence that proves that officials with the Navy and Coast Guard, as well as ICGS, decided to hide the problems out of fear that it would threaten the entire Deepwater project and funding for other programs.

"The Navy sent a technician who did the analysis and it didn't pass the required instrumental tests, but this was carefully concealed by the Coast Guard and Navy instead of coming forward and reporting the failed inspections," Atkinson said, repeating his testimony before Congress.

Both government witnesses point to Coast Guard Rear Admiral Gary Blore, the program executive officer for Deepwater, as a central figure in the situation, as his office was ultimately responsible for issuing the waivers granted for the radios that failed the TEMPEST tests.

In addition to illustrating some of the explicit problems with Deepwater, Atkinson said his testimony highlights similar problems with the radios being used in the Navy's DDX next-generation war ship program, also to be supplied by ICGS.

"The Navy is suffering tremendous embarrassment over this because their people did nothing about it, which made them an accessory after the fact," Atkinson said. "When the Coast Guard granted themselves the ability to operate illegally, the Navy did nothing to inform other agencies, which was their responsibility at that time since they provide the Coast Guard with access to SIPRNet."

In a statement published on April 19, Congressman James L. Oberstar (D-Minn.), the chairman of the Committee on Transportation and Infrastructure cited "serious management failings in contract execution and oversight among all the parties involved in Deepwater," and thanked Atkinson and DeKort by name for their contributions to the proceedings.

"Of all the issues that have come before the Committee on Transportation and Infrastructure in the 110th Congress, none is more disturbing than the failures of the Coast Guard's Deepwater acquisition program," Oberstar wrote. "The testimony suggests that serious problems were known very early in the program and that many warnings were delivered by very courageous individuals involved in the program from the earliest days. Many of these warnings were consciously rejected or not taken seriously by various levels of management."

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies