New Specialty Qualification?

[exFlight Officer]

I noticed a new(?) Specialty Qualification in eServices while looking at my 101 card. Could someone explain what this means O.o  sure has got me baffled..

GIIEP - Geospatial Information Interoperability Exploitation Portable Operator


Thanks

[EMT-83]

Google it.

[exFlight Officer]

Don't I feel smart. Thanks  EMT-83    I suppose I had my slow flakes this morning..

[Extremepredjudice]

That thing is cool... To bad we will only have ~10.

Radio+interwebz!
And still picture and video transmission!

What are the range on these?

[coudano]

Sorry to be a bubble burster, however
It isn't as cool as advertised.

[JeffDG]

Sorry to be a bubble burster, however
It isn't as cool as advertised.

Concur.

I don't see it in OpsQuals (and I have been through the training with it)

[Eclipse]

We used it a couple weeks ago, and the operators were not quite "glowing" in their descriptions, it is still clearly a work in progress.

Another frustration is that many people think it is ARCHER II which it decidly isn't.

[JeffDG]

We used it a couple weeks ago, and the operators were not quite "glowing" in their descriptions, it is still clearly a work in progress.

Another frustration is that many people think it is ARCHER II which it decidly isn't.

The main thing I've noticed using it (both on the ground and air) is bandwidth.  I've never gotten more than 1-2 fps on the video.  For stills, it works nicely, I can take a shot, check it, and upload it to base in under 30 seconds, which is fantastic in DR damage assessment missions, because the base can come back and tell me if they need more detail, or if I should move on to the next target in a reasonable timeframe.

[Thom]

We used it a couple weeks ago, and the operators were not quite "glowing" in their descriptions, it is still clearly a work in progress.

Another frustration is that many people think it is ARCHER II which it decidly isn't.

My understanding is that there is very little 'work in progress' about the field equipment, that the only ongoing work is around the back-end systems. I'll ask Ants for more commentary on that, but as far as I know the gear is what it is, and won't be changing any time soon.

The After Action Report from Louisiana Wing's recent Mississippi River Flooding Mission should be making the rounds shortly. Attached is a Technical Challenges document which is, in large part, the tale of how little success we had using GIIEP.

The system has reasonable capabilities, but is bound with severe limitations, restrictions, and requirements. In short, it might work great for some missions, and be less than useless on others.

We are continuing to train folks on the system, but we will be very selective in how we attempt to deploy it in the future.


Thom

[ProdigalJim]

The After Action Report from Louisiana Wing's recent Mississippi River Flooding Mission should be making the rounds shortly. Attached is a Technical Challenges document which is, in large part, the tale of how little success we had using GIIEP.

I'm getting ready to spend the weekend doing GIIEP training. In the absence of the Technical Challenges document, can you offer a "Reader's Digest" version here on CT?

[Larry Mangum]

My observations from GIIEP training at NESA this year.

1. Stay within 1200 to 1500 AGL and within 5 miles of an Interstate or metropolitan area and you might be able to send video and pictures back. 
2. Make sure everything works before you leave the ground.
3. Open notepad on the toughbook and type in your password before you take off. Then when trying to enter the password in while bumping around in the air, you can simply paste it in. Will save you from locking out the account, as you only get three attempts.  Cannot overstate the importance of this. Three classes at NESA managed to lock out 9 of 12 training accounts, if I recall correctly.
4. You can always save the video or pictures locally and send them when you get back in an area withe adequate cellular coverage or back on the ground at the FBO.

[LTC Don]

We used it a couple weeks ago, and the operators were not quite "glowing" in their descriptions, it is still clearly a work in progress.

Another frustration is that many people think it is ARCHER II which it decidly isn't.

The main thing I've noticed using it (both on the ground and air) is bandwidth.  I've never gotten more than 1-2 fps on the video.  For stills, it works nicely, I can take a shot, check it, and upload it to base in under 30 seconds, which is fantastic in DR damage assessment missions, because the base can come back and tell me if they need more detail, or if I should move on to the next target in a reasonable timeframe.

Until TPTB (Redstone) can figure out how to get a cellular antenna outside the aircraft cabin, the system in terms of FMV is useless and is questionable with stills. OR, CAP can field mobile cellular support units like the National Guard already has to support the air mission with decent antennas/bandwidth.

The Panasonic Toughbook is a nice platform, until you've had in your lap for an hour and you now have second degree burns from the heat, and multiple reboots.........eating up mission time waiting on the laptop/software.

Yes, the system has serious production problems.



Cheers,

[Eclipse]

3. Open notepad on the toughbook and type in your password before you take off. Then when trying to enter the password in while bumping around in the air, you can simply paste it in. Will save you from locking out the account, as you only get three attempts.  Cannot overstate the importance of this. Three classes at NESA managed to lock out 9 of 12 training accounts, if I recall correctly.

Let me guess - 8-10 characters, alpha-numeric, mixed-case.  The password should be entered once, saved, and not a factor for the operator.

By the third of fourth time someone locks out a system you'd think they'd have changed the procedure.

[JeffDG]

3. Open notepad on the toughbook and type in your password before you take off. Then when trying to enter the password in while bumping around in the air, you can simply paste it in. Will save you from locking out the account, as you only get three attempts.  Cannot overstate the importance of this. Three classes at NESA managed to lock out 9 of 12 training accounts, if I recall correctly.

Let me guess - 8-10 characters, alpha-numeric, mixed-case.  The password should be entered once, saved, and not a factor for the operator.

By the third of fourth time someone locks out a system you'd think they'd have changed the procedure.

No, nothing that simple:

• 15 characters
• At least 2 "Special Characters"
• At least 2 numbers
• At least 2 upper case and at least two lower case
• Must not be one of your last 10 passwords

[Eclipse]

Pogo was right.

[NC Hokie]

Pogo was right.

We have met the enemy...?

[Eclipse]

Yep.

[Spaceman3750]

3. Open notepad on the toughbook and type in your password before you take off. Then when trying to enter the password in while bumping around in the air, you can simply paste it in. Will save you from locking out the account, as you only get three attempts.  Cannot overstate the importance of this. Three classes at NESA managed to lock out 9 of 12 training accounts, if I recall correctly.

Let me guess - 8-10 characters, alpha-numeric, mixed-case.  The password should be entered once, saved, and not a factor for the operator.

By the third of fourth time someone locks out a system you'd think they'd have changed the procedure.

No, nothing that simple:

• 15 characters
• At least 2 "Special Characters"
• At least 2 numbers
• At least 2 upper case and at least two lower case
• Must not be one of your last 10 passwords

You have just seen the epitome of security folk vs. everyone else. Those standards are very good from an INFOSEC standpoint, but not very good from an operational standpoint. Can you log in on the ground?

[Larry Mangum]

Yes, you can login on the ground, but you will probably have to exit and relogin multiple times while in the air. 

[davidsinn]

3. Open notepad on the toughbook and type in your password before you take off. Then when trying to enter the password in while bumping around in the air, you can simply paste it in. Will save you from locking out the account, as you only get three attempts.  Cannot overstate the importance of this. Three classes at NESA managed to lock out 9 of 12 training accounts, if I recall correctly.

Let me guess - 8-10 characters, alpha-numeric, mixed-case.  The password should be entered once, saved, and not a factor for the operator.

By the third of fourth time someone locks out a system you'd think they'd have changed the procedure.

No, nothing that simple:

   
• 15 characters
• At least 2 "Special Characters"
• At least 2 numbers
• At least 2 upper case and at least two lower case
• Must not be one of your last 10 passwords

You have just seen the epitome of security folk vs. everyone else. Those standards are very good from an INFOSEC standpoint, but not very good from an operational standpoint. Can you log in on the ground?

It's not even good INFOSEC because a password that complex and used that rarely will have to be written down and that blows the whole thing. Frankly the IT weenies that enforce this crap are idiots.

[JC004]

It's not even good INFOSEC because a password that complex and used that rarely will have to be written down and that blows the whole thing. Frankly the IT weenies that enforce this crap are idiots.

We should give a tiny tutorial (paragraph or so) on how to do a password that is easily remembered but very hard to crack (not unlike I mentioned to you, actually).

[JeffDG]

[jeders]

^
You beat me to it.

[davidsinn]

I had that very strip in mind when I wrote my reply.

[Thom]

XKCD has the answers to most of life's questions.

However...I'll be interested to see in a couple of years, just how high up the 'common password' lists the phrase 'correcthorsebatterystaple' climbs, thanks to people who read but don't understand.



Thom

[Eclipse]

There's no such thing as a password that's "hard to crack" - the only issue is how interested in your data the other person(s) is.

[Phil Hirons, Jr.]

... thanks to people who read but don't understand.

How many other CAP situations could this apply to?

[Spaceman3750]

3. Open notepad on the toughbook and type in your password before you take off. Then when trying to enter the password in while bumping around in the air, you can simply paste it in. Will save you from locking out the account, as you only get three attempts.  Cannot overstate the importance of this. Three classes at NESA managed to lock out 9 of 12 training accounts, if I recall correctly.

Let me guess - 8-10 characters, alpha-numeric, mixed-case.  The password should be entered once, saved, and not a factor for the operator.

By the third of fourth time someone locks out a system you'd think they'd have changed the procedure.

No, nothing that simple:

   
• 15 characters
• At least 2 "Special Characters"
• At least 2 numbers
• At least 2 upper case and at least two lower case
• Must not be one of your last 10 passwords

You have just seen the epitome of security folk vs. everyone else. Those standards are very good from an INFOSEC standpoint, but not very good from an operational standpoint. Can you log in on the ground?

It's not even good INFOSEC because a password that complex and used that rarely will have to be written down and that blows the whole thing. Frankly the IT weenies that enforce this crap are idiots.

Actually, on the first point, you have a point. However, IT folk (I'm one of the idiots by the way, thanks :angel:) typically think in terms of how hard a password is to crack, not how likely someone is to write it down, because no matter what many of your users are going to write it down anyways (I routinely see people write down single-word dictionary passwords like "kittens" and "password").

[JeffDG]

Don't tar all of IT with that brush...I'm an IT guy!  It's the IT Security folks that are annoying!

I once ran L0ftcrack on a domain of a client (ok...long time ago!) and found that 70% of passwords in the domain were the company name...yes, I recommended some password policies...reasonable ones...to that client!

[Spaceman3750]

Don't tar all of IT with that brush...I'm an IT guy!  It's the IT Security folks that are annoying!

I once ran L0ftcrack on a domain of a client (ok...long time ago!) and found that 70% of passwords in the domain were the company name...yes, I recommended some password policies...reasonable ones...to that client!

I know that the Canuck in you is showing, but it's L0phtcrack .

[JeffDG]

Don't tar all of IT with that brush...I'm an IT guy!  It's the IT Security folks that are annoying!

I once ran L0ftcrack on a domain of a client (ok...long time ago!) and found that 70% of passwords in the domain were the company name...yes, I recommended some password policies...reasonable ones...to that client!

I know that the Canuck in you is showing, but it's L0phtcrack .

OK, it's been a while since I used hacking administrative tools like that.

[Thom]

In this instance we have even less choice than normal. The entire system is run by the military, and CAP is only one (small) user of the system. Everything is engineered and run to whatever the current .mil security requirements are, whether good or bad.

One good thing is, in this instance, just like Surrogate Predator, CAP is being invited to the table with the big boys. That doesn't come lightly. Unfortunately, once there some of the food may not be to our liking.


Thom

[N Harmon]

Another IT guy here: Having a password provide authentication and access to the server is beyond silly. Issue a browser certificate and be done with it.

[Extremepredjudice]

Another IT guy here: Having a password provide authentication and access to the server is beyond silly. Issue a browser certificate and be done with it.

Agreed...

Or dump the idea of the password all together.

I assume this is kept at a secure location? Only authorized people allowed to access it?
Unless you want the photos and videos tagged with who took it, than it really isn't needed.

[Spaceman3750]

Another IT guy here: Having a password provide authentication and access to the server is beyond silly. Issue a browser certificate and be done with it.

Easily intercepted.

Smartcard wouldn't be bad (as long as it was single-factor and not two-factor auth) until someone loses the smartcard into the fold of a Cessna.

[N Harmon]

Another IT guy here: Having a password provide authentication and access to the server is beyond silly. Issue a browser certificate and be done with it.

Easily intercepted.

What, with a man-in-the-middle attack? I would assume such an implementation would be based on a mutually trusted CA.

[ProdigalJim]

Just finished GIIEP training, and now that I've done it, I've gotta agree that the password restrictions were pretty rich...the CT screenshot of the XKCD comic definitely made the rounds during the lecture!

PROS --

1. Low-cost way to do (kinda) what TV news helicopters have been able to do for years...live video, back to the Mother Ship. No microwaves or $250,000 mast trucks required!
2. Super-portable.
3. Works on any airplane/vehicle/ground team member, etc.
4. Any dummy (read "Yours Truly") can become competent in its operation in a short period of time.
5. Significantly improves the real-time operational picture/situational awareness for those back at the Mother Ship.

CONS --

1. Password restrictions are so severe that they're being defeated by human nature (sheets with password reminders on them, stickers on machines, etc.). If it's so hard that everyone writes them down, it DEFEATS THE PURPOSE!
2. The Toughbook (at least the four units we were using) seems to be slow as molasses. Terrible latency moving the mouse around via the touch-pad.
3. Persnickety relations between the GIIEP client and the Google Earth Enterprise common operational picture.

IT'S NOT UP TO ME (OR EVEN CAP), BUT IF IT WERE --

1. Recommend color-coding the different GIIEP units/teams in the chat window to match the colors those teams are streaming in the Common Operational Picture. With a lot of chat lines going by, color-coding could make it easier to find the team you need more quickly.
2. Coding a few functions to force compliance with conventions; so, for example, you can't name a mission profile in any way other than the date/time convention recommended in the initial training.
3. Improve the speed of the various pieces on the laptop. A lot.
4. Include two items in the go-box: a laminated inventory sheet (like the picture-book slide in the training materials) and a laminated operator checklist, just like the one you'd use as a pilot. You can challenge/response it if you like: Dongle? Connected. Update Rate? 5 History? 9999 And so on. Sequence is EXTREMELY important in firing up and using GIIEP, and a checklist can help the operator ensure they're doing everything in the correct order.
5. Label every item in the go-box, so components don't get mixed up in a busy mission base with (potentially) multiple GIIEP units. Make it "firefighter proof" (my brothers and sisters out there know what I mean!     ). Unit VA2 gets all green dots on each component, Unit VA1 gets all orange dots. Or something like that.
6. With the air card service so picky (cell towers are optimized, after all, to work with things on the ground, not in the air) maybe CAP or AFNORTH could, through some sort of MOU with the Army/NatGuard, etc., bring the giant CAP repeater network into play somehow? Make it CAP's contribution to the evolving GIIEP national asset...Guard could use CAP repeater network for domestic stuff they may be working on, and we would have a robust comms link. I'm not a comms guy, so I don't know exactly how it would work, but it FEELS like something we should be able to do...essentially creating a giant, advantaged Wi-Fi network.

Overall, GREAT training and a great weekend!  :clap:  :clap:

[SARDOC]

No, nothing that simple:

• 15 characters
• At least 2 "Special Characters"
• At least 2 numbers
• At least 2 upper case and at least two lower case
• Must not be one of your last 10 passwords

You also forgot... it has to be changed every 90 days

[SARDOC]

5. Label every item in the go-box, so components don't get mixed up in a busy mission base with (potentially) multiple GIIEP units. Make it "firefighter proof" (my brothers and sisters out there know what I mean!     ). Unit VA2 gets all green dots on each component, Unit VA1 gets all orange dots. Or something like that.

These are some good suggestions, except and you have to be realistic about this...There is no such thing as "Firefighter Proof"   There are things that are Firefighter Resistant....but not firefighter proof.

Yes...this weekend was definitely a good class.

[Eclipse]

When I worked for a municipality and we used to have conversations about making things "Firefighter Proof", it had to meet three criteria.

You should not be able to:

Lose it.

Break it.

or Eat it.

[SARDOC]

When I worked for a municipality and we used to have conversations about making things "Firefighter Proof", it had to meet three criteria.

You should not be able to:

Lose it.

Break it.

or Eat it.

You can put two firefighters in a round padded room with nothing but two 10 pound shot puts...the following things are going to happen.

Something is going to get lost.

Something is going to be broken.

Somebody is going to get hurt.

But nobody is going to know how the other things happened.