department of defense – Bredemarket

Yes, the “Two Presidents” Scenario Could Really Happen

My recent post about two “Presidents” with the power to launch nuclear attacks sounds technologically very difficult, but it’s not impossible. Even biometric modification can happen if an adversary has enough money.

Grok.

But as is true with anything, the technology is easy. The business part is the difficult part.

And most would argue that there is absolutely no way that a scam like this could be pulled off, especially since it would require inside cooperation.

Perhaps you’d better sit down.

August 9, 1974

Washington, DC was in a very confused state on August 9, 1974. When the day began, Richard Nixon was President and Gerald Ford was Vice President. Several hours later Ford would be President and there was no Vice President. (If Ford had suddenly died, Speaker of the House Carl Albert would have become President. If you thought the events of 1973 and 1974 were wild enough, imagine if Albert had become President.)

The morning of August 9 was carefully choreographed, but I am going to concentrate on two events involving Richard Nixon, Alexander Haig, and Henry Kissinger.

The first occurred at about 10:35 am when President Richard Nixon’s helicopter lifted off from the South Lawn, headed toward what was then Andrews Air Force Base.

The second occurred later, at about 11:35, when White House Chief of Staff walked into the office of Henry Kissinger, in Kissinger’s capacity as Secretary of State. Haig’s arrival was expected, as was the signed letter that he bore from President Nixon (en route to California). The letter was short.

“I hereby resign the Office of President of the United States.”

Kissinger indicated his receipt of the resignation and maintained communications with critical people, including Vice President Gerald Ford.

But there was one other critical person: the Secretary of Defense, James Schlesinger.

And there was one very important part of the choreography that wasn’t mentioned publicly that day.

Back to the Helicopter

I don’t know if “biscuits” existed in 1974, but footballs certainly did. And certainly the concept of continuity hadn’t yet matured to the Carter-Mondale level. But everyone agreed that according to the Constitution, on that day Richard Nixon remained President of the United States until he didn’t.

But according to reality, Nixon was…stressed.

“Schlesinger feared that the president, who seemed depressed and was drinking heavily, might order Armageddon. Nixon himself had stoked official fears during a meeting with congressmen during which he reportedly said, “I can go in my office and pick up a telephone, and in 25 minutes, millions of people will be dead.” Senator Alan Cranston had phoned Schlesinger, warning about “the need for keeping a berserk president from plunging us into a holocaust.””

And Schlesinger acted. When a liberal Democratic Senator demands action from a conservative Administration, sometimes things happen.

While some of the 1974 actions of Schlesinger, Kissinger, and Haig during the “final days” are murky, there is general agreement that Schlesinger gave a rather unusual order to the military.

“[I]n the final days of the Nixon presidency he had issued an unprecedented set of orders: If the president gave any nuclear launch order, military commanders should check with either him or Secretary of State Henry Kissinger before executing them.”

This is entirely against the Constitution. If the Vice President and Cabinet doubted the sanity of the President, the proper avenue was a 25th Amendment removal—not an inferior official disobeying the instructions of the Commander-in-Chief.

However, in those strange days, in which many things happened in secret, one can understand why Schlesinger did what he did.

But there was one other critical decision that was made on August 9.

Remember when President Nixon boarded the helicopter?

“[T]he most critical tool of the modern presidency had already been taken away from him. He never noticed it, but the nuclear “football” didn’t travel with him as he boarded the helicopter, and later, Air Force One for his flight back to California.”

Yes, the football. The thing that was ALWAYS with the President because the USSR could launch a nuclear attack at any moment.

Remember that Nixon was still President an hour after boarding the helicopter, when Kissinger received a visit from Haig. But if the U.S. had been attacked during that hour, the President couldn’t respond.

And the Vice President didn’t have the power to respond.

The football appears to have been in the custody of military aides outside the East Room, awaiting the moment that Gerald Ford would take the oath of office. (Although he was already President once Kissinger indicated his receipt of the resignation letter.)

But…who controlled the football?

Schlesinger?

Kissinger?

Carl Albert?

In the end nothing bad happened, but it could have.

And it’s therefore entirely possible that the aforementioned “two Presidents” scenario could happen.

Two Footballs, Two Biscuits, Two Presidents: A Cybersecurity Nightmare.

Last year I wrote about a biscuit and a football, but I wasn’t talking about the snack spread on game day.

I was talking about the tools the United States President uses (as Commander-in-Chief) for identity verification to launch a nuclear attack.

But sometimes you have to pass the football. If the President is temporarily or permanently incapacitated in an attack, the Vice President also has a football and a biscuit. Normally the Vice President’s biscuit isn’t activated, but when certain Constitutional criteria are met it becomes operative.

Other than this built-in redundancy, the system assumes one football, one biscuit, and one President.

If you’re a cybersecurity expert, you know this assumption is the assumption of a fool.

It is not impossible to have duplicate functional footballs and duplicate functional biscuits.

And it is not impossible to have duplicate functional Presidents, with identical face, voice, finger, and iris biometrics. Yes, it’s highly unlikely, but it’s not impossible. If the target is important enough, adversaries will spend the money.

Grok.

And most of us will never know the answer to this question, but how do government cybersecurity experts prevent this?

Biscuit-based Identity Authentication and Authorization

Some of us authenticate ourselves to unlock our smartphones. Others authenticate to access confidential corporate information. A few authenticate to wield the power to annihilate the world.

The football and the biscuit

In the United States, the President (Commander-in-Chief) has a “biscuit.”

“The nuclear biscuit is a card with authentication codes that acts as the President’s personal key to unlocking America’s nuclear arsenal.

“The biscuit acts a lot like a two-factor authentication device or app. Its codes are updated regularly, and it works in connection with the nuclear football to verify the President’s identity. Without the biscuit, the President can’t order a nuclear strike, even if they have the football itself.”

Factors of authentication

Here are the three authentication factors that the biscuit reportedly uses.

“Something you have is quite an obvious one, you needed to have the actual Biscuit and the codes within.

“Something you know is when you opened the Biscuit. It had many codes printed on the cards and all were false apart from one. The President would have been told the position of the real code when he first took office. He would also be told each time the Biscuit was changed.

“For something you are, the phone line the President would need to contact has no number. It can only be contacted via a secure military phone. This phone would be handed to the President by one of his security team who would obviously not hand this phone to anyone but the President.”

Now you can argue that the phone line is not a TRUE something you are factor. A devious security team member could hand the phone to someone who SOUNDS like the President.

And there’s another complication.

Passing the football

Let’s say that a President is away from Washington. Say, at a school in Florida.

And all of a sudden attacks are launched in multiple U.S. cities.

What if an attack were launched in Florida, incapacitating the President, either temporarily of permanently?

In such an attack, the country and the world cannot afford to wait for hours for the football to be flown to wherever Richard Cheney is.

The solution? Two footballs (at least).

“Believing that the vice president should be a partner in national security policymaking, President Jimmy Carter assigned a football to Vice President Walter Mondale and this became the practice for future U.S. administrations.”

Outside the U.S. Russia has a similar system called the “Cheget,” and other nuclear countries presumably have similar procedures to authenticate the persons or persons authorized to launch nuclear weapons.

Your football and biscuit

If you are an identity vendor or customer, you may have your own authentication and authorization procedures. While a breach of your procedures won’t result in the annihilation of civilization, it could create its own damage.

Do you need help describing the security of your identity solution?

Talk to Bredemarket.

Stop losing prospects! Use Bredemarket content for tech marketers

Business Concerns Always Override Technology Concerns

The Institute for Defense and Government Advancement (IDGA) recently released some survey results. Now I don’t want to simply reproduce the results; go here to download your own copy of the report.

But I do want to say this.

“A large number” of IDGA survey respondents expressed concern about “Interagency information sharing.”

This is NOT a technology concern. The technologies exist to enable information sharing. For example, one of Bredemarket’s clients recently made the technological changes necessary to allow an application, designed to interface to agency A, to instead interface to agency B.
No, this is a business concern—or in this case a governmental concern. A matter of setting up the processes to allow Bob from agency A to exchange data with Judy from agency B. Even though Bob thinks that Judy is a bozo, and vice versa.

And while we’re on the topic…

If you’re worried about Big Government (the FBI and the CIA and the BBC, BB King, and Doris Day) (or INTERPOL and Deutsche Bank, FBI and Scotland Yard) combining all their information to entrap you, your fears may be difficult to realize. Yes, there are cases in which the agencies share data. But there are also cases where they don’t, because it’s in an agency’s interest to keep its data to itself.

Agencies usually ask the question “How can I GET the data from the Bureau of Stuff?” They normally don’t ask the question “How can I GIVE my data to the Bureau of Stuff?”

And that’s why agencies run into problems sharing data.

Dig It.

Computer World.

The Department of War Brand…Guides

I’ve never written a formal brand guide for Bredemarket, but I probably should. Not that outside agencies are citing the Bredemarket brand or the proper use of a wildebeest, but I probably should provide helpful consistency hints. (No “Brede Market,” people.)

But larger organizations obviously have brand guides and enforce them.

Including the United States Department of War.

Note that I said Department of War, not the Department of Defense. There is an official “DOW Brand Guide” posted on the Department of War website. And as we’ll see in a minute, it’s important to note that this is on the Department’s website.

The DOW Brand Guide and Mission Statement

A government agency needs to brand just like private agencies. Here are the opening overview of the DOW Brand Guide:

The Department of War Brand Guide was developed to ensure a shared visual experience that reinforces DOW’s identity and core priorities.

The foundation of the department’s brand is the DOW Mission Statement:

The Department of War provides the military forces needed to deter war and ensure our nation’s security.

Without getting into the politics and showmanship of the whole thing, let’s note that the Department has a critical need to communicate its mission. And that’s what it has done here.

Use of Name

I’m not going to cover the entire DOW Brand Guide, which is like any other brand guide with logos and colors and stuff. The picture illustrating this post is the “dark stacked” logo.

But considering the background of the Deparrtment renaming, I do want to concentrate on the name itself, from the “Use of Name” section of the DOW Brand Guide.

In Executive Order 14347, issued Sept. 5, 2025, President Donald J. Trump directed the U.S. Department of Defense “be known as the Department of War,” a secondary title for this cabinet-level department. The order permits the use of this secondary title for official correspondence, public communications and ceremonial contexts within the executive branch.

How many of you caught a particular word that was repeated in that paragraph? The word that caught my eye is “secondary.” So for all this ballyhoo, apparently we can still use the D-word “Defense.” In fact, if you look at the tags to this post, I continue to use the tag “department of defense.” I may have to change it later. The people in the Department have guns and can be very persuasive. More persuasive than the cartographers who don’t want us to use the M-word “Mexico” when referring to a body of water south of Texas and west of Florida.

The “Use of Name” section continues.

Use “War Department” in most cases on first reference, reserving “Department of War” for quoted matter, or situations that require that level of formality.

But that isn’t the part that interested me. When you talk about government agencies, no one cares about the name. They care about…the ACRONYM.

The correct acronym for “War Department” as used on the War.gov flagship website, which uses the AP Style as standard, is “DOW” with an uppercase “O” in the center; use on second reference after “War Department” or when the standalone acronym suffices depending upon use. Do NOT use “DoW.”

Which goes to show you that even military officials cower before style guide enforcers.

Except…

Use of Name, Part Two

The “Use of Name” section continues with one more paragraph.

The correct acronym for “War Department” in official written department communications, including but not limited to news releases, speeches, transcripts etc., including those published on War.gov, is “DoW” with a lowercase “o”, Do NOT use “DOW” in these types of products.

Talented editors can parse this, but the rest of us need to think through this a bit.

A style guide on War.gov is referred to as a “DOW” style guide.
But a news release that’s published on War.gov refers to “DoW.”

But what if the Associated Press (which presumably follows the AP Style) refers to a news release that is posted on War.gov? Does the writer use “DOW” or “DoW”?

Not Unbreakable: Oracle’s Chief Security Officer Mary Ann Davidson Steps Down

A Greek oracle with a red glow remains unbreakable in the surrounding devastation.

According to the Economic Times, Oracle’s Chief Security Officer Mary Ann Davidson is no longer with the company.

This may mean nothing. On the one hand, Davidson had been with the company a long time, having joined Oracle in 1988 AFTER a career in the US Navy as a civil engineer. So perhaps she just retired.

Then again, Larry Ellison is 81 years old, so people don’t HAVE to retire.

And it appears that Davidson’s departure wasn’t announced in a press release, but was buried in a June filing.

The one word associated with Davidson is the word “unbreakable.”

“[D]uring a 2002 interview with Businessweek, she described the challenges of making sure the firm’s products lived up to a marketing campaign envisioned by Ellison that touted the company’s products as ‘unbreakable’….She explained at that time, saying, ‘‘Unbreakable’ gives us something to live up to,’ adding, ‘It really does concentrate the mind wonderfully. The general thought is don’t embarrass the company. Nobody wants to be the group that makes us violate it.'”

(And yes, the red glow in the unbreakable oracle in the picture is intentional. If you have ever attended a San Francisco Oracle OpenWorld with hundreds of red and white banners, you’ll understand…)

FBI, DoD, DHS, and Other Biometric Standards

(Imagen 4)

When I started in biometrics 30 years ago, the most important operational biometric standard to me was what was then called the Electronic Fingerprint Transmission Specification or EFTS, published by the Department of Justice’s Federal Bureau of Investigation (FBI).

Record types from the 1993 ANSI/NIST standard.

Unlike the ANSI/NIST biometric data interchange standard, the EFTS can actually be used out of the box to transmit data. The ANSI/NIST standard doesn’t define any “Type 2” fields, nor does it define any “types of transactions” (TOTs). EFTS did.

Other standards

But the EFTS, now the FBI’s Electronic Biometric Transmission Specification or EBTS (downloadable here), isn’t the only biometric transmission standard derived from ANSI/NIST.

State police agencies have their own law enforcement transmission standards. Here’s New York’s version (PDF).
Other U.S. federal agencies such as the U.S. Departments of Defense and Homeland Security have transmission standards.
Other countries have their own transmission standards.
Multinational agencies such as INTERPOL have their own transmission standards.

Luckily all the different standards have some basic similarities, but if you have a mobile biometric device that must submit to DOJ and DoD and DHS, you need to switch to the proper profile for each submission.

Last week I downloaded two different standards so I could understand the TOTs. I would have downloaded a third, but the agency restricts its distribution.

Word up

But I will tell you the biggest frustration I have with the standards.

In the EBTS and some other standards, there is a type of transaction referred to as “Criminal Ten-Print Submission (No Answer Necessary).” The abbreviation for this TOT is CNA.

Microsoft Word in default mode auto-corrects this from CNA to CAN.

CMOs, I can help you

But I’ve overcome this frustration over 30 years of immersing myself in all things biometric-translation related. This experience is benefiting a Bredemarket client that communicates with end customers regarding many of these standards.

Can my experience benefit you as your organization produces content, proposal, and analysis materials on a deadline? If Bredemarket can help you catch up or get ahead, let’s talk.

Stop losing prospects! Use Bredemarket content for tech marketers

Tech marketers, are you afraid?

The Nomad Returns

My nomadic journey has ended.

The relative’s outpatient surgery was a success, and recovery is progressing.

Meanwhile, I met with one client and advanced several client product marketing projects, including a requirements document (done those for years), some product talking points (done those for years), a price/cost/supplier exercise (done those for years), and a project status report (done those for years).

I also published four Bredemarket posts (including this one) and the usual assortment of social media content on various channels (with the exception of one).

U.S. persons should pay special attention to my coverage of IDGA’s DoD/DHS border security report (blog, Substack, elsewhere).

I think I need a vacation.

Tracking 2025 Changes to U.S. Border Security Policy

Among the available downloads for the Institute for Defense and Government Advancement’s (IDGA’s) upcoming Border Technology Summit is one entitled “Tracking 2025 Changes to U.S. Border Security Policy.”

“In conjunction with a new administration in the White House, operations on U.S. borders have shifted drastically in 2025. Figures from Customs & Border Patrol (CBP) show apprehensions at U.S. borders are higher than they were at this time a year ago, and a recent travel ban has restricted entrance into the U.S. for citizens from 12 countries.

“In its first six months, the Trump administration has moved quickly to mitigate what the White House is calling an “invasion” taking place on the southern border. On Inauguration Day, January 20th, the new administration moved quickly to sign a handful of new policies directed towards American borders. This report will highlight how executive orders, CBP mission areas, and DoD actions on the southern border have established a new normal for American border security. The first section will look at the instructions explicitly laid out in the executive orders signed by President Trump.

“If you are interested in learning more about the future of border security, register for IDGA’s Border Technology Summit taking place September 23-24 in San Diego, California. The two-day summit provides a forum to explore the latest advancements in border security technology. This year, we are focusing on engaging our audience with high-level discussions surrounding advancements in biometrics, non-intrusive inspection, smart walls, current and future operations of border security, and much more.”

This download and others are available via this page: https://www.idga.org/events-border-tech-summit/downloads

Words Matter

The sequel to my original post on “memorial” and “Memorial Day” is a reel.

“In Flanders Fields” played by Ian Wong.

Riverside National Cemetery picture Sigris Lopez, CC BY-SA 4.0. Source.

Riverside National Cemetery.