The Future is Now?

There is no doubt that the situation in the Ukraine where Russian political and economic interests are pitted against those of Western Europe, and by extension to the U.S., is the most serious confrontation with Russia since the war in Kosovo.

I am amused, however, by the dust-up during the first week in March about whether the U.S. Intelligence Community (IC) provided adequate and timely warning that Putin would insert military force into the Crimea.  A vague sense of history coupled with “breaking news stories” should have told anyone even casually following events in Kiev that once Putin’s cohort President Viktor Yanukovych  was pushed from power there was a strong likelihood that Russia would use military force to “stabilize” the situation in what it believes is its sphere of influence.  Russia’s modern history of military intervention in its near abroad, whether under the Brezhnev Doctrine or otherwise, is long and undistinguished:  Hungry (1956), Czechoslovakia (1968), Poland (1980) Afghanistan (1979), Chechnya (1994 & 2000), and Georgia (2008).

Don’t get me wrong: I am not saying that the IC didn’t warn; to the contrary, I agree completely with DNI Clapper’s observation that we have all seen real intelligence failures and the IC’s coverage and warnings regarding developments in the Ukraine were timely and appropriate (http://www.wtop.com/215/3577171/Clapper-Ukraine-intelligence-not-a-failure).  Moreover, policy makers and military commanders did not have to rely on intelligence reports only as there were also plenty of warnings about Russia moving against Crimea in the media.  How many of you without access to classified intelligence reporting were surprised by Russian forces showing into Crimea without resistance?

Given the “common wisdom” of both the intelligence and open source reporting about the Ukraine and the Crimea, if I were the J2 at EUCOM I hope that I would have detailed an analyst or two to ferret out the indicators that the Russians would not move militarily into the Ukraine to make sure that the CoCom’s intel team could provide the staff with a balanced view of events and options based on intelligence empiricals.  If any intelligence service was surprised, though, it appears to be Putin’s who failed to see the strategic direction that political events in the Ukraine were taking.

Nonetheless, any controversy about U.S. IC warning performance post-Yanukovych’s departure just diverts attention from the hard problems facing the IC on the Ukraine.  There are at least two parallel but related issues I believe policy makers need immediate accurate intelligence on.  The first is who are the likely new political leaders in Kiev and are they capable of governing?  There is also the question of what form any “opposition” will take in the new Ukrainian government.  The second is what is Putin likely to do next?  Is the annexation of Crimea by Russia now inevitable?  If it is, what does that mean for the region?  If it is not what can be done to prevent the Crimea from becoming Russian territory again? Following close behind the importance of political developments in Kiev and the Crimea will be salient intelligence regarding the views of allies, neutrals, and adversaries in the region.  What policy makers won’t need is IC inputs on Putin’s potential course of actions, but rather insights from unique intelligence sources (i.e. real secrets) regarding what actions he is likely to take and the reactions they will cause in Kiev, Moscow, Brussels, Berlin, Ankara, Tehran,  Beijing, and whatever cave Ayman al-Zawahiri is operating from.

As the IC rallies to provide predictive intelligence on the Ukrainian situation it should be able to slew remote technical collection to the region, but the IC will find its tactical focus on the wars in Iraq and Afghanistan since 2001 means it won’t have collectors or analysts as familiar with their targets as they would like or need to be.  The IC will need to accept the reality that there is no “fast forward” button for experience.  Certainly we won’t have the HUMINT capability in place to provide its unique perspective on unfolding events – - – particularly who’s in and who’s out in Ukrainian domestic politics. Additionally the “rebalance to the Pacific” of US national security policy is at least a short term casualty as Defense, State, and the IC focus on the Ukraine while we continue working the withdrawal of US forces from Afghanistan.

Ironically, Russia introducing forces into the Crimea 72 hours before the release of the President’s Defense Budget for FY 2015 served to make the budget look as if it is detached from reality and un-executable.  Secretary of Defense Hagel’s position is that the budget assumes prudent risks now (i.e. cuts in force strength) so that the U.S. military can be a more balanced, capable, and ready in the future.  Current events in Crimea, along with China’s maritime aggressiveness in the South and East China Seas, North Korea’s continuing threat to stability in East Asia, Al Qaeda’s resurgence, and Iran’s unclear nuclear ambitions, however, are all shouting “the future is now.”

That’s what I think; what do you think?

2014 is Shaping Up as Year To Remember for the Intelligence Community

Happy New Year!  In the aftermath of Sequestration, Snowden, Benghazi, and the Government Shutdown, 2013 is a year that I suspect the Intelligence Community (IC) is collectively happy to have in the rear view mirror.  2014 will surely be better – - – won’t it?   I would like to think so, but given that events of 2013 have not yet fully played out I anticipate the IC will have another tumultuous time in 2014.

  • First it is a mid-term election year with control of the U.S. Senate in play which will present all kinds of political theater associated with IC issues and performance
  • The stability and predictability of the budget deal was paid for with an agreement to cut approximately $4 billion from the National Intelligence Program (NIP) and $1 billion from the Military Intelligence Program (MIP) in FY 14 with continued pain in FY 15. Should interest rates rise as expected there will be unplanned cuts coming to service the national debt which is not reduced by this deal.
  • Besides Syria, volatile civil violence has broken out in Iraq, Egypt, and the Ukraine, while Gaza and Lebanon continue to simmer.  Any of these conflicts could easily widen to regional conflicts with global impacts
  • The Sochi Winter Olympics is a venue for political statements through terrorist violence with Putin’s Russia likely to respond forcefully and indiscriminately
  • Iran’s agreement to curtail its nuclear weapons enrichment activities in return for relief from economic sanctions terminates in March,  unless there is mutual agreement to extend the deal
  • China and Japan continue to jockey with naval forces over conflicting claims to the barren rocks of Senkaku Islands in the East China Sea with the US 7th Fleet as the likely referee
  • North Korea remains as dangerous and as baffling as ever.  It is to early to tell if Kim Jung Un is his own man, or the puppet of Stalinist hardliners who see confrontation as the Hermit Kingdom’s best national security play
  • The withdrawal of combat forces from Afghanistan will create opportunity for the return of both “warlord rule,” Taliban provided safe havens for Al Qaeda, and increased opium cultivation
  • Whether there will be more Snowden revelations about NSA sources and methods remains to be seen, but there is no doubt that what has already been compromised is changing how NSA is viewed and will lead to a continuing Congressional debate about the balance between secrecy, security, and civil liberties that will feed into the fall mid-term elections.

So it looks like another year of growing demand for timely insightful intelligence with diminishing resources in an environment where 50 percent of the IC workforce is experiencing its first budget drawdown in an increasingly politicized environment.  Even without the NSA issues, 2014 appears poised to challenge the limits of the IC’s capacity, capabilities, and flexibility to discern and articulate the most serious threats to US national security.

Turning to NSA collection practices, the arc of the debate about the need for NSA to secretly collect the bulk metadata of all US persons phone calls to protect the nation from terrorist attacks has already begun to be scribed by conflicting federal district court decisions, the President’s Review Group’s (PRG) forty six recommendations, Presidential Policy Directive (PPD) 28, and the 2014 State of the Union Address.

  • In Klayman v Obama Judge Leon found NSA’s bulk collection of US Persons’ metadata an affront to James Madison that must end.  Conversely Judge Pauley in ACLU v Clapper views NSA’s bulk collection of US Persons’ metadata as constitutional and necessary to protect American citizens from terrorist harm.  It would seem that both those supporting the NSA’s current collection practices and those who want them reined in will petition the US Supreme Court for a resolution if the US Government does not.
  • The PRG finds that NSA’s collection practices against US Persons are legal, well functioning and necessary to protect the US from terrorist attack but then confusingly presents 46 recommendations for making program more transparent and effective
  • In President Obama’s January 17th announcement of PPD-28 he ignored most of the PRG’s 46 recommendations but did say that that NSA’s collection of US Persons’ metadata will continue because it is legal and essential to national security.  The President then pivoted to the concerns of small government and privacy advocates, recognizing that NSA’s bulk metadata collection was open to abuses so it needed to be more transparent and rigorously controlled.  Reviewing the President’s remarks and the text of PPD 28 I find myself agreeing with Potomac Institute’s Mike Swetnam that the President may be setting the context for change, but in fact is changing very little (http://www.potomacinstitute.org/homepage/news-releases/2613-presidential-directive-misses-real-threat-to-publics-privacy-says-institute-ceo).  In a sound bite PPD 28 directs that a privacy advocate be part of the FISA process, that access to and use of US Persons’ metadata be more closely monitored and everything else needs to be studied
  • In his State of the Union Address on 28 January, the President spoke obliquely about security and surveillance in only two separate sentences:
    • I will reform our surveillance programs, because the vital work of our intelligence community depends on public confidence, here and abroad, that the privacy of ordinary people is not being violated.
    • So even as we actively and aggressively pursue terrorist networks — through more targeted efforts and by building the capacity of our foreign partners — America must move off a permanent war-footing.

While many have heartfelt opinions about the direction NSA collection should take, I believe it is fair to say given the outcome of a yet to be scheduled Supreme Court Case, unfinished executive branch studies, legislation still in formation, and an incomplete public debate that nobody can reasonably foresee what the state of NSA’s collection authorities will be this time next year.   A reasonable question that is sure to emerge though in 2014 is:  If America is shifting to a peacetime outlook why should the Patriot Act and its Section 215 authority that is the legal basis for NSA’s warrantless bulk collection of US Person metadata be renewed?

That’s what I think; what do you think?

ICITE Observations

It seems I have taken October and November off for no apparent reasons other than my day job along with some pro bono work for the ODNI has taken up more time than I thought they would.  When I wrote my last edition of the MazzInt Blog defunding the Affordable Care Act (ACA, aka ObamaCare) was the cause célèbre engaging the Congress as it was trying to avoid a government shutdown. They famously failed and now in the waning legislative days left before the winter holiday recess the Congress is again struggling to get some kind of budget deal in place before the current continuing resolution (CR) runs out on 15 January.  So far over the past two years I have not lost any money betting that the Congress will avoid hard budget choices and eventually agree to a CR with some adjustments.

In the mean time President Basher al Assad has agreed to the enforced destruction of Syria’s chemical weapons in order keep his regime in power and stem international support for the rebels.  Similarly, Iran has agreed to reduce its nuclear enrichment program for six months to get economic sanctions relief and put Israel in a position where it can’t militarily move against the Mullahs’ nuclear weapons program.  Then there is President Kharzhi refusing to sign the status of forces agreement necessary for residual US forces to remain in Afghanistan post withdrawal of combat forces at the end of 2014.  No worries, I am sure a few billion dollars in some kind of aid that he can personally tap into will get this all on track.  Meanwhile over the Thanksgiving Holiday weekend China established a controversial Air Defense Identification Zone (ADIZ) of the East China Sea to thwart Japan from asserting control over the disputed Senkaku Islands north of Taiwan.  In classic Cold War fashion the US immediately challenged this new ADIZ by flying two B-52 (BUFs) into it for over two hours causing the PRC to establish active fighter aircraft patrols in response. This gets dicier when we deploy a carrier strike group into the East China Sea ADIZ and the Peoples Liberation Army Navy (PLAN) responds with surface ships to interfere with flight operations.

Since the government reopened on 18 October though, the dominant national news story has been the botched rollout of Healthcare.gov so especially young healthy Americans could sign up for medical insurance under the Affordable Care Act (ACA).  Both opponents and proponents of the ACA were amazed and dismayed that the Information Technology (IT) necessary to allow uninsured Americans to sign up for the President’s signature program literally did not work because of flaws in the design, development and testing of what is admittedly a complex web site.  This got me thinking about how the DNI’s signature IT initiative  – - -  Intelligence Community Information Technology Enterprise (ICITE; pronounce “eye sight”)  – - -  is doing?  For the record, I view ICITE as essential for delivering an enterprise IT environment required to produce the high quality intelligence needed for decision superiority in the information age that is foundational to the IC remaining relevant.  As PDDNI Stephanie O’Sullivan says about ICITE:  failure is not an option!

In this spirit I have been listening since AFCEA’s Spring 2012 Intelligence Symposium to IC seniors (DNI, PDDNI, ODNI CIO, Agency Directors and CIO/CTO’s) talk about why ICITE is the critical path for moving the IC closer to the integrated end state that all agree with the DNI is necessary for producing better intelligence at lower costs.  What I have not heard any of these seniors say though, is why ICITE will succeed when recent IC IT enterprise efforts such as IC-MAP, GeoScout, Trailblazer, Horizontal Fusion, and JIVA failed to deliver on promised capabilities.  When asked this question IC seniors consistently answer along the following lines: IC leadership is fully committed to ICITE succeeding, budget pressures, and we have burned the boats/we have no other option/failure is not an option.  These bumper sticker responses, however, just reiterate the strategic importance of ICITE to the IC’s collective future without telling anyone how ICITE will avoid the pitfalls of size, cost, interoperability, security, schedule, and program management that got ICITE predecessors “over the breakers.”

But wait, the IC Deputies Executive Committee (DEXCOM) under the leadership of the PDDNI meets weekly to actively steer the direction of ICITE and neither IC-MAP nor those other programs ever had that!  I would feel more confident about the weekly involvement of the DEXCOM in ICITE if the Liberty Crossing II (LX II) “green door” was more transparent regarding decisions being made and the direction being given to individual IC agencies with ICITE Service Provider responsibilities.  Perhaps I have just not been paying attention, but I am not aware of any ICITE activity traceable to DEXCOM direction.  Then there’s the issue of an ad hoc committee of IC Deputy Directors with immediate personal and budget issues to deal with being the management team for a complex and technical effort like ICITE.  Seems like given its importance, running ICITE should be somebody’s full time job.

The DNI regularly describes ICITE as being about tagging the data and tagging the people so information and products can be shared and collaborated on securely across the IC.  Despite the DEXCOM’s prodding, ICITE technical standards for data tagging, security protocols, and identity management have yet to be agreed upon let alone tested.  The cost model for ICITE services and the processes for service providers to be reimbursed for the IT services they provide to other remains under consideration.  Since nothing has been promulgated in open channels, I am presuming ICITE’s acquisition strategy is classified, though I am not sure why it would need to be.  Given that ICITE is going to be developed and delivered as piece parts by individual IC agencies as service providers I am also wondering who/where/how it all gets integrated?  A testing plan for ICITE also needs to be developed, particularly in light of the Healthcare.gov experience.

In its current state and critical importance to IC mission accomplishment, ICITE in corporate speak seems to need an accelerated and vigorous “get fit” program before it can achieve its goals.  Not that anybody is asking (or going to ask) me, I would recommend that the IC DEXCOM direct a strategic pause in order to bring in subject matter experts from across the government (not just the IC) and industry to “RED TEAM” ICITE in order to discern what is working and why, as well as what is lagging and how to correct it.  What the IC doesn’t need is a Walter Pincus column on ICITE missteps or to be answering HPSCI and SSCI questions about why with its importance ICITE can’t deliver basic IT functionality such as Single Sign On (SSO), secure access to data based on identity, authorities, and permissions or is unable to deploy 100,000 Desk Top Environment (DTE) workstations in less than two years.

As the Secretary for Health and Human Services (HHS) now knows, what the DNI can’t allow to happen is for intelligence agencies to be in the situation where ICITE is costing them more than they were spending on IT and providing less capabilities than they had before.  The Healthcare.gov experience is a warning shot across ICITE’s bow that should be heeded!

That’s what I think; what do you think ?