The 2018 DoDIIS Worldwide Conference 2018 convened in Omaha Nebraska from 12 to 15 August at the CenturyLink Center where the theme was “Data as a Weapon System: Revolutionizing Intelligence.”  There is some metaphysics to unpack when it comes to understanding “data as a weapon system”, which was not deeply explored at DoDIIS 2018, but it seems to me that in the information age data is moving beyond enabling the use of kinetic weapons to impacting combat outcomes where data (including software and algorithms) itself has a material impact on the conflict. All the DoD speakers referenced the National Security Strategy (NSS) in their remarks, noting that data was important to achieving its three tenets of increasing lethality, enabling partnerships, and improving business operations.

My major take away from all the presentations at DoDIIS 2018 is that data is the critical element for mission success by both intelligence producers and consumers (specifically Combat Commands) in the information age.  There was also a strong undercurrent though that the Intelligence Community (IC) is currently not as capable as the U.S.’ adversaries or the domestic private sector at using data effectively.  Several speakers warned that “time is not on our side.”   In his conference keynote DIA Director US Army LTG Robert Ashely observed that what intelligence consumers want and DIA is trying to achieve with its Machine-Assisted Analysis Rapid-Repository System (MARS) is contextualizing intelligence so that it can provide dynamic situational awareness, enhance deeper understanding, and be more predictive.  By “contextualizing” the DIA Director means using data to find other data relevant to the matter at hand and more quickly to the “so what” or what the data is telling the analyst.  Echoing the Director words, DIA CIO Jack Gumtow observed that data is the future and MARS is how DIA intends to “weaponize data.”

In an hour long break out session that was well organized, DIA’s MARS Program Manager Terry Bush and DIA CIO’s Data DISL (Defense Intelligence Senior Level)  Mac Townsend provided a high level overview on why MARS is necessary and what it needs to be able to do.  In an interactive discussion they offered the following:

  1. MIDB was last re-engineered 22 years ago; DIA has been preparing for MARS/MIDB-T for three years
  2. Current Data Governance is inflexible and needs to be changed for MARS to be successful
  3. MIDB touches all parts of DoD as a source of foundational intelligence
  4. The MARS team understands
    1. Today intel producers are also intel consumers and intel consumers are intel producers
    2. Intel producers and consumers are no longer limited to people but include machines as well
  • Intel consumers today operate in multi-domain changing environments
  1. MARS goes beyond MIDB as a data base as it is a data model and architecture with multiple capabilities to make associations MIDB is currently not capable of. MARS must be able to:
    1. Scale to all the data
    2. Must have a flexible data model
  • Be adaptable to provide new capability
  1. And since DODIIS I have learned will need an “object based” storage architecture
  1. Modern caching technology will enable MARS to deliver “data to the edge”
  2. Guard technology will be employed to provide MARS with cross domain security (CDS) capabilities, which I found curious given the migration in the private sector to software defined networks
  3. The MARS team is exploring ledger block technology for access control to data
  4. MARS/MIDB-T represents a “once in an era” opportunity to impact how data for intelligence is ingested, stored, analyzed, and made available and disseminated

From this overview it was clear to me that the DIA MARS Team has a well-developed conceptual understanding of what it wants MARS to be capable of, but is a long way from translating that understanding into clear Request for Proposal (RFP) language that will tell the DIA industrial base what the technical and performance requirements are for MARS and how they will beevaluated.  Based on my experience with NSA’s GREENWAY Program, I expect it will take several RFIs and draft RFPs before a final MARS RFP will be ready.  Given the mission significance of MARs to DIA and the need for near term success, the pros and cons Data as a Service (DaaS) should be rigorously investigated. If successful, MARS will be as important to the broader IC as JWICS has proven to be

In my DoDIIS 2017 summary I observed, that “becoming more data centric vice IT or network centric was an embedded message throughout that conference, but data centric was neither defined nor described.”  This year “data as a weapon system” was not defined and spoken to throughout DoDIIS 2018 as though the concept of “data as weapon system” is well understood.  While all the senior military officers at DoDIIS 2018 carried forward from 2017 the theme that the IC in general and DIA in particular must accelerate its operationalization of Machine Learning (ML) and Artificial Intelligence (AI),  this year I discerned a deeper sense of urgency from them in Omaha.  Sub-rosa there was also a message, particularly but not exclusively from SOCOM’s General Thomas, that alternatives cost effective sources of data are becoming available that have the potential to make IC’ data increasingly redundant.  The IC’s industrial age operating model needs to change to be more like that of information age content providers.

As with DoDIIS 2107, there was no discussion at Omaha this year by any IC senior regarding the NDAA that was signed by President Trump as DoDIIS 2018 was opening, suggesting to me that IC funding is not a leadership concern.   IC ITE was mentioned only by ODNI speakers and without reference to metrics, effects delivered, or costs.  I was surprised that USDI’s pilot Project Maven was barely referenced in terms of how ML and AI can be used to deliver better intelligence effects.   While there was the usual commentary regarding the importance of DIA partnering with industry, no one expressed concern about the work forces at IT technical leaders such as Google, Apple, and a number AI startups not wanting to be associated with furthering national security missions.


  • “Data is the new black” Sue Gordon PDDNI
  • “The IC is not suffering from a shortage of data” Dana Deasy DoD CIO
  • “You guys suck at deep learning and cognition” Google CEO Eric Schmidt as conveyed by SOCOM Commander USA General Thomas
  • “Only two percent of IC data is discoverable” Annette Redmond, State Department INR Director Technology and Innovation
  • “[IC data] management capabilities are not mature enough for the IC to realize ‘data as an asset’” ODNI Study “Data for the IC Enterprise”
  • “MARS is a once in an era opportunity” Terry Bush DIA MARS Program Manager

There were two dominant themes running across all three days of DoDIIS 2018:

Ø  operationalizing process automation, machine learning ML and AI at scale across the IC so that they are inoperative is critical to the IC remaining a value added source of information

Ø  The IC is currently not well positioned either from a data management or technical basis to implement and take advantage of the benefits of ML and AI

I left Omaha confident that the DoDIIS community fully understands that data honed into useful information is the “ammunition” it brings to the fight, but I am less certain that DIA (or any other IC or DoD agency) it is ready to harness all the data available to create the decision advantage at the policy, operational, and tactical level we need to be certain of prevailing in today’s era of 5th generation warfare.  Said differently, MARS truly is a “space shot” for DIA, which is both risky and exciting!”

That’s what I think: what do think?

Book Ends

I have been on an extended hiatus not because there has been a paucity of topics to talk with you about, but mostly because I did not feel that I had anything to say that was worth of your attention.

Recently though I  finished reading Mike Hayden’s book “THE ASSAULT ON INTELLIGENCE: American National Security in the Age of Lies”  (https://www.amazon.com/Assault-Intelligence-American-National-Security/dp/0525558586/ref=sr_1_1?s=books&ie=UTF8&qid=1530751440&sr=1-1&keywords=assault+on+intelligence+by+general+michael+v.+hayden and Jim Clapper’s “FACTS and FEARS:  Hard Truths from a Life in Intelligence (https://www.amazon.com/Facts-Fears-Hard-Truths-Intelligence/dp/0525558640/ref=sr_1_2?s=books&ie=UTF8&qid=1530751440&sr=1-2&keywords=assault+on+intelligence+by+general+michael+v.+hayden).  Both are well written and informative for the general reader; but neither book makes any “new”  news with the content of each being familiar to all those conversant with current events, especially with regards to the U.S. Intelligence Community (IC) and the various investigations into Russia’s interference with the 2016 presidential elections.

Hayden’s book is a polemic while Clapper’s is an extended memoir, but they share at least four things in common:

  1. Each is a book length editorial where the authors draw conclusions about the Trump campaign and presidency from the facts as they see them


  1. Both express a similar sense of dismay and alarm regarding President Trump’s disregard for documented facts and the negative effect this has on the IC and FBI


  1. They each infer that the IC and the FBI are entitled to the benefit of the doubt because they are fact based and apolitical.


  1. Hayden and Clapper both believe they have a responsibility to warn the American people that their IC and FBI are being misused and abused

While both Hayden and Clapper admit that their “fingerprints” are on the Special National Security Estimate that Saddam Hussein’s Iraq possessed weapons of mass destruction (WMD), neither explains why President Trump (or the American people) should not be cautious when the IC claims it is speaking truth to power on the basis of intelligence determined facts. Regarding Russian interference in the 2016 election Hayden and Clapper both take President Trump to task (rightly so in my view) for not accepting the Intelligence Community Assessment (ICA), which the Senate Select Committee on Intelligence (SSCI) has now found creditable, that Russia’s interference was real and was meant to harm Hillary Clinton.  What they don’t do, however, is critically assess how well the IC performed in detecting this Russian interference, assessing its impact, or effectively warning the candidates, those responsible for insuring election reliability, or the American the people about what Russia was doing.  I know I would have appreciated their views on what effect an earlier U.S. response to Putin’s directed effort “to sow confusion and disorder” amongst American voters could have produced.

I thought both books were miss-titled.

A more descriptive title for Mike Hayden’s book would be “Donald Trump’s Assault on the Intelligence Community” because he focuses on the President’s behavior in the current environment of post factual American Populism. Hayden sees Trump as modeling bad behavior when it comes to putting beliefs before facts rather than seeing Donald Trump as representative of an electorate who want their beliefs acknowledged and acted on.  Jim Clapper’s memoir could easily be titled “Speaking Truth to Power” given how many times he uses this phrase to express what he sees as the core strength of the IC.  What the former DNI doesn’t say much about is the ambiguous and incomplete nature inherent in intelligence assessments and estimates.  Reading “Assault on Intelligence” and “Facts and Fears” I had to remind myself that competing agendas and careerism that can distort intelligence products are not unknown to the IC.

While defending the IC, neither book spends as much time as I would have liked addressing the competition the IC is currently facing as it is rapidly becoming one of many sources used by its consumer base.  There is virtually no discussion in either book on how the IC is disadvantaged by its dated information technology (IT) capabilities and practices, government bureaucracy and classification relative to private sector think tanks, online media, large corporations, and data brokers – – – all of whom can generate and deliver at least multi-sourced creditable reports in a timeframe relevant to consumers at lower costs than the IC.

What I also would like to have heard Mike Hayden and Jim Clapper say more about is how the IC could/should up its game with big data, high performance computing, analytics, and artificial intelligence so that it can be head of other “truth providers” in offering unique value added information that would compel decision and policy makers to seriously consider what the IC is providing.

In their defense of the IC, which I respect and applaud, it should not be forgotten that IC needs to recognize that it is now in a seriously competitive environment where its views of facts and truth are no longer given the credence they once were because they come from the IC.

That’s what I think; what do you think?


There has been no shortage of topics to discuss with you since my last MazzInt Blog in August, but I have been diverted by a household move sandwiched between trips to St Louis and Tampa.  We could revisit any number of topics that have been in the news since August such as President Trump’s trip to Asia, the deployment of three carrier strike groups to the Sea of Japan, impactful elections in both Japan and Germany, the Russian uranium deal, or developments in the Mueller investigation.

However what is on my mind right now is an AP article (thttps://wtop.com/government/2017/11/fbi-didnt-tell-us-targets-as-russian-hackers-hunted-emails-2/ ) that appeared over the Thanksgiving Holiday weekend regarding Russian Fancy Bear hackers targeting the personal gmail accounts of individuals with Top Secret security clearances.  This article is on my mind because the reporter who wrote the story told me before it appeared that I was one of Fancy Bear’s targets. Here’s what happened.

I was busy unpacking moving boxes on Friday morning 17 November when I got a call from the United Kingdom. The caller identified himself as Raphael Satter ((https://www.linkedin.com/in/raphaelsatter/) with the Associated Press (AP) and before I could ask why he was calling, he asked if I was Joseph Mazzafro and if my email address was mazzafro@gmail.com?  Since my email is widely known I confirmed who I was and that the email address he referenced was mine.  The reporter than asked me if I was aware of who Fancy Bear was, to which I responded affirmatively. He then asked me if I was aware that Fancy Bear had attempted to hack my gmail account in February 2015.  I said no, but because of my close association with the national security community over many years, I operate on the presumption that my emails are regularly being read by those they are not addressed to.

At this point I am asking myself – – – – what is this reporter looking for?  He then asked me if anyone from Google/gmail or the FBI had informed about me this attempted hack of my gmail account.  I said without hesitation that this call was the first report of any effort to hack my email that I have received. Mr. Satter then went on to explain that the private cyber security firm Secureworks (https://www.secureworks.com/) had developed a list gmail accounts Fancy Bear had tried to penetrate.  He mentioned some of the names which I immediately recognized as now retired leaders of U.S. Intelligence Community (IC) agencies.  Satter said he had spoken to some of them and like me they had not been notified by Google/Gmail or any government counterintelligence (CI) agency about Fancy Bear targeting their gmail accounts.  He then asked me how I felt about hearing this for the first time from an AP reporter to which I responded “No one has ever said to me ‘hey Joe you’ve been targeted by this Russian group.’” I continued “that our own security services have not gone out an alerted me, that’s what I find disconcerting as a national security professional.”   I then explained to Raphael Satter that I was not surprised that the FBI had not notified me because the hack was unsuccessful or they didn’t want to compromise sources and methods  From there the call ended pleasantly.

Dec Mazz Blog

Upon the call’s termination I realized immediately that this was something I should report to DIA as they held my clearance when this Fancy Bear attempted hack occurred.  I called a well-placed individual at DIA for advice and contact information on who I should report this interview from AP to.  When this person got back to me later on 17 November I was advised this was a CI verses a security issue but because I was no longer “affiliated” with DIA the DIA CI office did not have the authority to talk to me about Russian Fancy Bear efforts to hack my gmail or that I learned about it from AP reporter calling in London.  Apparently only the FBI can talk to me about this matter.  In the 10 days between Satter’s phone call to me and his story being run on the AP wire I expressed my concerns indirectly to DIA CI (remember they said they can’t talk to me) that nobody from the government had contacted me and I was concerned that when the story went public I would be seen as not having reported what happened in a timely manner.  I am still waiting to hear from somebody in the government regarding what an AP reporter told me about Fancy Bear attempting to hack gmail accounts of people who have had access to Top Secret Information.

Those who know me won’t be surprised that I have given what has happened (and not happened) to me considerable thought since this 17 November “cold call.”

I am certainly discouraged and confused that no one from the IC has responded to my effort to inform them that a reporter contacted me regarding Fancy Bear hacking attempts against people with known IC connections. I wanted the IC to be ahead of this story before it showed up in the media.  If Secureworks could uncover this Fancy Bear targeting campaign I would like to think that NSA and the FBI were already aware of it, raising the question of the government’s duty to warn American citizens of malicious foreign cyber intrusion attempts.  I am certain that because of the security clearances I have held I have an obligation to report to the government in a timely manner any threats to national security that I become aware of, but apparently when the threat is directed at me the government has no obligation to warn me.  It is not lost on me that one of the reasons those targeted by Fancy Bear didn’t get any notification from the FBI or other parts of the IC is so this hacking effort could be observed and followed, which could put my data and the data others who have served our nations faithfully at risk.  What is not clear to me is whether Google/Gmail was warned by the FBI or DHS about this Fancy Bear hacking effort apparently aimed at those associated with national security so these accounts could be protected.

What I am describing here is a microcosm of the debate that has been gridlocking an effective cyber defense of the United States for at least the past five years.  What is the appropriate quid pro quo for the private sector sharing cyber related activity it observes/encounters with the government in exchange for the government providing meaningful cyber threat information to the private sector?  This story about failure to notify individuals subjected to Fancy Bear Hacking of their gmail accounts will not increase the trust of most Americans that their government is prepared to warn them, if not actually protect them, when they are threatened by a foreign hacking campaign.

That’s what I think; what do you think?