Election Day this past November 8th delivered at least two surprises so far.  First there was Donald Trump capturing enough electoral votes to win the Presidency over Hillary Clinton, when polling showed she was going to prevail.  Then in the weeks following the election we have all learned through leaks to the Washington Post, New York Times and NBC News that the CIA “assesses with high confidence” that Russia, with the direct involvement of President Vladimir Putin, was cyber hacking with the purpose of defeating Hillary Clinton.   And I thought we dodged a cyber bullet on Election Day because there was no massive infra-structure attack aimed at either making it difficult for people to get to the polls or to cause the wall to wall news coverage to question whether or not votes were being accurately recorded.

In retrospect Russia’s hacking and apparent intentions should not have been a surprise since the FBI warned the Democratic National Committee (DNC) in September 2015 that it was being hacked.  Then a month before Election Day on October 7th DHS and ODNI issued the following joint statement about Russian interference with our elections.

The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.

Clearly the Intelligence Community both detected and warned in sufficient time that Russia was using cyber techniques to interfere with our Presidential Election.  However, other than President Obama privately telling President Putin at a G-20 Conference in September 2016 to “cut it out” we have learned at a Presidential Press Conference on 15 December no actions were taken to either stop the Russian hacking or to better  inform the US electorate what was known about the purpose of the hacking.  Given the amount of information leaked to the  media post-election about the purpose, intensity, and Russian leadership involvement it seems fair to ask why was not more done before votes were cast to at least “name and shame” Russia for its interference with our Presidential election? Two juxtaposed answers come immediately to mind:  the intelligence was more circumstantial than direct or the intelligence was so solid there were concerns about compromising useful sources and methods.

For reasons opaque to me someone at the CIA has decided now that the votes have been counted and certified that they should unofficially and anonymously share with the American people that there is direct intelligence confirming Russia’s hacking of the DNC with Putin’s knowledge to undermine the candidacy of Hillary Clinton.  Russia has responded that without proof these accusations are “unseemly” while Donald Trump has tweeted he does not believe what the CIA is providing informally to friendly journalists.  Many are characterizing this as the President Elect throwing the IC under the bus to protect Putin.

I am not sure which infuriates me more:  Vladimir Putin trying to affect the outcome of our Presidential election or learning about it from leaks to the media by the CIA.  I understand Putin’s motives in terms of pursuing Russian national interests, but what are the CIA’s motivations?  Perhaps concerns that it not be seen as at fault for the failure of policy makers to respond earlier to Russia’s election hacking?  Or could it be the IC wanting to distance itself from Secretary Clinton’s failure to achieve the Presidency?  What about frustration with the reality that former DIA Director LTG Michael Flynn as National Security Advisor will be filtering intelligence and blocking IC leadership’s daily access to the President?

No matter what the reasons are, the results of these CIA press leaks about Russian election hacking are proving to be toxic for the IC, if not the nation at large, for the following reasons:

  • The IC actions look partisan and to Trump voters as trying to delegitimize their candidate’s election
  • There is an inference without evidence that the Russian hacking materially contributed to Hillary Clinton losing the election, i.e. the hacking worked
  • Not wanting to brief the Intelligence Committees in the House and Senate or the Electoral College on the specifics of the Russian hacking raises doubts about how definitive the intelligence is regarding Putin’s involvement and intentions to defeat Hillary Clinton
  • Because of the leaking of intelligence strongly indicating Russian interference with the 2016 election, there will be both Executive Branch and Congressional investigations into the validity of the intelligence developed as well as investigations into who was responsible for leaking this information and for what reasons
  • Using the media so it can control the narrative on Russian election hacking deepens and steepens Donald Trump’s already well developed distrust of the IC

With President Obama looking ineffective, President Elect Trump being openly contemptuous of intelligence, and the IC appearing to be deviously partisan, Vladimir Putin comes out of all this with a “twofer.” Besides achieving his strategic aim of undermining confidence that votes cast for President reflected the will of the American people, the subsequent fallout from the political debate about Russia’s election hacking has widened the trust divide between Donald Trump and the IC.

Of course the bigger story here is the continuing systemic cyber vulnerabilities of the United States, which is amplified by the lack of both a coherent strategy and effective capabilities to protect our government institutions, our national security, our financial stability, and our sensitive personal information.

That’s what I think; what do you think?


The Weather at DoDIIS 2016: Partly Cloudy with a Chance for Digitization

This edition of Mazz-Int is an abbreviated version of my seven page summary of the DoDIIS 2016 Conference.  If you would like the full summary send me an email at mazzafro@gmail.com with “Request DoDIIS 2016 Summary” in the subject line.

DoDIIS Worldwide Conference 2016 convened in Atlanta, Georgia from 31July to 03 August at the Georgia World Congress Center.  The theme for DoDIIS 2016 was “Mission Integration at the Speed of Operations.” The conference drew 200 exhibitors (230 in 2015) and 2300 attendees (1600 in 2015).  Less than 400 participants were government “blue badgers” of which only 90 where from DIA.  The entire agenda for DoDIIS 2016 was UNCLASSIFIED.

DNI James Clapper, DIA Director Lt Gen Stewart and USDI Marcel Lettre were all restrained in their comments and collectively seemed to be intent on making “no news” at DoDIIS. In a phrase they were “aggressively politically correct.” They made no projections regarding even near term events involving the Intelligence Community.

The three Combatant Commander, Gen McDew (TransCom), Admiral Harris (PACOM), and Admiral Haney (StratCom) all spoke about the importance of information to executing their mission responsibilities, but only Admiral Harris spoke directly to the utility of DoDIIS.  Admiral Harris was speaking for all his fellow Combatant Command Commanders (CoComs) when he said intelligence needs to be pared down to what I need to know about a subject/issue, in a time frame that allows for action to be taken, in a format that is easy to consume, and is shareable.

The IC CIO Panel, which I moderated, was upbeat both about where IT is in the IC and where it is heading.  Particularly in the breakout sessions, however, I detected a subtle sense of moderating expectations for ICITE, where no metrics, schedule, or cost issues were discussed.


  1. “We are in age of expeditionary intelligence! Places not bases.” Sean Roche CIA Associate Deputy Director for Digital Innovation
  2. “Stop forging a new path with an old map.” Janice Glover-Jones DIA CIO
  3. “The IT Enterprise is under near continual attack.” Colonel Bruce Lyman CIO Air Force ISR
  4. “The world still calls 1600 Pennsylvania Avenue.” US Transportation Command Commander Air Force General Darren McDew
  5. “DoDIIS is the backbone for Combatant Command decision making.” US Pacific Command Commander Admiral Harry Harris



  1. NSA will be primarily a user of its own GOV Cloud for mission, which it is funding predominantly without Intelligence Community (IC) augmentation. This is because most NSA’s mission workloads are not supported by Commercial Cloud Services C2S and run 24 x 7 so there is no cost advantage associated with elasticity.
  2. DTE II is several months behind schedule due to testing; rollout schedule for FY 17 not firm yet but DIA and NGA will be refreshed with DTE II in FY 17
  3. Migration plans to ICITE (like technical roadmaps) are the responsibilities of the individual service providers and their contractors. There is no consolidated ICITE migration plan
  4. IC CIO’s all agree that there is no realistic alternative to ICITE

IC CIO Panel

  1. Commercial Cloud Services (C2S) will reach 100% capacity in 2017; 1600 developers are now using C2S
  2. ICITE has moved out of being in the acquisition phase and is now focused on driving adoption by showing mission value.  The IC is too far into the ICITE journey to turn back
  3. IT as a Service/Performance based contracting is not something the IC is comfortable with because the Statement of Work (SOW) must convey in detail what the government is expecting in terms of performance/outcomes and how to value that performance.
  4. Cultural challenges to ICITE adoption and digital transformation
    1. Developing trust in other agencies through reciprocity to compensate for the loss of control
    2. Comfort with the status quo
    3. Decoupling control and complexity from effectiveness
    4. Understanding risk and opportunity costs

Digital Transformation appears to be the new IT focus area of the DoDIIS Community if not the entire IC’s, but if I heard a definition or description I don’t remember it.  I know there wasn’t any discussion at DoDIIS 2016 about a strategy or a plan for how to accomplish a digital transformation within the IC.  At this point it is a vision statement to guide planning and decisions

Based on it being declared IOC in advance of a new administration and a new DNI, ICITE is at an inflection point where it has to show value or it will suffer the fate of IC-MAP, Trailblazer, and GeoScout.  Showing how C2S, GovCloud, DTE, and the Apps Mall can work together to answer IC mission questions quickly and effectively is what will bring users to ICITE as was the case with JDISS, JWICS, and Intelink.  The DIA leadership and the IC CIO’s at DoDIIS 2016 all understand this.

Based on the comments of all three Combatant Commanders who spoke at DoDIIS, shareable intelligence for allied and coalition warfighting partners is an underserved area.  Write for release, automated foreign disclosure processes and cross domain security solutions to address the CoCom’s demand for shareable intelligence needs to be an agenda item for DoDIIS 2017.

That’s what I think; what do you think?

A Vortex Caused by the Confluence of Terrorism, Domestic Violence, and International Volatility

For those who don’t remember it we seem to be living through a not so well produced reprisal of the long hot summer of 1968.  Back then we were four years into the Vietnam War which was going badly; the Soviet Union was ascertaining the Brezhnev Doctrine in Czechoslovakia; in the aftermath of Martin Luther King’s assassination the Black Panthers were calling for violence against whites; and protest demonstrations at the Democratic National Convention turned violent.  Fast forwarding to the present, Mark Twain appears to have been right:  history doesn’t repeat itself but it does seem to rhyme.

I am not sure if the period from 7 to 17 July 2016 is historic or just frightening, but the events of these 10 days have been traumatizing and confusing in a way I have not sensed in America since the 9/11 attacks in 2001.  With the police shootings in Dallas and Baton Rouge on 7 and 17 July, respectively and the horrific carnage in Nice on  July 14th caused by single terrorist driving a 21 ton commercial truck at high speed down a crowded promenade, the American people (still with San Bernardino, Orlando, Brussels, and Paris in their recent memory) don’t know if their safety is more threatened by ISIS terrorists, self-radicalized lone-wolf Islamists, Americans with a domestic agenda, or police officers with a hair trigger anxiety.  We are in a vortex caused by the confluence of terrorism, domestic violence, and international volatility.

This domestic unease is only made more acute by an international environment that that is growing increasingly unpredictable and worrisome.  In this same 7 to 17 July time frame China raised the potential for confrontation when it rejected a Hague 12 July ruling that its claims to maritime sovereignty in the South China Sea are without merit; the British referendum to leave the European Union (Britex) resulted on 13 July in the relatively unknown Theresa May replacing David Cameron as Prime Minister; and on 14/15 July a failed  coup in Turkey will allow ( at least in the short run) President Erdogan to make his regime both more autocratic and Islamist. Already China is warning that any effort to challenge its sovereignty claims in the South China Sea will be forcibly resisted. It remains to be seen what the impact of United Kingdom’s departure means but it doesn’t strengthen either the European Union or NATO as Russia begins again to assert itself in Europe.  Erdogan’s post-coup purges of secularists from the government and armed forces raises questions about how dependable Turkey will be going forward in the fight against ISIS and in managing the flow of refugees coming to Europe.  Regardless, I am relatively certain that the immediate ramping up of attacks on American citizens and the police officers protecting them while the national political conventions are going on will turn America’s attention inward.

In a sound bite, everyone who has not “checked out” for the summer senses imminent danger but doesn’t know where the threat is coming from or how the government can protect them, so nobody feels safe.  Some say this is just the new normal and we have to get use to any large gathering being a potential shooting gallery.  The alternative is to use massive data collection (OK, surveillance) available to us in combination with high performance computing and machine learning to deter, detect, and disrupt those planning mass murder to advance some cause.

Certainly the terrorist violence the world has experienced in 2016 coupled with the targeted shootings of American police officers this July has both the law enforcement and intelligence communities redoubling their efforts to protect the Republican and Democratic National Conventions from life threatening violence.  Nice reminds all those attending or responsible for the safety and security of the conventions in Cleveland and Philadelphia that individuals using fire arms and explosives is only one of many ways death, injury, or chaos can be visited on these high visibility events.  Anthrax, drones, and cyber come immediately to mind as low cost/high impact yet to be used ways of striking citizens or cops to cause fear and disruption if not death and destruction.

The rising level of ISIS related terrorist attacks, of course, is neither new nor surprising. Earlier this year, ISIS spokesperson Mohammad al-Adnani, said, “While, we’re being reduced on the physical battlefield, the caliphate is physically shrinking. So, you should take the battle. Don’t come to Iraq and Syria, take the battle to wherever you are and attack infidels wherever you are.” CIA Director John Brennan in his 16 June testimony to the Senate Select Committee for Intelligence (SSCI) warned:

The group’s [ISIS’] foreign branches and global networks can help preserve its capacity for terrorism regardless of events in Iraq and Syria. In fact, as the pressure mounts on ISIL, we judge that it will intensify its global terror campaign to maintain its dominance of the global terrorism agenda.

It mystified me that none of the senators nor any media pundits observed in the moment (or since) that if this is true (as events are proving it to be) then our strategy of fighting ISIS “over there” is actually making them more dangerous “back here!” Perversely, our ongoing military efforts to “degrade, disrupt, and defeat ISIS with military operations in Iraq and Syria are not achieving their strategic intent of reducing terrorism in CONUS to the nuisance level.

Adding to the danger of the ISIS terrorist threat is the lone wolf targeting of police officers as vigilante responses to black males being shot while being taken into police custody.  I am sure it has already occurred to ISIS and its sympathizers in the U.S., that if they too begin to take action against cops they could enflame violence between white and black radicals as we move towards our national elections in November.

The current comingling of domestic violence with ISIS inspired terrorism by US citizens (San Bernardino and Orlando) tells me that the systemic seam that exists between domestic and foreign intelligence in the US Intelligence Community (IC) makes it harder than it should be to thwart either terrorism or domestic violence.  This is because seams in national security are where bad things go to happen.

Finally, the question – or is it an opportunity? – raised by this current month of discontent is this: Are the American people willing to debate as part of the Presidential electoral process  the pros and cons of more government surveillance in exchange for increasing the chances that intelligence agencies and  law enforcement can afford them more protection and security?  Surely San Bernardino, Orlando, Dallas, and Baton Rouge tell us it is irresponsible in terms of public safety to limit intelligence and law enforcement to surveillance of foreign nationals as it becomes seemingly impossible  to discern who is a domestic criminal from an ISIS terrorist.  Without doubt their motives are different, but criminals and terrorists (whether foreign or domestic) are using the same tactics, techniques and procedures (TTPs) to threaten our national peace and tranquility in order to advance their causes.

However, if the bar for “probable cause” is to be lowered to enable more effective surveillance and investigation against those persons foreign or domestic who mean to do us arm, then the government standards for transparency also need to be raised accordingly.  This transparency must inform the American people who is subject to what forms of surveillance for what purposes and how personal information will be protected from inappropriate access.  To prevent abuse, oversight of any  broader surveillance powers granted to the Intelligence Community for homeland security will need to be rigorous, independent and subject to public review.

That’s what I think; what do you think?