2015 Will Be Like 2014 — Just Different

The holidays this year were unusually kind to the Mazzafro family, and I hope the same is true for you and all who matter to you.

No holiday though for world events that affect and effect our national security and personal safety.  While there have fortunately been no ISIS beheadings since our last virtual encounter, the last two weeks of December ushered out 2014 with several events that will surely impact the national security scene in 2015.  As the price of oil continued to drop driving the Russian economy into chaos, President Obama diplomatically recognized Cuba to mixed reviews in both countries.  There was a lone wolf terrorist hostage situation in Sydney Australia that resulted in two dead, while the Taliban attacked a school in Peshawar for Pakistani military children killing 141 (132 children).  All of this was unfolding as North Korea concocted a high visibility cyber hack against Sony Picture Entertainment (SPE; previously Columbia Pictures) to prevent the release of the feature film “The Interview,” which is a comedy satire imagining that two reporters acting on behalf of the CIA assassinate North Korea’s “Boy Leader” Kim Jung Un.  The cyber hack against SPE’s intellectual property, business records, and emails was followed by threats of physical violence against theaters screening “The Interview” on Christmas Day.  The US-led NATO combat mission in Afghanistan formally ended but with 11,000 troops remaining, while the general leading the fight against ISIS said things are going well, but that it will be at least three years before we can stand-down.  Not surprisingly the polemics about the Senate Select Committee for Intelligence (SSCI) majority report on the use of Enhanced Interrogation Techniques dissipated with the adjournment of the 113th Congress.

So given all this, here is a potpourri of what I think we can expect to see in 2015:

  1. The Sony Hack is likely to be the seminal cyber event that causes both the US government and the private sector to get serious enough about cyber security to encourage the Congress to pass bi-partisan legislation that will require the sharing of threat information between corporations and government agencies with cyber security responsibilities.  Moreover, there will likely be a robust debate about what constitutes “cyber vandalism” as opposed to “cyber terrorism” and when a “cyber-attack” is an act of war?  Presumably, this debate will educate the American people regarding when and how they can expect their government to protect them in cyber space.  I also believe that the Sony hack and privacy concerns raised by the Snowden revelations will cause a rapid adoption of data encryption by virtually all Fortune 500 companies around the world and a significant number of individuals as well. As for North Korea, I would not be surprised to see a more open struggle emerge between hardliners and Chinese-encouraged moderates regarding pragmatic accommodations with South Korea and the US.
  2. The 46% drop in oil prices during 2014 has certainly ratcheted up the effects of economic sanctions on Iran and Russia while stimulating economic activity in China, Japan, and the US – – so what’s not to like about this situation? Nothing, if it causes Tehran to agree to curtail its nuclear weapons program in a verifiable way and results in Moscow rethinking its expansionist foreign policy in former states of the defunct Soviet Union.  The alternative, however, is an “us against the world” outlook that actually causes Putin and Iran’s supreme leader Khamenei to see no option but to keep pursuing aggressive nationalistic based policies that will continue to challenge a “lame duck” Obama administration facing an adversarial Congress.
  3. With China’s economic growth rate slowing to between 6% and 7% as the population ages, the Xi Jinping regime will become increasingly concerned with domestic issues. Of particular importance to Xi and the Chinese Politburo will be insuring that the democracy movement/demonstrations in Hong Kong do not spread to China’s mainland coastal cities. Meanwhile, the declining price of oil should have a calming effect on China and other nations seeking to establish territorial claims in the South and East China Sea in order to preserve energy exploration rights.
  4. By this time next year the US lead effort to degrade, disrupt and defeat ISIS with airpower will likely have devolved into a stalemate despite the US committing another 7,000 combat “advisers” (for a total of 10,000 boots on the ground) to steady and encourage the Iraqi Army. The irony here is that US ground forces will likely be acting in concert with the Iranian military to keep at least a Shia Iraq in existence.  Unless Syrian Dictator Bashar al Assad is taken out politically, or by other means, there seems little chance of the Syrian civil war ending in 2015.
  5. With 11,000 US troops remaining in Afghanistan as combat advisors, the end of America’s combat mission in this foreboding landlocked country is more political rhetoric than reality. The presence of US troops and the Pakistani military’s unwillingness to now concede safe haven to the Taliban and Al Qaeda in the aftermath of the Peshawar military school slaughter should keep the central government in Kabul viable, but for the long term prognosis see Iraq after the US departure in 2011 and Afghanistan post the Russian departure in 1989.  Already Afghan President Ashraf Ghani is saying the United States might want to “re-examine” the timetable for removing the remaining U.S.-led coalition troops in the country by the end of 2016.
  6. And now for the “lightening round”
    • “Lone Wolf” attacks, both physical and cyber, will increase in 2015 as result of self-radicalization, aggrieved individuals, or some just seeking their “15 minutes of fame.”
    • NSA’s bulk collection authorities will likely be renewed, but with considerable deference to privacy concerns and transparency. I also expect to see privacy advocates arguing before the Foreign Intelligence Surveillance Court (FISC)
    • The Intelligence Community’s (IC) deteriorating relationship with Congress should begin to heal, but it will be incumbent on the IC to rebuild the trust and confidence of the Congress (and by extension the American people) in the community. Both the IC and its Congressional oversight committees should begin a dialogue regarding how to revamp oversight so it can be more effective both in terms of IC mission needs and growing privacy concerns associate with the Information Age.
    • Budget caps will not be lifted by the 114th Congress, leaving Overseas Contingency Operating (OCO) funds as the only source of relief for unmet defense and intelligence funding needs. Military Service Intelligence agencies will be particularly squeezed
    • Despite the interest of incoming Secretary of Defense Ashton Carter in acquisition reform, which is shared with Senator McCain (incoming Chairman of the Senate Armed Services Committee) and Representative Thornberry (next Chairman of the House Armed Services Committee), there will be no meaningful reforms enacted in 2015.
    • As defense and intelligence contract award opportunities diminish because of budget realities, there will be an increase in merger and acquisition activity within the DoD and IC’s industrial base.
    • Expectations that private sector Research & Development (R&D) will be sufficient to meet Defense and IC needs are misplaced as contractors shift funding from R&D to protect shareholder equity and/or improve their balance sheets for potential acquirers.
    • 2015 is the “make or break” year for ICITE to begin to deliver mission capabilities to the IC if IOC, as laid out in 2012, is going to be achieved by 2017. Agencies opting out of the Desk Top Environment (DTE), the slow development of governance models, and challenges with integration do not make me optimistic

 

 

That’s what I think; what do you think?

Advertisements

Crisis as Opportunity for the IC

The summer of crisis is showing no signs of abatement with the approach of the fall equinox. Yes, I am mindful that Israel and Hamas agreed to a cease fire on August 26th, but I don’t see it addressing any of the underlying causes feeding the violence on both sides with regard to Gaza. There is still no assignment of responsibility for the shoot down of Malaysian Air Flight 17 over the eastern Ukraine but now there are photographs of Russian troops and armored vehicles securing the road that connects Rostov in southern Russia with Sevastopol in the recently annexed Crimea. Then there are the horrific executions by beheading of Americans James Foley and Steven Sotloff apparently meant to warn the West that it should be mindful that the Islamic State (IS) is a sovereign nation that is not to be interfered with. In the background the Ebola epidemic continues in West Africa along with Boko Haram, Libya is being run by militias, the Horn of Africa remains ungovernable and there are almost daily news reports of serious cyber hacks reminding me that there are dangerous chemical, biological, and cyber threats from a variety of vectors that accidently or purposely could ruin our day in the Continental United States (CONUS).

As bad as all this is, the current cauldron of crises should be an opportunity for the Intelligence Community (IC), the Department of State (DoS), Department of Homeland Security (DoHS) and the Department of Defense (DoD) to individually and collectively show the American people that they are ready to defend them and that the investments made in these departments over the past 12 years has been money well spent on their behalf. Whether it’s because of (or lack of) policy decisions, capability gaps, organizational structure, or leadership I have the sense that the American people not only don’t have trust and confidence in our government’s ability to protect them, but they are beginning to see the government as contributing to if not causing the threats to our national security. Moreover, the impending release of the Senate Select Committee for Intelligence (SSCI’s) release of its lengthy report on rendition and enhanced interrogation will likely only add to the misgivings the electorate has about the IC post Snowden.

Without getting into the politics of who’s at fault, it is a matter of record that the wars in Afghanistan and Iraq have not turned out the way Washington said they would. Neither has been short; both have delivered more casualties than expected; each has seen several shifts in strategy; both have been crushingly expensive; neither resulted in stable sovereign national governments, but most important of all the wars in Afghanistan and Iraq have not ridded the world of violent Sunni Moslem Jihadist looking to wreak death and destruction on the United States. Instead, America is confronted with a well-organized, well financed, heavily armed, highly radical Islamic Sharia State the size of Belgium in what used to be northeastern Syria and northwestern Iraq that unchecked will threaten at least Jordan, Kuwait, and Saudi Arabia – – – – which offers IS strongman Baghdadi both more oil riches as well as control of Islam’s holiest sites in Mecca and Medina to expand the appeal of the IS “caliphate.”

As with Al Qaeda and Osama bin Laden, the Islamic State of Iraq and Syria (ISIS) and Abdu Bakr al Baghdadi are also threatening the United States with jihadi violence because of American opposition to the reestablishment of the Islamic Caliphate under Sharia Law. While it was not certainly planned this way, the current threat presented by the IS provides the Intelligence Community (IC) with the opportunity to regain the trust and confidence of the American people by demonstrating what it can do for them as opposed to what Greenwalt, Bamfort and others have been saying the IC has been doing to them.

The first thing the IC can and should do is identify and broadly publicize as many names as possible of American’s fighting for the IS. It is one thing for these individuals to be watch listed but another for the American people to be engaged in protecting themselves by knowing who they are. Another is for the IC to share with the American people the intelligence it is providing to the Kurds and Turks to enable military action against IS fighters so they can understand what the IS is doing. Spare me the concern about compromising sources and methods if we are willing to provide actionable intelligence to uncleared foreign fighters. If the IC wants trust and confidence then it needs to let those paying the bills see some of their IC tax dollars at work! Without being specific, the IC should also be talking openly about how it is using big data and analytics to understand how the Islamic State is organized, operates, who its leaders are, and how it targets.

It wouldn’t hurt either if the American people saw the IC actively contributing a comprehensive strategy to deal with the threat the IS presents as well as responding Putin’s aggression in the eastern Ukraine. Some of that strategy should involve active (and visible) intelligence collection, analysis and sharing. If I got the chance to offer strategy advice to policy makers I would suggest at least the following:

For the Islamic State:

  • Stop trying to save Iraq as a nation state and allow it to fractionate into its natural Shia, Sunni, and Kurdish constituencies.
  • Use American ISR and military power to help the Turks, Kurds, Saudis, and Iran backed Iraqi Shias to contain, weaken, and defeat the military capabilities of the Islamic State
  • Destroying the Islamic State is more important than whether Assad continues to rule what is left of Syria; with political, economic, and military pressure his regime will last only a matter of years

For Russia and the Ukraine:

  • Continue to isolate Russia diplomatically and economically while calling out Putin with the release of selected intelligence
  • Provide the Ukrainian Government in Kiev with strategic and tactical intelligence regarding Russian actions in the eastern Ukraine
  • Insure military arms and ammunition quickly reach the Ukraine Government
  • Expedite the completion of land based missile defense capabilities in Poland
  • Ramp up visible peripheral reconnaissance along the northern shore of the Black Sea
  • Deploy a U.S. Navy Surface Combatant Strike Group (AEGIS cruisers and destroyers armed with Tomahawk missiles
  • Suggest to NATO that the Montreux Convention be examined to allow for aircraft carrier transits of the Turkish Straits

While national strategic options for both the IS and the Ukraine are being formulated and debated I do believe it would be prudent to move a USN Carrier Strike Group to the Eastern Mediterranean to show both interest and intent in each of these areas of concern.

That’s what I think; what do you think?

ICITE Observations

It seems I have taken October and November off for no apparent reasons other than my day job along with some pro bono work for the ODNI has taken up more time than I thought they would.  When I wrote my last edition of the MazzInt Blog defunding the Affordable Care Act (ACA, aka ObamaCare) was the cause célèbre engaging the Congress as it was trying to avoid a government shutdown. They famously failed and now in the waning legislative days left before the winter holiday recess the Congress is again struggling to get some kind of budget deal in place before the current continuing resolution (CR) runs out on 15 January.  So far over the past two years I have not lost any money betting that the Congress will avoid hard budget choices and eventually agree to a CR with some adjustments.

In the mean time President Basher al Assad has agreed to the enforced destruction of Syria’s chemical weapons in order keep his regime in power and stem international support for the rebels.  Similarly, Iran has agreed to reduce its nuclear enrichment program for six months to get economic sanctions relief and put Israel in a position where it can’t militarily move against the Mullahs’ nuclear weapons program.  Then there is President Kharzhi refusing to sign the status of forces agreement necessary for residual US forces to remain in Afghanistan post withdrawal of combat forces at the end of 2014.  No worries, I am sure a few billion dollars in some kind of aid that he can personally tap into will get this all on track.  Meanwhile over the Thanksgiving Holiday weekend China established a controversial Air Defense Identification Zone (ADIZ) of the East China Sea to thwart Japan from asserting control over the disputed Senkaku Islands north of Taiwan.  In classic Cold War fashion the US immediately challenged this new ADIZ by flying two B-52 (BUFs) into it for over two hours causing the PRC to establish active fighter aircraft patrols in response. This gets dicier when we deploy a carrier strike group into the East China Sea ADIZ and the Peoples Liberation Army Navy (PLAN) responds with surface ships to interfere with flight operations.

Since the government reopened on 18 October though, the dominant national news story has been the botched rollout of Healthcare.gov so especially young healthy Americans could sign up for medical insurance under the Affordable Care Act (ACA).  Both opponents and proponents of the ACA were amazed and dismayed that the Information Technology (IT) necessary to allow uninsured Americans to sign up for the President’s signature program literally did not work because of flaws in the design, development and testing of what is admittedly a complex web site.  This got me thinking about how the DNI’s signature IT initiative  – – –  Intelligence Community Information Technology Enterprise (ICITE; pronounce “eye sight”)  – – –  is doing?  For the record, I view ICITE as essential for delivering an enterprise IT environment required to produce the high quality intelligence needed for decision superiority in the information age that is foundational to the IC remaining relevant.  As PDDNI Stephanie O’Sullivan says about ICITE:  failure is not an option!

In this spirit I have been listening since AFCEA’s Spring 2012 Intelligence Symposium to IC seniors (DNI, PDDNI, ODNI CIO, Agency Directors and CIO/CTO’s) talk about why ICITE is the critical path for moving the IC closer to the integrated end state that all agree with the DNI is necessary for producing better intelligence at lower costs.  What I have not heard any of these seniors say though, is why ICITE will succeed when recent IC IT enterprise efforts such as IC-MAP, GeoScout, Trailblazer, Horizontal Fusion, and JIVA failed to deliver on promised capabilities.  When asked this question IC seniors consistently answer along the following lines: IC leadership is fully committed to ICITE succeeding, budget pressures, and we have burned the boats/we have no other option/failure is not an option.  These bumper sticker responses, however, just reiterate the strategic importance of ICITE to the IC’s collective future without telling anyone how ICITE will avoid the pitfalls of size, cost, interoperability, security, schedule, and program management that got ICITE predecessors “over the breakers.”

But wait, the IC Deputies Executive Committee (DEXCOM) under the leadership of the PDDNI meets weekly to actively steer the direction of ICITE and neither IC-MAP nor those other programs ever had that!  I would feel more confident about the weekly involvement of the DEXCOM in ICITE if the Liberty Crossing II (LX II) “green door” was more transparent regarding decisions being made and the direction being given to individual IC agencies with ICITE Service Provider responsibilities.  Perhaps I have just not been paying attention, but I am not aware of any ICITE activity traceable to DEXCOM direction.  Then there’s the issue of an ad hoc committee of IC Deputy Directors with immediate personal and budget issues to deal with being the management team for a complex and technical effort like ICITE.  Seems like given its importance, running ICITE should be somebody’s full time job.

The DNI regularly describes ICITE as being about tagging the data and tagging the people so information and products can be shared and collaborated on securely across the IC.  Despite the DEXCOM’s prodding, ICITE technical standards for data tagging, security protocols, and identity management have yet to be agreed upon let alone tested.  The cost model for ICITE services and the processes for service providers to be reimbursed for the IT services they provide to other remains under consideration.  Since nothing has been promulgated in open channels, I am presuming ICITE’s acquisition strategy is classified, though I am not sure why it would need to be.  Given that ICITE is going to be developed and delivered as piece parts by individual IC agencies as service providers I am also wondering who/where/how it all gets integrated?  A testing plan for ICITE also needs to be developed, particularly in light of the Healthcare.gov experience.

In its current state and critical importance to IC mission accomplishment, ICITE in corporate speak seems to need an accelerated and vigorous “get fit” program before it can achieve its goals.  Not that anybody is asking (or going to ask) me, I would recommend that the IC DEXCOM direct a strategic pause in order to bring in subject matter experts from across the government (not just the IC) and industry to “RED TEAM” ICITE in order to discern what is working and why, as well as what is lagging and how to correct it.  What the IC doesn’t need is a Walter Pincus column on ICITE missteps or to be answering HPSCI and SSCI questions about why with its importance ICITE can’t deliver basic IT functionality such as Single Sign On (SSO), secure access to data based on identity, authorities, and permissions or is unable to deploy 100,000 Desk Top Environment (DTE) workstations in less than two years.

As the Secretary for Health and Human Services (HHS) now knows, what the DNI can’t allow to happen is for intelligence agencies to be in the situation where ICITE is costing them more than they were spending on IT and providing less capabilities than they had before.  The Healthcare.gov experience is a warning shot across ICITE’s bow that should be heeded!

That’s what I think; what do you think ?