2015 Will Be Like 2014 — Just Different

The holidays this year were unusually kind to the Mazzafro family, and I hope the same is true for you and all who matter to you.

No holiday though for world events that affect and effect our national security and personal safety.  While there have fortunately been no ISIS beheadings since our last virtual encounter, the last two weeks of December ushered out 2014 with several events that will surely impact the national security scene in 2015.  As the price of oil continued to drop driving the Russian economy into chaos, President Obama diplomatically recognized Cuba to mixed reviews in both countries.  There was a lone wolf terrorist hostage situation in Sydney Australia that resulted in two dead, while the Taliban attacked a school in Peshawar for Pakistani military children killing 141 (132 children).  All of this was unfolding as North Korea concocted a high visibility cyber hack against Sony Picture Entertainment (SPE; previously Columbia Pictures) to prevent the release of the feature film “The Interview,” which is a comedy satire imagining that two reporters acting on behalf of the CIA assassinate North Korea’s “Boy Leader” Kim Jung Un.  The cyber hack against SPE’s intellectual property, business records, and emails was followed by threats of physical violence against theaters screening “The Interview” on Christmas Day.  The US-led NATO combat mission in Afghanistan formally ended but with 11,000 troops remaining, while the general leading the fight against ISIS said things are going well, but that it will be at least three years before we can stand-down.  Not surprisingly the polemics about the Senate Select Committee for Intelligence (SSCI) majority report on the use of Enhanced Interrogation Techniques dissipated with the adjournment of the 113th Congress.

So given all this, here is a potpourri of what I think we can expect to see in 2015:

  1. The Sony Hack is likely to be the seminal cyber event that causes both the US government and the private sector to get serious enough about cyber security to encourage the Congress to pass bi-partisan legislation that will require the sharing of threat information between corporations and government agencies with cyber security responsibilities.  Moreover, there will likely be a robust debate about what constitutes “cyber vandalism” as opposed to “cyber terrorism” and when a “cyber-attack” is an act of war?  Presumably, this debate will educate the American people regarding when and how they can expect their government to protect them in cyber space.  I also believe that the Sony hack and privacy concerns raised by the Snowden revelations will cause a rapid adoption of data encryption by virtually all Fortune 500 companies around the world and a significant number of individuals as well. As for North Korea, I would not be surprised to see a more open struggle emerge between hardliners and Chinese-encouraged moderates regarding pragmatic accommodations with South Korea and the US.
  2. The 46% drop in oil prices during 2014 has certainly ratcheted up the effects of economic sanctions on Iran and Russia while stimulating economic activity in China, Japan, and the US – – so what’s not to like about this situation? Nothing, if it causes Tehran to agree to curtail its nuclear weapons program in a verifiable way and results in Moscow rethinking its expansionist foreign policy in former states of the defunct Soviet Union.  The alternative, however, is an “us against the world” outlook that actually causes Putin and Iran’s supreme leader Khamenei to see no option but to keep pursuing aggressive nationalistic based policies that will continue to challenge a “lame duck” Obama administration facing an adversarial Congress.
  3. With China’s economic growth rate slowing to between 6% and 7% as the population ages, the Xi Jinping regime will become increasingly concerned with domestic issues. Of particular importance to Xi and the Chinese Politburo will be insuring that the democracy movement/demonstrations in Hong Kong do not spread to China’s mainland coastal cities. Meanwhile, the declining price of oil should have a calming effect on China and other nations seeking to establish territorial claims in the South and East China Sea in order to preserve energy exploration rights.
  4. By this time next year the US lead effort to degrade, disrupt and defeat ISIS with airpower will likely have devolved into a stalemate despite the US committing another 7,000 combat “advisers” (for a total of 10,000 boots on the ground) to steady and encourage the Iraqi Army. The irony here is that US ground forces will likely be acting in concert with the Iranian military to keep at least a Shia Iraq in existence.  Unless Syrian Dictator Bashar al Assad is taken out politically, or by other means, there seems little chance of the Syrian civil war ending in 2015.
  5. With 11,000 US troops remaining in Afghanistan as combat advisors, the end of America’s combat mission in this foreboding landlocked country is more political rhetoric than reality. The presence of US troops and the Pakistani military’s unwillingness to now concede safe haven to the Taliban and Al Qaeda in the aftermath of the Peshawar military school slaughter should keep the central government in Kabul viable, but for the long term prognosis see Iraq after the US departure in 2011 and Afghanistan post the Russian departure in 1989.  Already Afghan President Ashraf Ghani is saying the United States might want to “re-examine” the timetable for removing the remaining U.S.-led coalition troops in the country by the end of 2016.
  6. And now for the “lightening round”
    • “Lone Wolf” attacks, both physical and cyber, will increase in 2015 as result of self-radicalization, aggrieved individuals, or some just seeking their “15 minutes of fame.”
    • NSA’s bulk collection authorities will likely be renewed, but with considerable deference to privacy concerns and transparency. I also expect to see privacy advocates arguing before the Foreign Intelligence Surveillance Court (FISC)
    • The Intelligence Community’s (IC) deteriorating relationship with Congress should begin to heal, but it will be incumbent on the IC to rebuild the trust and confidence of the Congress (and by extension the American people) in the community. Both the IC and its Congressional oversight committees should begin a dialogue regarding how to revamp oversight so it can be more effective both in terms of IC mission needs and growing privacy concerns associate with the Information Age.
    • Budget caps will not be lifted by the 114th Congress, leaving Overseas Contingency Operating (OCO) funds as the only source of relief for unmet defense and intelligence funding needs. Military Service Intelligence agencies will be particularly squeezed
    • Despite the interest of incoming Secretary of Defense Ashton Carter in acquisition reform, which is shared with Senator McCain (incoming Chairman of the Senate Armed Services Committee) and Representative Thornberry (next Chairman of the House Armed Services Committee), there will be no meaningful reforms enacted in 2015.
    • As defense and intelligence contract award opportunities diminish because of budget realities, there will be an increase in merger and acquisition activity within the DoD and IC’s industrial base.
    • Expectations that private sector Research & Development (R&D) will be sufficient to meet Defense and IC needs are misplaced as contractors shift funding from R&D to protect shareholder equity and/or improve their balance sheets for potential acquirers.
    • 2015 is the “make or break” year for ICITE to begin to deliver mission capabilities to the IC if IOC, as laid out in 2012, is going to be achieved by 2017. Agencies opting out of the Desk Top Environment (DTE), the slow development of governance models, and challenges with integration do not make me optimistic

 

 

That’s what I think; what do you think?

2014 is Shaping Up as Year To Remember for the Intelligence Community

Happy New Year!  In the aftermath of Sequestration, Snowden, Benghazi, and the Government Shutdown, 2013 is a year that I suspect the Intelligence Community (IC) is collectively happy to have in the rear view mirror.  2014 will surely be better – – – won’t it?   I would like to think so, but given that events of 2013 have not yet fully played out I anticipate the IC will have another tumultuous time in 2014.

  • First it is a mid-term election year with control of the U.S. Senate in play which will present all kinds of political theater associated with IC issues and performance
  • The stability and predictability of the budget deal was paid for with an agreement to cut approximately $4 billion from the National Intelligence Program (NIP) and $1 billion from the Military Intelligence Program (MIP) in FY 14 with continued pain in FY 15. Should interest rates rise as expected there will be unplanned cuts coming to service the national debt which is not reduced by this deal.
  • Besides Syria, volatile civil violence has broken out in Iraq, Egypt, and the Ukraine, while Gaza and Lebanon continue to simmer.  Any of these conflicts could easily widen to regional conflicts with global impacts
  • The Sochi Winter Olympics is a venue for political statements through terrorist violence with Putin’s Russia likely to respond forcefully and indiscriminately
  • Iran’s agreement to curtail its nuclear weapons enrichment activities in return for relief from economic sanctions terminates in March,  unless there is mutual agreement to extend the deal
  • China and Japan continue to jockey with naval forces over conflicting claims to the barren rocks of Senkaku Islands in the East China Sea with the US 7th Fleet as the likely referee
  • North Korea remains as dangerous and as baffling as ever.  It is to early to tell if Kim Jung Un is his own man, or the puppet of Stalinist hardliners who see confrontation as the Hermit Kingdom’s best national security play
  • The withdrawal of combat forces from Afghanistan will create opportunity for the return of both “warlord rule,” Taliban provided safe havens for Al Qaeda, and increased opium cultivation
  • Whether there will be more Snowden revelations about NSA sources and methods remains to be seen, but there is no doubt that what has already been compromised is changing how NSA is viewed and will lead to a continuing Congressional debate about the balance between secrecy, security, and civil liberties that will feed into the fall mid-term elections.

So it looks like another year of growing demand for timely insightful intelligence with diminishing resources in an environment where 50 percent of the IC workforce is experiencing its first budget drawdown in an increasingly politicized environment.  Even without the NSA issues, 2014 appears poised to challenge the limits of the IC’s capacity, capabilities, and flexibility to discern and articulate the most serious threats to US national security.

Turning to NSA collection practices, the arc of the debate about the need for NSA to secretly collect the bulk metadata of all US persons phone calls to protect the nation from terrorist attacks has already begun to be scribed by conflicting federal district court decisions, the President’s Review Group’s (PRG) forty six recommendations, Presidential Policy Directive (PPD) 28, and the 2014 State of the Union Address.

  • In Klayman v Obama Judge Leon found NSA’s bulk collection of US Persons’ metadata an affront to James Madison that must end.  Conversely Judge Pauley in ACLU v Clapper views NSA’s bulk collection of US Persons’ metadata as constitutional and necessary to protect American citizens from terrorist harm.  It would seem that both those supporting the NSA’s current collection practices and those who want them reined in will petition the US Supreme Court for a resolution if the US Government does not.
  • The PRG finds that NSA’s collection practices against US Persons are legal, well functioning and necessary to protect the US from terrorist attack but then confusingly presents 46 recommendations for making program more transparent and effective
  • In President Obama’s January 17th announcement of PPD-28 he ignored most of the PRG’s 46 recommendations but did say that that NSA’s collection of US Persons’ metadata will continue because it is legal and essential to national security.  The President then pivoted to the concerns of small government and privacy advocates, recognizing that NSA’s bulk metadata collection was open to abuses so it needed to be more transparent and rigorously controlled.  Reviewing the President’s remarks and the text of PPD 28 I find myself agreeing with Potomac Institute’s Mike Swetnam that the President may be setting the context for change, but in fact is changing very little (http://www.potomacinstitute.org/homepage/news-releases/2613-presidential-directive-misses-real-threat-to-publics-privacy-says-institute-ceo).  In a sound bite PPD 28 directs that a privacy advocate be part of the FISA process, that access to and use of US Persons’ metadata be more closely monitored and everything else needs to be studied
  • In his State of the Union Address on 28 January, the President spoke obliquely about security and surveillance in only two separate sentences:
    • I will reform our surveillance programs, because the vital work of our intelligence community depends on public confidence, here and abroad, that the privacy of ordinary people is not being violated.
    • So even as we actively and aggressively pursue terrorist networks — through more targeted efforts and by building the capacity of our foreign partners — America must move off a permanent war-footing.

While many have heartfelt opinions about the direction NSA collection should take, I believe it is fair to say given the outcome of a yet to be scheduled Supreme Court Case, unfinished executive branch studies, legislation still in formation, and an incomplete public debate that nobody can reasonably foresee what the state of NSA’s collection authorities will be this time next year.   A reasonable question that is sure to emerge though in 2014 is:  If America is shifting to a peacetime outlook why should the Patriot Act and its Section 215 authority that is the legal basis for NSA’s warrantless bulk collection of US Person metadata be renewed?

That’s what I think; what do you think?

ICITE Observations

It seems I have taken October and November off for no apparent reasons other than my day job along with some pro bono work for the ODNI has taken up more time than I thought they would.  When I wrote my last edition of the MazzInt Blog defunding the Affordable Care Act (ACA, aka ObamaCare) was the cause célèbre engaging the Congress as it was trying to avoid a government shutdown. They famously failed and now in the waning legislative days left before the winter holiday recess the Congress is again struggling to get some kind of budget deal in place before the current continuing resolution (CR) runs out on 15 January.  So far over the past two years I have not lost any money betting that the Congress will avoid hard budget choices and eventually agree to a CR with some adjustments.

In the mean time President Basher al Assad has agreed to the enforced destruction of Syria’s chemical weapons in order keep his regime in power and stem international support for the rebels.  Similarly, Iran has agreed to reduce its nuclear enrichment program for six months to get economic sanctions relief and put Israel in a position where it can’t militarily move against the Mullahs’ nuclear weapons program.  Then there is President Kharzhi refusing to sign the status of forces agreement necessary for residual US forces to remain in Afghanistan post withdrawal of combat forces at the end of 2014.  No worries, I am sure a few billion dollars in some kind of aid that he can personally tap into will get this all on track.  Meanwhile over the Thanksgiving Holiday weekend China established a controversial Air Defense Identification Zone (ADIZ) of the East China Sea to thwart Japan from asserting control over the disputed Senkaku Islands north of Taiwan.  In classic Cold War fashion the US immediately challenged this new ADIZ by flying two B-52 (BUFs) into it for over two hours causing the PRC to establish active fighter aircraft patrols in response. This gets dicier when we deploy a carrier strike group into the East China Sea ADIZ and the Peoples Liberation Army Navy (PLAN) responds with surface ships to interfere with flight operations.

Since the government reopened on 18 October though, the dominant national news story has been the botched rollout of Healthcare.gov so especially young healthy Americans could sign up for medical insurance under the Affordable Care Act (ACA).  Both opponents and proponents of the ACA were amazed and dismayed that the Information Technology (IT) necessary to allow uninsured Americans to sign up for the President’s signature program literally did not work because of flaws in the design, development and testing of what is admittedly a complex web site.  This got me thinking about how the DNI’s signature IT initiative  – – –  Intelligence Community Information Technology Enterprise (ICITE; pronounce “eye sight”)  – – –  is doing?  For the record, I view ICITE as essential for delivering an enterprise IT environment required to produce the high quality intelligence needed for decision superiority in the information age that is foundational to the IC remaining relevant.  As PDDNI Stephanie O’Sullivan says about ICITE:  failure is not an option!

In this spirit I have been listening since AFCEA’s Spring 2012 Intelligence Symposium to IC seniors (DNI, PDDNI, ODNI CIO, Agency Directors and CIO/CTO’s) talk about why ICITE is the critical path for moving the IC closer to the integrated end state that all agree with the DNI is necessary for producing better intelligence at lower costs.  What I have not heard any of these seniors say though, is why ICITE will succeed when recent IC IT enterprise efforts such as IC-MAP, GeoScout, Trailblazer, Horizontal Fusion, and JIVA failed to deliver on promised capabilities.  When asked this question IC seniors consistently answer along the following lines: IC leadership is fully committed to ICITE succeeding, budget pressures, and we have burned the boats/we have no other option/failure is not an option.  These bumper sticker responses, however, just reiterate the strategic importance of ICITE to the IC’s collective future without telling anyone how ICITE will avoid the pitfalls of size, cost, interoperability, security, schedule, and program management that got ICITE predecessors “over the breakers.”

But wait, the IC Deputies Executive Committee (DEXCOM) under the leadership of the PDDNI meets weekly to actively steer the direction of ICITE and neither IC-MAP nor those other programs ever had that!  I would feel more confident about the weekly involvement of the DEXCOM in ICITE if the Liberty Crossing II (LX II) “green door” was more transparent regarding decisions being made and the direction being given to individual IC agencies with ICITE Service Provider responsibilities.  Perhaps I have just not been paying attention, but I am not aware of any ICITE activity traceable to DEXCOM direction.  Then there’s the issue of an ad hoc committee of IC Deputy Directors with immediate personal and budget issues to deal with being the management team for a complex and technical effort like ICITE.  Seems like given its importance, running ICITE should be somebody’s full time job.

The DNI regularly describes ICITE as being about tagging the data and tagging the people so information and products can be shared and collaborated on securely across the IC.  Despite the DEXCOM’s prodding, ICITE technical standards for data tagging, security protocols, and identity management have yet to be agreed upon let alone tested.  The cost model for ICITE services and the processes for service providers to be reimbursed for the IT services they provide to other remains under consideration.  Since nothing has been promulgated in open channels, I am presuming ICITE’s acquisition strategy is classified, though I am not sure why it would need to be.  Given that ICITE is going to be developed and delivered as piece parts by individual IC agencies as service providers I am also wondering who/where/how it all gets integrated?  A testing plan for ICITE also needs to be developed, particularly in light of the Healthcare.gov experience.

In its current state and critical importance to IC mission accomplishment, ICITE in corporate speak seems to need an accelerated and vigorous “get fit” program before it can achieve its goals.  Not that anybody is asking (or going to ask) me, I would recommend that the IC DEXCOM direct a strategic pause in order to bring in subject matter experts from across the government (not just the IC) and industry to “RED TEAM” ICITE in order to discern what is working and why, as well as what is lagging and how to correct it.  What the IC doesn’t need is a Walter Pincus column on ICITE missteps or to be answering HPSCI and SSCI questions about why with its importance ICITE can’t deliver basic IT functionality such as Single Sign On (SSO), secure access to data based on identity, authorities, and permissions or is unable to deploy 100,000 Desk Top Environment (DTE) workstations in less than two years.

As the Secretary for Health and Human Services (HHS) now knows, what the DNI can’t allow to happen is for intelligence agencies to be in the situation where ICITE is costing them more than they were spending on IT and providing less capabilities than they had before.  The Healthcare.gov experience is a warning shot across ICITE’s bow that should be heeded!

That’s what I think; what do you think ?