2015 Will Be Like 2014 — Just Different

The holidays this year were unusually kind to the Mazzafro family, and I hope the same is true for you and all who matter to you.

No holiday though for world events that affect and effect our national security and personal safety.  While there have fortunately been no ISIS beheadings since our last virtual encounter, the last two weeks of December ushered out 2014 with several events that will surely impact the national security scene in 2015.  As the price of oil continued to drop driving the Russian economy into chaos, President Obama diplomatically recognized Cuba to mixed reviews in both countries.  There was a lone wolf terrorist hostage situation in Sydney Australia that resulted in two dead, while the Taliban attacked a school in Peshawar for Pakistani military children killing 141 (132 children).  All of this was unfolding as North Korea concocted a high visibility cyber hack against Sony Picture Entertainment (SPE; previously Columbia Pictures) to prevent the release of the feature film “The Interview,” which is a comedy satire imagining that two reporters acting on behalf of the CIA assassinate North Korea’s “Boy Leader” Kim Jung Un.  The cyber hack against SPE’s intellectual property, business records, and emails was followed by threats of physical violence against theaters screening “The Interview” on Christmas Day.  The US-led NATO combat mission in Afghanistan formally ended but with 11,000 troops remaining, while the general leading the fight against ISIS said things are going well, but that it will be at least three years before we can stand-down.  Not surprisingly the polemics about the Senate Select Committee for Intelligence (SSCI) majority report on the use of Enhanced Interrogation Techniques dissipated with the adjournment of the 113th Congress.

So given all this, here is a potpourri of what I think we can expect to see in 2015:

  1. The Sony Hack is likely to be the seminal cyber event that causes both the US government and the private sector to get serious enough about cyber security to encourage the Congress to pass bi-partisan legislation that will require the sharing of threat information between corporations and government agencies with cyber security responsibilities.  Moreover, there will likely be a robust debate about what constitutes “cyber vandalism” as opposed to “cyber terrorism” and when a “cyber-attack” is an act of war?  Presumably, this debate will educate the American people regarding when and how they can expect their government to protect them in cyber space.  I also believe that the Sony hack and privacy concerns raised by the Snowden revelations will cause a rapid adoption of data encryption by virtually all Fortune 500 companies around the world and a significant number of individuals as well. As for North Korea, I would not be surprised to see a more open struggle emerge between hardliners and Chinese-encouraged moderates regarding pragmatic accommodations with South Korea and the US.
  2. The 46% drop in oil prices during 2014 has certainly ratcheted up the effects of economic sanctions on Iran and Russia while stimulating economic activity in China, Japan, and the US – – so what’s not to like about this situation? Nothing, if it causes Tehran to agree to curtail its nuclear weapons program in a verifiable way and results in Moscow rethinking its expansionist foreign policy in former states of the defunct Soviet Union.  The alternative, however, is an “us against the world” outlook that actually causes Putin and Iran’s supreme leader Khamenei to see no option but to keep pursuing aggressive nationalistic based policies that will continue to challenge a “lame duck” Obama administration facing an adversarial Congress.
  3. With China’s economic growth rate slowing to between 6% and 7% as the population ages, the Xi Jinping regime will become increasingly concerned with domestic issues. Of particular importance to Xi and the Chinese Politburo will be insuring that the democracy movement/demonstrations in Hong Kong do not spread to China’s mainland coastal cities. Meanwhile, the declining price of oil should have a calming effect on China and other nations seeking to establish territorial claims in the South and East China Sea in order to preserve energy exploration rights.
  4. By this time next year the US lead effort to degrade, disrupt and defeat ISIS with airpower will likely have devolved into a stalemate despite the US committing another 7,000 combat “advisers” (for a total of 10,000 boots on the ground) to steady and encourage the Iraqi Army. The irony here is that US ground forces will likely be acting in concert with the Iranian military to keep at least a Shia Iraq in existence.  Unless Syrian Dictator Bashar al Assad is taken out politically, or by other means, there seems little chance of the Syrian civil war ending in 2015.
  5. With 11,000 US troops remaining in Afghanistan as combat advisors, the end of America’s combat mission in this foreboding landlocked country is more political rhetoric than reality. The presence of US troops and the Pakistani military’s unwillingness to now concede safe haven to the Taliban and Al Qaeda in the aftermath of the Peshawar military school slaughter should keep the central government in Kabul viable, but for the long term prognosis see Iraq after the US departure in 2011 and Afghanistan post the Russian departure in 1989.  Already Afghan President Ashraf Ghani is saying the United States might want to “re-examine” the timetable for removing the remaining U.S.-led coalition troops in the country by the end of 2016.
  6. And now for the “lightening round”
    • “Lone Wolf” attacks, both physical and cyber, will increase in 2015 as result of self-radicalization, aggrieved individuals, or some just seeking their “15 minutes of fame.”
    • NSA’s bulk collection authorities will likely be renewed, but with considerable deference to privacy concerns and transparency. I also expect to see privacy advocates arguing before the Foreign Intelligence Surveillance Court (FISC)
    • The Intelligence Community’s (IC) deteriorating relationship with Congress should begin to heal, but it will be incumbent on the IC to rebuild the trust and confidence of the Congress (and by extension the American people) in the community. Both the IC and its Congressional oversight committees should begin a dialogue regarding how to revamp oversight so it can be more effective both in terms of IC mission needs and growing privacy concerns associate with the Information Age.
    • Budget caps will not be lifted by the 114th Congress, leaving Overseas Contingency Operating (OCO) funds as the only source of relief for unmet defense and intelligence funding needs. Military Service Intelligence agencies will be particularly squeezed
    • Despite the interest of incoming Secretary of Defense Ashton Carter in acquisition reform, which is shared with Senator McCain (incoming Chairman of the Senate Armed Services Committee) and Representative Thornberry (next Chairman of the House Armed Services Committee), there will be no meaningful reforms enacted in 2015.
    • As defense and intelligence contract award opportunities diminish because of budget realities, there will be an increase in merger and acquisition activity within the DoD and IC’s industrial base.
    • Expectations that private sector Research & Development (R&D) will be sufficient to meet Defense and IC needs are misplaced as contractors shift funding from R&D to protect shareholder equity and/or improve their balance sheets for potential acquirers.
    • 2015 is the “make or break” year for ICITE to begin to deliver mission capabilities to the IC if IOC, as laid out in 2012, is going to be achieved by 2017. Agencies opting out of the Desk Top Environment (DTE), the slow development of governance models, and challenges with integration do not make me optimistic



That’s what I think; what do you think?

The Future is Now?

There is no doubt that the situation in the Ukraine where Russian political and economic interests are pitted against those of Western Europe, and by extension to the U.S., is the most serious confrontation with Russia since the war in Kosovo.

I am amused, however, by the dust-up during the first week in March about whether the U.S. Intelligence Community (IC) provided adequate and timely warning that Putin would insert military force into the Crimea.  A vague sense of history coupled with “breaking news stories” should have told anyone even casually following events in Kiev that once Putin’s cohort President Viktor Yanukovych  was pushed from power there was a strong likelihood that Russia would use military force to “stabilize” the situation in what it believes is its sphere of influence.  Russia’s modern history of military intervention in its near abroad, whether under the Brezhnev Doctrine or otherwise, is long and undistinguished:  Hungry (1956), Czechoslovakia (1968), Poland (1980) Afghanistan (1979), Chechnya (1994 & 2000), and Georgia (2008).

Don’t get me wrong: I am not saying that the IC didn’t warn; to the contrary, I agree completely with DNI Clapper’s observation that we have all seen real intelligence failures and the IC’s coverage and warnings regarding developments in the Ukraine were timely and appropriate (http://www.wtop.com/215/3577171/Clapper-Ukraine-intelligence-not-a-failure).  Moreover, policy makers and military commanders did not have to rely on intelligence reports only as there were also plenty of warnings about Russia moving against Crimea in the media.  How many of you without access to classified intelligence reporting were surprised by Russian forces showing into Crimea without resistance?

Given the “common wisdom” of both the intelligence and open source reporting about the Ukraine and the Crimea, if I were the J2 at EUCOM I hope that I would have detailed an analyst or two to ferret out the indicators that the Russians would not move militarily into the Ukraine to make sure that the CoCom’s intel team could provide the staff with a balanced view of events and options based on intelligence empiricals.  If any intelligence service was surprised, though, it appears to be Putin’s who failed to see the strategic direction that political events in the Ukraine were taking.

Nonetheless, any controversy about U.S. IC warning performance post-Yanukovych’s departure just diverts attention from the hard problems facing the IC on the Ukraine.  There are at least two parallel but related issues I believe policy makers need immediate accurate intelligence on.  The first is who are the likely new political leaders in Kiev and are they capable of governing?  There is also the question of what form any “opposition” will take in the new Ukrainian government.  The second is what is Putin likely to do next?  Is the annexation of Crimea by Russia now inevitable?  If it is, what does that mean for the region?  If it is not what can be done to prevent the Crimea from becoming Russian territory again? Following close behind the importance of political developments in Kiev and the Crimea will be salient intelligence regarding the views of allies, neutrals, and adversaries in the region.  What policy makers won’t need is IC inputs on Putin’s potential course of actions, but rather insights from unique intelligence sources (i.e. real secrets) regarding what actions he is likely to take and the reactions they will cause in Kiev, Moscow, Brussels, Berlin, Ankara, Tehran,  Beijing, and whatever cave Ayman al-Zawahiri is operating from.

As the IC rallies to provide predictive intelligence on the Ukrainian situation it should be able to slew remote technical collection to the region, but the IC will find its tactical focus on the wars in Iraq and Afghanistan since 2001 means it won’t have collectors or analysts as familiar with their targets as they would like or need to be.  The IC will need to accept the reality that there is no “fast forward” button for experience.  Certainly we won’t have the HUMINT capability in place to provide its unique perspective on unfolding events – – – particularly who’s in and who’s out in Ukrainian domestic politics. Additionally the “rebalance to the Pacific” of US national security policy is at least a short term casualty as Defense, State, and the IC focus on the Ukraine while we continue working the withdrawal of US forces from Afghanistan.

Ironically, Russia introducing forces into the Crimea 72 hours before the release of the President’s Defense Budget for FY 2015 served to make the budget look as if it is detached from reality and un-executable.  Secretary of Defense Hagel’s position is that the budget assumes prudent risks now (i.e. cuts in force strength) so that the U.S. military can be a more balanced, capable, and ready in the future.  Current events in Crimea, along with China’s maritime aggressiveness in the South and East China Seas, North Korea’s continuing threat to stability in East Asia, Al Qaeda’s resurgence, and Iran’s unclear nuclear ambitions, however, are all shouting “the future is now.”

That’s what I think; what do you think?

NSA, Can You Hear Me Now?

As I write this blog the two headlines playing over the background of the unauthorized disclosure regarding the scope and scale of NSA domestic surveillance are the election of a moderate to be the next president of Iran along with the White House announcing it is convinced that Syrian President Assad has used chemical weapons against the rebels forces trying to force him from office.  It will be curious to see how moderate Iranian President Elect Hassan Rouhani remains as the U.S. ramps up support to rebels fighting against Assad and his Iranian Hezbollah supporters.  Of course, Russia, China, and Iran are probably quietly pointing out that the U.S., despite its poor track record with chemical and biological weapons threat assessments, is ready again on the basis of “dubious intelligence” to intervene militarily in another Muslim country.  The impact on Iranian politics aside, I am not sure the American people are interested in a Syrian intervention or that the Treasury and DoD can sustain the effort needed to stabilize a post-Assad Syria

Before I began the process of moving and downsizing two weeks ago as a new Social Security annuitant, I thought I would be discussing with you President Obama’s 22 May policy speech about winding down the war on terrorism and the subsequent west coast summit with China’s Xi Jinping.   Instead, Edward Snowden shocked the Intelligence Community, Congress, and the White House with his unilateral release of classified details on the size and scope of NSA surveillance against telephone meta data and foreign emails – turning a major presidential policy speech and a summit between the leaders of the two most powerful nations in the world into one day stories on page three.  Ironically, as Snowden was informing the world about NSA surveillance in the name of transparency, Private Bradley Manning’s court martial was getting underway at Fort Meade where he is charged with releasing  a massive amount classified DoD and State Department message traffic while deployed in Iraq so all could know what the US is secretly doing.  More substantively, the administration’s contention that leaking of NSA’s surveillance has done great harm to the IC’s ability to discover and disrupt dangerous terrorist attacks aimed at the U.S. undermines the President’s contention that the perpetual war on terrorism is now anachronistic.  Similarly, Snowden’s revelations about the extent of NSA’s surveillance must have weakened the President’s ability to cogently engage the General Secretary of the Chinese Communist Party on China’s hacking of U.S. intellectual property.

Beyond arguments about the constitutionality of the NSA’s broad surveillance of U.S. citizens’ personal electronic communications and whether Snowden is a malicious traitor or a well-intentioned whistleblower, this story brought into view the number of contractors working inside of the IC with high level security clearance and access to sensitive national security information. This realization seems to have surprised many in the Congress, the media, and the electorate with the implication that contractors are by definition less trustworthy than government employees.  In Senate testimony on 13 June NSA Director Keith Alexander said NSA IT infrastructure was outsourced about 14 years ago,  providing more federal work in that area to contractors which:

“as a consequence [means] many in government — not just us — have system administrators who are contractors working and running our network. So we’ve got to address that. That is of serious concern to us, and something we have to fix. What I need, I think, is greater scrutiny.  I need to go back and look at what I am getting with my contract support and what are their capabilities and how do we manage that from a government perspective. That’s something I have concerns about.”

Along with General Alexander, Congress, GAO, OMB, media pundits, and others are starting to realize how much government IT, not just IC IT, is outsourced and why and how this happened.  This will likely explode like BlackWater did seven or eight years ago with lots of pontificating about inherently governmental functions being run by contractors only to be followed by the realization that without contractors and their skills many of these key government functions wouldn’t happen.  That will result in some self-serving policy language about contractor oversight and things will go back to the way they were (again the BlackWater example is instructive). What I fear will happen is that contractors will come in for more security scrutiny that will result in it taking longer to get people cleared and access will be become more limited  —–   less green badges.  This won’t result in any better security, but will create the aura of having done something measurable.  As an aside, I also see the CI guys getting a plus-up out of this despite having failed to identify Snowden as a risk.

The 24 June Time Magazine cover story, “Geeks that Leak,” reflects on the actions and motivations of both Manning and Snowden along with groups like Anonymous and Occupy Wall Street, pointing out that driven by “the hackivist ethos” they are a manifestation of “the age of the informant” compared to the “age of the spy” when it comes to government secrecy.  Startling to me is polling data that shows 28% of Americans don’t believe Snowden should be prosecuted, with 43% thinking this way in the 18 to 34 year old demographic.  Based on this, I am presuming that those responsible for security policy at ODNI are in the process of drafting new SF 86 forms and developing different polygraph questions that will shift away from determining if an individual being adjudicated for a security clearance is vulnerable to divulging classified information for financial, ideological, or foreign connection reasons to ones more associated with beliefs about what information should and should not be in the public domain.  Regarding basic CI, I am curious when Snowden’s absence from his “place of performance” (i.e. where he worked) was noted and reported.

Certainly terrorists will now be better able to take advantage of knowing what the legal limits are on US surveillance, limits that are about to be more rigorously enforced if not expanded, but this will pass with new technologies, tactics, techniques, and practices.  The most serious damage done here is not from the compromise of effective intelligence sources and methods, but from the doubts that American citizens are feeling about whether their Intelligence Community is needlessly taking them under surveillance.  The IC response is “not to worry” because we have high ethical standards and are subject to oversight from multiple directions, but this begs the question raised by the misuse use of IRS authorities: how do we know that the IC is acting ethically and that all this oversight is working?

That’s what I think; what do you think?