2015 Will Be Like 2014 — Just Different

The holidays this year were unusually kind to the Mazzafro family, and I hope the same is true for you and all who matter to you.

No holiday though for world events that affect and effect our national security and personal safety.  While there have fortunately been no ISIS beheadings since our last virtual encounter, the last two weeks of December ushered out 2014 with several events that will surely impact the national security scene in 2015.  As the price of oil continued to drop driving the Russian economy into chaos, President Obama diplomatically recognized Cuba to mixed reviews in both countries.  There was a lone wolf terrorist hostage situation in Sydney Australia that resulted in two dead, while the Taliban attacked a school in Peshawar for Pakistani military children killing 141 (132 children).  All of this was unfolding as North Korea concocted a high visibility cyber hack against Sony Picture Entertainment (SPE; previously Columbia Pictures) to prevent the release of the feature film “The Interview,” which is a comedy satire imagining that two reporters acting on behalf of the CIA assassinate North Korea’s “Boy Leader” Kim Jung Un.  The cyber hack against SPE’s intellectual property, business records, and emails was followed by threats of physical violence against theaters screening “The Interview” on Christmas Day.  The US-led NATO combat mission in Afghanistan formally ended but with 11,000 troops remaining, while the general leading the fight against ISIS said things are going well, but that it will be at least three years before we can stand-down.  Not surprisingly the polemics about the Senate Select Committee for Intelligence (SSCI) majority report on the use of Enhanced Interrogation Techniques dissipated with the adjournment of the 113th Congress.

So given all this, here is a potpourri of what I think we can expect to see in 2015:

  1. The Sony Hack is likely to be the seminal cyber event that causes both the US government and the private sector to get serious enough about cyber security to encourage the Congress to pass bi-partisan legislation that will require the sharing of threat information between corporations and government agencies with cyber security responsibilities.  Moreover, there will likely be a robust debate about what constitutes “cyber vandalism” as opposed to “cyber terrorism” and when a “cyber-attack” is an act of war?  Presumably, this debate will educate the American people regarding when and how they can expect their government to protect them in cyber space.  I also believe that the Sony hack and privacy concerns raised by the Snowden revelations will cause a rapid adoption of data encryption by virtually all Fortune 500 companies around the world and a significant number of individuals as well. As for North Korea, I would not be surprised to see a more open struggle emerge between hardliners and Chinese-encouraged moderates regarding pragmatic accommodations with South Korea and the US.
  2. The 46% drop in oil prices during 2014 has certainly ratcheted up the effects of economic sanctions on Iran and Russia while stimulating economic activity in China, Japan, and the US – – so what’s not to like about this situation? Nothing, if it causes Tehran to agree to curtail its nuclear weapons program in a verifiable way and results in Moscow rethinking its expansionist foreign policy in former states of the defunct Soviet Union.  The alternative, however, is an “us against the world” outlook that actually causes Putin and Iran’s supreme leader Khamenei to see no option but to keep pursuing aggressive nationalistic based policies that will continue to challenge a “lame duck” Obama administration facing an adversarial Congress.
  3. With China’s economic growth rate slowing to between 6% and 7% as the population ages, the Xi Jinping regime will become increasingly concerned with domestic issues. Of particular importance to Xi and the Chinese Politburo will be insuring that the democracy movement/demonstrations in Hong Kong do not spread to China’s mainland coastal cities. Meanwhile, the declining price of oil should have a calming effect on China and other nations seeking to establish territorial claims in the South and East China Sea in order to preserve energy exploration rights.
  4. By this time next year the US lead effort to degrade, disrupt and defeat ISIS with airpower will likely have devolved into a stalemate despite the US committing another 7,000 combat “advisers” (for a total of 10,000 boots on the ground) to steady and encourage the Iraqi Army. The irony here is that US ground forces will likely be acting in concert with the Iranian military to keep at least a Shia Iraq in existence.  Unless Syrian Dictator Bashar al Assad is taken out politically, or by other means, there seems little chance of the Syrian civil war ending in 2015.
  5. With 11,000 US troops remaining in Afghanistan as combat advisors, the end of America’s combat mission in this foreboding landlocked country is more political rhetoric than reality. The presence of US troops and the Pakistani military’s unwillingness to now concede safe haven to the Taliban and Al Qaeda in the aftermath of the Peshawar military school slaughter should keep the central government in Kabul viable, but for the long term prognosis see Iraq after the US departure in 2011 and Afghanistan post the Russian departure in 1989.  Already Afghan President Ashraf Ghani is saying the United States might want to “re-examine” the timetable for removing the remaining U.S.-led coalition troops in the country by the end of 2016.
  6. And now for the “lightening round”
    • “Lone Wolf” attacks, both physical and cyber, will increase in 2015 as result of self-radicalization, aggrieved individuals, or some just seeking their “15 minutes of fame.”
    • NSA’s bulk collection authorities will likely be renewed, but with considerable deference to privacy concerns and transparency. I also expect to see privacy advocates arguing before the Foreign Intelligence Surveillance Court (FISC)
    • The Intelligence Community’s (IC) deteriorating relationship with Congress should begin to heal, but it will be incumbent on the IC to rebuild the trust and confidence of the Congress (and by extension the American people) in the community. Both the IC and its Congressional oversight committees should begin a dialogue regarding how to revamp oversight so it can be more effective both in terms of IC mission needs and growing privacy concerns associate with the Information Age.
    • Budget caps will not be lifted by the 114th Congress, leaving Overseas Contingency Operating (OCO) funds as the only source of relief for unmet defense and intelligence funding needs. Military Service Intelligence agencies will be particularly squeezed
    • Despite the interest of incoming Secretary of Defense Ashton Carter in acquisition reform, which is shared with Senator McCain (incoming Chairman of the Senate Armed Services Committee) and Representative Thornberry (next Chairman of the House Armed Services Committee), there will be no meaningful reforms enacted in 2015.
    • As defense and intelligence contract award opportunities diminish because of budget realities, there will be an increase in merger and acquisition activity within the DoD and IC’s industrial base.
    • Expectations that private sector Research & Development (R&D) will be sufficient to meet Defense and IC needs are misplaced as contractors shift funding from R&D to protect shareholder equity and/or improve their balance sheets for potential acquirers.
    • 2015 is the “make or break” year for ICITE to begin to deliver mission capabilities to the IC if IOC, as laid out in 2012, is going to be achieved by 2017. Agencies opting out of the Desk Top Environment (DTE), the slow development of governance models, and challenges with integration do not make me optimistic

 

 

That’s what I think; what do you think?

Live from GEOINT in Tampa

I am writing this edition of the Mazz-INT blog in Tampa Florida where I am excited to be for the delayed version of GEOINT 13.  As with past GEOINT’s I am looking forward to hearing from the leadership of the Intelligence Community (IC) regarding both the current state of the community and where it is going in the future as needs increase and resources diminish.  I expect the CentCom and SoCom Commanders to expound as demanding users on what they need from the IC.  I am also anxious to see in the GEOINT exhibition hall what new technologies the IC’s industrial base will have on display that can improve intelligence performance while reducing costs.  Then there will be the free flow of networking between members of government and industry that is essential to building trust so that the IC can procure from the private sector efficiently and with confidence.  This is something that often doesn’t happen in the national capital region because of the grind of daily schedules and the tyranny of traffic.  Since the budgetary demise of DoDIIS and numerous other regional and agency specific “trade shows,” GEOINT takes on added importance of “keeping the lights on” as an open forum for the IC to communicate with and learn from all in industry who believe they have something of value to offer the IC for the defense of our nation.  The Intelligence and National Security Summit coming up on 18-19 Sept and co-sponsored by AFCEA and INSA, is another event in this category.

Turning to some of those issues the IC is dealing with today in real time, I don’t believe any of us are surprised that Russia’s annexation of Crimea is a fait acompli and the open question now is whether the eastern Ukraine will become federalized or fully incorporated by Moscow.  Media reporting in April augmented by U.S. State Department and NATO warnings of “serious consequences” indicate those pro-Russians Ukrainian militias are storming government offices in Donetsk, Luhansk, and Kharkiv.  What is clear from events in March and so far in April is that neither the United States nor the major powers in the European Union have in combination sufficient power or the will to dissuade Vladimir Putin from acting on what he sees as Russian national interests in the Ukraine.  Over time, of course, Russia’s actions to reattach the Crimea and the Eastern Ukraine by force will lead to Putin being “shunned” by the international community while on the economic front most will seek alternatives to doing business with or in Russia.  Sounds like Russia before Peter the Great, but with ICBMS!

I also notice that to get the suspended Israeli-Palestinian peace talks back on track the idea of exchanging convicted Israeli spy Jay Pollard was floated to encourage the Netanyahu Government to make a meaningful concession to the Palestinians.  I am not conversant enough with the positions of either Israel or Palestine to know what a meaningful comprise capable of advancing the moribund peace process would be, but I do know that I am tired of Pollard’s seemingly annual “15 minutes of fame” about why he should be released because he has served sufficient time for his crimes.  NO HE HASN’T!  But unlike most of my peers in Naval Intelligence I view Pollard as a diminishing asset who should be traded for concessions important to the United States (e.g. stop building settlements) while he still has trading value. Though I delight in the thought of Jay Pollard wasting away in quasi-solitary confinement in a North Carolina federal prison, I am at loss to see how this is advancing larger U.S. national security interests, which at least for me include holding Israel accountable for sponsoring his espionage.  What actually concerns me the most, however, is the martyrdom of Pollard and the potential that he could be paroled on the basis of time served under current federal prison guidelines.

Speaking of Israel, did you see where former Air Force A2 Dave Deptula suggested transferring a few B-52G’s from the U.S.’s retired inventory to the Israeli Air Force as way of getting Iran’s attention to be serious in its negotiations about not pursuing nuclear weapons.  I am sure many would see providing Israel this kind of strategic offensive reach as bordering on brinkmanship, but I know I like the way Dave is thinking.  Of course, just reminding the Mullah’s in Tehran that this option exists should by itself refocus them on the value of negotiations and how a nuclear Iran changes the strategic calculation in the Middle East and Southwest Asia.

Come to think of it it’s probably time to remind Vladimir Putin as well as our NATO allies of the strategic reach of the United States as a Russian SU-24 fighter bomber buzzed the USS Daniel Cook while steaming on a freedom of navigation mission in the Black Sea.  To complement ratcheting up economic and diplomatic sanctions against Russia for the annexation of Crimea the U.S. Navy should be noticeably directed as result of the Daniel Cook incident on 14 April to deploy three medium to small amphibious ships protected by two Aegis equipped destroyers to the Black Sea for “familiarization ops” that would include a port call in Constanta, Romania. Then the AF could covertly circumnavigate the Black Sea with a B-2 Spirit and if Russian Air Defense did not detect the flight the White House could release undisputable evidence of this mission to embarrass President Putin’s ability to protect Russia from U.S. strategic forces.

Finally, I want to touch on the Heartbleed issue which raises the difficult question about the whether the IC should be warning U.S. entities (corporations and individuals) outside of government to threats that endanger their security and wellbeing.  Some will recall that post 9/11 the question was raised but not answered because it was moot as to whether or not the IC should risk sensitive sources and methods to protect the American flying public with warnings of creditable threats to hijack commercial airliners.  Here the question is about whether NSA and/or DHS should be more interested in exploiting cyber vulnerabilities like Heartbleed or more concerned about protecting  American citizens from economic if not physical harm from dangerous malware.  In today’s current environment of the public’s diminished confidence and trust in the IC the answer seems to be a “no brainer” for me at least.  The IC needs to be actively seeking opportunities where it can demonstrate not what it is doing “to” the American people (i.e. collecting of their telephone metadata without a warrant) but what intelligence can do “for” all Americans to insure that they have the opportunity to enjoy “life, liberty, and pursuit of happiness!”

That’s what I think; what do you think?

ICITE Observations

It seems I have taken October and November off for no apparent reasons other than my day job along with some pro bono work for the ODNI has taken up more time than I thought they would.  When I wrote my last edition of the MazzInt Blog defunding the Affordable Care Act (ACA, aka ObamaCare) was the cause célèbre engaging the Congress as it was trying to avoid a government shutdown. They famously failed and now in the waning legislative days left before the winter holiday recess the Congress is again struggling to get some kind of budget deal in place before the current continuing resolution (CR) runs out on 15 January.  So far over the past two years I have not lost any money betting that the Congress will avoid hard budget choices and eventually agree to a CR with some adjustments.

In the mean time President Basher al Assad has agreed to the enforced destruction of Syria’s chemical weapons in order keep his regime in power and stem international support for the rebels.  Similarly, Iran has agreed to reduce its nuclear enrichment program for six months to get economic sanctions relief and put Israel in a position where it can’t militarily move against the Mullahs’ nuclear weapons program.  Then there is President Kharzhi refusing to sign the status of forces agreement necessary for residual US forces to remain in Afghanistan post withdrawal of combat forces at the end of 2014.  No worries, I am sure a few billion dollars in some kind of aid that he can personally tap into will get this all on track.  Meanwhile over the Thanksgiving Holiday weekend China established a controversial Air Defense Identification Zone (ADIZ) of the East China Sea to thwart Japan from asserting control over the disputed Senkaku Islands north of Taiwan.  In classic Cold War fashion the US immediately challenged this new ADIZ by flying two B-52 (BUFs) into it for over two hours causing the PRC to establish active fighter aircraft patrols in response. This gets dicier when we deploy a carrier strike group into the East China Sea ADIZ and the Peoples Liberation Army Navy (PLAN) responds with surface ships to interfere with flight operations.

Since the government reopened on 18 October though, the dominant national news story has been the botched rollout of Healthcare.gov so especially young healthy Americans could sign up for medical insurance under the Affordable Care Act (ACA).  Both opponents and proponents of the ACA were amazed and dismayed that the Information Technology (IT) necessary to allow uninsured Americans to sign up for the President’s signature program literally did not work because of flaws in the design, development and testing of what is admittedly a complex web site.  This got me thinking about how the DNI’s signature IT initiative  – – –  Intelligence Community Information Technology Enterprise (ICITE; pronounce “eye sight”)  – – –  is doing?  For the record, I view ICITE as essential for delivering an enterprise IT environment required to produce the high quality intelligence needed for decision superiority in the information age that is foundational to the IC remaining relevant.  As PDDNI Stephanie O’Sullivan says about ICITE:  failure is not an option!

In this spirit I have been listening since AFCEA’s Spring 2012 Intelligence Symposium to IC seniors (DNI, PDDNI, ODNI CIO, Agency Directors and CIO/CTO’s) talk about why ICITE is the critical path for moving the IC closer to the integrated end state that all agree with the DNI is necessary for producing better intelligence at lower costs.  What I have not heard any of these seniors say though, is why ICITE will succeed when recent IC IT enterprise efforts such as IC-MAP, GeoScout, Trailblazer, Horizontal Fusion, and JIVA failed to deliver on promised capabilities.  When asked this question IC seniors consistently answer along the following lines: IC leadership is fully committed to ICITE succeeding, budget pressures, and we have burned the boats/we have no other option/failure is not an option.  These bumper sticker responses, however, just reiterate the strategic importance of ICITE to the IC’s collective future without telling anyone how ICITE will avoid the pitfalls of size, cost, interoperability, security, schedule, and program management that got ICITE predecessors “over the breakers.”

But wait, the IC Deputies Executive Committee (DEXCOM) under the leadership of the PDDNI meets weekly to actively steer the direction of ICITE and neither IC-MAP nor those other programs ever had that!  I would feel more confident about the weekly involvement of the DEXCOM in ICITE if the Liberty Crossing II (LX II) “green door” was more transparent regarding decisions being made and the direction being given to individual IC agencies with ICITE Service Provider responsibilities.  Perhaps I have just not been paying attention, but I am not aware of any ICITE activity traceable to DEXCOM direction.  Then there’s the issue of an ad hoc committee of IC Deputy Directors with immediate personal and budget issues to deal with being the management team for a complex and technical effort like ICITE.  Seems like given its importance, running ICITE should be somebody’s full time job.

The DNI regularly describes ICITE as being about tagging the data and tagging the people so information and products can be shared and collaborated on securely across the IC.  Despite the DEXCOM’s prodding, ICITE technical standards for data tagging, security protocols, and identity management have yet to be agreed upon let alone tested.  The cost model for ICITE services and the processes for service providers to be reimbursed for the IT services they provide to other remains under consideration.  Since nothing has been promulgated in open channels, I am presuming ICITE’s acquisition strategy is classified, though I am not sure why it would need to be.  Given that ICITE is going to be developed and delivered as piece parts by individual IC agencies as service providers I am also wondering who/where/how it all gets integrated?  A testing plan for ICITE also needs to be developed, particularly in light of the Healthcare.gov experience.

In its current state and critical importance to IC mission accomplishment, ICITE in corporate speak seems to need an accelerated and vigorous “get fit” program before it can achieve its goals.  Not that anybody is asking (or going to ask) me, I would recommend that the IC DEXCOM direct a strategic pause in order to bring in subject matter experts from across the government (not just the IC) and industry to “RED TEAM” ICITE in order to discern what is working and why, as well as what is lagging and how to correct it.  What the IC doesn’t need is a Walter Pincus column on ICITE missteps or to be answering HPSCI and SSCI questions about why with its importance ICITE can’t deliver basic IT functionality such as Single Sign On (SSO), secure access to data based on identity, authorities, and permissions or is unable to deploy 100,000 Desk Top Environment (DTE) workstations in less than two years.

As the Secretary for Health and Human Services (HHS) now knows, what the DNI can’t allow to happen is for intelligence agencies to be in the situation where ICITE is costing them more than they were spending on IT and providing less capabilities than they had before.  The Healthcare.gov experience is a warning shot across ICITE’s bow that should be heeded!

That’s what I think; what do you think ?