MIND THE GAP; IN THIS CASE THE “NOTIFICATION GAP”

There has been no shortage of topics to discuss with you since my last MazzInt Blog in August, but I have been diverted by a household move sandwiched between trips to St Louis and Tampa.  We could revisit any number of topics that have been in the news since August such as President Trump’s trip to Asia, the deployment of three carrier strike groups to the Sea of Japan, impactful elections in both Japan and Germany, the Russian uranium deal, or developments in the Mueller investigation.

However what is on my mind right now is an AP article (thttps://wtop.com/government/2017/11/fbi-didnt-tell-us-targets-as-russian-hackers-hunted-emails-2/ ) that appeared over the Thanksgiving Holiday weekend regarding Russian Fancy Bear hackers targeting the personal gmail accounts of individuals with Top Secret security clearances.  This article is on my mind because the reporter who wrote the story told me before it appeared that I was one of Fancy Bear’s targets. Here’s what happened.

I was busy unpacking moving boxes on Friday morning 17 November when I got a call from the United Kingdom. The caller identified himself as Raphael Satter ((https://www.linkedin.com/in/raphaelsatter/) with the Associated Press (AP) and before I could ask why he was calling, he asked if I was Joseph Mazzafro and if my email address was mazzafro@gmail.com?  Since my email is widely known I confirmed who I was and that the email address he referenced was mine.  The reporter than asked me if I was aware of who Fancy Bear was, to which I responded affirmatively. He then asked me if I was aware that Fancy Bear had attempted to hack my gmail account in February 2015.  I said no, but because of my close association with the national security community over many years, I operate on the presumption that my emails are regularly being read by those they are not addressed to.

At this point I am asking myself – – – – what is this reporter looking for?  He then asked me if anyone from Google/gmail or the FBI had informed about me this attempted hack of my gmail account.  I said without hesitation that this call was the first report of any effort to hack my email that I have received. Mr. Satter then went on to explain that the private cyber security firm Secureworks (https://www.secureworks.com/) had developed a list gmail accounts Fancy Bear had tried to penetrate.  He mentioned some of the names which I immediately recognized as now retired leaders of U.S. Intelligence Community (IC) agencies.  Satter said he had spoken to some of them and like me they had not been notified by Google/Gmail or any government counterintelligence (CI) agency about Fancy Bear targeting their gmail accounts.  He then asked me how I felt about hearing this for the first time from an AP reporter to which I responded “No one has ever said to me ‘hey Joe you’ve been targeted by this Russian group.’” I continued “that our own security services have not gone out an alerted me, that’s what I find disconcerting as a national security professional.”   I then explained to Raphael Satter that I was not surprised that the FBI had not notified me because the hack was unsuccessful or they didn’t want to compromise sources and methods  From there the call ended pleasantly.

Dec Mazz Blog

Upon the call’s termination I realized immediately that this was something I should report to DIA as they held my clearance when this Fancy Bear attempted hack occurred.  I called a well-placed individual at DIA for advice and contact information on who I should report this interview from AP to.  When this person got back to me later on 17 November I was advised this was a CI verses a security issue but because I was no longer “affiliated” with DIA the DIA CI office did not have the authority to talk to me about Russian Fancy Bear efforts to hack my gmail or that I learned about it from AP reporter calling in London.  Apparently only the FBI can talk to me about this matter.  In the 10 days between Satter’s phone call to me and his story being run on the AP wire I expressed my concerns indirectly to DIA CI (remember they said they can’t talk to me) that nobody from the government had contacted me and I was concerned that when the story went public I would be seen as not having reported what happened in a timely manner.  I am still waiting to hear from somebody in the government regarding what an AP reporter told me about Fancy Bear attempting to hack gmail accounts of people who have had access to Top Secret Information.

Those who know me won’t be surprised that I have given what has happened (and not happened) to me considerable thought since this 17 November “cold call.”

I am certainly discouraged and confused that no one from the IC has responded to my effort to inform them that a reporter contacted me regarding Fancy Bear hacking attempts against people with known IC connections. I wanted the IC to be ahead of this story before it showed up in the media.  If Secureworks could uncover this Fancy Bear targeting campaign I would like to think that NSA and the FBI were already aware of it, raising the question of the government’s duty to warn American citizens of malicious foreign cyber intrusion attempts.  I am certain that because of the security clearances I have held I have an obligation to report to the government in a timely manner any threats to national security that I become aware of, but apparently when the threat is directed at me the government has no obligation to warn me.  It is not lost on me that one of the reasons those targeted by Fancy Bear didn’t get any notification from the FBI or other parts of the IC is so this hacking effort could be observed and followed, which could put my data and the data others who have served our nations faithfully at risk.  What is not clear to me is whether Google/Gmail was warned by the FBI or DHS about this Fancy Bear hacking effort apparently aimed at those associated with national security so these accounts could be protected.

What I am describing here is a microcosm of the debate that has been gridlocking an effective cyber defense of the United States for at least the past five years.  What is the appropriate quid pro quo for the private sector sharing cyber related activity it observes/encounters with the government in exchange for the government providing meaningful cyber threat information to the private sector?  This story about failure to notify individuals subjected to Fancy Bear Hacking of their gmail accounts will not increase the trust of most Americans that their government is prepared to warn them, if not actually protect them, when they are threatened by a foreign hacking campaign.

That’s what I think; what do you think?

 

 

 

 

 

 

 

Advertisements

A Holy War on the Arabian Peninsula?

When we last engaged I was opining that the Intelligence Community (IC) seems least prepared to warn effectively against what it perceives as the most immediate and likely threat to the homeland – – –  the self-radicalized Islamic Jihadi “lone wolf” already residing  in the United States.  Then in the midst of the sentencing phase of Boston Marathon Bomber Tamerian Tsarnaev trial and the 20th Anniversary of Timothy McVeigh’s destruction of the Murrah Federal Building in Oklahoma City, an eccentric Tampa area mailman flew his homemade gyrocopter down the Mall to a landing on the west lawn of the U.S. Capitol.  This act witnessed by thousands and seen by millions on TV seems to have more than anything else galvanized national concern about the threats “lone wolves” (whether foreign or domestic) can pose to national security.  Perhaps Postman Pat (a.k.a Doug Hughes) literally flying his gyrocopter under the radar into the restricted airspace of Washington D.C. after posting his intentions to social media and informing the press will make it obvious that DHS’ Intelligence and Analysis Directorate (I&A) needs to be aggressively applying modern analytics to the big data sets of human terrain information it has access to for discerning potential “lone wolves” in order to nominate them for investigation.   And yes, those charged with stopping the “lone wolves” among us should expect a high false positive rate from these DHS profiles.  Such is the nature of this threat.

Turning to the Iranian “nuclear agreement.” you won’t find me taking any kind of public stance on whether I think the “Parameters for a Joint Comprehensive Plan of Action regarding the Islamic Republic of Iran’s Nuclear Program” (a.k.a “The Framework Agreement”) is a good deal or a bad deal, as it is just too early, at least for me, to tell.  What is clear though is that Tehran is anxious to have the economic sanctions imposed against it for its pursuit of a nuclear weapon lifted as soon as possible.  When asked about whether Iran “can be trusted” to formally agree to the provisions of “The Framework Agreement” and then not cheat on its implementation in return for sanctions being lifted, the President, Secretary of State and Secretary of Defense all have stated for the record that “verification” not “trust” is what the US will depend on for assuring Iran’s compliance.

The Framework agreement certainly puts the IC in the political and policy cross hairs of national security. Despite an excellent track record of keeping tabs on Iran’s nuclear development, and if the New York Times is to be believed for having even slowed it down with STUXNET malware, there will be many ready to assert that the Iranians can hide from IC sensors their continuing enrichment of fissile material to weapons grade levels.  Moreover, the IC will be put in the position of having to prove a negative where the absence of evidence that Iran is not enriching uranium doesn’t mean they aren’t.  Even with international inspectors in country, there is the reasonable potential that Iran could move its nuclear weapons enrichment capabilities to undetected locations inside of Iran or off shore to North Korea.  Given these circumstances, the stage is set so that if the Framework Agreement keeps Iran from going nuclear with the benefit of IC monitoring it will be a policy success, but if Iran can continue its nuclear enrichment program without detection it will be an intelligence failure.

Before wrapping up, I want to take note that war has broken out between Saudi Arabia and Iran’s Houthi proxies in what is now the failed state of Yemen, where Aden also remains the home base of Al Qaeda in the Arabian Peninsula (AQAP).  As in Iraq where Tehran is supporting Shite military action against Sunni ISIS, Iran is providing military equipment and “advisers” to its Shia Houthi allies in Yemen.  More ominously, the Iranian Navy has deployed the destroyer ALBORZ and the logistics support ship BUSHER to the Gulf of Aden “to protect the Islamic Republic of Iran’s interests on the high seas.”  Subsequent reporting indicates Iran is sending a convoy of merchant ships to Yemen, presumably bringing war supplies for the Houthis.

The presence of Iranian naval forces in the region leads to the open question of whether Saudi Arabia will challenge them, and if so will the US Fifth Fleet become directly involved?  Having spent some tension filled time in this region (Iranian Hostage rescue 1979; Tanker War/Ernest Will escorting reflagged Kuwaiti oil tankers 1987) the potential for the unexpected to happen at sea is considerable.  The standing USN order post STARK to “defend yourself” makes for a volatile situation that can turn strategic almost immediately because of tactical decisions made by ship captains operating under almost constant stress.  It is probably premature, but you don’t need to be Robert Kaplan to see that Iranian military success at rolling back ISIS in Iraq and establishing Houthi control over at least part of Yemen looks like a pincer that could envelope Mecca and Medina wresting them from Saudi Arabia’s Sunni control for the Shia Mullah’s in Qom.  Extrapolating from the current situation it is not farfetched to infer the likelihood for a bloody religious war been Sunnis and Shiites playing out on the Saudi Peninsula before the next US Presidential election.

Assuming no outside intervention, I would expect a “holy war” on the Arabian Peninsula to settle into a drawn out stalemate between the Sunni forces of Saudi Arabia and the Shia forces of Iran that will negatively impact the supply and price of oil.  The more discouraging option, of course, is Iran over time becoming the dominant power on the Arabian Peninsula and reestablishing the Persian Empire with control of all the significant energy resources from the Red Sea to Afghanistan.  Such a greater Persia, with or without nuclear weapons, would shift Iran from being a regional actor to a strategic competitor with global economic and religious clout.

That’s what I think; what do you think?

The DNI at 10: Are We Safer or Just Lucky?

It will be a few days before you see this, but I am writing on December 7th, which has special meaning for me because of my career as a Naval Intelligence Officer. The failure to warn, despite a variety of indicators that became clear after this Day of Infamy in 1941, resulted in the formation of the modern Intelligence Community with the National Security Act of 1947.  The Central Intelligence Agency (CIA) was created, well, to centralize intelligence so it would not be fragmented across the Army, Navy, State Department, FBI, War Department, and the Pacific Fleet as it was in the weeks leading up to the Japanese air assault on Pearl Harbor.

In advance of similar findings by the 9-11 Commission, the Pearl Harbor Commission (aka the Roberts Commission) as well as numerous books (my favorites are Gordon Prange’s “At Dawn We Slept and Eddie Layton’s “And I Was There”) based on archival material found that for a variety of security and bureaucratic reasons critical pieces of intelligence were not put into a mosaic.  Such a mosaic, though incomplete, would have provided President Roosevelt, General Short, and Admiral Kimmel sufficient grounds to launch the fleet if for no other reason than to make sure that Japan’s six unlocated aircraft carriers were not approaching the Hawaiian Islands.

In similar fashion, the 9-11 Commission also found that the Intelligence Community (IC), which had grown from five to 15 members since 1947, possessed a myriad of intelligence leads that if viewed as a composite probably would have given the federal government the warning needed to disrupt the fatal attacks on New York and Washington.  Following the pattern of 1947, the Congress (though this time with the ambivalence of the Executive Branch) decided that the IC needed stronger central leadership to insure that all the information the IC had on threats to national security would be shared across the IC and analyzed holistically.  Consequently, the position of Director of National Intelligence (DNI) was created in December 2004 with the passage of the Intelligence Reform and Terrorist Prevention Act (IRTPA) joining the Department of Homeland Security (DHS), which was established in November 2002.  The Congress’ intention for both of these new organizations was to make America safer through centralized management and decentralized execution of intelligence and homeland security functions.

Channeling Inspector “Dirty Harry” Callahan let me ask you,  “so in all the confusion from the 9-11 attacks, the wars in Iraq and Afghanistan, the change of administrations, the Arab Spring, civil war in Syria, ISIS beheadings, and terrorist attacks abroad in the 10 years since the DNI was established:  do you feel safer punk or just lucky?”  This past October a University of Texas conference in Austin titled “Intelligence Reform and Counterterrorism after a Decade: Are We Smarter and Safer?” took an organized, dispassionate look at the effect of the DNI on national security and I think reasonably concluded that yes we are smarter about the threats that confront us, and yes we are safer; but we are not smart enough nor are we safe enough.

The disruption of several plots preventing other high casualty attacks in the Continental United States (CONUS) is at least circumstantial evidence that the investment in the DNI as a government entity is worthwhile because it has kept us safe.  But this begs the obvious question of whether it is the existence of the DNI or the doubling of both the size and budget of the IC since 9-11 that has resulted in no successful attacks on the homeland.  Of course, what neither the bureaucratic reality of the DNI nor the quantitative plus up of the IC’s budget has stemmed is the multitude of threats facing the United States from ISIS, the rise of Russia, the assertiveness of China, Iran’s nuclear intentions, the unpredictability of North Korea, disease and failed states in Africa, the potential of a radicalized Pakistan, a migration/immigration crisis on our southern border, the increasing lethal potential of “lone wolf” attacks, insider threat potential, and cyber vulnerabilities everywhere.  DNI Jim Clapper refers to this reality when he says in all of his public appearances that the current threat environment “is the worse he has seen during his 53 years in the IC.”  In a sound bite “the world is even more dangerous today than it was in 2001.”

For me this is reminiscent of the first 10 years of the CIA, when the Soviet Union changed from a country ravaged by World War II to a nuclear superpower presenting an existential threat to the United States.  Certainly the existence of the CIA didn’t make Soviet Russia into a super power but it did provide the organizational means for centralizing resources for collecting and analyzing intelligence about the capabilities and intentions of the USSR that enabled America’s dual strategies of containment and mutual assured destruction (MAD).  The world today is not bi-polar anymore so the important role of the DNI is not so much the centralization of IC resources against a monolithic threat, but rather allocating IC resources for dealing with an expanding threat environment resulting from a multi-polar globalized world that is increasingly empowered by (and dependent upon) information technology (IT) that is becoming less expensive and more capable every 18 months.

So this punk’s answer to Inspector Callahan’s question is not one he would accept as “I am not sure if the US is safer today or has just been lucky.”  We have enjoyed the benefits of both a stronger IC along with some good luck.  I am, however, reasonably certain that the DNI position will endure and therefore remain in position to shape the IC for how it prepares and organizes itself for the threats the IC projects to US security.  Yes, to be more effective I would like to see the ODNI staff shrunk dramatically to only numbers needed to support DNI decisions regarding how resources should be apportioned to threats and lead responsibilities assigned to deal with them.  Moreover, I believe a DNI as CEO for the IC conglomerate would increase accountability and reduce our dependence on luck for keeping our nation safe from attack.

That’s what I think: what do you think?