MIND THE GAP; IN THIS CASE THE “NOTIFICATION GAP”

There has been no shortage of topics to discuss with you since my last MazzInt Blog in August, but I have been diverted by a household move sandwiched between trips to St Louis and Tampa.  We could revisit any number of topics that have been in the news since August such as President Trump’s trip to Asia, the deployment of three carrier strike groups to the Sea of Japan, impactful elections in both Japan and Germany, the Russian uranium deal, or developments in the Mueller investigation.

However what is on my mind right now is an AP article (thttps://wtop.com/government/2017/11/fbi-didnt-tell-us-targets-as-russian-hackers-hunted-emails-2/ ) that appeared over the Thanksgiving Holiday weekend regarding Russian Fancy Bear hackers targeting the personal gmail accounts of individuals with Top Secret security clearances.  This article is on my mind because the reporter who wrote the story told me before it appeared that I was one of Fancy Bear’s targets. Here’s what happened.

I was busy unpacking moving boxes on Friday morning 17 November when I got a call from the United Kingdom. The caller identified himself as Raphael Satter ((https://www.linkedin.com/in/raphaelsatter/) with the Associated Press (AP) and before I could ask why he was calling, he asked if I was Joseph Mazzafro and if my email address was mazzafro@gmail.com?  Since my email is widely known I confirmed who I was and that the email address he referenced was mine.  The reporter than asked me if I was aware of who Fancy Bear was, to which I responded affirmatively. He then asked me if I was aware that Fancy Bear had attempted to hack my gmail account in February 2015.  I said no, but because of my close association with the national security community over many years, I operate on the presumption that my emails are regularly being read by those they are not addressed to.

At this point I am asking myself – – – – what is this reporter looking for?  He then asked me if anyone from Google/gmail or the FBI had informed about me this attempted hack of my gmail account.  I said without hesitation that this call was the first report of any effort to hack my email that I have received. Mr. Satter then went on to explain that the private cyber security firm Secureworks (https://www.secureworks.com/) had developed a list gmail accounts Fancy Bear had tried to penetrate.  He mentioned some of the names which I immediately recognized as now retired leaders of U.S. Intelligence Community (IC) agencies.  Satter said he had spoken to some of them and like me they had not been notified by Google/Gmail or any government counterintelligence (CI) agency about Fancy Bear targeting their gmail accounts.  He then asked me how I felt about hearing this for the first time from an AP reporter to which I responded “No one has ever said to me ‘hey Joe you’ve been targeted by this Russian group.’” I continued “that our own security services have not gone out an alerted me, that’s what I find disconcerting as a national security professional.”   I then explained to Raphael Satter that I was not surprised that the FBI had not notified me because the hack was unsuccessful or they didn’t want to compromise sources and methods  From there the call ended pleasantly.

Dec Mazz Blog

Upon the call’s termination I realized immediately that this was something I should report to DIA as they held my clearance when this Fancy Bear attempted hack occurred.  I called a well-placed individual at DIA for advice and contact information on who I should report this interview from AP to.  When this person got back to me later on 17 November I was advised this was a CI verses a security issue but because I was no longer “affiliated” with DIA the DIA CI office did not have the authority to talk to me about Russian Fancy Bear efforts to hack my gmail or that I learned about it from AP reporter calling in London.  Apparently only the FBI can talk to me about this matter.  In the 10 days between Satter’s phone call to me and his story being run on the AP wire I expressed my concerns indirectly to DIA CI (remember they said they can’t talk to me) that nobody from the government had contacted me and I was concerned that when the story went public I would be seen as not having reported what happened in a timely manner.  I am still waiting to hear from somebody in the government regarding what an AP reporter told me about Fancy Bear attempting to hack gmail accounts of people who have had access to Top Secret Information.

Those who know me won’t be surprised that I have given what has happened (and not happened) to me considerable thought since this 17 November “cold call.”

I am certainly discouraged and confused that no one from the IC has responded to my effort to inform them that a reporter contacted me regarding Fancy Bear hacking attempts against people with known IC connections. I wanted the IC to be ahead of this story before it showed up in the media.  If Secureworks could uncover this Fancy Bear targeting campaign I would like to think that NSA and the FBI were already aware of it, raising the question of the government’s duty to warn American citizens of malicious foreign cyber intrusion attempts.  I am certain that because of the security clearances I have held I have an obligation to report to the government in a timely manner any threats to national security that I become aware of, but apparently when the threat is directed at me the government has no obligation to warn me.  It is not lost on me that one of the reasons those targeted by Fancy Bear didn’t get any notification from the FBI or other parts of the IC is so this hacking effort could be observed and followed, which could put my data and the data others who have served our nations faithfully at risk.  What is not clear to me is whether Google/Gmail was warned by the FBI or DHS about this Fancy Bear hacking effort apparently aimed at those associated with national security so these accounts could be protected.

What I am describing here is a microcosm of the debate that has been gridlocking an effective cyber defense of the United States for at least the past five years.  What is the appropriate quid pro quo for the private sector sharing cyber related activity it observes/encounters with the government in exchange for the government providing meaningful cyber threat information to the private sector?  This story about failure to notify individuals subjected to Fancy Bear Hacking of their gmail accounts will not increase the trust of most Americans that their government is prepared to warn them, if not actually protect them, when they are threatened by a foreign hacking campaign.

That’s what I think; what do you think?

 

 

 

 

 

 

 

Advertisements

The Weather at DoDIIS 2016: Partly Cloudy with a Chance for Digitization

This edition of Mazz-Int is an abbreviated version of my seven page summary of the DoDIIS 2016 Conference.  If you would like the full summary send me an email at mazzafro@gmail.com with “Request DoDIIS 2016 Summary” in the subject line.

DoDIIS Worldwide Conference 2016 convened in Atlanta, Georgia from 31July to 03 August at the Georgia World Congress Center.  The theme for DoDIIS 2016 was “Mission Integration at the Speed of Operations.” The conference drew 200 exhibitors (230 in 2015) and 2300 attendees (1600 in 2015).  Less than 400 participants were government “blue badgers” of which only 90 where from DIA.  The entire agenda for DoDIIS 2016 was UNCLASSIFIED.

DNI James Clapper, DIA Director Lt Gen Stewart and USDI Marcel Lettre were all restrained in their comments and collectively seemed to be intent on making “no news” at DoDIIS. In a phrase they were “aggressively politically correct.” They made no projections regarding even near term events involving the Intelligence Community.

The three Combatant Commander, Gen McDew (TransCom), Admiral Harris (PACOM), and Admiral Haney (StratCom) all spoke about the importance of information to executing their mission responsibilities, but only Admiral Harris spoke directly to the utility of DoDIIS.  Admiral Harris was speaking for all his fellow Combatant Command Commanders (CoComs) when he said intelligence needs to be pared down to what I need to know about a subject/issue, in a time frame that allows for action to be taken, in a format that is easy to consume, and is shareable.

The IC CIO Panel, which I moderated, was upbeat both about where IT is in the IC and where it is heading.  Particularly in the breakout sessions, however, I detected a subtle sense of moderating expectations for ICITE, where no metrics, schedule, or cost issues were discussed.

FIVE IMPORTANT QUOTES FROM DODIIS 2016

  1. “We are in age of expeditionary intelligence! Places not bases.” Sean Roche CIA Associate Deputy Director for Digital Innovation
  2. “Stop forging a new path with an old map.” Janice Glover-Jones DIA CIO
  3. “The IT Enterprise is under near continual attack.” Colonel Bruce Lyman CIO Air Force ISR
  4. “The world still calls 1600 Pennsylvania Avenue.” US Transportation Command Commander Air Force General Darren McDew
  5. “DoDIIS is the backbone for Combatant Command decision making.” US Pacific Command Commander Admiral Harry Harris

 

INSIGHTS ON ICITE

  1. NSA will be primarily a user of its own GOV Cloud for mission, which it is funding predominantly without Intelligence Community (IC) augmentation. This is because most NSA’s mission workloads are not supported by Commercial Cloud Services C2S and run 24 x 7 so there is no cost advantage associated with elasticity.
  2. DTE II is several months behind schedule due to testing; rollout schedule for FY 17 not firm yet but DIA and NGA will be refreshed with DTE II in FY 17
  3. Migration plans to ICITE (like technical roadmaps) are the responsibilities of the individual service providers and their contractors. There is no consolidated ICITE migration plan
  4. IC CIO’s all agree that there is no realistic alternative to ICITE

IC CIO Panel

  1. Commercial Cloud Services (C2S) will reach 100% capacity in 2017; 1600 developers are now using C2S
  2. ICITE has moved out of being in the acquisition phase and is now focused on driving adoption by showing mission value.  The IC is too far into the ICITE journey to turn back
  3. IT as a Service/Performance based contracting is not something the IC is comfortable with because the Statement of Work (SOW) must convey in detail what the government is expecting in terms of performance/outcomes and how to value that performance.
  4. Cultural challenges to ICITE adoption and digital transformation
    1. Developing trust in other agencies through reciprocity to compensate for the loss of control
    2. Comfort with the status quo
    3. Decoupling control and complexity from effectiveness
    4. Understanding risk and opportunity costs

Digital Transformation appears to be the new IT focus area of the DoDIIS Community if not the entire IC’s, but if I heard a definition or description I don’t remember it.  I know there wasn’t any discussion at DoDIIS 2016 about a strategy or a plan for how to accomplish a digital transformation within the IC.  At this point it is a vision statement to guide planning and decisions

Based on it being declared IOC in advance of a new administration and a new DNI, ICITE is at an inflection point where it has to show value or it will suffer the fate of IC-MAP, Trailblazer, and GeoScout.  Showing how C2S, GovCloud, DTE, and the Apps Mall can work together to answer IC mission questions quickly and effectively is what will bring users to ICITE as was the case with JDISS, JWICS, and Intelink.  The DIA leadership and the IC CIO’s at DoDIIS 2016 all understand this.

Based on the comments of all three Combatant Commanders who spoke at DoDIIS, shareable intelligence for allied and coalition warfighting partners is an underserved area.  Write for release, automated foreign disclosure processes and cross domain security solutions to address the CoCom’s demand for shareable intelligence needs to be an agenda item for DoDIIS 2017.

That’s what I think; what do you think?

The “New Normal” and DIA

It is Memorial Day and I am surprised by how inured I am to our military being at war for 13 years now.  I am careful to say the military rather than the nation being at war, because since 9/11 two very different two-term Presidents have as a matter of policy made the fights in Iraq and Afghanistan the sole purview of the armed forces vice the nation they are protecting.  It seems to me that in different ways both the Bush and Obama Administrations reached the same political calculation: if the American people have to sacrifice in terms of higher taxes, reduced entitlements or less consumer goods they will quickly use their voting power to end these conflicts. Now the wars in Iraq and Afghanistan seem to have come to an end out of wearing frustration and crushing expense with results that don’t seem to have made the United States any safer.  This is especially true when we consider what a small group of passionately anti-American terrorists operating from a failed state can do with kinetic, chemical/biological, or cyber weapons of mass destruction.  We have, however, demonstrated what terrorists can expect should they bring harm to the homeland of the United States.

It is in this context I am viewing the news of the world in a state of constant crisis as being the “new normal,” from the coup in Thailand, Boko Haram taking 200 school girls hostage, continuing armed conflict in Syria, escalating violence in Iraq, political upheaval in Egypt, instability in Pakistan, events in the Ukraine, or the confrontation in the South China Sea.  In all of his public appearances for the past year or so Defense Intelligence Agency (DIA) Director LTG Mike Flynn has been warning that crisis is the “new normal” and implying that solid intelligence is the capability most in need by policy makers and military operators for sorting out which world events present serious security threats to the interests of the United States and how to effectively deal with them.  In other words, putting this daily menu of crises into context so that national energy and resources can be effectively engaged against those that matter the most. And when force is employed by providing military commanders with decision advantage.

Given his Special Operations Forces (SOF) background and his description and prescription for what is wrong with military intelligence in his seminal 2010 paper “Fixing Intel: A Blueprint for Making Intelligence Relevant in Afghanistan”,  I was not surprised by Mike Flynn’s aggressive efforts through personnel and organizational change to make DIA more relevant to decision makers and military officers dealing with constant crisis.  I was surprised, however, that for reasons not clear to me he was not continued for a normal third year of his tour as DIA Director because according to press reports he was disruptive!  Really?  So what was the DoD and IC leadership who selected him to lead DIA expecting from a person this transparent?

DIA was established in 1961 to provide the Secretary of Defense and the wider defense enterprise with timely, relevant, and actionable intelligence to support policy, acquisition, and operations. DIA was also seen as adding to the competitive analysis of intelligence offered by the military services State Department and the CIA.  Nonetheless, DIA has struggled throughout its history to establish itself on an equal professional footing with the CIA and the other four national intelligence agencies (NSA, NRO, NGA, and FBI).  Since the mid-1990’s I have observed Flynn’s seven  predecessors become DIA Director with a mandate and/or agenda to revive DIA and make it a more meaningful player for DoD’s needs and by extension give it influence within the larger Intelligence Community (IC) commensurate with its mission and size.  In their own ways each of these well thought of three star officers achieved incremental success in modernizing and equipping DIA for the post-Cold War Intelligence challenges DoD, the IC and the nation faced.  In aggregate, though, none of these seven directors significantly changed how DIA was perceived externally by its consumers or IC peers; nor did they impact how DIA is internally viewed by its own workforce.

When Mike Flynn became Director DIA in July 2012 it seemed to me his approach for changing DIA was employing a quick hitting “SOF raid” where he and a cadre of trusted subordinates in short order shifted over 100 SES’s to new positions (detaching most from their bureaucratic power bases) while also reorganizing DIA out of its hierarchical structure to a flatter more fluid “centers” based approached driven by consumer needs.  In retrospect what LTG Flynn misgauged was that as a bureaucratically hardened target with practiced survival skills DIA was not a good SOF target.  In the end it seems DIA’s entrenched ways attrited Flynn’s more agile but smaller force before he could change DIA’s organizational outlook.  DIA’s change-resistant culture also got some serious top cover from the military service intelligence organizations that see gains for DIA as working against their prestige and budgets.  Similarly, CIA has no interest in DIA becoming a meaningful counterweight on the military side to its role as the IC’s leading all source intelligence producer.

I suspect Mike Flynn understood that there were long odds against dramatically changing DIA on his watch, but doing a risk verses benefit calculation I can see where he saw virtually only personal danger to himself and unlimited upside if the effort to make DIA more relevant to the “new normal” environment of continuing crisis succeeded. Presumably, whoever the next DirDIA is they will be informed by LTG Flynn’s experience of attempting to rapidly alter DIA and return to a path of incremental change for the agency.

Here are some recommendations I hope the next DIA Director will consider as this officer assesses the direction they want DIA to move in:

  • No reorganizations; play the cards you are dealt so the DIA workforce will stop being concerned about organization charts and be more focused producing intelligence.  Moreover, continuing the DIA “Centers” will allow the agency to avoid the disruptive ad hoc task force response to crises that it has traditionally used.
  • The quickest path to relevance is through tailored embedded (virtual where this makes sense) intelligence support teams for military operating forces going in harm’s way.  DIA “go teams” that train up with SOF, Army, Navy, Air Force and Marine units they are supporting will provide these units with better intelligence while infusing DIA at the working level with what military forces need and how they want it.
  • Avoid becoming “cyber warriors” but develop a deeper understanding of collection, analysis, signatures, and order of battle associate with the cyber domain.  What should the Modernized Intelligence Data Base (MIDB) look like for cyber targets?
  • Intelligence support to DoD acquisition is under served and is in the sweet spot of DIA’s capabilities and strengths.  Begin to view intelligence for acquisition as supporting the next generation of warfighters.
  • Information Technology (IT) is an “enabler” but not a core mission for DIA so stop spending so much time and money on it!  Shift to an outsourced managed services model similar to Ground Breaker to both save money and improve IT infrastructure performance.  Turn DIA to being an IT consumer/follower vice developer/innovator.  Leverage IT capabilities offered by ICITE, DI2E, and DISA

In the final analysis it doesn’t matter if DIA becomes a more relevant IC player through revolutionary or evolutionary change.  The radical organizational change and sense of urgency LTG Flynn has introduced into DIA, I believe will provide the next DirDIA a platform to help DIA through an incremental approach to achieving its true potential

That’s what I think; what do you think?