Book Ends

I have been on an extended hiatus not because there has been a paucity of topics to talk with you about, but mostly because I did not feel that I had anything to say that was worth of your attention.

Recently though I  finished reading Mike Hayden’s book “THE ASSAULT ON INTELLIGENCE: American National Security in the Age of Lies”  (https://www.amazon.com/Assault-Intelligence-American-National-Security/dp/0525558586/ref=sr_1_1?s=books&ie=UTF8&qid=1530751440&sr=1-1&keywords=assault+on+intelligence+by+general+michael+v.+hayden and Jim Clapper’s “FACTS and FEARS:  Hard Truths from a Life in Intelligence (https://www.amazon.com/Facts-Fears-Hard-Truths-Intelligence/dp/0525558640/ref=sr_1_2?s=books&ie=UTF8&qid=1530751440&sr=1-2&keywords=assault+on+intelligence+by+general+michael+v.+hayden).  Both are well written and informative for the general reader; but neither book makes any “new”  news with the content of each being familiar to all those conversant with current events, especially with regards to the U.S. Intelligence Community (IC) and the various investigations into Russia’s interference with the 2016 presidential elections.

Hayden’s book is a polemic while Clapper’s is an extended memoir, but they share at least four things in common:

  1. Each is a book length editorial where the authors draw conclusions about the Trump campaign and presidency from the facts as they see them

 

  1. Both express a similar sense of dismay and alarm regarding President Trump’s disregard for documented facts and the negative effect this has on the IC and FBI

 

  1. They each infer that the IC and the FBI are entitled to the benefit of the doubt because they are fact based and apolitical.

 

  1. Hayden and Clapper both believe they have a responsibility to warn the American people that their IC and FBI are being misused and abused

While both Hayden and Clapper admit that their “fingerprints” are on the Special National Security Estimate that Saddam Hussein’s Iraq possessed weapons of mass destruction (WMD), neither explains why President Trump (or the American people) should not be cautious when the IC claims it is speaking truth to power on the basis of intelligence determined facts. Regarding Russian interference in the 2016 election Hayden and Clapper both take President Trump to task (rightly so in my view) for not accepting the Intelligence Community Assessment (ICA), which the Senate Select Committee on Intelligence (SSCI) has now found creditable, that Russia’s interference was real and was meant to harm Hillary Clinton.  What they don’t do, however, is critically assess how well the IC performed in detecting this Russian interference, assessing its impact, or effectively warning the candidates, those responsible for insuring election reliability, or the American the people about what Russia was doing.  I know I would have appreciated their views on what effect an earlier U.S. response to Putin’s directed effort “to sow confusion and disorder” amongst American voters could have produced.

I thought both books were miss-titled.

A more descriptive title for Mike Hayden’s book would be “Donald Trump’s Assault on the Intelligence Community” because he focuses on the President’s behavior in the current environment of post factual American Populism. Hayden sees Trump as modeling bad behavior when it comes to putting beliefs before facts rather than seeing Donald Trump as representative of an electorate who want their beliefs acknowledged and acted on.  Jim Clapper’s memoir could easily be titled “Speaking Truth to Power” given how many times he uses this phrase to express what he sees as the core strength of the IC.  What the former DNI doesn’t say much about is the ambiguous and incomplete nature inherent in intelligence assessments and estimates.  Reading “Assault on Intelligence” and “Facts and Fears” I had to remind myself that competing agendas and careerism that can distort intelligence products are not unknown to the IC.

While defending the IC, neither book spends as much time as I would have liked addressing the competition the IC is currently facing as it is rapidly becoming one of many sources used by its consumer base.  There is virtually no discussion in either book on how the IC is disadvantaged by its dated information technology (IT) capabilities and practices, government bureaucracy and classification relative to private sector think tanks, online media, large corporations, and data brokers – – – all of whom can generate and deliver at least multi-sourced creditable reports in a timeframe relevant to consumers at lower costs than the IC.

What I also would like to have heard Mike Hayden and Jim Clapper say more about is how the IC could/should up its game with big data, high performance computing, analytics, and artificial intelligence so that it can be head of other “truth providers” in offering unique value added information that would compel decision and policy makers to seriously consider what the IC is providing.

In their defense of the IC, which I respect and applaud, it should not be forgotten that IC needs to recognize that it is now in a seriously competitive environment where its views of facts and truth are no longer given the credence they once were because they come from the IC.

That’s what I think; what do you think?

Advertisements

MIND THE GAP; IN THIS CASE THE “NOTIFICATION GAP”

There has been no shortage of topics to discuss with you since my last MazzInt Blog in August, but I have been diverted by a household move sandwiched between trips to St Louis and Tampa.  We could revisit any number of topics that have been in the news since August such as President Trump’s trip to Asia, the deployment of three carrier strike groups to the Sea of Japan, impactful elections in both Japan and Germany, the Russian uranium deal, or developments in the Mueller investigation.

However what is on my mind right now is an AP article (thttps://wtop.com/government/2017/11/fbi-didnt-tell-us-targets-as-russian-hackers-hunted-emails-2/ ) that appeared over the Thanksgiving Holiday weekend regarding Russian Fancy Bear hackers targeting the personal gmail accounts of individuals with Top Secret security clearances.  This article is on my mind because the reporter who wrote the story told me before it appeared that I was one of Fancy Bear’s targets. Here’s what happened.

I was busy unpacking moving boxes on Friday morning 17 November when I got a call from the United Kingdom. The caller identified himself as Raphael Satter ((https://www.linkedin.com/in/raphaelsatter/) with the Associated Press (AP) and before I could ask why he was calling, he asked if I was Joseph Mazzafro and if my email address was mazzafro@gmail.com?  Since my email is widely known I confirmed who I was and that the email address he referenced was mine.  The reporter than asked me if I was aware of who Fancy Bear was, to which I responded affirmatively. He then asked me if I was aware that Fancy Bear had attempted to hack my gmail account in February 2015.  I said no, but because of my close association with the national security community over many years, I operate on the presumption that my emails are regularly being read by those they are not addressed to.

At this point I am asking myself – – – – what is this reporter looking for?  He then asked me if anyone from Google/gmail or the FBI had informed about me this attempted hack of my gmail account.  I said without hesitation that this call was the first report of any effort to hack my email that I have received. Mr. Satter then went on to explain that the private cyber security firm Secureworks (https://www.secureworks.com/) had developed a list gmail accounts Fancy Bear had tried to penetrate.  He mentioned some of the names which I immediately recognized as now retired leaders of U.S. Intelligence Community (IC) agencies.  Satter said he had spoken to some of them and like me they had not been notified by Google/Gmail or any government counterintelligence (CI) agency about Fancy Bear targeting their gmail accounts.  He then asked me how I felt about hearing this for the first time from an AP reporter to which I responded “No one has ever said to me ‘hey Joe you’ve been targeted by this Russian group.’” I continued “that our own security services have not gone out an alerted me, that’s what I find disconcerting as a national security professional.”   I then explained to Raphael Satter that I was not surprised that the FBI had not notified me because the hack was unsuccessful or they didn’t want to compromise sources and methods  From there the call ended pleasantly.

Dec Mazz Blog

Upon the call’s termination I realized immediately that this was something I should report to DIA as they held my clearance when this Fancy Bear attempted hack occurred.  I called a well-placed individual at DIA for advice and contact information on who I should report this interview from AP to.  When this person got back to me later on 17 November I was advised this was a CI verses a security issue but because I was no longer “affiliated” with DIA the DIA CI office did not have the authority to talk to me about Russian Fancy Bear efforts to hack my gmail or that I learned about it from AP reporter calling in London.  Apparently only the FBI can talk to me about this matter.  In the 10 days between Satter’s phone call to me and his story being run on the AP wire I expressed my concerns indirectly to DIA CI (remember they said they can’t talk to me) that nobody from the government had contacted me and I was concerned that when the story went public I would be seen as not having reported what happened in a timely manner.  I am still waiting to hear from somebody in the government regarding what an AP reporter told me about Fancy Bear attempting to hack gmail accounts of people who have had access to Top Secret Information.

Those who know me won’t be surprised that I have given what has happened (and not happened) to me considerable thought since this 17 November “cold call.”

I am certainly discouraged and confused that no one from the IC has responded to my effort to inform them that a reporter contacted me regarding Fancy Bear hacking attempts against people with known IC connections. I wanted the IC to be ahead of this story before it showed up in the media.  If Secureworks could uncover this Fancy Bear targeting campaign I would like to think that NSA and the FBI were already aware of it, raising the question of the government’s duty to warn American citizens of malicious foreign cyber intrusion attempts.  I am certain that because of the security clearances I have held I have an obligation to report to the government in a timely manner any threats to national security that I become aware of, but apparently when the threat is directed at me the government has no obligation to warn me.  It is not lost on me that one of the reasons those targeted by Fancy Bear didn’t get any notification from the FBI or other parts of the IC is so this hacking effort could be observed and followed, which could put my data and the data others who have served our nations faithfully at risk.  What is not clear to me is whether Google/Gmail was warned by the FBI or DHS about this Fancy Bear hacking effort apparently aimed at those associated with national security so these accounts could be protected.

What I am describing here is a microcosm of the debate that has been gridlocking an effective cyber defense of the United States for at least the past five years.  What is the appropriate quid pro quo for the private sector sharing cyber related activity it observes/encounters with the government in exchange for the government providing meaningful cyber threat information to the private sector?  This story about failure to notify individuals subjected to Fancy Bear Hacking of their gmail accounts will not increase the trust of most Americans that their government is prepared to warn them, if not actually protect them, when they are threatened by a foreign hacking campaign.

That’s what I think; what do you think?