ICITE Observations

It seems I have taken October and November off for no apparent reasons other than my day job along with some pro bono work for the ODNI has taken up more time than I thought they would.  When I wrote my last edition of the MazzInt Blog defunding the Affordable Care Act (ACA, aka ObamaCare) was the cause célèbre engaging the Congress as it was trying to avoid a government shutdown. They famously failed and now in the waning legislative days left before the winter holiday recess the Congress is again struggling to get some kind of budget deal in place before the current continuing resolution (CR) runs out on 15 January.  So far over the past two years I have not lost any money betting that the Congress will avoid hard budget choices and eventually agree to a CR with some adjustments.

In the mean time President Basher al Assad has agreed to the enforced destruction of Syria’s chemical weapons in order keep his regime in power and stem international support for the rebels.  Similarly, Iran has agreed to reduce its nuclear enrichment program for six months to get economic sanctions relief and put Israel in a position where it can’t militarily move against the Mullahs’ nuclear weapons program.  Then there is President Kharzhi refusing to sign the status of forces agreement necessary for residual US forces to remain in Afghanistan post withdrawal of combat forces at the end of 2014.  No worries, I am sure a few billion dollars in some kind of aid that he can personally tap into will get this all on track.  Meanwhile over the Thanksgiving Holiday weekend China established a controversial Air Defense Identification Zone (ADIZ) of the East China Sea to thwart Japan from asserting control over the disputed Senkaku Islands north of Taiwan.  In classic Cold War fashion the US immediately challenged this new ADIZ by flying two B-52 (BUFs) into it for over two hours causing the PRC to establish active fighter aircraft patrols in response. This gets dicier when we deploy a carrier strike group into the East China Sea ADIZ and the Peoples Liberation Army Navy (PLAN) responds with surface ships to interfere with flight operations.

Since the government reopened on 18 October though, the dominant national news story has been the botched rollout of Healthcare.gov so especially young healthy Americans could sign up for medical insurance under the Affordable Care Act (ACA).  Both opponents and proponents of the ACA were amazed and dismayed that the Information Technology (IT) necessary to allow uninsured Americans to sign up for the President’s signature program literally did not work because of flaws in the design, development and testing of what is admittedly a complex web site.  This got me thinking about how the DNI’s signature IT initiative  – – –  Intelligence Community Information Technology Enterprise (ICITE; pronounce “eye sight”)  – – –  is doing?  For the record, I view ICITE as essential for delivering an enterprise IT environment required to produce the high quality intelligence needed for decision superiority in the information age that is foundational to the IC remaining relevant.  As PDDNI Stephanie O’Sullivan says about ICITE:  failure is not an option!

In this spirit I have been listening since AFCEA’s Spring 2012 Intelligence Symposium to IC seniors (DNI, PDDNI, ODNI CIO, Agency Directors and CIO/CTO’s) talk about why ICITE is the critical path for moving the IC closer to the integrated end state that all agree with the DNI is necessary for producing better intelligence at lower costs.  What I have not heard any of these seniors say though, is why ICITE will succeed when recent IC IT enterprise efforts such as IC-MAP, GeoScout, Trailblazer, Horizontal Fusion, and JIVA failed to deliver on promised capabilities.  When asked this question IC seniors consistently answer along the following lines: IC leadership is fully committed to ICITE succeeding, budget pressures, and we have burned the boats/we have no other option/failure is not an option.  These bumper sticker responses, however, just reiterate the strategic importance of ICITE to the IC’s collective future without telling anyone how ICITE will avoid the pitfalls of size, cost, interoperability, security, schedule, and program management that got ICITE predecessors “over the breakers.”

But wait, the IC Deputies Executive Committee (DEXCOM) under the leadership of the PDDNI meets weekly to actively steer the direction of ICITE and neither IC-MAP nor those other programs ever had that!  I would feel more confident about the weekly involvement of the DEXCOM in ICITE if the Liberty Crossing II (LX II) “green door” was more transparent regarding decisions being made and the direction being given to individual IC agencies with ICITE Service Provider responsibilities.  Perhaps I have just not been paying attention, but I am not aware of any ICITE activity traceable to DEXCOM direction.  Then there’s the issue of an ad hoc committee of IC Deputy Directors with immediate personal and budget issues to deal with being the management team for a complex and technical effort like ICITE.  Seems like given its importance, running ICITE should be somebody’s full time job.

The DNI regularly describes ICITE as being about tagging the data and tagging the people so information and products can be shared and collaborated on securely across the IC.  Despite the DEXCOM’s prodding, ICITE technical standards for data tagging, security protocols, and identity management have yet to be agreed upon let alone tested.  The cost model for ICITE services and the processes for service providers to be reimbursed for the IT services they provide to other remains under consideration.  Since nothing has been promulgated in open channels, I am presuming ICITE’s acquisition strategy is classified, though I am not sure why it would need to be.  Given that ICITE is going to be developed and delivered as piece parts by individual IC agencies as service providers I am also wondering who/where/how it all gets integrated?  A testing plan for ICITE also needs to be developed, particularly in light of the Healthcare.gov experience.

In its current state and critical importance to IC mission accomplishment, ICITE in corporate speak seems to need an accelerated and vigorous “get fit” program before it can achieve its goals.  Not that anybody is asking (or going to ask) me, I would recommend that the IC DEXCOM direct a strategic pause in order to bring in subject matter experts from across the government (not just the IC) and industry to “RED TEAM” ICITE in order to discern what is working and why, as well as what is lagging and how to correct it.  What the IC doesn’t need is a Walter Pincus column on ICITE missteps or to be answering HPSCI and SSCI questions about why with its importance ICITE can’t deliver basic IT functionality such as Single Sign On (SSO), secure access to data based on identity, authorities, and permissions or is unable to deploy 100,000 Desk Top Environment (DTE) workstations in less than two years.

As the Secretary for Health and Human Services (HHS) now knows, what the DNI can’t allow to happen is for intelligence agencies to be in the situation where ICITE is costing them more than they were spending on IT and providing less capabilities than they had before.  The Healthcare.gov experience is a warning shot across ICITE’s bow that should be heeded!

That’s what I think; what do you think ?

The Fiscal Cliff Is Here Again Along With Cyber Insecurity

Greetings Fiscal Cliff Dwellers!  By the time you read this there will be less than two weeks before automatic sequestration cuts take effect – – – a week of which the Congress will be in recess!  What was meant to be a “poison pill” to force the legislative and executive branches to compromise on rational budgets so the government could reduce the deficit by $1.2 trillion over the next ten years now appears inevitable.  Since January we have been fed a steady stream of increasingly dire consequences from Navy aircraft carriers not deploying, to Army readiness declining, to Air Force airplanes not being maintained, to civilian workers being furloughed, and to contracts being canceled unless there is some relief from the automatic 9.4% sequestration of funds scheduled for March 1st.   Yet none of this doom and gloom was in evidence as late as Thanksgiving of 2012 when the reflexive answer from DoD consistently was “the Congress won’t allow sequestration to happen!”

Of course throughout 2012 DoD was planning on rolling a “7” to get Congress to lift sequestration by overtly not planning for it; instead “snake eyes” came up when on New Year’s Day the Congress and the President deferred sequestration until 01 March in order to get a deal for a tax increase and raising the debt ceiling short term.  I don’t know about the rest of the country, but here in Washington sequestration fatigue has set in after a year of meaningless political posturing resulting in a now conflicted sense of resignation that sequestration is unavoidable because “the other side won’t be reasonable.”  Moving on to “what’s next” Beltway wisdom is projecting that the pain of sequestration will bring both sides in Congress to their senses almost immediately, which will result in the Continuing Resolution that needs to be enacted by 27 March to avoid a government shutdown having language that will at least allow departments to allocate the sequestration cuts as they think best vice in their current across the board nature.  Poke me in April to let me know how this going!

Were you as amused as I was about the constitutional law debate associated with the “discovery” the day before John Brennan’s Senate confirmation hearing to be CIA Director that the executive branch has detailed legal guidance regarding when American citizens engaged with terrorists abroad can be purposely targeted for elimination?  The use of lethal force is never a trifling matter and an American citizen’s inalienable right to life, liberty, and the pursuit of happiness is inviolateable, but as Justice Robert Jackson observed in his 1949 dissenting opinion on Terminiello verses Chicago “the constitution is not a suicide pact.”  While legal purists will disagree, I am of the view that when an American knowingly acts in concert with a foreign adversary against the national security interests of the United States his/her claim to the protections associated with U.S. citizenship are abrogated.  Then there is the criteria of “imminent danger” that is tantamount to “self defense” which should obviate the need for offering Miranda Rights.  I certainly want the U.S. government acting preemptively overseas to take out any immediate threat from those who have said they are motivated to destroy the United States.

That said I am not so certain that the authority to execute preemptive drone strikes against terrorists, American citizens or otherwise, manifesting imminent danger to U.S. national security is well placed with the Intelligence Community (IC), except for instances where deniability is essential.  There is a “Star Chamber” quality to the IC being responsible for identifying terrorist threats, targeting their location and then flying the missions to destroy them that overtime could be corrupting while engendering mistrust that would harm the overall effectiveness of the community.  During the Cold War when the danger of a nuclear ICBM attack was immense and imminent we depended on the IC “warning,” the President “deciding,” and the military “responding” – a model of specific executive power with Congressional oversight.

The recent Mandiant report that China is “eating our cyber lunch” to the point of threatening our national infrastructure, gaining economic advantage against our leading companies, and stealing our most sensitive intellectual property seems to have finally shaken our country into acceptance that we are collectively and individually at considerable “cyber risk.”   This is not news to the cyber digitari or anyone who has read anything by Richard Clarke, but it surfaces an important policy question directly related to the IC running the nation’s counterterrorist drone program: how and where do we want to defend our “cyber sovereignty” understanding that the National Security Agency (NSA) currently possesses our most effective capabilities in this domain?

If it makes sense for CIA to identify and take out dangerous terrorists with remote drone attacks then shouldn’t NSA be launching bots against cyber foreign threats it detects?  I don’t know what the right answer to this question is, but I am not comfortable extending by fiat an analog of our drone approach to counterterrorism to cyber security.  I am, however, confident that I could support any cyber security response policy that has been subjected to national debate so we know the options and risks, involves checks and balances between departments if not branches of the government, and can be easily adjusted or rescinded.  Finally like most Vietnam era intel officers, I have no confidence in “body count” metrics, so neither the number of terrorists killed by drones nor cyber threats thwarted by good guy malware are by themselves going to convince me that we are safer.

That’s what I think; what do you think?

Dramatics to Drama: From the Fiscal Cliff to “Zero Dark Thirty”

Unless we are existing in a weird parallel universe, the Mayans were clearly wrong about the world ending last month,  but the National Intelligence Council’s “Global Trends 2030: Alternative Worlds” does warn the U.S. will likely lose its status as the planet’s only superpower by then.  And how about that fiscal cliff?!?  Lots of drama for New Year’s Day legislation that only raised taxes on those making $400k or more without any meaningful impact on reducing the deficit or dealing with sequestration.  More or less a two month “U” turn at the fiscal cliff or a demonstration of “Democracy Inaction!”

The White House and the Congress “agreeing” to defer dealing with either the debt ceiling or sequestration for two months only insures that budgetary uncertainty for almost all national security accounts will continue until “March Madness.”  Sequestration will then join raising the debt ceiling and extending the Continuing Resolution (CR) for the rest of FY 13 as requiring legislative action of some type in March.  While there could be some kind of grand bargain providing a comprehensive solution to all three of these separate but related tectonic fiscal issues, I remain unable to see what will change between now and March given the political posturing that has been going since 2010 without any significant increases in revenues or cuts in spending.  And as we heard the President and the Republican leaders of Congress publicly “trash talking” with each other on January 14, any discussion about raising the debt ceiling is an opportunity for political brinkmanship regarding shutting down the government.

Apparently sharing my pessimism, Under Secretary of Defense Ash Carter has directed DoD agencies to begin planning immediately for sequestration; something that was specifically enjoined in 2012 as the Administration tried to force the Congress to act by having no plan.  Secretary of the Air Force Donely subsequently told his service in mid-January that with the dual specter of operating under sequestration AND a CR for the rest of FY13 the Air Force needs to begin planning for furlough notification as soon as possible in order to preserve all of the government’s options, to commence curtailing all non-mission related activities, and to start reviewing all overseas contingency operations for potential deferment.

This sounds serious because it is! According to an hour long presentation prepared by the Center for Strategic and Budgetary Assessments’ (CSBA) Todd Harrison titled “What the Fiscal Cliff Deal Means for Defense”  (http://www.csbaonline.org/publications/2013/01/what-the-fiscal-cliff-deal-means-for-defense/)  the following points compel attention:

  • Both parties may end up looking at sequestration and say, ‘You know what, this is bad, this is not what we want, but it’s probably better than anything we could negotiate with the other side.”
  • Delaying sequestration until March saves DoD approximately $15 billion dollars in cuts but the remaining $45 billion in defense sequestration will have to be absorbed in seven vice nine month
  • If sequestration is not modified and the CR is extended to the end of FY 13 then civilian pay needs to be cut 15% for FY13, which will require furloughing every civilian in DoD for one month

Yeah, but things will get better in the out years – – -won’t they?  I don’t think so because to reduce the deficit any increase in national security spending will have to be offset with cuts elsewhere or funded by tax increases.

Shifting from dramatic to drama, I just saw the movie “Zero Dark Thirty.”  Having no experience with enhanced interrogation techniques, unlike SSCI chair Senator Diane Feinstein, I am reluctant to judge if the opening scenes of this movie are accurate or an exaggerated expression of artistic license.  What the movie does convey, however, is that enhanced interrogation when done for a purpose and under control can be effective.  Whether it is morally defensible is left for the audience to decide.  Ironically John Brennan, the administration’s National Security Advisor for Homeland Security and Counterterrorism was nominated by President Obama to be the next CIA Director the week before “Zero Dark Thirty’s” opening – the same position he asked not to be considered for in 2008 because of a brewing confirmation battle over what he did and did not know about the use of enhanced interrogation during the Bush 43 presidency.

Through the intelligence driven drone program against terrorist and the successful Bin Laden raid, John Brennan has earned the President’s trust and confidence to be his first choice to lead the CIA in the wake of General Petraeus’ unexpected resignation.  If acting CIA Director Mike Morrell or USD(I) Mike Vickers were being seriously considered for Director of CIA the air ran out of those balloons when both were named separately as potentially having provided the makers of “Zero Dark Thirty” with background information that was classified.  Apparently all it took for John Brennan to be nominated as the next CIA Director is a lifelong career at CIA, four years of intense hard intelligence work at the White House, the reelection of Barack Obama to a second term, and an inadvertent lapse of judgment by the other potential candidates in talking tradecraft with movie producers/actors.

Even with its handling of enhanced interrogation as an issue for the audience to decide, I thought the movie portrayed a positive image of U.S. Intelligence in general and the CIA in particular.  More importantly though, “Zero Dark Thirty” shows with great fidelity how fragmented and ambiguous HUMINT is by its nature and how dangerous it can be to collect.  Intelligence professionals will appreciate the movie being three hours long as an artifact of the time it takes to collect and cross check HUMINT, but what is truly stunning is the way the screenplay depicts all-source analysis being used to close information gaps and resolve ambiguity.  Bottom Line:  “Zero Dark Thirty” is not as good a movie as “Lincoln” but it’s a must see for anyone interested intelligence.

Finally here’s my “bracket” based on few facts and my own hunches for “Federal Fiscal March Madness”

  • The debt ceiling is raised in exchange for extending  the eligibility age for Social Security and Medicare
  • Sequestration cuts remain essentially unchanged, but department/agencies are granted more flexibility in how these cuts are allocated
  • The CR is continued for the rest of FY 13 as planning for FY 14 remains delayed

Notice there is no winner anywhere here!  That’s what I think; what do you think?