ICITE for Breakfast

It seems everything old is new again.  This May Day weekend supporters of Shia cleric Moqtada Sadr were engaged in mass anti-government demonstrations in the Green Zone of Baghdad making me wonder if I was in a time machine taking us back to 2006.  I am not sure, but it does seem as though this time Iraq is about to balkanize itself into Shia, Sunni, and Kurdish cantonments.  Meanwhile in the Baltic, Soviet – – – excuse me Russian – – –  SU-24 Fencers have been buzzing a US Navy destroyer while SU-27 Flankers have been doing barrel rolls around US Air Force RC-135 electronic surveillance aircraft as Vladimir Putin marks his area of influence. How Cold War retro is this! In Syria the sham of a month old ceasefire ended violently as Assad forces bombed Aleppo’s al Quds pediatrics hospital supported by both Doctors Without Borders and the International Committee of the Red Cross killing 50 on 29 April.  While it didn’t have far to go, Syria is back to the level of violence it experienced prior to the February 27 ceasefire.

Speaking of Syria I was surprised by what I heard on 26 April at an INSA/Defense One panel discussing ICITE.  At this breakfast event, ICITE was being touted for contributing to the Intelligence Community’s (IC) ability in August 2013 to assess in less than nine days that the government of Syrian President Bashar al-Assad’ was responsible for 1,500 being killed in chemical weapons attack on Damascus. (http://www.defenseone.com/technology/2016/04/future-intelligence-sharing-coming-together-syrian-war/127907/?oref=d-channelriver).  My surprise with this assertion was twofold.  First, that there were no more current IC successes that could be linked to ICITE than one that is over two years old.  Second, that anybody would be impressed with the IC (with or without ICITE) taking nine days to determine who was responsible for a heinous act that had already occurred.  More importantly, it seemed lost on the IC panelists discussing “the progress, challenges, and opportunities” associate with ICITE that the IC exists primarily to provide indications and warning (I&W) in advance of attacks like this so they can be deterred or prevented.  As we know in this case, the IC’s assessment about Assad’s use of chemical weapons resulted in the Obama Administration having to walk back from the “red line” it established with regard to the Syrian president’s use of these weapons.  I am still having trouble seeing the intelligence success here.

The panel of ICITE seniors also tacitly accepted Defense One’s survey data (https://fcw.com/Articles/2016/04/26/icite-metadata-nsa.aspx?s=fcwdaily_270416&p=1)

showing that ICITE (which is into its fourth year) is at least two to five years away (best case!) from being close to fully capable.  In terms of the Syrian Chemical Weapons attack example,  it is worth remembering that ICITE being fully capable means secure enterprise cloud connectivity for the big five IC agencies (CIA, NSA, NGA, NRO, and DIA) in the DC area and does not include State Department, DHS or the COCOMs.  With ICITE projected to be as much as five years away from being near full operational capability (FOC), I was discouraged to hear the panelists say that there is no formal technical road map for insuring ICITE’s currency or future direction, but rather by affirmative choice the ICITE Steering Group is relying on the commercial companies supporting the various ICITE Service Providers to keep ICITE technically up to date.  To me this means ICITE will never outpace the IT used by our adversaries to inform their decision making about us because they will be able buy state of the art IT quicker in the open market than the IC can through the federal acquisition process.

In his opening comments one of the panelist said he would grade ICITE to date as deserving a “B” with lots accomplished but more to do, particularly in terms of implementation and adoption.  He observed that governance in the areas of establishing data standards across the IC to maximize ICITE utility is still being worked as is developing the backroom processes for charge-back of ICITE services consumed.  Throughout the discussion about ICITE’s recent achievements (e.g., 50,000 DTE’s deployed over the past two years; the availability of AWS Market Place in Commercial Cloud Services, which lets developers and users to “pay by the drink” while they’re evaluating various software tools, development platforms and even entire operating systems), I did not discern any references to context, metrics, or impacts of these milestone accomplishments.  Throughout the panel discussion I thought I was in a time warp back to 2012 listening to ICITE seniors talking about the power of information integration that ICITE would enable with no specifics about schedules, funding, or metrics.

Given all this, plus the slow pace of deployment, I would probably grade ICITE at no better than a “C,” but I also understand that this 90 minute panel is just an incomplete snapshot of ICITE’s current state as well as its march toward creating a secure cloud enabled enterprise for integrating intelligence in a timely manner.  I suppose a case could be made for a grade of “incomplete,” but this would be unfair to the ICITE services (Commercial Cloud, GovCloud, DTE, Apps Mall, and Messaging) that have made it to initial operating capability (IOC), though more needs to be said about what these services mean for IC performance.

Subjective grades aside, with ICITE approaching its 5th anniversary as a new presidential administration comes to office with its own Director of National Intelligence (DNI), it doesn’t seem  inaccurate to say “ICITE is on the Clock” to show that it can enable the delivery of meaningful intelligence inside of our adversaries’ decision cycle.  If I am correct here, then I believe this summer is the right time for the IC to do a zero based review of ICITE aimed at keeping what is working, killing what is not, and accelerating so that ICITE FOC is closer to two years out rather than five.  ICITE needs a new sense of urgency!

That’s what I think; what do you think?

 

 

 

 

Advertisements

2015 Will Be Like 2014 — Just Different

The holidays this year were unusually kind to the Mazzafro family, and I hope the same is true for you and all who matter to you.

No holiday though for world events that affect and effect our national security and personal safety.  While there have fortunately been no ISIS beheadings since our last virtual encounter, the last two weeks of December ushered out 2014 with several events that will surely impact the national security scene in 2015.  As the price of oil continued to drop driving the Russian economy into chaos, President Obama diplomatically recognized Cuba to mixed reviews in both countries.  There was a lone wolf terrorist hostage situation in Sydney Australia that resulted in two dead, while the Taliban attacked a school in Peshawar for Pakistani military children killing 141 (132 children).  All of this was unfolding as North Korea concocted a high visibility cyber hack against Sony Picture Entertainment (SPE; previously Columbia Pictures) to prevent the release of the feature film “The Interview,” which is a comedy satire imagining that two reporters acting on behalf of the CIA assassinate North Korea’s “Boy Leader” Kim Jung Un.  The cyber hack against SPE’s intellectual property, business records, and emails was followed by threats of physical violence against theaters screening “The Interview” on Christmas Day.  The US-led NATO combat mission in Afghanistan formally ended but with 11,000 troops remaining, while the general leading the fight against ISIS said things are going well, but that it will be at least three years before we can stand-down.  Not surprisingly the polemics about the Senate Select Committee for Intelligence (SSCI) majority report on the use of Enhanced Interrogation Techniques dissipated with the adjournment of the 113th Congress.

So given all this, here is a potpourri of what I think we can expect to see in 2015:

  1. The Sony Hack is likely to be the seminal cyber event that causes both the US government and the private sector to get serious enough about cyber security to encourage the Congress to pass bi-partisan legislation that will require the sharing of threat information between corporations and government agencies with cyber security responsibilities.  Moreover, there will likely be a robust debate about what constitutes “cyber vandalism” as opposed to “cyber terrorism” and when a “cyber-attack” is an act of war?  Presumably, this debate will educate the American people regarding when and how they can expect their government to protect them in cyber space.  I also believe that the Sony hack and privacy concerns raised by the Snowden revelations will cause a rapid adoption of data encryption by virtually all Fortune 500 companies around the world and a significant number of individuals as well. As for North Korea, I would not be surprised to see a more open struggle emerge between hardliners and Chinese-encouraged moderates regarding pragmatic accommodations with South Korea and the US.
  2. The 46% drop in oil prices during 2014 has certainly ratcheted up the effects of economic sanctions on Iran and Russia while stimulating economic activity in China, Japan, and the US – – so what’s not to like about this situation? Nothing, if it causes Tehran to agree to curtail its nuclear weapons program in a verifiable way and results in Moscow rethinking its expansionist foreign policy in former states of the defunct Soviet Union.  The alternative, however, is an “us against the world” outlook that actually causes Putin and Iran’s supreme leader Khamenei to see no option but to keep pursuing aggressive nationalistic based policies that will continue to challenge a “lame duck” Obama administration facing an adversarial Congress.
  3. With China’s economic growth rate slowing to between 6% and 7% as the population ages, the Xi Jinping regime will become increasingly concerned with domestic issues. Of particular importance to Xi and the Chinese Politburo will be insuring that the democracy movement/demonstrations in Hong Kong do not spread to China’s mainland coastal cities. Meanwhile, the declining price of oil should have a calming effect on China and other nations seeking to establish territorial claims in the South and East China Sea in order to preserve energy exploration rights.
  4. By this time next year the US lead effort to degrade, disrupt and defeat ISIS with airpower will likely have devolved into a stalemate despite the US committing another 7,000 combat “advisers” (for a total of 10,000 boots on the ground) to steady and encourage the Iraqi Army. The irony here is that US ground forces will likely be acting in concert with the Iranian military to keep at least a Shia Iraq in existence.  Unless Syrian Dictator Bashar al Assad is taken out politically, or by other means, there seems little chance of the Syrian civil war ending in 2015.
  5. With 11,000 US troops remaining in Afghanistan as combat advisors, the end of America’s combat mission in this foreboding landlocked country is more political rhetoric than reality. The presence of US troops and the Pakistani military’s unwillingness to now concede safe haven to the Taliban and Al Qaeda in the aftermath of the Peshawar military school slaughter should keep the central government in Kabul viable, but for the long term prognosis see Iraq after the US departure in 2011 and Afghanistan post the Russian departure in 1989.  Already Afghan President Ashraf Ghani is saying the United States might want to “re-examine” the timetable for removing the remaining U.S.-led coalition troops in the country by the end of 2016.
  6. And now for the “lightening round”
    • “Lone Wolf” attacks, both physical and cyber, will increase in 2015 as result of self-radicalization, aggrieved individuals, or some just seeking their “15 minutes of fame.”
    • NSA’s bulk collection authorities will likely be renewed, but with considerable deference to privacy concerns and transparency. I also expect to see privacy advocates arguing before the Foreign Intelligence Surveillance Court (FISC)
    • The Intelligence Community’s (IC) deteriorating relationship with Congress should begin to heal, but it will be incumbent on the IC to rebuild the trust and confidence of the Congress (and by extension the American people) in the community. Both the IC and its Congressional oversight committees should begin a dialogue regarding how to revamp oversight so it can be more effective both in terms of IC mission needs and growing privacy concerns associate with the Information Age.
    • Budget caps will not be lifted by the 114th Congress, leaving Overseas Contingency Operating (OCO) funds as the only source of relief for unmet defense and intelligence funding needs. Military Service Intelligence agencies will be particularly squeezed
    • Despite the interest of incoming Secretary of Defense Ashton Carter in acquisition reform, which is shared with Senator McCain (incoming Chairman of the Senate Armed Services Committee) and Representative Thornberry (next Chairman of the House Armed Services Committee), there will be no meaningful reforms enacted in 2015.
    • As defense and intelligence contract award opportunities diminish because of budget realities, there will be an increase in merger and acquisition activity within the DoD and IC’s industrial base.
    • Expectations that private sector Research & Development (R&D) will be sufficient to meet Defense and IC needs are misplaced as contractors shift funding from R&D to protect shareholder equity and/or improve their balance sheets for potential acquirers.
    • 2015 is the “make or break” year for ICITE to begin to deliver mission capabilities to the IC if IOC, as laid out in 2012, is going to be achieved by 2017. Agencies opting out of the Desk Top Environment (DTE), the slow development of governance models, and challenges with integration do not make me optimistic

 

 

That’s what I think; what do you think?

ICITE Observations

It seems I have taken October and November off for no apparent reasons other than my day job along with some pro bono work for the ODNI has taken up more time than I thought they would.  When I wrote my last edition of the MazzInt Blog defunding the Affordable Care Act (ACA, aka ObamaCare) was the cause célèbre engaging the Congress as it was trying to avoid a government shutdown. They famously failed and now in the waning legislative days left before the winter holiday recess the Congress is again struggling to get some kind of budget deal in place before the current continuing resolution (CR) runs out on 15 January.  So far over the past two years I have not lost any money betting that the Congress will avoid hard budget choices and eventually agree to a CR with some adjustments.

In the mean time President Basher al Assad has agreed to the enforced destruction of Syria’s chemical weapons in order keep his regime in power and stem international support for the rebels.  Similarly, Iran has agreed to reduce its nuclear enrichment program for six months to get economic sanctions relief and put Israel in a position where it can’t militarily move against the Mullahs’ nuclear weapons program.  Then there is President Kharzhi refusing to sign the status of forces agreement necessary for residual US forces to remain in Afghanistan post withdrawal of combat forces at the end of 2014.  No worries, I am sure a few billion dollars in some kind of aid that he can personally tap into will get this all on track.  Meanwhile over the Thanksgiving Holiday weekend China established a controversial Air Defense Identification Zone (ADIZ) of the East China Sea to thwart Japan from asserting control over the disputed Senkaku Islands north of Taiwan.  In classic Cold War fashion the US immediately challenged this new ADIZ by flying two B-52 (BUFs) into it for over two hours causing the PRC to establish active fighter aircraft patrols in response. This gets dicier when we deploy a carrier strike group into the East China Sea ADIZ and the Peoples Liberation Army Navy (PLAN) responds with surface ships to interfere with flight operations.

Since the government reopened on 18 October though, the dominant national news story has been the botched rollout of Healthcare.gov so especially young healthy Americans could sign up for medical insurance under the Affordable Care Act (ACA).  Both opponents and proponents of the ACA were amazed and dismayed that the Information Technology (IT) necessary to allow uninsured Americans to sign up for the President’s signature program literally did not work because of flaws in the design, development and testing of what is admittedly a complex web site.  This got me thinking about how the DNI’s signature IT initiative  – – –  Intelligence Community Information Technology Enterprise (ICITE; pronounce “eye sight”)  – – –  is doing?  For the record, I view ICITE as essential for delivering an enterprise IT environment required to produce the high quality intelligence needed for decision superiority in the information age that is foundational to the IC remaining relevant.  As PDDNI Stephanie O’Sullivan says about ICITE:  failure is not an option!

In this spirit I have been listening since AFCEA’s Spring 2012 Intelligence Symposium to IC seniors (DNI, PDDNI, ODNI CIO, Agency Directors and CIO/CTO’s) talk about why ICITE is the critical path for moving the IC closer to the integrated end state that all agree with the DNI is necessary for producing better intelligence at lower costs.  What I have not heard any of these seniors say though, is why ICITE will succeed when recent IC IT enterprise efforts such as IC-MAP, GeoScout, Trailblazer, Horizontal Fusion, and JIVA failed to deliver on promised capabilities.  When asked this question IC seniors consistently answer along the following lines: IC leadership is fully committed to ICITE succeeding, budget pressures, and we have burned the boats/we have no other option/failure is not an option.  These bumper sticker responses, however, just reiterate the strategic importance of ICITE to the IC’s collective future without telling anyone how ICITE will avoid the pitfalls of size, cost, interoperability, security, schedule, and program management that got ICITE predecessors “over the breakers.”

But wait, the IC Deputies Executive Committee (DEXCOM) under the leadership of the PDDNI meets weekly to actively steer the direction of ICITE and neither IC-MAP nor those other programs ever had that!  I would feel more confident about the weekly involvement of the DEXCOM in ICITE if the Liberty Crossing II (LX II) “green door” was more transparent regarding decisions being made and the direction being given to individual IC agencies with ICITE Service Provider responsibilities.  Perhaps I have just not been paying attention, but I am not aware of any ICITE activity traceable to DEXCOM direction.  Then there’s the issue of an ad hoc committee of IC Deputy Directors with immediate personal and budget issues to deal with being the management team for a complex and technical effort like ICITE.  Seems like given its importance, running ICITE should be somebody’s full time job.

The DNI regularly describes ICITE as being about tagging the data and tagging the people so information and products can be shared and collaborated on securely across the IC.  Despite the DEXCOM’s prodding, ICITE technical standards for data tagging, security protocols, and identity management have yet to be agreed upon let alone tested.  The cost model for ICITE services and the processes for service providers to be reimbursed for the IT services they provide to other remains under consideration.  Since nothing has been promulgated in open channels, I am presuming ICITE’s acquisition strategy is classified, though I am not sure why it would need to be.  Given that ICITE is going to be developed and delivered as piece parts by individual IC agencies as service providers I am also wondering who/where/how it all gets integrated?  A testing plan for ICITE also needs to be developed, particularly in light of the Healthcare.gov experience.

In its current state and critical importance to IC mission accomplishment, ICITE in corporate speak seems to need an accelerated and vigorous “get fit” program before it can achieve its goals.  Not that anybody is asking (or going to ask) me, I would recommend that the IC DEXCOM direct a strategic pause in order to bring in subject matter experts from across the government (not just the IC) and industry to “RED TEAM” ICITE in order to discern what is working and why, as well as what is lagging and how to correct it.  What the IC doesn’t need is a Walter Pincus column on ICITE missteps or to be answering HPSCI and SSCI questions about why with its importance ICITE can’t deliver basic IT functionality such as Single Sign On (SSO), secure access to data based on identity, authorities, and permissions or is unable to deploy 100,000 Desk Top Environment (DTE) workstations in less than two years.

As the Secretary for Health and Human Services (HHS) now knows, what the DNI can’t allow to happen is for intelligence agencies to be in the situation where ICITE is costing them more than they were spending on IT and providing less capabilities than they had before.  The Healthcare.gov experience is a warning shot across ICITE’s bow that should be heeded!

That’s what I think; what do you think ?