There has been no shortage of topics to discuss with you since my last MazzInt Blog in August, but I have been diverted by a household move sandwiched between trips to St Louis and Tampa.  We could revisit any number of topics that have been in the news since August such as President Trump’s trip to Asia, the deployment of three carrier strike groups to the Sea of Japan, impactful elections in both Japan and Germany, the Russian uranium deal, or developments in the Mueller investigation.

However what is on my mind right now is an AP article (thttps://wtop.com/government/2017/11/fbi-didnt-tell-us-targets-as-russian-hackers-hunted-emails-2/ ) that appeared over the Thanksgiving Holiday weekend regarding Russian Fancy Bear hackers targeting the personal gmail accounts of individuals with Top Secret security clearances.  This article is on my mind because the reporter who wrote the story told me before it appeared that I was one of Fancy Bear’s targets. Here’s what happened.

I was busy unpacking moving boxes on Friday morning 17 November when I got a call from the United Kingdom. The caller identified himself as Raphael Satter ((https://www.linkedin.com/in/raphaelsatter/) with the Associated Press (AP) and before I could ask why he was calling, he asked if I was Joseph Mazzafro and if my email address was mazzafro@gmail.com?  Since my email is widely known I confirmed who I was and that the email address he referenced was mine.  The reporter than asked me if I was aware of who Fancy Bear was, to which I responded affirmatively. He then asked me if I was aware that Fancy Bear had attempted to hack my gmail account in February 2015.  I said no, but because of my close association with the national security community over many years, I operate on the presumption that my emails are regularly being read by those they are not addressed to.

At this point I am asking myself – – – – what is this reporter looking for?  He then asked me if anyone from Google/gmail or the FBI had informed about me this attempted hack of my gmail account.  I said without hesitation that this call was the first report of any effort to hack my email that I have received. Mr. Satter then went on to explain that the private cyber security firm Secureworks (https://www.secureworks.com/) had developed a list gmail accounts Fancy Bear had tried to penetrate.  He mentioned some of the names which I immediately recognized as now retired leaders of U.S. Intelligence Community (IC) agencies.  Satter said he had spoken to some of them and like me they had not been notified by Google/Gmail or any government counterintelligence (CI) agency about Fancy Bear targeting their gmail accounts.  He then asked me how I felt about hearing this for the first time from an AP reporter to which I responded “No one has ever said to me ‘hey Joe you’ve been targeted by this Russian group.’” I continued “that our own security services have not gone out an alerted me, that’s what I find disconcerting as a national security professional.”   I then explained to Raphael Satter that I was not surprised that the FBI had not notified me because the hack was unsuccessful or they didn’t want to compromise sources and methods  From there the call ended pleasantly.

Dec Mazz Blog

Upon the call’s termination I realized immediately that this was something I should report to DIA as they held my clearance when this Fancy Bear attempted hack occurred.  I called a well-placed individual at DIA for advice and contact information on who I should report this interview from AP to.  When this person got back to me later on 17 November I was advised this was a CI verses a security issue but because I was no longer “affiliated” with DIA the DIA CI office did not have the authority to talk to me about Russian Fancy Bear efforts to hack my gmail or that I learned about it from AP reporter calling in London.  Apparently only the FBI can talk to me about this matter.  In the 10 days between Satter’s phone call to me and his story being run on the AP wire I expressed my concerns indirectly to DIA CI (remember they said they can’t talk to me) that nobody from the government had contacted me and I was concerned that when the story went public I would be seen as not having reported what happened in a timely manner.  I am still waiting to hear from somebody in the government regarding what an AP reporter told me about Fancy Bear attempting to hack gmail accounts of people who have had access to Top Secret Information.

Those who know me won’t be surprised that I have given what has happened (and not happened) to me considerable thought since this 17 November “cold call.”

I am certainly discouraged and confused that no one from the IC has responded to my effort to inform them that a reporter contacted me regarding Fancy Bear hacking attempts against people with known IC connections. I wanted the IC to be ahead of this story before it showed up in the media.  If Secureworks could uncover this Fancy Bear targeting campaign I would like to think that NSA and the FBI were already aware of it, raising the question of the government’s duty to warn American citizens of malicious foreign cyber intrusion attempts.  I am certain that because of the security clearances I have held I have an obligation to report to the government in a timely manner any threats to national security that I become aware of, but apparently when the threat is directed at me the government has no obligation to warn me.  It is not lost on me that one of the reasons those targeted by Fancy Bear didn’t get any notification from the FBI or other parts of the IC is so this hacking effort could be observed and followed, which could put my data and the data others who have served our nations faithfully at risk.  What is not clear to me is whether Google/Gmail was warned by the FBI or DHS about this Fancy Bear hacking effort apparently aimed at those associated with national security so these accounts could be protected.

What I am describing here is a microcosm of the debate that has been gridlocking an effective cyber defense of the United States for at least the past five years.  What is the appropriate quid pro quo for the private sector sharing cyber related activity it observes/encounters with the government in exchange for the government providing meaningful cyber threat information to the private sector?  This story about failure to notify individuals subjected to Fancy Bear Hacking of their gmail accounts will not increase the trust of most Americans that their government is prepared to warn them, if not actually protect them, when they are threatened by a foreign hacking campaign.

That’s what I think; what do you think?









What has Fat Leonard done to the U.S. Navy?

I am going to take an excursion from talking directly about the Intelligence Community because my attention is consumed by Craig Whitlock’s investigative report “The Man Who Seduced the 7th Fleet” that appeared as the lead story on the front page of the Memorial Day Weekend Sunday edition of the Washington Post (http://www.washingtonpost.com/sf/investigative/wp/2016/05/27/fat-leonard/).   This is an important, but not particularly time sensitive, story about how one contractor played on the human weaknesses of U.S. Navy officers to insure his company was awarded lucrative port services contracts across the western Pacific.  Given that Memorial Day is about honoring those who died in uniform while defending our nation, I found the Post’s editorial decision to run this story about military corruption the day before Memorial a bit more than offsetting.

Nonetheless, the story of Leonard Francis (aka “Fat Leonard) ingratiating himself to most of the senior officers leading the 7th Fleet or commanding its ships while actually bribing others for information that would give his Glenn Marine port services company an advantage over competitors is disheartening and discouraging in two ways. First there is the wrong doing that has been revealed and confirmed.  Then there is the way the Navy has handled the individual charges and the scandal overall.  Both imply a Navy that is ethically adrift.

Let me begin by saying I have observed from the outside (I retired from the USN in 1996) a decline in accountability and commitment to integrity across all of the services from what was my experience while in uniform. To wit:

  1. The Walter Reed treatment of wounded veterans
  2. Air Force nuclear readiness test cheating
  3. The mistreatment of prisoners at Abu Graib and subsequent efforts at cover up
  4. The Haditha Dam murders by Marines

Each of these events is in its own way every bit as disturbing as the Fat Leonard Scandal, but that is not my point; rather it’s the decline in discipline, accountability and integrity that they have in common with the events recounted about the Navy by Craig Whitlock.

I believe this is a result of a military that has been over used and abused by the elected leadership of our country for the past 15 years. This is aggravated by the generalized feeling of those in uniform that the average citizen has no appreciation for the hardships of military life, no commitment to the nation’s security and certainly no code of conduct.  As a result members of the active duty military have begun to question why they should continue to hold themselves to a standard of behavior not just above that of the average American, but well above and beyond anything remotely close to what those on “Main Street” are willing to accept.

OK, so that’s my view of the big picture, but let’s now look at the Navy and Fat Leonard more closely.  To begin,  I see a lot of Tail Hook in the current scandal, where the issue was not the specific wrong doings of the few in Las Vegas, but the pervasive atmosphere of “boys will be boys” acceptance of demeaning behavior towards women AND an enabling code of silence to protect the innocent and the guilty.  Then there was the NIS investigation that made everything bad about Tail Hook worse.

I see the same things with the Fat Leonard situation.  A few bad actors trading fleet logistical information for money and a good time.  These bad actors rationalized to themselves that the information they were feeding to Fat Leonard really wasn’t that important (hey somebody is going to get these contracts!) and besides Leonard Francis was seemingly well connected with all of the admirals in operationally responsible positions across the Pacific Fleet.  The scope of the Fat Leonard scandal reaches Tail Hook proportions not because hundreds in the Navy are “on the take” from Glenn Marine, but because a friendly guy wanted to express his “appreciation” in order to make more money to those protecting the regions and ports he did business in.  What the officers on the periphery of this scandal lost sight of was that Leonard Francis was a contractor the Navy was paying [all too] well.  So while the same officer who wouldn’t let somebody from a defense contractor buy them a sandwich in the Pentagon cafeteria is willing to accept an invitation from a chief executive of a company actively doing business with the Navy to a lavish dinner in an expensive port such as Hong Kong.   Sticking around for the prostitutes in my mind can only be explained by the power of alcohol and the foolish rationalizations of “just this once” and “who’s going to know?”  Anyway, now you have a significant number of officers Fat Leonard has “entertained” and we see the protective code of silence emerge, in this case mostly in terms of turning a blind eye to seemingly inconsequential conflict of interest (as opposed to ethical ) transgressions.

Shifting to the investigation, what I don’t understand and have not seen explained is why the Navy has allowed the Justice Department to prosecute those alleged to have defrauded or embarrassed the Navy vice holding them to account under the Uniformed Code of Military Justice (UCMJ)? As you might expect I know both Vadm Ted Branch and Rdml Bruce Loveless.  All who know these two officers remain surprised that their names haven even surfaced in this investigation, but can I see Twig or Bruce having attended one of Fat Leonard’s in port dinners and/or known others who were too close to Glenn Marine?  Sure I can.  So when the FBI says its investigation raises concern about these two officers in regard to Fat Leonard, the Secretary of the Navy takes the middle of the road position of suspending their clearances but keeping them in their senior N2 intelligence positions in OPNAV.  OK, this is tolerable assuming the they are about to be charged (again it should be under the UCMJ vice federal statues), but when no charges are forthcoming six months later the SecNav should have said “charge them or clear them” and immediately reinstated their clearances.  This intolerable situation has persisted for over two years!

I am not unfamiliar with the temptations associated with liberty in the Western Pacific, so I am at least self-aware enough to know that while I can explain, if not justify, the behavior of a large number of Navy Officers ensnared by Leonard Francis, I could well have found myself going to a Fat Leonard Dinner if the flag I was working for was attending (how could it be wrong if the admiral is there?!?).  However, when you see the Fat Leonard Scandal in a larger context, all involved with Leonard Francis should have recognized they were nearing conflict of interest/ethical shoal waters to be avoided for one’s own wellbeing and that of the Navy’s.  No, the dangerous shallow waters of ethics and conflict of interest are not usually well marked, which is why experience and judgment matter.

As a result of apparently coordinated, vice happenstance, programing, Chief of Naval of Operations (CNO) Admiral John Richardson was interviewed by Craig Whitlock on CSPAN Radio’s “Newsmakers” show on Sunday evening 30 May (http://www.c-span.org/video/?410028-1/radio-newsmakers-admiral-john-richardson ).  From this 30 minute interview it seemed to me that neither the CNO nor those interviewing him perceive the obvious connection between the faith and trust that the Navy and the nation have to put in commanding officers dealing with incidents such as Russian Fencers making simulated attack runs on the USS Donald Cook in the Baltic and the judgment shown by numerous senior officers involved in the Fat Leonard Scandal.

Fortunately there are no indications that intelligence has been subjected to any lapses of judgment in the 7th Fleet (or elsewhere in the Navy for that matter) by any of the officers associated with Fat Leonard.

That’s what I think; what do you think?

ICITE for Breakfast

It seems everything old is new again.  This May Day weekend supporters of Shia cleric Moqtada Sadr were engaged in mass anti-government demonstrations in the Green Zone of Baghdad making me wonder if I was in a time machine taking us back to 2006.  I am not sure, but it does seem as though this time Iraq is about to balkanize itself into Shia, Sunni, and Kurdish cantonments.  Meanwhile in the Baltic, Soviet – – – excuse me Russian – – –  SU-24 Fencers have been buzzing a US Navy destroyer while SU-27 Flankers have been doing barrel rolls around US Air Force RC-135 electronic surveillance aircraft as Vladimir Putin marks his area of influence. How Cold War retro is this! In Syria the sham of a month old ceasefire ended violently as Assad forces bombed Aleppo’s al Quds pediatrics hospital supported by both Doctors Without Borders and the International Committee of the Red Cross killing 50 on 29 April.  While it didn’t have far to go, Syria is back to the level of violence it experienced prior to the February 27 ceasefire.

Speaking of Syria I was surprised by what I heard on 26 April at an INSA/Defense One panel discussing ICITE.  At this breakfast event, ICITE was being touted for contributing to the Intelligence Community’s (IC) ability in August 2013 to assess in less than nine days that the government of Syrian President Bashar al-Assad’ was responsible for 1,500 being killed in chemical weapons attack on Damascus. (http://www.defenseone.com/technology/2016/04/future-intelligence-sharing-coming-together-syrian-war/127907/?oref=d-channelriver).  My surprise with this assertion was twofold.  First, that there were no more current IC successes that could be linked to ICITE than one that is over two years old.  Second, that anybody would be impressed with the IC (with or without ICITE) taking nine days to determine who was responsible for a heinous act that had already occurred.  More importantly, it seemed lost on the IC panelists discussing “the progress, challenges, and opportunities” associate with ICITE that the IC exists primarily to provide indications and warning (I&W) in advance of attacks like this so they can be deterred or prevented.  As we know in this case, the IC’s assessment about Assad’s use of chemical weapons resulted in the Obama Administration having to walk back from the “red line” it established with regard to the Syrian president’s use of these weapons.  I am still having trouble seeing the intelligence success here.

The panel of ICITE seniors also tacitly accepted Defense One’s survey data (https://fcw.com/Articles/2016/04/26/icite-metadata-nsa.aspx?s=fcwdaily_270416&p=1)

showing that ICITE (which is into its fourth year) is at least two to five years away (best case!) from being close to fully capable.  In terms of the Syrian Chemical Weapons attack example,  it is worth remembering that ICITE being fully capable means secure enterprise cloud connectivity for the big five IC agencies (CIA, NSA, NGA, NRO, and DIA) in the DC area and does not include State Department, DHS or the COCOMs.  With ICITE projected to be as much as five years away from being near full operational capability (FOC), I was discouraged to hear the panelists say that there is no formal technical road map for insuring ICITE’s currency or future direction, but rather by affirmative choice the ICITE Steering Group is relying on the commercial companies supporting the various ICITE Service Providers to keep ICITE technically up to date.  To me this means ICITE will never outpace the IT used by our adversaries to inform their decision making about us because they will be able buy state of the art IT quicker in the open market than the IC can through the federal acquisition process.

In his opening comments one of the panelist said he would grade ICITE to date as deserving a “B” with lots accomplished but more to do, particularly in terms of implementation and adoption.  He observed that governance in the areas of establishing data standards across the IC to maximize ICITE utility is still being worked as is developing the backroom processes for charge-back of ICITE services consumed.  Throughout the discussion about ICITE’s recent achievements (e.g., 50,000 DTE’s deployed over the past two years; the availability of AWS Market Place in Commercial Cloud Services, which lets developers and users to “pay by the drink” while they’re evaluating various software tools, development platforms and even entire operating systems), I did not discern any references to context, metrics, or impacts of these milestone accomplishments.  Throughout the panel discussion I thought I was in a time warp back to 2012 listening to ICITE seniors talking about the power of information integration that ICITE would enable with no specifics about schedules, funding, or metrics.

Given all this, plus the slow pace of deployment, I would probably grade ICITE at no better than a “C,” but I also understand that this 90 minute panel is just an incomplete snapshot of ICITE’s current state as well as its march toward creating a secure cloud enabled enterprise for integrating intelligence in a timely manner.  I suppose a case could be made for a grade of “incomplete,” but this would be unfair to the ICITE services (Commercial Cloud, GovCloud, DTE, Apps Mall, and Messaging) that have made it to initial operating capability (IOC), though more needs to be said about what these services mean for IC performance.

Subjective grades aside, with ICITE approaching its 5th anniversary as a new presidential administration comes to office with its own Director of National Intelligence (DNI), it doesn’t seem  inaccurate to say “ICITE is on the Clock” to show that it can enable the delivery of meaningful intelligence inside of our adversaries’ decision cycle.  If I am correct here, then I believe this summer is the right time for the IC to do a zero based review of ICITE aimed at keeping what is working, killing what is not, and accelerating so that ICITE FOC is closer to two years out rather than five.  ICITE needs a new sense of urgency!

That’s what I think; what do you think?