MIND THE GAP; IN THIS CASE THE “NOTIFICATION GAP”

There has been no shortage of topics to discuss with you since my last MazzInt Blog in August, but I have been diverted by a household move sandwiched between trips to St Louis and Tampa.  We could revisit any number of topics that have been in the news since August such as President Trump’s trip to Asia, the deployment of three carrier strike groups to the Sea of Japan, impactful elections in both Japan and Germany, the Russian uranium deal, or developments in the Mueller investigation.

However what is on my mind right now is an AP article (thttps://wtop.com/government/2017/11/fbi-didnt-tell-us-targets-as-russian-hackers-hunted-emails-2/ ) that appeared over the Thanksgiving Holiday weekend regarding Russian Fancy Bear hackers targeting the personal gmail accounts of individuals with Top Secret security clearances.  This article is on my mind because the reporter who wrote the story told me before it appeared that I was one of Fancy Bear’s targets. Here’s what happened.

I was busy unpacking moving boxes on Friday morning 17 November when I got a call from the United Kingdom. The caller identified himself as Raphael Satter ((https://www.linkedin.com/in/raphaelsatter/) with the Associated Press (AP) and before I could ask why he was calling, he asked if I was Joseph Mazzafro and if my email address was mazzafro@gmail.com?  Since my email is widely known I confirmed who I was and that the email address he referenced was mine.  The reporter than asked me if I was aware of who Fancy Bear was, to which I responded affirmatively. He then asked me if I was aware that Fancy Bear had attempted to hack my gmail account in February 2015.  I said no, but because of my close association with the national security community over many years, I operate on the presumption that my emails are regularly being read by those they are not addressed to.

At this point I am asking myself – – – – what is this reporter looking for?  He then asked me if anyone from Google/gmail or the FBI had informed about me this attempted hack of my gmail account.  I said without hesitation that this call was the first report of any effort to hack my email that I have received. Mr. Satter then went on to explain that the private cyber security firm Secureworks (https://www.secureworks.com/) had developed a list gmail accounts Fancy Bear had tried to penetrate.  He mentioned some of the names which I immediately recognized as now retired leaders of U.S. Intelligence Community (IC) agencies.  Satter said he had spoken to some of them and like me they had not been notified by Google/Gmail or any government counterintelligence (CI) agency about Fancy Bear targeting their gmail accounts.  He then asked me how I felt about hearing this for the first time from an AP reporter to which I responded “No one has ever said to me ‘hey Joe you’ve been targeted by this Russian group.’” I continued “that our own security services have not gone out an alerted me, that’s what I find disconcerting as a national security professional.”   I then explained to Raphael Satter that I was not surprised that the FBI had not notified me because the hack was unsuccessful or they didn’t want to compromise sources and methods  From there the call ended pleasantly.

Dec Mazz Blog

Upon the call’s termination I realized immediately that this was something I should report to DIA as they held my clearance when this Fancy Bear attempted hack occurred.  I called a well-placed individual at DIA for advice and contact information on who I should report this interview from AP to.  When this person got back to me later on 17 November I was advised this was a CI verses a security issue but because I was no longer “affiliated” with DIA the DIA CI office did not have the authority to talk to me about Russian Fancy Bear efforts to hack my gmail or that I learned about it from AP reporter calling in London.  Apparently only the FBI can talk to me about this matter.  In the 10 days between Satter’s phone call to me and his story being run on the AP wire I expressed my concerns indirectly to DIA CI (remember they said they can’t talk to me) that nobody from the government had contacted me and I was concerned that when the story went public I would be seen as not having reported what happened in a timely manner.  I am still waiting to hear from somebody in the government regarding what an AP reporter told me about Fancy Bear attempting to hack gmail accounts of people who have had access to Top Secret Information.

Those who know me won’t be surprised that I have given what has happened (and not happened) to me considerable thought since this 17 November “cold call.”

I am certainly discouraged and confused that no one from the IC has responded to my effort to inform them that a reporter contacted me regarding Fancy Bear hacking attempts against people with known IC connections. I wanted the IC to be ahead of this story before it showed up in the media.  If Secureworks could uncover this Fancy Bear targeting campaign I would like to think that NSA and the FBI were already aware of it, raising the question of the government’s duty to warn American citizens of malicious foreign cyber intrusion attempts.  I am certain that because of the security clearances I have held I have an obligation to report to the government in a timely manner any threats to national security that I become aware of, but apparently when the threat is directed at me the government has no obligation to warn me.  It is not lost on me that one of the reasons those targeted by Fancy Bear didn’t get any notification from the FBI or other parts of the IC is so this hacking effort could be observed and followed, which could put my data and the data others who have served our nations faithfully at risk.  What is not clear to me is whether Google/Gmail was warned by the FBI or DHS about this Fancy Bear hacking effort apparently aimed at those associated with national security so these accounts could be protected.

What I am describing here is a microcosm of the debate that has been gridlocking an effective cyber defense of the United States for at least the past five years.  What is the appropriate quid pro quo for the private sector sharing cyber related activity it observes/encounters with the government in exchange for the government providing meaningful cyber threat information to the private sector?  This story about failure to notify individuals subjected to Fancy Bear Hacking of their gmail accounts will not increase the trust of most Americans that their government is prepared to warn them, if not actually protect them, when they are threatened by a foreign hacking campaign.

That’s what I think; what do you think?

 

 

 

 

 

 

 

Advertisements

Just Another Weekend in November — Hardly!

There was a Symposium in Austin during mid-October sponsored by University of Texas’ Robert Strauss Center for International Security and Law as well as UT’s Clements Center for History, Strategy & Statecraft  and the Intelligence and National Security Alliance (INSA) that I thought I would be writing about.   This two day event looked at the now 10 year history of the Intelligence Reform and Terrorism, Prevention Act (IRTPA) and asked: as a nation “are we smarter or safer?”, but there are more pressing issues involving the Intelligence Community (IC) that I want to get to while they remain newsworthy.

The weekend after the Congressional mid-term elections, where exit polling showed the electorate sending an unmuffled message that they are out of patience with the Legislative and Executive Branches’ inability to compromise on political positions in order to govern, Director of National Intelligence (DNI) James Clapper was dispatched by the President to Pyongyang to secure the release of two American citizens incarcerated by the North Koreans.  According to news reports, James Clapper was purposely selected because of his familiarity with Korea as well as the fact that the DNI positon reports directly to the President but conveys no sense of a diplomatic opening to North Korea.  DNI Clapper did, however, deliver a message from President Obama to Kim Jung Un through the North Korean General Officer serving as the emissary for the release of the two Americans.

Beyond the good news of there now being no Americans in North Korean prisons, this mission conveyed some needed positive press and prestige on the Office of the Director of National Intelligence (ODNI) that I am happy to see.  If nothing else it says to the Congress as well as the international community that DNI Clapper has the trust and confidence of the President.  The more important strategic question raised by the release of these two Americans that the IC needs to answer is what is motivating North Korea to be so accommodating?  According to DNI Clapper the North Koreans were expecting the US to reciprocate with some type of diplomatic exchange and/or accommodation.

Despite my lack of expertise on the People’s Democratic Republic Korea, I remain unconvinced that “Boy Leader” Kim Jung Un (KJU) is actually running the government.  My evidence is tenuous but an undated photo of KJU touring a public housing project is not enough to convince me he remains in power after a falling from sight for six weeks that included missing a major communist party event.  Diplomatic protocol is probably the answer for why there were no photo opportunities for KJU with the released Americans, but why miss the internal and external propaganda value of showing the beneficence of the regime’s dynastic leader?  KJU not making any public appearance or statements while DNI Clapper was in country (or since he left) suggests to me that the “Boy Leader” has become a “Pyongyang spectator with gout!”

Meanwhile in Iraq during this same weekend, American intelligence, surveillance, and reconnaissance (ISR) found and fixed for strike aircraft an ISIS Leadership Convoy traveling in the Mosul area.  The air strike heavily damaged the convoy and according to Iraqi media reporting ISIS leader Abu Bakr al-Baghdadi was killed or injured during the attack.  Curiously (at least to me) ISIS has not denied these reports and Baghdadi has not been seen since the air attack on this convoy.  A Central Command (CENTCOM) spokesman has confirmed that US forces were aware that this was an ISIS leadership convoy, but there was never any intelligence indicating Baghdadi was traveling with this group.  On November 13 ISIS released a 16 minute voice recording presumably demonstrating that Baghdadi was alive and in charge.  The tape has not yet been confirmed to be Baghdadi and begs the question with the Iraqi media reporting his demise why an audio instead of a video tape (is the ISIS leader injured?).  Given that we have unconfirmed Iraqi news reports that Baghdadi is dead or injured and an as yet unconfirmed ISIS voice recording of Baghdadi imploring followers to “erupt volcanoes of jihad everywhere,” the obvious intelligence issue at hand is learning what Baghdadi’s status is. As I am preparing to post this, ISIS has beheaded another American it says in part because of the US lead bombing campaign continuing.

As this ISIS leadership convoy was being bombed, the White House was announcing that President Obama is authorizing the deployment of 1,500 additional military advisers to Iraq to fortify the Iraqi Army’s effort to retake territory ISIS has seized since last spring.  My immediate reaction was air strikes and advisors to support a non-inclusive Shia government and an Army that doesn’t want to fight sounds a lot like the way we started in Vietnam. If the US has national interests at stake that demand both a stable Iraq and defeated ISIS then send enough forces (100,000?) to accomplish these ends.  Not seeing these national interests, my preference is to let the Iranians and the Kurds with US intelligence, arms, and air strikes “degrade and defeat” ISIS.  As for Iraq, I have said previously in this venue that I don’t believe the US has enough military manpower or treasure to prevent Iraq from fractionating back to the Sunni, Shia, and Kurdish regions that existed in Mesopotamia before the British Mandate created the artificial state of Iraq in 1920.  It is time for Washington to stop arguing about the justification for and execution of the latest Iraq War (2003 – 2011), as well debating whether the withdrawal of US forces in 2011 was premature and put the idea of a continued ground combat force there in the rear view mirror – before the American people send this message via the ballot box.

Over this same post mid-term election weekend,  Navy Times reported that the Pacific Fleet’s outspoken Intelligence Officer was relieved for remarks that he made last February at WEST 2014 postulating that the Chinese Navy (PLAN) was preparing for a naval war with Japan.  While this is neither an IC, Navy or National position, the Pacific Fleet Commander Admiral Harry Harris was aware in advance of what his intelligence officer was going to say and after the comments were made about the PLAN’s growing capabilities and China’s intentions, Admiral Harris did not “walk back” what was said nor attempt to put the remarks “into a broader context.”  The “China Hawks” in the retired naval intelligence community immediately surmised that the PacFleet N2 was being sacked for speaking the “truth” about PLAN threat and intentions as a gesture of goodwill to his hosts before President Obama arrived in Beijing for the Asia Pacific Economic Conference (APEC).  Besides having it on good authority that the Pacflt N2’s relief was related to internal staff issues and not his remarks about the PLAN at WEST 2014, I suspect the Chinese would have preferred to have learned quietly from President Obama while he was in China that this naval intelligence officer would be quietly retired vice being publicly removed and opening up a political controversy as to whether or not he was right about the PLAN seeking a naval war to establish its hegemony in the Easter Pacific.

Wrapping up, on November 3rd Robert Hannigan, the new director of GCHQ accused social networks and other online services of becoming “the command-and-control networks of choice for terrorists and criminals.”  Mr. Hannigan went on to say in this Financial Times OpEd that security services in the UK and the US cannot discover and disrupt terrorist threats without greater support from the private sector, “including the largest US technology companies which dominate the web.”  As with the Clipper Chip controversy in the 1990s, Hannigan appears to be offering the tech giants in the US a Hobbesian choice between meeting government expectations about access to information for national security purposes and customer concerns about their information technology (IT) providers enabling government access to their personal information.  While I agree with Mr. Hannigan that “the right to privacy is not absolute” and with Justice Jackson that the Constitution is not a suicide pack, I don’t recall either the Director of GCHQ or the Director of NSA calling on the Soviet Union during the height of the Cold War in the 1980s to not encrypt so much information so the UK and US could tap into Soviet command control networks in order to protect liberal western democracies from the threat of nuclear attack.

That’s what I think; what do you think?

A Smaller and Radically Restructured IC?

The AFCEA/INSA Intelligence and National Security Summit (Summit) held at the Omni Shorem Hotel in Washington DC on 18 and 19 September was a grand event.  Virtually all of the IC’s senior leadership made presentations while the IC’s industrial base was well represented by over 1,000 attendees many from small businesses because this event was specifically planned to be unencumbered by classification.  The Summit was “on the record” with numerous members of media attending, some even moderating panel sessions.  Not surprisingly the Summit generated considerable media coverage.  The professionals at INSA and on the AFCEA Intelligence Committee have every reason to be proud of this inaugural Summit that they organized and produced.

During his keynote, Director of National Intelligence(DNI) James Clapper, after some good natured carping about the expectations for the IC to perform flawlessly in an environment of “immaculate collection,” proceeded to introduce the third iteration of the National Intelligence Strategy (NIS).

http://www.dni.gov/index.php/newsroom/reports-and-publications/204-reports-publications-2014/1114-dni-unveils-2014-national-intelligence-strategy

The DNI took considerable time to insure the audience understood the “mission,” “vision,”  “mission objectives,” and the “enterprise objectives” laid out in the NIS.  The DNI then spent an equal amount of time explaining that it was more important than ever in today’s environment of distrust in government, that members of the IC have and abide by a set of professional effects.  For this reason the DNI personally directed that the ethical principles associated with mission, truth, lawfulness, integrity, stewardship, excellence, and diversity be the opening page of the NIS.

As I listened to the DNI I was optimistic that the IC was going to take full advantage of the platform provided by this two day Summit to begin the challenging work of rebuilding the trust and confidence of American people in their IC.  I actually envisioned the IC leaders on the agenda using the Summit’s various sessions and tracks to explain what the IC does for them as opposed to the Snowden narrative of what it is doing to them.  However, beyond some general references to the new NIS and the importance of having the trust and confidence of the American people, I did not detect over the balance of The Summit either a coherent or coordinated message from the various podiums relating back to how the NIS was going to impact the organizations and functions of the IC being addressed.

Particularly discouraging to me was the panel on “What Should the Nation Expect from its IC?” Rather than talking directly to this seminal question about the metaphysics of the IC going forward, the Directors of four of the IC’s “big five” agencies got off on a tangents about what is in their in boxes, i.e. what is keeping them busy vice what the IC needs to be doing, implying that what the IC is doing is what the nation can expect from its IC.

With the exception of NSA Director Mike Rogers, who said the IC  should have done better anticipating the break out of ISIL into Iraq because it is our job, the other agency chiefs asserted that the IC did provide policy makers with good strategic warning about the dangers ISIL represented to US interests in the region,  but because of the nature of ISIL (non-state actor, indigenous funding, strong operational security, etc.) the IC could not offer meaningful warning as to when those dangers would manifest themselves nor could they provide insights on how to deter or disrupt ISIL’s plans.  While this was actually an informative and thoughtful discussion aimed at managing external expectations about what the IC is capable of, it was not what I was expecting hear about based on the session’s title.

Since the Summit did not address what I (and perhaps others) should or could expect from the IC, I thought I would use this forum to offer some IC measures of effectiveness (MOEs) for discussion and debate.  My underlying premise, because of the critical role the IC plays in informing national security policies and decisions with classified information that cannot (and in most cases should not) be independently verified, is that the IC must have both the trust and confidence of its  government consumers but also the American people who are funding what the IC does. As a result, each of the five MOEs for the IC proposed below are focused individually and collectively on creating “trust and confidence” in the “IC Brand”:

  • COMPETENCE: Assurance that the hard work of creating meaningful intelligence out of disparate classified and unclassified information will be performed diligently by trained intelligence professionals well versed in the tradecraft of their specific disciplines on a schedule driven by consumers not producers.  The quality controls essential for producing reliable intelligence should be woven into all intelligence processes at the earliest opportunities.
  • OBJECTIVITY:  IC outputs will be data driven, well sourced, and auditable.  Intelligence to be useful must be about what the adversary is contemplating vice what consumers need or want to hear from the IC for any number of reasons.
  • ENGAGEMENT: In order to produce timely, insightful, and relevant intelligence, the IC must be directly engaged with its consumer base with short feedback loops resulting in both the continuous improvement of IC products and their utility to those using intelligence to inform their decisions. The IC must also be interacting regularly with the American people, through a well thought out public affairs campaign showing the members of the IC to be honorable people, who respect the rule of law, doing their best to protect our nation from harm.
  • TRANSPARENCY: For government consumers with clearances to rely on intelligence they are provided, they should and will demand to know something about the sources and methods associated with intelligence before they put it to critical use. Those in the media and the general public should not be expected to trust a secretive IC that does not trust them.  Trust is a two way dynamic.  In the spirit of the US Constitution, IC sources and methods are necessarily classified to protect the IC’s competitive advantage over those who mean to do us harm, but what the US IC does and why it does it should be subject to classification only by exception.
  • HUMILITY: By its nature, intelligence is always incomplete and ambiguous, so there is usually no reason for the IC to believe it knows more about an adversary, situation, or technology than others elsewhere in the government, academia, industry, or the media who actually may have better access in some case than the IC.  As a general proposition the IC will perform best when it is acting as a learning organization.  It will also engender trust and confidence by consumers and the public the more openly the IC holds itself to account when intelligence fails to adequately inform decision makers or the IC overreaches its authorities to execute its missions

Obviously many will disagree for good reasons with these five candidate MOEs for assessing IC performance, but that discussion and debate will be good for the health of the IC.  What I am reasonably certain won’t be up for debate, though, is that after doubling the size and budget of the IC since September 11, 2001, few in the federal government or in the local town square will have much tolerance for the IC if it fails again to warn regarding a major attack on the US homeland or delivers an intelligence assessment that enables a strategic policy failure such as the 2003 invasion of Iraqi.

The National Security Act of 1947 created today’s centralized national Intelligence Community in response to the then public demand for “no more Pearl Harbors.”  If there is another foreign caused mass casualty attack on the Continental United States (CONUS), the American people should be expected to demand to know why it’s generously resourced IC failed to protect their individual and collective security.  I fear these demands will not produce acceptable answers for either the consumers or funders of intelligence; instead, they will lead to a smaller and radically restructured IC

That’s what I think; what do think?