2014 is Shaping Up as Year To Remember for the Intelligence Community

Happy New Year!  In the aftermath of Sequestration, Snowden, Benghazi, and the Government Shutdown, 2013 is a year that I suspect the Intelligence Community (IC) is collectively happy to have in the rear view mirror.  2014 will surely be better – – – won’t it?   I would like to think so, but given that events of 2013 have not yet fully played out I anticipate the IC will have another tumultuous time in 2014.

  • First it is a mid-term election year with control of the U.S. Senate in play which will present all kinds of political theater associated with IC issues and performance
  • The stability and predictability of the budget deal was paid for with an agreement to cut approximately $4 billion from the National Intelligence Program (NIP) and $1 billion from the Military Intelligence Program (MIP) in FY 14 with continued pain in FY 15. Should interest rates rise as expected there will be unplanned cuts coming to service the national debt which is not reduced by this deal.
  • Besides Syria, volatile civil violence has broken out in Iraq, Egypt, and the Ukraine, while Gaza and Lebanon continue to simmer.  Any of these conflicts could easily widen to regional conflicts with global impacts
  • The Sochi Winter Olympics is a venue for political statements through terrorist violence with Putin’s Russia likely to respond forcefully and indiscriminately
  • Iran’s agreement to curtail its nuclear weapons enrichment activities in return for relief from economic sanctions terminates in March,  unless there is mutual agreement to extend the deal
  • China and Japan continue to jockey with naval forces over conflicting claims to the barren rocks of Senkaku Islands in the East China Sea with the US 7th Fleet as the likely referee
  • North Korea remains as dangerous and as baffling as ever.  It is to early to tell if Kim Jung Un is his own man, or the puppet of Stalinist hardliners who see confrontation as the Hermit Kingdom’s best national security play
  • The withdrawal of combat forces from Afghanistan will create opportunity for the return of both “warlord rule,” Taliban provided safe havens for Al Qaeda, and increased opium cultivation
  • Whether there will be more Snowden revelations about NSA sources and methods remains to be seen, but there is no doubt that what has already been compromised is changing how NSA is viewed and will lead to a continuing Congressional debate about the balance between secrecy, security, and civil liberties that will feed into the fall mid-term elections.

So it looks like another year of growing demand for timely insightful intelligence with diminishing resources in an environment where 50 percent of the IC workforce is experiencing its first budget drawdown in an increasingly politicized environment.  Even without the NSA issues, 2014 appears poised to challenge the limits of the IC’s capacity, capabilities, and flexibility to discern and articulate the most serious threats to US national security.

Turning to NSA collection practices, the arc of the debate about the need for NSA to secretly collect the bulk metadata of all US persons phone calls to protect the nation from terrorist attacks has already begun to be scribed by conflicting federal district court decisions, the President’s Review Group’s (PRG) forty six recommendations, Presidential Policy Directive (PPD) 28, and the 2014 State of the Union Address.

  • In Klayman v Obama Judge Leon found NSA’s bulk collection of US Persons’ metadata an affront to James Madison that must end.  Conversely Judge Pauley in ACLU v Clapper views NSA’s bulk collection of US Persons’ metadata as constitutional and necessary to protect American citizens from terrorist harm.  It would seem that both those supporting the NSA’s current collection practices and those who want them reined in will petition the US Supreme Court for a resolution if the US Government does not.
  • The PRG finds that NSA’s collection practices against US Persons are legal, well functioning and necessary to protect the US from terrorist attack but then confusingly presents 46 recommendations for making program more transparent and effective
  • In President Obama’s January 17th announcement of PPD-28 he ignored most of the PRG’s 46 recommendations but did say that that NSA’s collection of US Persons’ metadata will continue because it is legal and essential to national security.  The President then pivoted to the concerns of small government and privacy advocates, recognizing that NSA’s bulk metadata collection was open to abuses so it needed to be more transparent and rigorously controlled.  Reviewing the President’s remarks and the text of PPD 28 I find myself agreeing with Potomac Institute’s Mike Swetnam that the President may be setting the context for change, but in fact is changing very little (http://www.potomacinstitute.org/homepage/news-releases/2613-presidential-directive-misses-real-threat-to-publics-privacy-says-institute-ceo).  In a sound bite PPD 28 directs that a privacy advocate be part of the FISA process, that access to and use of US Persons’ metadata be more closely monitored and everything else needs to be studied
  • In his State of the Union Address on 28 January, the President spoke obliquely about security and surveillance in only two separate sentences:
    • I will reform our surveillance programs, because the vital work of our intelligence community depends on public confidence, here and abroad, that the privacy of ordinary people is not being violated.
    • So even as we actively and aggressively pursue terrorist networks — through more targeted efforts and by building the capacity of our foreign partners — America must move off a permanent war-footing.

While many have heartfelt opinions about the direction NSA collection should take, I believe it is fair to say given the outcome of a yet to be scheduled Supreme Court Case, unfinished executive branch studies, legislation still in formation, and an incomplete public debate that nobody can reasonably foresee what the state of NSA’s collection authorities will be this time next year.   A reasonable question that is sure to emerge though in 2014 is:  If America is shifting to a peacetime outlook why should the Patriot Act and its Section 215 authority that is the legal basis for NSA’s warrantless bulk collection of US Person metadata be renewed?

That’s what I think; what do you think?

Advertisements

The Snowden Storm Persists As The SCMR Offers Capacity or Capability?

Sorry this is late, but I have been on vacation and I am a semi-retired Navy pensioner who is becoming increasingly slack as I age gracelessly.

Anyway, since we last joined up at the “Browser Bar” Bradley Manning has been convicted by a military judge of double digit counts of mishandling classified material while Edward Snowden has been granted refugee status by Russian President Vladimir Putin.  Despite my comments in this venue last month, nobody in officialdom seems exercised that the IC has been had by two insiders with clearances.  Isn’t that alone enough to ask if the time consuming/expensive personal clearance vetting process being used should be changed?  Oh that’s right; we already know we need to do that!  At least The Atlantic magazine has mused about why NSA did not have a contingency for dealing with the impact of a leak revealing it was collecting metadata on all phone calls in the US.  More pedestrianly, the guys I drink with want to know when somebody further up the chain of command is going to be held accountable for these security breaches happening on their watch.

More importantly though, Snowden’s revelations about NSA bulk collection of US persons telephone metadata has sparked the deferred debate about what the balance between security and civil liberties should be in a post 9/11 America.  This debate seems to be ordained to last until the Congressional mid-term elections in 2014 with less than meritorious affects for the IC such as:

  • The IC leadership will be doing more explaining than proposing to Congress over the next two years as to why the Congress should believe that the IC is being full and open with the Legislative Branch – – – even in closed sessions
  • The narrow defeat of the Amash Amendment shows that Congress will be bi-partisanly interested for different reasons in knowing about how much funding is focused on collection that involves US person information
  • The Amash Amendment, which the congressional leadership of both parties opposed, also points to members of the House and Senate being less willing to accept the advice of the HPSCI and SSCI that intelligence programs are necessary, cost effective, and constitutional
  • The FISA Court being hypersensitive to charges of being a “rubber stamp” secret venue where only the government’s case for surveillance is heard, will raise the standards required to authorize intrusive collection involving US persons

Then there is the assessment that Putin granting Snowden refugee status is the proximate cause for President Obama cancelling a Post G-20 August summit meeting with the Russian leader.  While this is probably true, I would like to believe the real reason for the cancellation is Putin’s continuing support for Syria’s Basher al Assad as that civil war continues and Egypt remains in political turmoil.

Ironically in the midst of all this the US closed over 20 embassies in the Muslim world during the weekend of 3/4 August as Ramadan was ending and issued a month long travel alert to American citizens based on NSA intercepts of an Al Qaeda conference call green lighting a major attack against US interests (most likely a truck bomb aimed at the US Embassy in Aden) proposed by Yemen based “general manager” of Al Qaeda in the Arabian Peninsula Nassir al Wahyushi.  Obviously this attack did not occur (though others did, killing scores aimed at government security forces in Iraq, Pakistan, and Afghanistan) raising the question of whether the alert was more about using non-specific intelligence to demonstrate the importance of NSA collection to national security or whether the alert was based on creditable intelligence and actually thwarted the attack.  Here is where the IC is between a rock and a hard place:  if its warning disrupts the attack and nothing happens then the IC is “wrong”; but if it fails to warn effectively and an attack occurs then the IC is incompetent.  Reminds me of the birthday my mom gave me two expensive neckties; when I immediately put one on to show my appreciation she crestfallenly asked “so you don’t like the other tie?”  As an intelligence officer who has had to make some warning calls alone in the middle of the night while actively in the game, log me as accepting that the warning stopped a dangerous attack that was well planned but dependent on surprise.

As the Congress recessed for August and the President headed for a family vacation on Martha’s Vineyard there was consensus across the elected members of the government that FY 14 will begin under a Continuing Resolution (CR) and with Sequestration in effect.  In round numbers that means DoD absorbing another $50 billion in cuts while the National Intelligence Program (NIP) gets a $5 billion haircut. With his announcement on 31 July of the DoD Strategic Choices and Management Review (SCMR) Secretary Hagel laid out the stark choice the country is facing in terms of investing in maintaining military capacity (i.e. numbers) or investing in enhanced capabilities operated by a smaller force.  This zero sum reality is a direct result of the nation’s need to reduce its national debt as a matter of national security if not a threat to our standard of living.

It’s unclear to me how the SCMR will impact the eight DoD agencies that are also in the IC, but if military size is cut it’s hard to foresee how service intelligence along with NSA, NGA, NRO, and DIA would not also be cut in size and budget proportionately with the rest of the force.  Reports are surfacing that DoD is already considering the elimination of SouthCom and AfriCom by consolidating them with NorthCom and EuCom respectively.  I believe this is the tip of the iceberg with consolidation/elimination also in the offing for major defense agencies (DLA, DISA, DIA, etc?) and related functional commands/organizations within the military services.  If service size and billet funding are key issues (Duh!) then there is a case for centralizing functional capabilities such as logistics, comms, training, medicine, personnel/pay, intelligence, etc  at the DoD level to save money by reducing redundant infrastructure.  Some will recall Admiral Bill Owens advocated strongly for this as VCJS in the mid 90s as the way to absorb the “Peace Dividend” with minimal impact on operational military capabilities.  Specifically with regard to military intelligence as money gets even scarcer in FY 14 with no relief in sight it is not a leap to envision:

  • Significant cuts to ONI, NASIC, NGIC, and MCIA with missions like support to acquisition, collection management, HUMINT, etc. being consolidated and assumed by DIA with little additional plus up in its budget or personnel end strength.  An alternative is reducing DIA to a policy and oversight agency and devolving missions to the services to provide directly to the CoComs
  • Consolidation of service unique DCGS programs into a single Defense Intelligence Information Enterprise (DI2E) Program
  • All military intel related IT controlled and managed by NSA, DIA, or DISA

That’s what I think; what do you think?

Ever Heard of Executive Order 13587?

As the 4 of July weekend winds to close, the Edward Snowden “Freedom Tour” – after being held over in the Moscow Airport’s International holding area for two weeks due travel document irregularities (how Soviet!) related to less than rave reviews for the show’s impact on Russian/American relations – appears to have long-term booking opportunities in Venezuela, Bolivia, and Nicaragua that the “hacker headliner” is considering.  Ed’s 15 minutes of fame has lasted a month now, and as far as I am concerned regular updates on his plight are becoming increasingly tedious.  While extradition doesn’t seem likely, Ed should never stop watching “Argo” or “Zero Dark Thirty” so he doesn’t forget the long reach of the US Intelligence Community (IC) that he has been actively warning about to anybody who will listen.

Beyond where Snowden is and where he might be going, the media also has been full of arguments about whether the scale and scope of the NSA surveillance of American phone and email externals is appropriate, necessary or constitutional.  There has also been considerable public discourse about whether contractors should be granted sensitive (aren’t they all?) security clearances and the broad access that usually goes with them.  NSA and the IC would generate more confidence regarding their surveillance programs with transparency about what they are doing and why instead of telling the American people (and themselves) how these secret programs are necessary for protecting us.  The premise that government employees are more trust worthy than contractors is as dangerous as it is false!  What do Walker, Whitworth, Pendleton, Pollard, Ames, Hansen, Montes and Manning have in common?  Correct, all were government employees with security clearances and broad access to intelligence products and/or capabilities.

Most disturbing to me, however, is what nobody in the media, the Congress, the West Wing, or the greater IC punditry is talking about:  How could Snowden exfiltrate from a secure area enough classified data to fill up four laptops in a post Wiki Leaks environment?  Private 1st Class Bradley Manning is currently being court martialed at Fort Meade for releasing gigabits of classified information he downloaded from the SIPRNET onto thumb drives while he was assigned to the Joint Intelligence Operational Center (JIOC) in Iraq.  He actions resulted in Executive Order 13587 titled “Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information.

EO 13587 issued on October 7, 2011 directs:

…structural reforms to ensure responsible sharing and safeguarding of classified information on computer networks that shall be consistent with appropriate protections for privacy and civil liberties.  Agencies bear the primary responsibility for meeting these twin goals. These structural reforms will ensure coordinated interagency development and reliable implementation of policies and minimum standards regarding information security, personnel security, and systems security; address both internal and external security threats and vulnerabilities; and provide policies and minimum standards for sharing classified information both within and outside the Federal Government.  These policies and minimum standards will address all agencies that operate or access classified computer networks, all users of classified computer networks (including contractors and others who operate or access classified computer networks controlled by the Federal Government), and all classified information on those networks. [emphasis added]

Snowden’s success indicates that NSA failed in its own environment in terms of Section 5 of EO 13587, which designates the Secretary of Defense and the Director, National Security Agency, to act jointly as the Executive Agent for Safeguarding Classified Information on Computer Networks.  Section 6 of this EO charges the Attorney General and the Director of National Intelligence with establishing an “Insider Threat Task Force” that is to be administratively supported by the Office of the National Counterintelligence Executive (ONCIX).  I can’t be the only one wondering what the minutes of this Insider Threat Task Force tells us about what could have been done to deter or detect Edward Snowden before he acted.  The Wiki Leaks Task Force also recommended standardized procedures for using removable media in classified areas, increased attention on access controls, and robust employment of enterprise monitoring and auditing software.  Progress in any of these areas surely would have raised Snowden’s threat profile if not actually working to deter or detect his unauthorized downloading of classified information from NSA networks.

With Manning on trial for leaking classified information downloaded from a secure network and EO-13587 being issued over 18 months ago to prevent a reoccurrence, the serious damage the IC says Snowden has done to national security appears to have been enabled by its own negligence.

That’s what I think; what do you think?